Data Protection Policy for users of the PTC PressEngineering GmbH website

I. Information on the collection of personal data

(1) General information

Thank you for your interest in our website. Protecting your personal data upon your visit to our website is a particularly high priority for the management of PTC PressENgineering GmbH. We have set out the following information to give you an overview of how your personal data is processed by us and your rights under data protection legislation. Personal data is any data that can be related to you personally, for example, your name, address, e-mail addresses, and user behavior.

Where a data subject wishes to use particular services offered by our company via our website, such as our contact form, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for the processing, we generally obtain the consent of the data subject. Data is processed at all times in compliance with the European General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations that apply to PTC PressEngineering GmbH.

As the data controller, PTC PressEngineering GmbH has implemented technical and organizational measures to ensure that your personal data processed on this website is protected to the greatest possible extent against loss, destruction, access, alteration, or dissemination by unauthorized persons. This also includes securely transmitting your personal data in encrypted form. We use the TSL (Transport Layer Security) coding system for this purpose.

However, it is impossible to guarantee complete protection due to fundamental security vulnerabilities in web-based data transmission.

(2) Controller

The controller pursuant to Art. 4 (7) of the European General Data Protection Regulation (GDPR) and the applicable country-specific data protection regulations is:

PTC PressEngineering GmbH
Essener Straße 59
46047 Oberhausen
Germany

Tel.: +49 (0)208 81060 0
Fax:  +49 (0)208 81060 98
E-mail: ptc(at)ptc.eu

If you have any general questions about data protection within the SCHOLPP Group, please send them to datenschutz(at)ptc.eu.

You can write to our Data Protection Officer, Sven Bartsch, at the above postal address c/o Data Privacy Officer, or you can send an e-mail to: datenschutzbeauftragter(at)ptc.eu.

(3) General information on data processing

We collect and use the personal data of our users only where this is necessary to provide a functional website, to display our content, and to provide services. The personal data of our users is collected and used only with the consent of the user. This does not apply to cases where it is not possible to obtain prior consent for practical reasons and where the processing of the data is permitted under statutory regulations.

The following legal bases apply to the processing of your personal data:

  • Processing on the basis of consent (Art. 6 (1) a) GDPR)
  • Processing for the purpose of performing a contract to which the data subject is party. This also applies to processing that is necessary to take steps prior to entering into a contract (Art. 6 (1) b) GDPR)
  • Processing that is necessary for compliance with a legal obligation to which our company is subject (Art. 6 (1) c) GDPR)
  • Processing in the event that the vital interests of the data subject or another natural person render the processing of personal data necessary (Art. 6 (1) d) GDPR)
  • Processing that is necessary to protect the legitimate interests of our company or a third party, except where these interests are overridden by the interests, fundamental rights, and freedoms of the data subject (Art. 6 (1) f) GDPR). Legitimate interests may include, in particular:
    • Correctly displaying the content of our website
    • Statistical analyses for the purpose of monitoring and optimizing our website
    • Providing law enforcement authorities with the information required for criminal prosecution in the event of a cyberattack
    • Responding to requests and providing services and/or information intended for you
    • Processing and transmitting personal data for internal or administrative purposes
    • Preventing and investigating cases of fraud and criminal offenses
    • Ensuring the permanent operational reliability of our IT systems and the technology used on our website with a view to strengthening data protection and data security within our company

II. Your rights

(1) My rights as a data subject

You can request information on the data stored on you (Art. 15 GDPR) using the above contact details. Additionally, you can request rectification where we have stored inaccurate data relating to you (Art. 16 GDPR). Under certain conditions, you can also request the erasure of your data (Art. 17 GDPR) or exercise your right to object (Art. 21 GDPR). You also have the right to restrict the processing of your personal data (Art. 18 GDPR) and the right to receive the data that you have provided (Art. 20 GDPR). The restrictions under Articles 34 and 35 GDPR apply to the right of access and the right to erasure. In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 of the German Federal Data Protection Act (BDSG)).

(2) Objection to/withdrawal of consent to the processing of your data

If you have given your consent to the processing of your data, you can withdraw this consent at any time. Withdrawing your consent affects the lawfulness of the processing of your personal data after you have notified us of the withdrawal.

