Privacy Policy (Website)

In this Privacy Policy, we (BREMSKERL-REIBBELAGWERKE EMMERLING GMBH & CO KG) inform you about the processing of personal data when using our website and other services described below. Personal data refers to information related to an identified or identifiable person. This includes data that can reveal your identity, such as your name, phone number, address, or email address. Also included are identifiers like your IP address or the device ID of the device you use.

1. Controller and Contact Person

The controller for the processing of your personal data when visiting this website, as defined by the General Data Protection Regulation (GDPR), is:

BREMSKERL-REIBBELAGWERKE EMMERLING GMBH & CO KG

Brakenhof 7

D-31629 Estorf, Germany

Phone: +49 (0) 5025/978-0

Fax: +49 (0) 5025/978-110

Email: info@bremskerl.com

2. Data Protection Officer

The contact details for the data protection officer are as follows:

ISiCO GmbH

Am Hamburger Bahnhof 4

10557 Berlin, Germany

Email: privacy@isico-datenschutz.de

We explicitly point out that when using the above email address, the contents are not exclusively reviewed by our data protection officer. If you wish to exchange confidential information, we kindly ask you to directly contact us via this email address.

For any questions related to data protection regarding our products/services or the use of our website, you can always contact our data protection officer. They can be reached at the above postal address and at the email address: privacy@isico-datenschutz.de (Subject: "For the Attention of the Data Protection Officer"). Please note that when using this email address, the contents are not solely reviewed by our data protection officer. If you wish to exchange confidential information, we kindly ask you to directly contact us via this email address.

3. Data Processing on Our Website

3.1 Visiting Our Website / Connection Data

Each time you visit our website, we process connection data that your browser automatically transmits in order to allow you to visit the site. This connection data includes HTTP header information, including the user agent, and specifically includes:

The processing of this connection data is absolutely necessary to allow the website visit, ensure the permanent functionality and security of our systems, and to administratively maintain the website. The connection data is also temporarily stored in internal log files, limited to the essential minimum, to identify any causes of potential threats to the stability and security of our website, particularly in the case of repeated or malicious requests.

The legal basis for this processing is Article 6(1)(b) GDPR, provided the website visit occurs in the context of initiating or performing a contract, and in other cases, Article 6(1)(f) GDPR, based on our legitimate interest in enabling website access as well as ensuring the ongoing functionality and security of our systems. The automatic transmission of connection data and the resulting log files do not constitute access to information on the end device as defined by the implementation laws of the EU's ePrivacy Directive (EU member states), including Germany’s § 25 TDDG. However, such access would be absolutely necessary in any case.

Log files are generally stored and subsequently anonymized. In exceptional cases, individual log files and IP addresses are retained for a longer period to prevent further attacks from the same IP address in the case of cyberattacks and/or for criminal prosecution purposes.

3.2 Contact

You have various options to contact us, including by email or through the contact form on our website. In this context, we process your data solely for the purpose of communication with you.

The legal basis for this processing is Article 6(1)(b) GDPR, as long as your information is required to respond to your request or to initiate or perform a contract, and otherwise Article 6(1)(f) GDPR based on our legitimate interest in you contacting us so we can respond to your inquiry.

The data collected from you during contact will be automatically deleted once your request has been fully processed, unless we still need your request to fulfill contractual or legal obligations (see section 8 "Retention Period").

3.3 Applications

You can apply for open positions with us through our application management system, Softgarden (softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin). The purpose of data collection is to select applicants for the potential establishment of an employment relationship. For the receipt and processing of your application, we specifically process the following personal data (hereinafter "Application Data"):

The legal basis for processing your application data is Article 6(1)(b) GDPR.

We store your personal data upon receiving your application. If we accept your application and an employment relationship is established, we will store your application data as long as it is required for the employment relationship and as long as legal provisions require retention.

If we reject your application, we will store your application data for a maximum of three months after the rejection, unless you give us consent for a longer retention period. If you have separately given us consent pursuant to Article 6(1)(a) GDPR, we will store your data submitted during the application process in our pool of applicants for another twelve months after the completion of the application process to identify any other relevant positions for you and possibly contact you again. After the expiration of this period, the data will be deleted. You can withdraw this consent at any time with effect for the future.

4. Monitoring

In the event of a credit risk, we transmit certain personal data to IHD Gesellschaft für Kredit und Forderungsmanagement mbH, Augustinusstr. 9 d, 50226 Frechen, and, if necessary, to other cooperating credit agencies. This transmission serves the purpose of credit assessment, verification of the provided address, and debt collection processing.

The data transmitted primarily includes:

- Name and address

- Email address

- Company information

- Contract and receivables data, if applicable

This transmission is based on Article 6(1)(b) GDPR and Article 6(1)(f) GDPR. Transfers based on Article 6(1)(f) GDPR are made only when necessary to protect our legitimate interests, provided these interests do not override the interests, fundamental rights, or freedoms of the data subject that require the protection of personal data.

For the purpose of deciding on the establishment, execution, or termination of the contractual relationship, we may also use automatically calculated probability scores, which may include address data in their calculation.

Detailed information about IHD Gesellschaft für Kredit und Forderungsmanagement mbH (in accordance with Article 14 GDPR), including the business purpose, data storage purposes, legal basis, data recipients, the right to self-disclosure, the right to deletion and correction, and profiling, can be found at:

(www.ihd.de/datenschutz/Artikel14.html)

Information about IHD’s business partners in the credit reporting sector can be found at:

[www.ihd.de/datenschutz#vertragspartner)

5. Use of Tools on the Website

5.1 Applied Technologies

This website uses various services and applications (collectively referred to as "Tools") that are either offered by us or third parties.

