Privacy Policy of SERVATOR ServiceLine GmbH in accordance with EU Regulation 2016/679 (General Data Protection Regulation, Articles 13 & 21)
At SERVATOR, we are delighted you are interested in our company and products and are visiting our website.
Protecting personal data is very important to SERVATOR and we therefore take the protection of your privacy when you use our website very seriously.
We provide information below about how personal data is collected and processed when you use our website and about the rights of the data subject in this regard. See further below for definitions of some of the terms used.
I. Name and address of the data controller
The controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member States of the European Union and other provisions related to data protection for the purposes of using our website at https://www.servator-serviceline.de and the associated use of social media is:
SERVATOR ServiceLine GmbH
Lindenweg 36-42
97999 Igersheim, Germany
Phone: +49 7931 55 555
Mail:
Website: https://www.servator-serviceline.de/
The controller is not responsible for the websites of other providers that may be accessed from a link on the SERVATOR website.
II. Address of the data protection officer
If you have any questions about this Privacy Policy, your right to access information or how we manage privacy on the internet, please contact:
SERVATOR ServiceLine GmbH
Data protection officer
Lindenweg 36-42
97999 Igersheim, Germany
Phone: +49 7931 55 555
Email:
III. Automatic collection, processing and use of personal data in connection with use of our website & the nature and purpose of processing
a. SSL Encryption
We use SSL encryption for reasons of security and to protect the transfer of personal data via our website, such as queries you make to us. You can recognise an encrypted connection when the address prefix changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar. All data transferred using this secure method is encrypted before it is sent to us. We also store the IP address of the system accessing our website in order to protect SERVATOR and our users from misuse.
b. Storage of data in log files
When you access our website, various general data and information is saved in log files on our internet server. The following data may be stored:
- The IP address of the device accessing the website (PC, tablet, smartphone)
- The operating system used by the device accessing the website
- The type of browser you are using and the browser version
- The website from which the visitor reaches our website (known as the referrer)
- The other pages that are accessed by the visitor on our website
- The date and time of a visit to our website
- The internet service provider of the visitor
- Other similar data and information that is used to combat attacks on our server systems and to take legal steps in case of misuse of the website.
We do not link this stored data to the data subject. The data in these log files is only processed in order to deliver the correct content of our website, to ensure that our IT systems are functioning and to improve the content of our websites and associated advertising.
In the event of misuse or cyber attacks on our systems, we may provide authorities with information necessary for law enforcement from these log files.
If we also use the log files to create user profiles, whether for the purpose of advertising, market research or to streamline the design of our websites, the IP numbers are anonymised first. Otherwise, the IP numbers are deleted from the log files. As a result, you are always anonymous, including when your IP number is automatically collected and temporarily stored. The data in the server log files is always stored separately from personal data.
c. Use of cookies
We use cookies on SERVATOR websites. Cookies are small text files that make it possible to store specific information about the device that is used to access the website (PC, smartphone, etc.) on the user's device. They are used, firstly, to ensure that websites are user-friendly for our users (e.g. to store login data). Secondly, we use them to store statistical data about how the website is used and to analyse how to improve the website.
Although cookies are only relevant in terms of data protection if they are used to store personal data, some internet users are generally sceptical about these small packets of data. Please therefore note that you can prevent cookies being stored on your computer and you can view the content of cookies. Modern browsers have various features for this purpose. See your browser's help for more information. For example, you can simply set up your browser to block all cookies automatically or to warn you before a cookie is saved. However, please note that it may not be possible to use all the features of our website if you disable cookies.
d. Contact form
There is a contact form on our website that can be used to contact us electronically.
If you use our contact form to send a query to SERVATOR ServiceLine GmbH, we will automatically store the personal details you enter freely on the form, including your query, exclusively for the purpose of dealing with your query and, if applicable, any follow-up questions. To deal with your query only, we may transfer your personal data to one or more processors or pass on your personal data to a subsidiary of SERVATOR ServiceLine GmbH, such as PALUX Aktiengesellschaft.
Alternatively, you can send us your queries by email to: .
When you register on our website, we will also store your IP address and the date and time that you register. This data is stored as the only way to prevent the misuse of our services and, if necessary, to make it possible to investigate criminal offences. Storage of this data is therefore necessary to protect the controller.
e. Seminar registration
There is a contact form on our website for visitors interested in our seminars, which can be used to register electronically.
