ISM Heinrich Krämer GmbH & Co. KG on data protection
The person responsible in accordance with Art. 4 para. 7 of the EU Data Protection Basic Regulation (GDPR) is
ISM Heinrich Krämer GmbH & Co. KG
Tel:+49 (0) 29 41 / 76 06-0
Fax:+49 (0) 29 41 / 76 06-66
ISM Heinrich Krämer GmbH & Co. KG (hereinafter referred to as the operator) is pleased about your interest in our company and our products or services and would like you to feel safe with us regarding the protection of your personal data.
The protection of privacy is of crucial importance, especially for the future of Internet-based business models and for the development of an Internet-based economy. Therefore, we would like to underline our commitment to protecting your privacy with this privacy statement.
Our employees as well as the service providers we commission are obliged by us to maintain confidentiality and to comply with the provisions of the basic data protection regulation and other relevant data protection regulations.
The processing of personal data, such as the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the basic data protection regulation and in compliance with the country-specific data protection regulations applicable to the operator. By means of this data protection declaration, we would like to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data protection declaration is intended to inform affected persons about their rights.
The operator, as the person responsible for processing, has implemented numerous technical and organizational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us alternatively, e.g. by telephone or by post.
We take the protection of your personal data very seriously and adhere strictly to the rules of data protection laws.
We use the following terms, among others, in this data protection declaration:
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing is any operation or set of operations, performed with or without the aid of automated means, concerning personal data, such as collection, recording, organization, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the job performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or change of location of that natural person.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
Controller or data controller
Controller or data controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, the controller or the specific criteria for its designation may be provided for by Union law or by the law of the Member States.
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the course of a specific investigative mission under Union or national law shall not be considered as recipients.
A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
Consent is any freely given, informed and unequivocal expression of the data subject's will in a specific case, in the form of a declaration or other unequivocal affirmative act by which the data subject indicates that he or she wishes to be associated with the processing of the personal data.
A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
Consent means any freely given, informed and unambiguous expression of will by the data subject in a specific case, in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her (e.g. by contacting him or her by means of a form).
Legal basis of processing
Art. 6 I lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the supply of goods or provision of another service or consideration, the processing is based on Art. 6 I lit. b of the GDPR. The same applies to such processing operations which are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which makes it necessary to process personal data, e.g. to comply with tax obligations, processing is based on Art. 6 I lit. c of the German Data Protection Regulation (GDPR). In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. If the processing is necessary on the basis of a legitimate interest, the processing is based on Art. 7 I lit. f.
Rights of data subjects
If data subjects wish to exercise one or more of the rights described below, they may always contact our data protection officer or another person employed by the controller.
Right to confirmation
In accordance with the European directives and regulations, data subjects have the right to obtain confirmation from the controller as to whether their personal data is being processed. If data subjects wish to exercise their right to confirmation, they may always contact our data protection officer or another person employed by the controller.
Right of access
In accordance with the European directives and regulations, data subjects may always request free information from the controller as to the specific personal data that is stored on their person and a copy of this information. The same directives and regulations also grant data subjects access to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom personal data has been disclosed or will be disclosed, particularly recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period;
- the right to ask the controller to rectify or erase their personal data or restrict the processing of their personal data, or the right to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- if the personal data has not been collected from the data subject, any available information as to its source;
- the possible use of automated decision-making, including profiling, as described in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Furthermore, data subjects have the right to obtain information as to whether their personal data has been transferred to a third country or an international organisation. If this is the case, they have the right to be informed of the appropriate safeguards provided for the transfer.
Right to rectification
In accordance with the European directives and regulations, data subjects have the right to request the immediate rectification of any inaccurate personal data concerning them. Taking into account the purposes of processing, data subjects may also request the completion of any incomplete personal data, such as by providing a supplementary statement.
Right to erasure (“right to be forgotten”)
In accordance with the European directives and regulations, data subjects have the right to request the immediate erasure of their personal data from the controller, provided the processing is not necessary and one of the following grounds applies:
- The personal data is no longer required for the purposes for which it was collected or otherwise processed;
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1) GDPR or point (a) of Article 9 (2) GDPR, and there is no other legal ground for the processing;
- The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR;
- The personal data has been unlawfully processed;
- The personal data has to be erased to comply with a legal obligation in Union or Member State law to which the controller is subject;
- The personal data has been collected in relation to the services provided by information societies, as described in Article 8 (1) GDPR.
If the website operator has made the personal data public and our company is obliged to erase the personal data in its capacity as the controller, as stipulated in Art. 17 (1) GDPR, the website operator shall consider the available technology and implementation costs and take reasonable steps, including technical measures, to inform other controllers that are processing the personal data that the data subject has asked such controllers to erase any links to the personal data and any copies or reproductions of the personal data. The data protection officer or another person employed by the website operator shall arrange the necessary actions in each case.
