ISM Heinrich Krämer GmbH & Co. KG on topic of data protection
ISM Heinrich Krämer GmbH & Co. KG (hereinafter referred to as the Operator) welcomes your interest in our company and our products or services and wants you to feel secure regarding the privacy of your personal information.
Protecting privacy is essential, particularly for the future of web-based business models and for development of a web-based business. Therefore this declaration concerning data protection represents our high level of commitment to protecting your privacy.
Our employees and our service providers are bound by us to maintain confidentiality and compliance with General Data Protection Regulation and other relevant data protection regulations.
The processing of personal data, such as names, addresses, e-mail addresses or telephone numbers of individuals concerned, is always performed in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to the operator. By means of this data protection statement we would like to inform the public about the nature, extent and purpose of the personal data that we collect, use and process. Furthermore the persons concerned must be informed about their rights by means of this data protection statement.
The operator, with responsibility for the processing, has made many technical and organisational provisions, in order to ensure smooth protection of this personal data processed via this website. Nevertheless, web-based data transfers can, in principle, have gaps in security, meaning that absolute protection cannot be guaranteed. For this reason, each person concerned is free to submit personal data by alternative means, such as telephone or postal communication.
We take protection of your personal data very seriously and adhere strictly to the rules of the data protection laws.
Definitions of terms
The data protection statement of the operator is based on the terminology used by the European guidelines and regulations for adoption of the General Data Protection Regulation (GDPR). Our data protection statement needs to be easy to read and understand, both for the public and for our guest and business partners. To ensure this, we would like to explain in advance the terminology used.
We use the following terms in this data protection statement, among others:
personal data is all information that refers to an identified or identifiable individual (hereinafter “data subject”). An individual is considered identifiable, if directly or indirectly, particularly by means of assignment to an identifier such as a name, an ID number, location data, an online identifier or one or more particular characteristic, the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this individual can be identified.
The data subject is any identified or identifiable individual whose personal data is processed by the responsible processing party.
Processing is any operation or series of operations performed, with or without use of automated procedures, in connection with personal data, such as collecting, recording, sorting, organising, storing, adapting or modifying, reading, querying, using, disclosing through transmission, dissemination or other forms of provision, matching or linking, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting future processing of it.
Profiling is any type of automated processing of personal data that involves use of that data to determine certain personal aspects pertaining to an individual, in particular aspects related to job performance, economic status or health to analyse or predict the personal preferences, interests, reliability, behaviour, location or movements of this individual.
Pseudonymisation is processing of personal data in such a way that the data can no longer be assigned to a specific data subject without additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable individual.
Data manager or processing manager
The data manager or processing manager is the legal entity, public authority, agency or other body that, alone or with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the data manager or the specific criteria for his appointment may be provided for under Union or national law.
The processor is an individual or legal entity, public authority, agency or other body that processes the personal data on behalf of the data manager.
The recipient is an individual or legal entity, public authority, agency or other body to whom personal data is disclosed, whether or not it is a third party. However, authorities that may receive personal data under Union or national law in connection with a particular mission are not considered to be recipients.
A third party is an individual or legal entity, public authority, body or entity other than the data subject, the data manager, the processor and the persons authorised under direct responsibility of the data manager or processor to process personal data.
Consent is any intentional, informed expression of will by the data subject in the form of a statement or other unambiguous confirmatory act expressing that the data subject agrees to processing of their personal data (for example when contacting via form).
Legal basis of processing
Art. 6 I lit. A DS-GVO forms the legal basis for processing operations where we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfil a contract to which the data subject is a party, as with e.g. processing operations necessary for supply of goods or provision of any other services, processing shall be based on Art. 6 I lit. b DS-GVO. The same applies for processing operations that are needed in order to carry out pre-contractual measures, for example in cases of inquiries about our products or services. When our company is subject to a legal obligation that may require personal data to be processed, such as fulfilment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In some rare cases, processing of personal data may be required to protect the essential interests of the data subject or another individual. If processing is needed because of a legitimate interest, the basis is Art. 7 I lit. f.