If you use our contact form to register for a seminar with PALUX Aktiengesellschaft, we will automatically store the personal details you enter freely on the form exclusively for the purpose of dealing with your registration and to send any further information from PALUX Aktiengesellschaft to you. To complete registration, we require the information in the mandatory fields on the electronic contact form. If you do not want to send us this information, we cannot complete your registration and you cannot take part in the seminars.
Alternatively, you can use send us your registration request by email to: .
When you register on our website, we will also store your IP address and the date and time that you register. This data is stored as the only way to prevent the misuse of our services and, if necessary, to make it possible to investigate criminal offences. Storage of this data is therefore necessary to protect the controller.
f. Matomo (formerly Piwik) analytics service
Our website uses Matomo (formerly Piwik), which is a web analytics service. Matomo uses cookies, which are text files that are stored on your computer to help us analyse your use of the website. The usage data generated by the cookie (including your truncated IP address) is sent to our server for this purpose and stored for usage analysis, which allows us to optimise our website. Your IP address is anonymised right at the start of this process, so that you as a user remain anonymous to us. The information generated by the cookie about your use of this website is not passed on to third parties. You can prevent cookies from being used by selecting the appropriate settings in your browser. However, please note that by doing so you may not be able to use all the features of this website.
If you do not consent to storage and analysis of this data about your visit, you can object to storage and use of this data at any time by clicking below. This will create an opt-out cookie in your browser, which means that Matomo will no longer collect any session data in the future. Please note: If you delete your cookies, the opt-out cookie is also deleted and you may need to create it again.
g. Social media plugins
To increase recognition of SERVATOR ServiceLine GmbH and to enhance communication with our customers and potential customers, we use social media plugins from Facebook, Instagram, LinkedIn, Xing, kununu, YouTube and Pinterest on our website.
We consider that we are thereby pursuing a legitimate interest pursuant to Article 6(1)(f) of the General Data Protection Regulation (GDPR). Each individual provider is responsible for ensuring their networks comply with data protection legislation.
(1) Facebook plugins
Our website uses integrated plugins from the Facebook social network, provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for the processing of the personal data of data subjects who reside outside of the USA and Canada.
You can identify Facebook plugins on our website from the Facebook logo.
See here for an overview of the Facebook plugins: https://developers.facebook.com/docs/plugins/?locale=en_US
When you visit our website or pages on our website, a direct connection is established between your browser and the Facebook server via the plugin every time that you access a page with an integrated Facebook plugin. When the connection is established, Facebook is informed that you have visited our page and receives your IP address. Please note that, as the provider of this website, we have no knowledge of the content of the data sent to Facebook or of how Facebook uses this data. For more information and the settings that data subjects can use to influence the collection of personal data by Facebook, please see the Facebook Privacy Policy at https://www.facebook.com/about/privacy.
If you do not want Facebook to be able to associate your visit to our website with your Facebook account, please log out of your Facebook account.
(2) Instagram
Instagram features are integrated into our website. These features are provided by Instagram LLC, 1601 Willow Road, Menlo Park, CA, 95025, USA. If you are logged in to your Instagram account, you can click the Instagram button to link the content on our pages to your Instagram profile. This means that Instagram can associate the visit to our website with your user account. Please note that, as the provider of this website, we have no knowledge of the content of the data sent to Instagram or of how Instagram uses this data.
For more information, please see the Instagram Privacy Policy: https://instagram.com/about/legal/privacy/.
If you do not want Instagram to be able to associate your visit to our website with your Instagram account, please log out of your Instagram account.
(3) LinkedIn
Our site uses LinkedIn features. The features are provided by the LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, CA 94043, USA.
LinkedIn Ireland Unlimited Company, Privacy Policy Issues, Wilton Place, Dublin 2, Ireland, is responsible for data protection outside the USA.
Every time you access one of the pages on our website that uses LinkedIn features, your browser establishes a direct connection to LinkedIn servers. LinkedIn is informed that you have visited our website and receives your IP address. Please note that, as the provider of this website, we have no knowledge of the content of the data sent to LinkedIn or of how LinkedIn uses this data.
For more information, please see the LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy.
If you do not want LinkedIn to be able to associate your visit to our website with your LinkedIn account, please log out of your LinkedIn account.
