Emergency service

Contact

Data protection information

 

Information on the processing of your data in accordance with Art. 13 of the European General Data Protection Regulation (GDPR).

1. Scope of application

This privacy policy applies to the Firian GmbH website and to the personal data collected via its Internet pages. For websites of other providers to which reference is made, e.g. via links, the data protection notices and declarations there apply.

References to legal regulations within this privacy policy refer to the General Data Protection Regulation (GDPR) in the version valid from May 25, 2018, and the Federal Data Protection Act (BDSG) in the version valid from November 26, 2019.

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 GDPR).

2. Responsible party

The controller responsible for data processing on this website is:
Firian GmbH
Klausnerring 16
85551 Kirchheim b. München
Telephone: +49 89 99119-01
E-Mail: info@firian.com

Legal representatives:
Christoph Haar, Falk Ursinus

Data protection officer:
Pfeil Concepts GmbH
David Pfeil
Schloßstraße 28 
04425 Taucha
+49 34 298158-920
privacy@firian.com

3. Information on the processing of personal data on our website

3.1 Web-Hosting:

The web server for the operation of our website is technically operated and maintained by united-domains ag. Their contact details are:
united-domains ag
Gautinger Str. 10
82319 Starnberg

We have concluded a contract with united-domains GmbH for order processing in accordance with Art. 28 para. 3 GDPR.

3.2 SSL-/TLS encryption

When you visit our website, selected personal data is automatically collected by our IT systems. This is primarily technical data (e.g. information about your internet browser, operating system or the time the page was accessed). This data is collected in order to ensure error-free provision of the website. Furthermore, this data can be used to analyze your user behavior and to improve our services and products. This data is transmitted to FIRMENPUNKT GmbH as part of order processing.

3.3 Processing of personal data when using the website?

Beim Besuch unserer Website werden ausgewählte personenbezogene Daten automatisch durch unsere IT-Systeme erfasst. Das sind vor allem technische Daten (z.B. Informationen zu Ihrem Internetbrowser, Betriebssystem oder der Uhrzeit des Seitenaufrufs). Diese Daten werden erhoben, um eine fehlerfreie Bereitstellung der Website zu gewährleisten. Weiterhin können diese Daten zur Analyse Ihres Nutzerverhaltens und zur Verbesserung unserer Dienstleistungen und Produkte verwendet werden. Im Rahmen der Auftragsverarbeitung werden diese Daten an united-domains ag übermittelt.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: 

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address
     

This data is not merged with other data sources.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose. After seven days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user.

4. Information on the processing of personal data in the context of our service provision

4.1 Purposes of processing

Technical log data to record contact data for order initiation, general and anonymized visit statistics, maintenance of relationships with interested parties.

4.2 Legal bases of our processing activities

  • Fulfillment of contractual and pre-contractual measures (Article 6 para. 1 sentence 1 lit. b GDPR)
  • Legal obligations (Article 6(1)(1)(c) GDPR) or public interest (Article 6(1)(1)(e) GDPR)
  • Consent (Article 6 para. 1 sentence 1 lit. a GDPR in conjunction with Article 7 para. 1-4 GDPR)
  • To safeguard our legitimate interests (Article 6 (1) (f) GDPR)

4.3 Categories of data subjects

Interested parties, customers and/or employees of customers, suppliers, interested parties, partners, intermediaries, external service providers and freelancers.

4.4 Categories of personal data

We process personal data that we receive from you in your capacity as a representative or authorized representative of the legal entity (interested party, customer, supplier, external service provider, partner, freelancer, employee of the client, intermediary).

In detail:

  • Contact data (surname, title, first name, telephone, fax, cell phone, internet address, e-mail, position, company, company address, number of employees if applicable, sector, type of customer, telephone (company), fax (company), contact history and correspondence, data for offers and business initiation),
  • Billing data (order data, payment data, account information, bank, IBAN, BIC, name of the account holder, data for the fulfillment of contractual obligations,
  • Personal information from orders and contracts (address, contact details, contract content).