Rights of the data subject
If the data subject wishes to assert one or more of the rights described below, they may contact our data protection officer or another employee of the responsible processing party.
Right to confirm
Every data subject has the right granted by the European guidelines and regulations to require the responsible processing party to confirm whether personal data relating to them is being processed. If a data subject wishes to exercise this right to confirm, they can contact our data protection officer or another worker of the responsible processing party at any time.
Right of access to information
Any data subject whose personal data is processed shall have the right, as granted by the European guidelines and regulations, at any time and free of charge to obtain from the responsible processing party information about stored personal data about him and a copy of this information. In addition, the European guidelines and regulations allow the data subject the following information:
- the purpose of the processing
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data is disclosed, in particular in the case of recipients in third countries or international organizations
- where possible the planned duration for which the personal data is stored, or, if not possible, the criteria for setting this duration
- the existence of a right to correction or erasure of personal data concerning him or to a restriction of processing by the person responsible or a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data is not collected from the data subject, all available information on data origin
- the existence of automated decision-making including profiling in accordance with Article 22 Section 1 und 4 DS-GVO and — at least in these cases — at least in these cases - meaningful information about the logic involved and the scope and intended impact of such processing on the data subject
In addition, the data subject has a right of access to information about whether personal data has been transmitted to a third country or to an international organization. If this is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer.
Right to correction
Any data subject whose personal data is being processed, has the right according to the European guidelines and regulations, to demand immediate correction of any inaccurate personal data concerning him. Furthermore, the data subject has the right, subject to processing, to request completion of incomplete personal data, including by means of a supplementary declaration.
Right to deletion (Right to be forgotten)
Any data subject whose personal data is processed has the right granted by the European guidelines and regulations to require the responsible processing party to immediately delete the personal data concerning him if any of the following reasons apply and where processing is not required:
- Personal data is collected or otherwise processed for such purposes, for which it is no longer necessary.
- The data subject revokes the consent on which the processing was based, in accordance with Article 6 Section 1 (a) or Article 9 Sectoion 2 (a) of the GDPR, and there is no other legal basis for the processing.
- The data subject submits an objection to the processing in accordance with Article 21 Section 1 f the GDPR and there are no legitimate reasons for the processing, or the data subject objects to the processing in accordance with Article 21 Section 2 of the GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is necessary to meet a legal obligation under Union or national law, to which the responsible processing party is subject.
- The personal data was collected in relation to information society services offered in accordance with Article 8 Section 1 of the GDPR.
If the personal data was made public by the operator and if our company is responsible for deleting personal data as the responsible party in accordance with Article 17 Section 1 of the GDPR, the operator shall take appropriate measures, including technical ones, taking account of the available technology and the implementaton costs, in order to inform other data controllers, who process the published personal data, that the data subject has requested the deletion of all links to such personal data or copies or replications of such personal data, unless the processing is required. The data protection officer of the operator or another employee will arrange for the necessary in individual cases.
Right to restriction of processing
Any data subject affected by the processing of his personal data has the right under European guidelines and regulations to require the responsible processing party to restrict processing if any of the following conditions apply:
- The accuracy of the personal data is contested by the data subject for a period of time that allows the responsible part to verify the accuracy of the personal data.
- The processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of use of the personal data.
- The responsible party no longer needs the personal data for the purposes of processing, but the data subject requires them to assert, exercise or defend their rights.
- The data subject has objected to the processing under Article 21 Section 1 of the GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the data subject.