Right to the restriction of processing
In accordance with the European directives and regulations, data subjects have the right to ask the controller to restrict its processing if one of the following applies:
- The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data;
- The processing is unlawful but the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
- The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims;
- The data subject has objected to processing, as described in Art. 21 (1) GDPR, and it has not yet been established whether the legitimate grounds of the controller override those of the data subject.
Right to data portability
In accordance with the European directives and regulations, data subjects have the right to receive any personal data they have provided to a controller in a structured, commonly used and machine-readable format. They also have the right to transmit their data to another controller without being hindered by the controller to whom the personal data has been given, provided the processing is performed on the basis of consent pursuant to point (a) of Art. 6 (1) GDPR or point (a) of Art. 9 (2) GDPR, or on the basis of a contract pursuant to point (b) of Art. 6 (1) GDPR, and provided the processing is performed by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
When exercising their right to data portability in accordance with Art. 20 (1) GDPR, data subjects also have the right to have their personal data transferred directly from one controller to another controller, provided this is technically feasible and does not restrict the rights and freedoms of others.
Right to object
In accordance with the European directives and regulations, data subjects may always object, on grounds relating to their particular situation, to any processing of their personal data that is based on point (e) or (f) of Art. 6 (1) GDPR, including any profiling based on those provisions.
In the event of an objection, the website operator will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject or unless their personal data is processed for the establishment, exercise or defence of legal claims.
Data subjects may always object to the processing of personal data for the purpose of direct marketing, including any profiling related to such direct marketing. If data subjects object to the processing of their personal data for the purpose of direct marketing, the website operator will no longer process their personal data for such purposes.
Data subjects also have the right to object, on grounds relating to their particular situation, to the website operator’s processing of their personal data for scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR, unless the processing is necessary to perform a task in the public interest.
Notwithstanding the provisions set forth in Directive 2002/58/EC, data subjects are also free to exercise their right to object by automated means according to technical specifications in connection with the use of services provided by information societies.
Automated individual decision-making, including profiling
In accordance with the European directives and regulations, data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or similarly affects them in a significantly negative manner, unless the decision is (1) necessary to conclude or perform a contract between the data subject and controller or (2) authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the rights, freedoms and legitimate interests of the data subject or (3) made with the explicit consent of the data subject.
If the decision is (1) necessary to conclude or perform a contract between the data subject and controller or (2) made with the explicit consent of the data subject, the website operator will take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
Right to revoke consent to data processing
In accordance with the European directives and regulations, data subjects may revoke their consent to the processing of their personal data at any time.
Use and disclosure of personal data
If you provide us with personal data via our website or by other means, we will collect, process and store it to enter into correspondence with you and for the purposes for which you provide it. We may also use this data to send you occasional offers and inform you about new products or services that may be of interest to you. You may object to this use of your data at any time by notifying us in an appropriate manner, such as by sending an email to firstname.lastname@example.org.
We only ever provide third parties with the personal data required for the provision of their services. The third parties may only use this personal data to provide the requested services or execute a necessary transaction on our behalf. Our service providers are contractually obliged to comply with the data protection laws. We will never disclose, sell or otherwise provide your personal data to third parties for marketing purposes.
Contact via the website
In accordance with the legal regulations, our website contains information to enable our visitors to quickly contact us by electronic means and communicate directly with us, which also includes a general email address. If a data subject contacts the controller via email or the contact form, any personal data sent by the data subject will be automatically saved. Any personal data sent voluntarily by a data subject to the controller will be saved for the purpose of processing the enquiry or contacting the data subject. This personal data will not be disclosed to third parties.
Secure communication via the Internet
We will take technical and organisational measures to prevent third-party access to the best of our ability when transmitting and storing your personal data.
Please note, however, that the Internet is generally considered an insecure medium. In contrast to a telephone line, for example, it easier for unauthorised third parties to intercept, record and even modify data transmitted via the Internet.
We use AES 256-bit SSL encryption to ensure confidentiality when communicating with you. This form of encryption is considered secure on the basis of our current knowledge. This level of security is achieved by modern operating systems and browsers, but you may have to update the operating system and browser on your PC to enable this high-level encryption.
Complete data security cannot be guaranteed via unencrypted email communication, and so we recommend that you send confidential information by post.
Data processing on this website
For security purposes and technical reasons, the website operator will automatically process any information that your browser transmits to us as system logs. This essentially includes the following information:
- Your browser type / version
- Your operating system
- The URL (website) retrieved from our systems
- The referrer URL (the website from which you were taken to our website)
- The host name and full IP address of your computer
- The date and time of your request
- The volume and type of data retrieved
We will not merge this data with other data sources
or use this data to conduct statistical analysis.