Xing/kununu
Our site uses Xing features. This includes the kununu review portal. The provider is XING SE, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Every time you access one of the pages of our website that uses Xing/kununu features, your browser establishes a direct connection to Xing servers. Please note that, as the provider of this website, we have no knowledge of the content of the data sent to Xing or of how Xing uses this data. For more information about data protection and the Xing Share Button, please see the Xing Privacy Policy: https://www.xing.com/app/share?op=data_protection.
If you do not want Xing to be able to associate your visit to our website with your Xing account, please log out of your Xing account.
(4) YouTube
Our website uses plugins (videos) from YouTube (YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA 94066, USA). For embedded video, we use YouTube's "Enhanced privacy mode". When you visit a page on our website that has embedded video, a connection is established to the YouTube servers and the content is displayed on our website by sending the data to your browser. According to information provided by YouTube, in "Enhanced privacy mode" data is only sent to the YouTube server (in particular, information about the specific web page you have visited) if you play and watch the video.
If you are logged in to your YouTube account, YouTube lets you associate your browsing history directly with your personal profile. For more information about how user data is handled, please see the YouTube Privacy Policy: https://policies.google.com/privacy?hl=en.
If you do not want YouTube to be able to associate your visit to our website with your YouTube account, please log out of your YouTube account.
(5) Pinterest
Our site uses Pinterest plugins. The Pinterest network is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. If you visit one of the pages on our website that uses a Pinterest plugin, a connection is established to the Pinterest servers. The Pinterest server is notified of the pages you have visited on our website.
If you are logged in to your Pinterest account, Pinterest lets you associate your browsing history directly with your personal profile. For more information about how user data is handled, please see the Pinterest Privacy Policy: https://policy.pinterest.com/en/privacy-policy.
If you do not want Pinterest to be able to associate your visit to our website with your Pinterest account, please log out of your Pinterest account.
IV. The legal grounds for processing
- Article 6(1)(a) of the General Data Protection Regulation (GDPR) is the legal basis for processing operations, where we obtain consent to processing for a specific purpose.
- If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, for processing operations that are necessary to delivery goods or perform other services, processing is based on Article 6(1)(b) GDPR. This also applies to processing operations that are necessary for the implementation of pre-contractual measures, such as when queries are made regarding our services.
- If we are subject to a legal obligation, as the result of which it is necessary to process personal data, such as to meet tax obligations, processing is based on Article 6(1)(c) GDPR.
- Finally, processing operations may be based on Article 6(1)(f) GDPR. This is the legal basis for processing operations that do not fall within any of the above legal grounds, if the processing is necessary for the purposes of a legitimate interest of SERVATOR ServiceLine GmbH, one of its subsidiaries, or a third party (e.g. one of our suppliers), and if the interests or fundamental rights and freedoms of the data subject do not override the legitimate interest. For our website, this applies in particular to the processing operations referred in section III of this Privacy Policy. We are allowed to carry out such processing operations in particular as they are specifically mentioned by the European legislator. The legislator was of the opinion that a legitimate interest may be presumed to exist if the data subject is a customer of the data controller. We have a further legitimate interest in carrying out our business for the benefit of the wellbeing of all our employees and our shareholders and to process data for the purpose of direct marketing, in particular to send product information, industry news, invitations, event information and similar information.
V. Collection and processing of personal data for job applications and the application process
SERVATOR ServiceLine GmbH collects and processes the personal data of job applicants for the purpose of the application process.
Processing in this case may also be carried out electronically. This is the case in particular if the applicant sends application documents to the controller electronically, e.g. by email, using the separate email address we provide for job applications.
If the applicant starts employment with the company after completion of the selection process, the data transferred for the purpose of managing the employment contract is stored in accordance with the law.
If the applicant is not employed by the company, the application documents are automatically deleted after the applicant has been notified of rejection, unless there are other legitimate interests of the controller that outweigh deletion. Another legitimate interest in this case, for example, is the ability to provide evidence in a potential legal dispute under the German General Equal Treatment Act (AGG).
We may also store the application documents of the applicant on the ground of separate consent for any future vacancies that may arise.
VI. Period for which the personal data will be stored
The relevant statutory retention period is the period for which personal data will be stored. After the period has expired, the applicable data will be routinely deleted, if and to the extent that it is no longer required for the performance of a contract or for pre-contractual measures or legitimate interests of the controller outweigh the data subject's interest in erasure (deletion) - e.g. access to order documents and associated technical documents for servicing purposes or to handle subsequent queries about earlier installations. The controller has a legitimate interest in continuing to store documents in particular, because our customers regularly use our products for longer than the statutory retention periods. The controller may also permanently store the documents to ensure it can defend against legal claims and for the purpose of liability insurance, in particular for product liability insurance for our products. If a legitimate interest of this kind no longer applies at a later date, this data is also routinely deleted.