Right to data portability
Any data subject whose personal data is processed has the right under European guidelines and regulations to obtain the personal data concerning them provided to a controller by the data subject, in a structured, common and machine-readable format. He also has the right to transfer this data to another responsible party without hindrance by the controller to whom the personal data was provided, provided that the processing is based on the consent in accordance with Article 6 Section 1 (a) of the GDPR or Article 9 Section 2 (a) of the GDPR or on a contract in accordance with Article 6 Section 1 (b) of the GDPR and processing by means of automated procedures, sunless the processing is necessary for performance of a task of public interest or in the exercise of public authority, which was assigned to the responsible person.
Furthermore, in exercising their right to data portability under Article 20 Section 1 of the GDPR the data subject has the right to ensure that the personal data is transmitted directly from one controller to another, where technically feasible and if so this does not affect the rights and freedoms of others.
Right to opposition
Any data subject whose personal data is processed has the right under European guidelines and regulations, has the right, at any time and for reasons derived from its particular situation, to oppose processing of personal data, based on Article 6 Section 1 (e) or (f) of the GDPR, lodging an objection. This also applies to profiling based on these provisions.
The operator no longer processes the personal data in the event of an objection, unless compelling legitimate reasons can be proved for the processing, that outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defense of legal claims.
If the operator processes personal data for direct mail operations, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling, as far as it is associated with such direct mail. If the data subject objects to the operator for direct marketing purposes, the operator will no longer process the personal data for these purposes.
In addition, the data subject has the right, for reasons arising from his particular situation, to object against the processing of personal data concerning him or her, for scientific or historical research purposes or for statistical purposes in accordance with Article 89 Section 1 of the GDPR, unless such processing is necessary to fulfill a public interest task.
Persons are also free, in the context of use of information society services, notwithstanding Directive 2002/58/EC, to exercise their right of objection by means of automated procedures using technical specifications.
Automated decisions in individual cases including Profiling
Any data subject whose personal data is being processed has the right under European guidelines and regulations, not to be subject to a decision based solely on automated processing – including profiling, which has a legal effect on it or, in a similar way, significantly affects it, unless the decision (1) is necessary for conclusion or execution of a contract between the data subject and the controller, or (2) under Union or Member State legislation to which the controller is subject, is permitted, and that such legislation contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (3) with the express consent of the data subject.
The decision (1) is necessary for conclusion or execution of a contract between the data subject and the responsible party or (2) it is done with express consent from the data subject, the operator shall take reasonable measures, to safeguard the rights and freedoms and the legitimate interests of the data subject including at least the right to obtain the intervention of a person by the controller, to express his own position and to challenge the decision.
Right to revoke data protection regulations consent
Any data subject whose data is processed has the right under European guidelines and regulations to revoke consent for processing of personal data at any time.
Use and disclosure of personal data
Personal data that you provide to us through our website or by other means will be collected, processed and stored for correspondence with you and for the purposes for which you provided us with the data. In addition, we may use this information for occasional offers to you and to inform you about new products or services and other services you may be interested in. You can object to this use of your data at any time by appropriate message, for example by a mail to firstname.lastname@example.org, widersprechen.
When sharing personal data with third parties, we limit ourselves to the information necessary to provide our services. The respective third parties may use this personal data solely for the purpose of providing the requested service or carrying out the necessary transaction that occurs on our behalf. The service providers are obliged by us to comply with data protection laws.Your personal data will never be passed on to third parties, sold or otherwise made available to third parties for marketing purposes.
Contact via the website
On the basis of legal regulations, our website contains information that enables fast electronic contact as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or through a contact form, the personal data provided by the data subject will be automatically saved. Such personal information provided on a voluntary basis by a data subject to the controller is stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.
Secure communication on the Internet
We endeavour to transmit and store your personal data by taking technical and organisational measures so that they are not accessible to third parties.
In general, however, the Internet is considered an insecure medium. In contrast to the example of the telephone line, transmission of data on the Internet by unauthorized third parties can be more easily monitored, recorded or even changed.
To ensure confidentiality of communication with you, use AES 256bit SSL encryption. According to the current state of knowledge, this encryption that we use is considered secure. This level of security will be achieved by the newer generation operating systems and browsers, and you may need to update the operating system and browser on your PC to use this high-level encryption.