IP addresses are essential to transmit web pages and data from our servers to your browser; they are the “addresses” for the information that you request from our web servers. According to the prevailing legal opinion, however, IP addresses are forms of personal data, and so we only use them to the technically necessary extent.
Job application data
Any data provided by job applicants will be stored, processed and forwarded to the responsible member of staff. Your data will only be used to enter into correspondence with you and process your application as part of our recruitment process.
We recommend submitting your application documents as a password-protected ZIP file to ensure their security. You may tell us the password over the phone. Access to your application data will only be granted to our human resources department and managers. We will delete any data you provide during the application process after 6 months, unless you have clearly granted us permission to store the data for a longer period.
Please note that your data could be processed in the USA. This applies to our Google services as well as to other methods that we use, e.g. LinkedIn or Facebook.Connect. It is true that Google has outsourced many of its services (analytics, web fonts, maps) to European servers. However, it cannot be ruled out that US authorities may access your data due to the legislation there without having sufficient legal protection against this. For this reason, we ask for your consent before these services are activated or the corresponding cookies are stored. If you do not wish to do so, you can refuse your consent in this regard. In this case, only technically necessary cookies are stored; the services in question are not activated.
However, we always activate IP masking when using Google Analytics, which means your IP address will be truncated by Google. Your IP address will only be transferred to a Google server in the USA and then truncated there in exceptional circumstances (e.g. if there are technical problems in Europe). As far as we know, Google will not merge the IP address transmitted by your browser with other data.
Google will use the transmitted data on our behalf and on the basis of a data processing contract to analyse the use of our website, compile reports on activities on our website and provide us with other services related to the use of our website. For example, we may use the analysis results to identify the most popular areas of our website and user preferences, and these findings may also help us improve our services and create a more targeted and interesting website for our users.
The data processing involved is performed to safeguard our legitimate interest in the analysis and statistical evaluation of the use of our website, in the optimisation of our website and the provision of interesting features and content. After carefully weighing up our legitimate interests with your own interests, fundamental rights and freedoms, we have come to the conclusion that we do not have to ask for your consent, as the data processing performed within the scope of Google Analytics is lawful on the basis of point (f) of Art. 6 (1) GDPR.
The crucial factor in this decision is the lack of equally suitable web analytics tools for our specific purposes. Google Analytics is not only the most widespread tool around the world and therefore particularly well suited to the websites of international company groups; unlike other web analytics tools, Google Analytics is also compatible with other software systems that we use thanks to the standard interfaces resulting from its widespread use. Furthermore, we have endeavoured to safeguard your privacy as much as possible when using this service (e.g. by masking IP addresses, not processing user IDs for cross-device tracking, reducing the default period for the storage of data, etc.).
You do not have to accept cookies when using our website; if you do not want cookies to be saved on your device, you can disable the option in your browser settings. You can always delete any saved cookies in your browser settings. If you reject all cookies, however, please note that the functionality of our website may be restricted. If you do not consent to website analytics, you can also install a browser add-on to disable the use of Google Analytics cookies. You can download the add-on here: http://tools.google.com/dlpage/gaoptout?hl=de.
If you install the browser add-on, you will prevent your data from being used by Google Analytics. If you would like to disable Google Analytics, please download and install the right add-on for your browser. The add-on is compatible with the most commonly used browsers; it must be correctly loaded and run in your browser. More information on how to disable Google Analytics and correctly install the browser add-on can be found here:
. As an alternative to the browser add-on, such as on mobile devices, you can stop Google Analytics from collecting your data by clicking on the following link:
This will install an opt-out cookie to prevent your data from being collected in the future. The opt-out cookie will only apply our website and the browser in which it is set, and it will be stored on your device. If you delete cookies in your browser, you will have to reinstall the opt-out cookie. The most common browsers also offer a “do not track” function. If you enable this function, your device will inform the web analytics tool that you do not want to be tracked.
We use Google Analytics to analyze the use of our website and to improve it regularly. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, we base the processing on your explicit consent given via the consent banner in accordance with Art 49 I 1 a) GDPR. The legal basis for the use of Google Analytics is your consent, Art 6 I 1 a) GDPR. You can revoke your consent at any time.
Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. user conditions: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the data protection declaration: http://www.google.de/intl/de/policies/privacy.
Google Adwords Conversion
We use the offer of Google Adwords to draw attention to our attractive offers by means of advertising material (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. In this way, we pursue the interest in showing you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.
