Privacy policy
1. Introduction
With the following information, we would like to provide you, the data subject, with a summary of how we process your personal data as well as your rights under the applicable data protection legislation. It is generally possible to use our website without providing any personal data. However, if you would like to take advantage of special services of our company via our website, it may be necessary to process personal data for this purpose. If it is necessary to process personal data and if there is no legal basis for such processing, we will generally as for your consent.
The processing of personal data, such as your name, address, or email address, always takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection provisions applicable to “Fortin Mühlenwerke GmbH & Co. KG”. With this privacy policy, we would like to inform you about the scope and purpose of the personal data which is collected, used and processed.
As the controller, we have implemented numerous technical and organisational measures in order to ensure the highest possible level of protection of your personal data processed via this website, but there is always a possibility of security loopholes when transferring data via the Internet, so that absolute protection cannot be guaranteed. For this reason, you are free to send us your personal data by alternative means, for example by telephone or by post.
You can also take simple and easy-to-implement measures to protect yourself against unauthorised access to your data by third parties. We would therefore like to provide you with some information on the secure handling of your data:
- protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) by using strong passwords.
- Only you should have access to your passwords.
- Make sure that you only ever use each password for one account (login, user or customer account).
- Do not use one password for several different websites, applications or online services.
- The following applies in particular to the use of publicly accessible IT systems or IT systems that are shared with other users: you should always log out after logging in to a website, application or online service.
Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed, so they should not contain commonly-used words from everyday life, your own name or the names of relatives, but upper and lower case, numbers and special characters.
2. Responsibility
The responsible person within the meaning of the GDPR is:
Fortin Mühlenwerke GmbH & Co. KG
Fringsstr. 1, 40221 Düsseldorf, Germany
Tel.: +49 211-99 38 -0
Fax: +49 211-99 38 -115
e-mail: info@fortin.de
Representatives of the person responsible: Robert Lamers, Dipl. Kfm. Ulrich Schumacher
3. Data protection representative
Name and address of the data protection representative:
Torben Missy
Tel.: +492119440364
Fax: +492119440380
e-mail: torben.missy@digital-data-advice.de
https://digital-data-advice.de/
You can contact our data protection officer directly at any time with any questions or suggestions you may have about data protection.
4. Definitions
This privacy policy is based on terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy aims to be easily readable and understandable for the public, as well as for our customers and business partners. To ensure this, we would like to explain the terminology used.
In this privacy policy, we use the following terms, among others:
1. Personal data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific factors that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
2. Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller (our company).
3. Processing
Processing refers to any operation or set of operations performed on personal data, whether or not by automated means. This includes collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating, making available, aligning, combining, restricting, erasing, or destroying personal data.
4. Restriction of processing
Restriction of processing involves marking stored personal data with the aim of limiting its processing in the future.
5. Profiling
Profiling is any kind of automated processing of personal data that consists of using this personal information to assess, analyse or predict certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of that natural person.
6. Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a person concerned without the enlistment of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not assigned to an identified or identifiable natural person.
7. Data processor
The data processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the party responsible.
8. Recipient
The recipient is a natural or legal person, public authority, institution or other body to whom personal data are disclosed, whether or not it is a third party. Public authorities that may receive personal data under a particular investigation mission under European Union or under national law, however, are not considered recipients.
9. Third party
A third party is a natural or legal person, public authority, institution or body other than the person concerned, the party responsible, the data processor, and the persons authorized under the direct responsibility of the party responsible or the data processor to process the personal data.
10. Consent
Consent is any voluntarily given and unambiguously expressed confirmatory act in the form of a well-informed statement or any other unambiguously confirming action by the person concerned, by which the person concerned indicates that they consent to the processing of the personal data concerning them.
5. Legal basis for processing
Art. 6 I lit. a GDPR (combined with Sec. 25 (1) TTDSG) serves as the legal basis for our processing of your personal data, where we obtain consent for a particular processing purpose.
If the processing of personal data is necessary to fulfil a contract of which the person concerned is a contracting party, as is the case, for example, with the execution of a delivery of goods or the provision of any other service or service in return, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services.
If our company is subject to a legal obligation by which a processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR.
In rare cases, the processing of personal data may be required to protect the vitally important interests of the person concerned or another natural person. This would be the case, for example, if a visitor to our premises were injured and their name, age, health insurance data, or other vitally important information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR.
Finally, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations, which are not covered by any of the above-mentioned legal foundations, are based on this legal foundation if the processing is necessary to safeguard the legitimate interests of our company or a third party, provided the interests, fundamental rights and fundamental freedoms of the person concerned do not prevail. Such processing operations are allowed to us in particular, because they have been especially mentioned by the European issuer of directives and regulations. In that regard, the European issuer of directives and regulations considered that a legitimate interest could be assumed if the person concerned is a customer of the person responsible for processing (Recital 47, para. 2, GDPR).