In the case of unencrypted communication by e-mail, complete data security cannot be guaranteed, so we recommend that you send confidential information by post.
Data processing on this website
For security and technical reasons, the operator automatically processes information in your system logs that your browser transmits to us. This information is essentially:
- operating system
- URL (Website) retrieved on our systems
- Referrer URL (website that referred to our website)
- Hostname and full IP Address of accessing computer
- Date and time of calls
- Data volume and file types.
e do not combine this data with other data sources,
and statistical evaluations on the basis of this data.
Some remarks about IP addresses: IP addresses are needed for sending web pages and data from our servers to your browser, they are the "addresses" for the information you request from our web servers. However, in the prevailing view of the law, IP addresses are personal data and are therefore only used by us to the extent technically necessary.
We use the following Cookies:
- PHPSESSID: Required to create the user session; Contains a 32-digit alphanumeric string that will be deleted when the browser is closed
- _gat: used to throttle the request rate. Contains a number, validity 1 minute
- _gid: used to differentiate users. Contains an alphanumeric string, validity 24 hours
- _ga: used to differentiate users. ontains an alphanumeric string, validity 15 months
- _gac_Contains the user's campaign information.. Contains an alphanumeric string, validity 90 days
- Cookiebar_: Set if the cookie bar information has been marked as "accepted" and then no longer visible on every page view. Validity 1 year
Most of the cookies we use are so-called "session cookies" ("PHPSESSID" PHPSESSID) for your user session. They will be deleted automatically at the end of your visit (close the browser). All cookies on our websites contain purely technical information in a pseudo-anonymized or anonymous form, they do not contain any personal data.
If you wish to prevent the storage of cookies, you must select "Do not accept cookies" in your browser settings. If no cookies are accepted by the browser, however, the functionality of our website may be very limited. Some functions will no longer be available.
Application data is stored and processed by us and forwarded to the responsible contact person, Your data will be used exclusively for correspondence with you and for processing of your application as part of our personnel selection process.
We recommend sending as a password-protected ZIP file to protect your application documents. You can tell us the password by phone. Access to your application data is reserved for HR and executives.After we have kept it for 6 months, your data submitted as part of the application process will be deleted, unless you have clearly agreed to a longer-term storage.
However, Google Analytics is only used by us with activated IP masking). This means that Google's IP address will be truncated. Only in exceptional cases if, for example, there are mechanical failures in Europe, the full IP address will be transmitted to a Goodle server in the USA and shortened there first. The IP address provided by the user's browser will not, to the best of our knowledge, be combined with other data provided by Google.
Google will use the data transmitted on our behalf and on the basis of an order processing contract to evaluate the use of our website, to compile reports on the activities within our online offer and to provide us with other services related to the use of the website. With the help of these analysis results we can, for example, identify particularly popular areas of our website and users' preferences, and use the knowledge gained to further improve our offer and make it more targeted and interesting for you as a user.
The associated data processing is carried out in an analysis and statistical evaluation of the interests of our users' use of our website, in the optimization of our online offer and in the provision of interests as possible fair offers and content. We have carefully weighed these legitimate interests with your interests as well as our fundamental rights and freedoms as users and came to the conclusion that no consent is required, but the data processing within the scope of the Google Analytics web analysis on the basis of Article 6 Section 1 lit. f) DGPR is allowable.
This is determined by the fact that there is no equally suitable web analysis tool for our specific purposes. Thus, Google Analytics is not only the most widespread internationally and is therefore particularly well suited for websites of internationally active groups of companies. Because of its widespread use, unlike other web analytics tools, Google Analytics also has standard interfaces to other software systems that we use. Furthermore, we have implemented the implementation of the service in your interest as privacy friendly as possible (in addition to the IP masking, for example, by the absence of processing the user ID for devices comprehensive cross-sectional analysis of visitor flows, so-called cross-device tracking, by reducing the default storage duration, etc.)