These advertising materials are delivered by Google via so-called "Ad Servers". For this purpose, we use Ad Server Cookies, through which certain parameters can be measured to measure success, such as the display of ads or clicks by users. If you reach our website via a Google ad, Google Adwords will store a cookie in your PC. These cookies usually expire after 30 days and are not intended to identify you personally. The cookie is only stored after your consent. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be contacted) are usually stored as analysis values for this cookie.
These cookies enable Google to recognize your internet browser. If a user visits certain pages of an AdWords client's website and the cookie stored on their computer has not expired, Google and the client can recognize that the user clicked on the ad and was redirected to that page. Each Adwords client is assigned a different cookie. Cookies can't be tracked through the websites of Adwords clients. We ourselves do not collect and process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. By means of these evaluations we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out and save your IP address.
You can prevent participation in this tracking process in a number of ways: a) by adjusting your browser software settings accordingly, in particular by suppressing third-party cookies, which will prevent you from receiving third-party ads; b) by disabling cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google. de/settings/ads, whereby this setting will be deleted if you delete your cookies; c) by disabling interest-based ads from providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices, whereby this setting will be deleted if you delete your cookies; d) by permanently disabling them in your Firefox, Internet Explorer or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.
The legal basis for the processing of your data is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. It is not excluded that Google may transfer data to the USA for further processing. Should this be the case, the legal basis for this data transfer is your explicit consent given via the consent banner, Art. 49 I 1 a) GDPR.
Facebook Custom Audiences
The website also uses the remarketing function "Custom Audiences" of Facebook Inc. ("Facebook"). This enables users of the website to be presented with interest-related advertisements ("Facebook Ads") when they visit the social network Facebook or other websites that also use the process. In this way, we pursue the interest in displaying ads that are of interest to you in order to make our website more interesting for you. The tracking pixel is only activated after your express consent, Art 6 I 1 a) GDPR.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have called up the corresponding website of our Internet presence or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out and store your IP address and other identifying features.
It is possible for logged-in users to deactivate the "Facebook Custom Audiences" function at https://www.facebook.com/settings/?tab=ads#_.
The legal basis for processing your data is your consent, Art 6 I 1 a) GDPR. Facebook also processes your data in the USA. The legal basis for the transfer of data is your express consent, Art. 49 I GDPR.
For further information on data processing by Facebook, please visit https://www.facebook.com/about/privacy.
Our website uses the analytics feature of LinkedIn Corporation.
This technology allows visitors to this site to receive personalized ads on LinkedIn. It also provides the ability to generate anonymous reports on ad performance and website interaction information. The LinkedIn Insight tag on this website connects to the LinkedIn server when you visit this website and are logged into your LinkedIn account.
For more information about LinkedIn Insights, please visit: https://www.linkedin.com/legal/privacy-policy
Here you will find further information on data collection and data use as well as the possibilities and rights to protect your privacy. You can also deactivate data collection at any time by clicking on the following link: https://www.linkedin.com/psettings/enhanced-advertising.
It cannot be excluded that LinkedIn processes data in the USA. The legal basis for the transfer is your express consent, Art 49 I GDPR.
Routine deletion and blocking of personal data
The controller only ever processes and stores personal data belonging to data subjects for the amount of time required to achieve the intended purpose or for the amount of time stipulated in European directives and regulations or other laws and regulations to which the controller is subject.
If the originally intended purpose no longer applies, or at the end of a storage period stipulated in the European directives and regulations or other relevant legislation, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
Amount of time for which personal data is stored
The amount of time for which personal data is stored is determined by the respective statutory retention period. The data is routinely deleted at the end of this period, unless it is still required to initiate or perform a contract.
Changes to this privacy statement
This privacy statement will be updated following the introduction of new products or services developed by the website operator, following changes to our online processes, or following developments in Internet and IT security technology. We therefore reserve the right to amend or supplement this privacy statement as needed. Any changes will be published here. This privacy statement was last updated in September 2020
Right of access / erasure and rectification of personal data
If you have any questions that are not answered by this privacy statement, or if you would like more detailed information about a certain aspect, please do not hesitate to contact us.
If you no longer consent to the storage of your personal data, or if your personal data has changed, you may instruct us to rectify, block or erase your data within the scope of the statutory provisions. You may also request information about the personal data that we store on you. If you would like to receive such information, please refer to the following contact details:
ISM Heinrich Krämer GmbH & Co. KG
If you would like to receive information about the personal data that we store on you, please note that you will have to prove your identity. Thank you for your understanding.
Data protection officer
If you have any general questions about how we collect, process or use personal data, or if you would like to receive general information about data protection, please contact us in writing:
AGAD Service GmbH
Email address: email@example.com
ISM Heinrich Krämer GmbH & Co. KG