By using these tools and through the simple connection to a page, so-called "fingerprints" may be created, i.e., usage profiles that can recognize visitors even without the use of cookies or web storage. Fingerprints based on the connection can generally not be fully prevented manually.

5.2 Necessary Tools

We use certain tools to enable the core functions of our website ("necessary tools"). These include tools for processing and displaying website content, managing and embedding tools, providing services for payment processing, fraud detection and prevention, and ensuring the security of our website. Without these tools, we would not be able to provide our service. Therefore, necessary tools are used without consent.

The legal basis for necessary tools is the necessity for the fulfillment of our legitimate interests according to Article 6(1) (f) GDPR in providing the core functions and operation of our website. In cases where providing the respective website functions is necessary for fulfilling a contract or taking pre-contractual steps, the legal basis for the data processing is Article 6(1)(b) GDPR. Accessing and storing information on the device is mandatory in these cases and is done based on the implementation laws of the ePrivacy Directive of EU member states, in Germany under Section 25(2) TDDG.

5.3 Analysis Tools

To improve our website, we use optional tools for recognizing visitors and for statistical collection and analysis of general usage behavior ("Analysis Tools"). This serves to adapt and optimize the design of our website and improve the user experience.

5.3.1 Matomo

This website uses Matomo, an open-source analytics software for statistical evaluation of visitor accesses. Matomo is operated on our webspace (on-premise) and no data is passed on to third parties. Neither JavaScript nor cookies are used.

Without consent, data is processed to collect aggregated statistical data about the use of the website. The purpose is the optimization of the website. This particularly includes the pages accessed, the number of downloads and the visitors. No information is stored on the device, and the following privacy settings are active:

The legal basis for this data processing is our legitimate interest according to Article 6(1)(f) GDPR.

For more information, please refer to Matomo's privacy policy: https://matomo.org/privacy/.

6. Data Transfer

We will only transfer the data we collect if there is a legal basis for doing so, particularly if:

Some data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may particularly include:

When we transfer data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have appropriate technical and organizational measures to protect the rights of the data subjects, and are regularly monitored by us. Confidentiality agreements are concluded with external consultants and auditors to ensure data confidentiality.

Furthermore, we may transfer your personal data to additional recipients who process your personal data under their own responsibility. These may include:

7. Data Transfer to Third Countries

As a general rule, we do not use services whose providers are located in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data to such countries, which do not provide an adequate level of data protection according to EU standards.

If, in exceptional cases, we transfer data to third countries and an adequacy decision by the European Commission (Article 45 GDPR) exists for these countries, we base the data transfer on that decision. In the case of the USA, this only applies if the US recipient is certified under the EU-US Data Privacy Framework.

If no adequacy decision has been issued for the relevant country, we have taken appropriate measures to ensure an adequate level of data protection for potential data transfers. These measures include, among others, the standard contractual clauses of the European Union or binding internal data protection rules (Article 46 GDPR).

Where this is not possible, we base the data transfer on exceptions under Article 49 GDPR, particularly your explicit consent or the necessity of the transfer to fulfill a contract or perform pre-contractual measures.

If data transfer to a third country is planned and no adequacy decision or suitable guarantees are in place, there is a possibility and a risk that authorities in the respective third country (e.g., intelligence services) may gain access to the transmitted data to capture and analyze it, and that enforcement of your rights as a data subject may not be guaranteed. If we obtain your explicit consent, you will also be informed about this risk.

8. Data Retention

We generally store personal data only as long as necessary to fulfill the purposes for which the data was collected. After that, the data will be deleted immediately, unless it is required for legal retention periods, for evidence in civil law claims, or based on other data protection legal grounds.

Contract data must be retained for evidentiary purposes for three years from the end of the year in which the business relationship ends. Further statutory retention periods, such as those specified in the Commercial Code (Handelsgesetzbuch) and the Fiscal Code (Abgabenordnung), range from six to ten years.

9. Data Subject Rights

9.1 Overview of Your Rights

You have the following rights:

To exercise these rights, you can contact us at any time. We will comply with your data protection requests if the legal requirements are met.

9.2 Right to Withdraw and Object

Right to withdraw consent (Art. 7 (3) GDPR)

You have the right to withdraw any consent previously given pursuant to Article 6(1)(a) GDPR at any time. This means that we will no longer continue the data processing based on this consent in the future. The withdrawal of consent does not affect the lawfulness of the processing that took place based on the consent until the withdrawal.

Right to object (Art. 21 GDPR)

General Objection: To the extent that we process your data based on Article 6(1)(f) GDPR (legitimate interests) or Article 6(1)(e) GDPR, you can object to the processing at any time for reasons arising from your particular situation.

Objection to Direct Marketing: If we process your data for direct marketing purposes, you can object to the processing at any time without providing any reasons.

9.3 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). In Estorf, the responsible supervisory authority is the State Commissioner for Data Protection of Niedersachsen (Landesbeauftragte für den Datenschutz Niedersachsen):

10. Automated Decision-Making

We do not engage in automated decision-making, including profiling, which has legal or similarly significant effects (Art. 22 GDPR).

11. Changes to the Privacy Policy

This privacy policy may be updated occasionally, for example, in the event of changes to our website or legal requirements.

Version: 1.0 / Date: November 2024

Federation of European Manufactures of Friktion Materials Authorized WVA Licence - VRI-Verband der Reibbelagindustrie e.V. Innovativ durch Forschung - Ausgezeichnet durch den Stifterverband 0013040 UIC IRIS Certification TÜV Rheinland zertifiziert