The acceptance of cookies when using our website is otherwise not mandatory; If you do not want cookies to be stored on your device, you can deactivate this option in the system settings of your browser. Saved cookies can be deleted at any time in the system settings of your browser. However, if you do not accept cookies, this may result in limited functionality [...]. In addition, you can deactivate the use of Google Analytics cookies by means of a browser add-on, if you do not want the web pages analysis. You can download this add-on here: https://tools.google.com/dlpage/gaoptout?hl=en.
Using the browser add-on to disable Google Analytics, you can prevent Google Analytics from using your data. If you want to disable Google Analytics, download and install the add-on for your web browser. The Google Analytics opt-out add-on is compatible with major browsers. For the add-on to work, it must be loaded and executed correctly in your browser. For more information about disabling and installing the browser add-on, please visit:
As an alternative to browser add-on, such as on mobile devices, you can prevent Google Analytics from collecting it by clicking on the following link:
An "opt-out cookie" is then set, to prevent future capture of your data. The opt-out cookie is only valid for our website and for the browser used to set it - is stored on your device. If you delete cookies in your browser, you will need to set the opt-out cookie again. Popular browsers also offer a "Do-Not-Track-Function". When this feature is enabled, your device tells the web analytics tool that they do not want to be tracked.
Finally, please note the following: in the US, from the European Union's point of view, there is no "adequate level of protection" for processing in accordance with EU standards on processing of personal data. However, this level of protection can be substituted or produced for certain companies through certification under the "EU-US Privacy Shield". For the exceptional cases in which Google related data is transmitted to the US, Google has the EU-US Privacy Shield thereby ensuring compliance with European data protection.
The data processed by Google Analytics and linked to cookies is automatically deleted after 14 months. The deletion of data that has reached that retention period will occur automatically once a month.
Use of YouTube in enhanced privacy mode
We use the provider YouTube to embed videos. Videos are embedded in enhanced privacy mode. If this is not technically possible (e.g. because of logic for video display or control), then a two-click solution is used. In this case, use of YouTube to play the video is explicitly indicated in advance.
Routine deletion and blocking of personal data
Der für die Verarbeitung Verantwortliche verarbeitet und speichert personenbezogene Daten der betroffenen Person nur für den Zeitraum, der zur Erreichung des The responsible processing party processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage or if so required by European law, guidelines and regulations.
In the event that the purpose of storage is cancelled or if a storage period prescribed by European guidelines and regulations or any other relevant legislature expires, the personal data will be blocked or deleted routinely in accordance with the statutory provisions.
Duration for which the personal data is stored
The criterion for duration of storage of personal data is the respective statutory retention period. After the deadline, the corresponding data is routinely deleted, if it is no longer required to fulfil the contract or to initiate a contract.
Update of this data protection statement
If the operator introduces new products or services, changes Internet procedures, or if Internet and computer security technology evolves, the data protection statement needs to be updated. We therefore reserve the right to amend or add to the explanation as needed. Changes will be published here. Status of this data protection statement: May 2018
Right to access/deletion and modification of personal data
If you have questions that this data protection statement could not answer or if you would like more detailed information, do not hesitate to contact us.
If you no longer consent to storage of your personal data or if it has become incorrect, we will, on your instructions, effect correction, blocking or deletion of your data within the scope of the legal provisions. Upon request, you will receive information about the personal data that we have stored about you. Please contact:
ISM Heinrich Krämer GmbH & Co. KG
Please understand that we require proof of identity when requesting information about your data stored with us.
Data protection officer
For general questions about our collection, processing or use of personal data, as well as general information on data protection, please write to:
AGAD Service GmbH
Stephan Muskulus (Assessor iuris)
Waldring 43 - 47
Telephone: + 49 234 282 533-20
Fax: +49 234 282 533-10
ISM Heinrich Krämer GmbH & Co. KG