Insofar as we have based the processing of your personal data on the balance of interests, you can object to the processing. This is the case where, in particular, processing is not necessary to perform a contract with you, as we have outlined in the following description of the respective functions. If you choose to exercise your right to object, please state the reasons why we should not process your personal data as we have been doing so far. If your objection is justified, we will examine the situation and will either stop processing your data, or adapt the manner in which we do so, or state our compelling legitimate reasons for continuing to process your data.

(3) Who has access to my data?

Unless otherwise provided for in the detailed descriptions of our services, those units within our company that need your data to fulfill our contractual and statutory obligations will have access to it. We will only disclose information relating to you where statutory duties to provide information require us to do so, where you have given your consent and/or where the disclosure is legitimate under another legal basis.

Where we engage the services of contracted service providers for specific functions of our website, these providers are carefully selected and commissioned by us, are bound by our instructions and monitored on a regular basis.

If we would like to use your data for marketing purposes, we have set out in detail below how these processes operate.

(4) How long is my data stored?

Unless otherwise provided for in the detailed descriptions of our services, we process and store your personal data as long as is necessary to fulfill our contractual and statutory obligations.

Your personal data is periodically deleted or blocked where it is no longer required to fulfill contractual or statutory obligations, you have exercised your right to erasure, all reciprocal claims have been settled, and no other statutory retention obligations or legal bases for storing the data exist.

III. Collection of personal data when you visit our website

(1) Use of server log files

Each time a data subject or an automated system accesses our website, a series of general data and information is collected in log files. This includes an Internet protocol address (IP address), the directory protection user, the browser types and versions used, the website from which the accessing system accesses our website (so-called referrer), the sub-pages on our website accessed by the accessing system, data volume, date and time of the access to our website, and other similar data and information for risk prevention purposes in case of attacks on our IT systems.

The legal basis for the temporary storage of data and log files is Art. 6 (1) f) GDPR in connection with the aforementioned legitimate interests.

Temporary storage of the IP address by the system is necessary to ensure that the website is transmitted to the user’s computer. In this case, the user’s IP address must be stored for the duration of the session.

Data is stored in log files to ensure that the website functions properly. The data also helps us to optimize the website and ensure the security of our IT systems. This also forms the basis for our legitimate interest in the data processing pursuant to Art. 6 (1) f) GDPR. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Where data is collected to provide the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of data in log files is necessary to operate the website. The log files may also be inspected where, on the basis of specific indications, there is legitimate reason to suspect illegal use or a specific attack on our website. Here, our legitimate interest in the processing lies in identifying and prosecuting the individuals behind such attacks or illegal use.

(2) Use of cookies

In addition to the data set out above, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to your browser and stored on your hard drive, and by means of which specific information is transmitted to the body setting the cookie (in this case, us). Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make the website more user-friendly and more efficient as a whole.

This website uses the following types of cookies. Their scope and function are set out below:

Transient cookies: Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. These store a so-called session ID, which is used to assign various requests from your browser to the same session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies: These are deleted automatically after a specified time, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

When you access our website, we inform you that we use cookies and obtain your consent to the processing of the personal data used in this context. Here we also refer you to this Data Protection Policy. You can configure your browser settings according to your personal preferences and, for example, reject third-party cookies or all cookies. You as the user therefore have full control over the use of cookies. Art. 6 (1) f) GDPR provides the legal basis for the processing of personal data using cookies. If you disable cookies for our website, you may not be able to make full use of all the functions of the website.

IV. Other functions and services of our website

Besides the purely informational use of our website, we also offer various services which you can use if interested. You will generally be asked to provide further personal data in this case, which we will use to provide the respective service. The above data processing principles apply to the personal data provided.

(1) Use of contact options

We provide a contact form, which can be used to contact us electronically, on our website. The data entered by the user on this form is transmitted to us and stored. This includes the following required fields: your name, e-mail address, and your message. All other details are voluntary and not required. Before the contact form is transmitted, we obtain your consent to the processing of your data and refer you to this Data Protection Policy. Art. 6 (1) a) GDPR provides the legal basis for the processing of data using the contact form.

Alternatively, you can contact us using the e-mail address provided. In such cases, we store the personal data of the user that is transmitted in the e-mail. The data is used solely for the ongoing dialogue with you and will not be shared with third parties. We have a legitimate interest in processing the personal data transmitted in an e-mail under Art. 6 (1) f) GDPR.

Where the purpose of the e-mail contact is to conclude a contract, Art. 6 (1) b) GDPR applies additionally to steps taken prior to entering into a contract and, where applicable, for subsequent processing in order to perform a contract.