6. Technology
6.1 SSL/TLS encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the address line in your browser.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
6.2 Data collection when visiting our website
When using our website for information purposes only, i.e. when you do not register or provide us with any other information, we only collect the data that your browser sends to our server (the “server log files”). Our website collects a range of general data and information each time you or an automated system visit one of our pages. This general data and information is stored in the server log files. The data collected may include:
1. The types of browser used and their versions,
2. The operating system used by the system accessing our website,
3. The website from which a system accesses our website (so-called “referrer”),
4. The subpages accessed by a system on our website,
5. The date and time our website was accessed,
6. An abbreviated Internet Protocol address (anonymised IP address), and,
7. The Internet service provider of the system accessing our website.
We do not use this general data and information to identify the data subject. This information is required to:
1. Deliver our website’s content correctly,
2. To optimize our website’s content and advertising for it,
3. To ensure that our IT systems and our website’s technology keep running properly, and
4. To provide the information required to law-enforcement authorities to help prosecute any cyberattacks that may occur.
This data and information, which is collected anonymously, is therefore analysed by us statistically, as well as with the objective of increasing data protection and data security at our company and so ultimately ensuring an ideal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.
The legal basis for this data processing is Art. 6 I lit. f GDPR. Our legitimate interest lies in the purposes of data processing mentioned above.
7. Cookies
7.1 General information about cookies
Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our website.
The cookie stores information which is created in relation to the specific device you are using. However, this does not mean that we become immediately aware of your identity.
Cookies are mainly used to make the website more user-friendly, effective and secure. For example, we use so-called session cookies to recognize that you have already visited individual subpages of our website. These session cookies are automatically deleted when you leave our website.
To optimize user-friendliness, we also use temporary cookies that are stored on your device for a specific period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what inputs and settings you have made so that you do not have to re-enter them.
On the other hand, we use cookies to statistically record and evaluate the use of our website and to optimize our offer for you. These cookies enable us to automatically recognise when you visit our website again that you have already visited us. These cookies are automatically deleted after a defined period of time. You can find out how long these cookies are stored in the settings of your consent tool.
7.2 Tips on avoiding cookies in common browsers
You can delete cookies, only allow selected cookies or completely deactivate cookies at any time in your browser settings. For more information, please visit the help page of the provider of your browser:
8. Contents of our website
8.1 Contact/contact form
Personal data is collected when you contact us (e.g. via our contact form or email). Which data is collected if you use a contact form can be seen on the contact form. The data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 I lit. f GDPR. If you contact us with the intention of concluding a contract, the additional legal basis for the processing is Art. 6 I lit. b GDPR. Your data will be deleted after your request has been processed. This is the case if the circumstances indicate that the matter in question has been conclusively clarified and the deletion is not contrary to any statutory retention obligations.
8.2 Application management/job portal
We collect and process the personal data of applicants for the purpose of processing job applications. The processing may also be carried out electronically. This is particularly the case if an applicant submits job application documents to us electronically, for example by email or via a form on our website. If we conclude an employment or service contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude a contract with the applicant, the application documents will be automatically deleted 6 months after notification of the decision to reject the application , provided that no other legitimate interests on our part oppose deletion. Another legitimate interest may, for example, be a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).
The legal basis for processing your data is Art. 88 GDPR in conjunction with Sec. 26 (1) BDSG.
9. Your rights as a data subject
9.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data relating to you is being processed.
9.2 Right of access Art. 15 GDPR
You have the right to receive information from us at any time and free of charge about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.
9.3 Right of correction Art. 16 GDPR
You have the right to request that inaccurate personal data concerning you be corrected. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
9.4 Erasure Art. 17 GDPR
You have the right to demand that we erase the personal data relating to you without delay, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.
9.5 Restriction of processing Art. 18 GDPR
You have the right to demand that we restrict processing if one of the legal requirements is met.
9.6 Data portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. You also have the right to transfer these data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Art. 20 (1) GDPR, you have the right to have the personal data transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
9.7 Objection Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) lit. e (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) of the GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing is for the establishment, exercise or defence of legal claims.
In individual cases, we process personal data in order to carry out direct advertising. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling, insofar as it is connected with such direct advertising. If you object to us processing your data for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
9.8 Revocation of consent under data protection law
You have the right to revoke consent to the processing of personal data at any time with effect for the future.
9.9 Complaint to a Supervisory Authority
You have the right to lodge a complaint about our processing of personal data with a supervisory authority responsible for data protection.
10. Routine storage, erasure and blocking of personal data
We process and store your personal data only for the period of time necessary to achieve the purpose of storage or if this has been provided for by the legal provisions to which our company is subject.
If the purpose of storage no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions
11. Duration of the storage of personal data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the deadline, the corresponding data are routinely deleted if they are no longer required for the fulfilment or initiation of the contract.
12. Up-to-dateness and amendment of the privacy policy
This privacy policy is currently valid in the version dated: March 2023.
The further development of our internet pages and offers or changed legal or official requirements may make it necessary to change this privacy policy. You can access and print out the current privacy policy at any time on the website at "www.fortin.de/en/privacy".