4.5 Categories of recipients

  • nternal departments involved in the execution of the respective business processes such as purchasing, sales, marketing, distribution, administration, order processing, accounting and bookkeeping. Public bodies such as social security institutions and tax authorities in the case of overriding legal provisions.
  • External contractors (processors within the meaning of Art. 4 in conjunction with Art. 28 GDPR. Art. 28 GDPR. to fulfill the above-mentioned purposes). In addition, we only pass on your personal data if you have given us your express consent to do so in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, or if there is a legal obligation to pass on the data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, e.g. in the context of criminal prosecution or the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion or defense of legal claims or the exercise of rights, and it cannot be assumed that the disclosure conflicts with an overriding interest of the data subject worthy of protection.

4.6 Retention/deletion periods

Once the respective statutory retention periods have expired, we delete the respective personal data as long as the personal data is no longer required for contract fulfillment or contract initiation or we no longer have a legitimate interest in storing it.

Storage period of personal data:

10 years retention period in accordance with § 14 UStG.
10-year retention period in accordance with § 147 AO for tax-relevant documents.
10 years. Retention period in accordance with § 257 para. 1 no. 1 + 4 HGB. Applies to trading books, inventories, opening balance sheets, (consolidated) annual financial statements, (consolidated) management reports, accounting documents.

5. Data transfer to third countries outside the EU

A transfer to third countries does not take place and is not planned. Nevertheless, when using electronic communication via the Internet, it can never be ruled out that data will be forwarded via a third country.

6. Processing of personal data

6.1 Processing of personal data in the context of applications/recruiting

We offer you the opportunity to apply to us (e.g. by e-mail or post). The collection, processing and use of your applicant data is carried out in accordance with applicable data protection law. Your data will also be treated in strict confidence.

If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-new under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG-new and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.

If we are unable to make you a job offer, you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained for a maximum of 6 months after completion of the application process (retention period) in order to be able to trace the details of the application process in the event of discrepancies (Art. 6 para. 1 lit. f GDPR). YOU CAN OBJECT TO THIS STORAGE IF YOU HAVE LEGITIMATE INTERESTS THAT OUTWEIGH OUR INTERESTS.

After the retention period has expired, the data will be deleted unless there is a statutory retention obligation or another legal reason for further storage. If it is evident that it will be necessary to store your data after the retention period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted once it has become irrelevant. Other statutory retention obligations remain unaffected by this.

6.2 Processing of personal data in the context of newsletters

Irrespective of the contract processing, we use your e-mail address exclusively for our own advertising purposes in the context of sending newsletters, provided you have expressly consented to this. The processing takes place on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can revoke this consent at any time (the legality of the processing that has already taken place up to that point remains unaffected by the revocation). You can unsubscribe from the newsletter at any time via the corresponding link directly in the newsletter or by notifying us. Your e-mail address will then be removed from the newsletter distribution list.

6.3 Google Analytics

This website uses the web analysis service Google Analytics from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of data processing by Google Analytics is to enable the website operator to analyze the behavior of website visitors and for advertising and marketing purposes. 
For this purpose, Google will use the information obtained on behalf of the website operator to evaluate the use of the website visitors in order to compile corresponding reports.

The website operator receives various usage data, such as the IP address, page views, length of visit, click paths, browsers and operating systems used and location data. This data is assigned to the user's end device. 
We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of these cookies or comparable technologies is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be withdrawn at any time.

For the USA, there is an adequacy decision with the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF), which is intended to ensure compliance with European data protection standards for data processing in the USA. Google is certified in accordance with the TADPF and has therefore undertaken to comply with European data protection principles. 

You can find more information on how Google Analytics handles user data in Google's privacy policy: support.google.com/analytics/answer/6004245
 

7. Rights of data subjects

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data. You can contact the responsible body or our external data protection officer at any time with regard to this and other questions on the subject of data protection. You also have the right to lodge a complaint with the competent supervisory authority.

Withdrawal of your consent to data processing (Art. 7 GDPR)
Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. All you need to do is send us an informal email. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you lodge an objection, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.

Right to lodge a complaint with the competent supervisory authority (Art. 13 GDPR)
In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Right to data portability (Art. 20 GDPR)
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Information, blocking, erasure and rectification (Art. 15, 16, 17 GDPR)
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of personal data.

Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases

If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.

If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure. If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.

If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.