We only store personal data that is processed by us within the context of a general request sent via the contact form or in an e-mail until such time as our dialogue has ended. The dialogue is deemed to have ended when it can be seen from the circumstances that the issue in question has been conclusively resolved.

Consent to the processing of your personal data can be withdrawn at any time. If you contact us by e-mail, you can, of course, also object at any time to the storage of your personal data. In such cases, we will not be able to continue the dialogue with you.

(2) Use of personal data provided in the application process

Ensuring the highest possible level of protection for your personal data in the application process is important to us. All personal data that is collected and processed by us as part of an application is protected against unauthorized access and manipulation by technical and organizational measures.

In addition to the option of e-mailing your application to bewerbung(at)ptc.eu, you can also send your application details directly via our online application platform. The data entered by applicants on this platform is transmitted to us and stored. Mandatory data for an online application includes your first name, last name, and e-mail address; any additional information such as address, phone numbers, and your application documents are voluntary. Before the contact form is transmitted, we obtain your consent to the processing of your data and refer you to this Data Protection Policy. Art. 6 (1) a) GDPR and/or Section 26 BDSG provide the legal basis for the processing of data where the online application form is used.

Your personal data is collected and processed solely for the purpose of selecting or recruiting potential employees with the objective of filling job vacancies within our corporate group.

Additionally, data is processed on the basis of our legitimate interests pursuant to Art. 6 (1) f) GDPR:

    • To optimize our application processes
    • To ensure observance of compliance regulations, industry standards, and contractual obligations
    • To establish, exercise, or defend legal claims, and
    • To prevent damage to and/or liability on the part of our company by adopting appropriate measures

Your data is deleted once it is no longer needed for the purpose for which it was collected; it will, however, be retained for as long as is necessary to defend legal claims or against accusations under the General Equal Treatment Act (AGG). This is usually 6 months. Particularly interesting applicants to whom we are unable to offer a position at that point in time are asked to provide separate consent so that their data can be retained for a longer period (usually one year). Where accounting-related processing takes place, for example the reimbursement of travel expenses, the data required for this is deleted in accordance with the statutory retention periods, which are usually 6 or 10 years.

If the application is successful and we are able to offer you a contract of employment within our company, we will transfer the data collected during the application process to our personnel files.

V. Web analysis

(1) Google Tag Manager

This website uses Google Tag Manager. This service enables website tags to be managed via an interface. Google Tag Manager only implements tags. This means that no cookies are set and no personal data is collected. Google Tag Manager triggers other tags that in turn may collect data. However, Google Tag Manager does not access this data. In the event that domains or cookies have been disabled, this also applies to all tracking tags, provided that these were implemented using Google Tag Manager.

(2) Use of Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files that are stored on your computer and enable an analysis of how you use the website. The information generated by the cookie about your use of this website is usually sent to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will first be truncated by Google within the Member States of the European Union or other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services relating to website activity and Internet usage.

Your IP address transmitted by your browser will not be associated by Google with any other data during the use of Google Analytics.

You can prevent the storage of cookies by configuring your browser settings accordingly. However, please note that in this case you may not be able to use all of the functions of this website to their full extent. You can also prevent the collection and processing of data generated by the cookie and related to your use of the website (including your IP address) by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Opt-out cookies prevent your data from being collected in future when you visit this website. To prevent the collection of data by Universal Analytics on various devices, you should set the opt-out cookie on all of the systems that you use. To set the opt-out cookie, click here: deactivate Google Analytics.

This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are only processed in truncated form, meaning that they cannot be related to a specific individual. Any possibility of relating the data collected on you to you personally is immediately excluded, and the personal data is deleted immediately.

We use Google Analytics to analyze the use of our website and in order to make regular improvements. We use these statistics to improve our presence and to make the content more interesting for you as the user. For the exceptional cases in which personal data is transmitted to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 (1) f) GDPR.

Third-party provider details: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax:  +353 (1) 436 1001. Terms and conditions of use: https://www.google.com/analytics/terms/us.html, data privacy overview:  http://www.google.com/intl/de/analytics/learn/privacy.html, and privacy policy:  https://policies.google.com/privacy.

This website also uses Google Analytics for the cross-device analysis of website traffic, which is performed via a user ID. You can disable the cross-device analysis of your user behavior in your customer account by going to My Data > Personal Data.