VII.Disclosure of personal data
We will only transfer your data to third parties if we have the power to do so under data protection law. We may have the power to do so under section IV of this Privacy Policy. Third parties may include external service providers, who process the personal data on our behalf strictly in accordance with our instructions. Data is usually not processed outside the EU or EEA. If it is nonetheless necessary to transfer data outside the EU or EEA in a specific case, it is transferred exclusively on the basis of the standard EU contractual terms or to countries for which there is an EU adequacy decision and subject to instructions for processing on our behalf.
VIII. Rights of data subjects
Data subjects have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed. Where that is the case, the data subject has the right:
- pursuant to Article 7(3) GDPR, at any time to withdraw the consent he/she has given with effect for the future;
- pursuant to Article 15 GDPR, to request access to information regarding:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been disclosed;
- the envisaged period for which the personal data will be stored, or the criteria used to determine that period;
- the right to request from the controller rectification or erasure of personal data or restriction of processing of data by the controller or to object to such processing;
- the right to lodge a complaint;
- where the personal data is not collected from the data subject, the source of the subject's data;
- and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the process involved;
- pursuant to Article 16 GDPR, to request:
- the rectification of inaccurate personal data;
- with regard to the purposes for which the data has been processed, that additional data is added to complete incomplete personal data;
- pursuant to Article 17 GDPR, to request erasure (deletion) of his/her personal data stored with use, as long as:
- the personal data is no longer necessary in relation to the purposes for which it was collected;
- the data subject withdraws any consent that has been given and there is no other legal basis for processing the data;
- the data subject objects to processing pursuant to Article 19(1) GDPR and there are no overriding legitimate grounds for the processing;
- the data subject objects to processing pursuant to Article 19(2) GDPR;
- the data has been unlawfully processed;
- the data must be erased (deleted) for compliance with a legal obligation;
- the data has been collected pursuant to Article 8(1) GDPR
and the processing of the collected data is not necessary: - for exercising the right of freedom of expression and information;
- for compliance with a legal obligation;
- for reasons of public interest; or
- for the establishment, exercise or defence (including potential defence) of legal claims;
- pursuant to Article 18 GDPR, to request the restriction of processing of his/her personal date, where:
- the accuracy of the personal data is contested by the data subject;
- the processing is unlawful and the data subject opposes the erasure (deletion) of the personal data;
- the controller no longer needs the personal data, but it is required by the data subject for the establishment, exercise or defence of legal claims; or
- the data subject has objected to processing, pursuant to Article 21 GDPR;
- pursuant to Article 20 GDPR, to request to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and for those data to be transmitted to another controller;
- pursuant to Article 77 GDPR, to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
IX. Right to object
If personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, the data subject has the right, pursuant to Article 21 GDPR, to object to the processing of his or her data, on grounds relating to his or her particular situation or where the objection is to direct marketing. In the latter case, the data subject has a general right to object, which we will respect without the data subject giving grounds relating to his or her particular situation.
If you wish to exercise your right to withdraw consent or to object to processing, simply send an email to
X. Current version & updates to this Privacy Policy
This Privacy Policy is the latest version and was last updated in July 2019.
We reserve the right to amend this Privacy Policy to reflect changing statutory or regulatory requirements, to take into account changes to our website or in the context of our ongoing efforts to constantly improve this Privacy Policy.
You can access and print out the current, valid version of our Privacy Policy at any time on our website at https://www.servator-serviceline.de/datenschutz. The previous version is provided here.
Definitions
Our aim in publishing this Privacy Policy is to give our customers, potential customers and business partners a transparent overview of how we have processed personal data.
The Privacy Policy of PALUX Aktiengesellschaft is based strictly on the provisions of the General Data Protection Regulation (GDPR) and uses the terminology of the GDPR.
We have provided the legal definitions of key terms below to make the Privacy Policy easier to read and to ensure that the meaning of terms used in this Policy is clear:
1) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereafter, the "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2) Data subject
The data subject is any identified or identifiable natural person, whose personal data is processed by the data controller.
3) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
5) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
6) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
7) Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
8) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
9) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.
10) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
11) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.