Data protection at Pilz

I. Definitions

Our data privacy statement makes use of terms defined in the EU General Data Protection Regulations (GDPR). We have explained these terms below in order to ensure legibility and comprehension of our data privacy statement:

1. Personal data

According to the GDPR, personal data is all information referring to an identified or identifiable natural person. This refers to information such as your name, your date of birth, your address, your E-Mail address, your IP address or your telephone number, as well as your user behaviour. On the other hand, information not directly related to your real identity – such as websites generally preferred by all users or a website’s number of users – is not regarded as personal data.

2. Data subject

The data subject is any identified or identifiable natural person whose personal data is used by the controller responsible for processing.

3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

5. Controller or controller responsible for processing

The controller or controller responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or member state law, the controller or the specific criteria for its nomination may be provided for by Union or member state law.

6. Processor

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

7. Recipient

The recipient is a natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or member state law shall not be regarded as recipients.

8. Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

9. Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning them.

II. Name and address of the controller [Art. 4, Para. 7 of the GDPR]

The controller under the terms of the General Data Protection Regulation, other national data protection legislation of the member states and other provisions under data protection legislation is:

Pilz GmbH & Co. KG
Felix-Wankel-Straße 2
73760 Ostfildern
Germany

Tel.: +49 711 3409-0
E-Mail: info@pilz.de
Website: www.pilz.com

III. Data protection officer

You can reach our data protection officer at: dataprotection@pilz.com

IV. General information on data processing

1. Extent of personal data processing

As a basic principle, we collect and process our users’ personal data only to the extent required for providing a functional website and supplying our content and services. We process our users’ personal data regularly only if the respective users have given their consent. An exception applies in those cases where it is not actually possible to obtain prior consent and where data processing is permitted by law.

2. Legal basis for processing personal data

The data you transfer or collect shall only be collected, used, processed, stored and if necessary forwarded to third parties – where this is legally prescribed, contractually necessary or permitted within the framework of current legislation – within the framework of current data protection legislation (GDPR, the German Federal Data Protection Act and the German Broadcast Media Act).

Art. 6 of the GDPR is the respective legal basis for processing your personal data to which this data privacy statement refers:

Insofar as we obtain the data subject's consent to process their personal data, Art. 6, Para. 1, lit. a of the EU General Data Protection Regulation (GDPR) shall apply as the legal basis for processing personal data.

Where it is necessary to process personal data for the purposes of fulfilling a contract and the data subject is the contracting party, Art. 6, Para. 1, lit. b of the GDPR shall apply as the legal basis. This shall also apply to processing which is required to carry out pre-contractual measures.

Where processing of personal data is necessary for our company to fulfil a legal obligation, Art. 6, Para. 1, lit. c of the GDPR shall apply as the legal basis.

Where processing of personal data is necessary for protecting the vital interests of the data subject, or those of another natural person, Art. 6, Para. 1, lit. d of the GDPR shall apply as the legal basis.

Where processing is necessary to protect our company's or a third party's legitimate interests, and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6, Para. 1, lit. f of the GDPR shall apply as the legal basis for processing.

3. Erasure of data and duration of storage

The data subject’s personal data shall be erased or blocked as soon as the purpose for which it has been stored has been fulfilled. Data may be stored beyond this period if this is specified in European or national legislation from European Union Regulations, laws or other provisions to which the controller is subject. Data shall also be blocked or erased if a storage period specified in the above standards expires, unless conclusion or fulfilment of a contract requires the data to be stored for longer.

V. Providing the website and creating log files

The extent and manner of collection and use of your data shall vary, depending on whether you visit our website only to access information or whether you are making use of our offers - newsletter (below, VII), registration for webshop (VIII), static links (IX) and the option of E-Mail contact as set out in the contact form or by E-Mail address (X):

1. Description and extent of data processing

Each time our website is accessed, our system automatically collects data and information from the accessing computer system.
The following data is collected:

  1. Information on the browser type and version used
  2. The user's operating system
  3. The user's IP address
  4. Date and time of access
  5. Websites from which the user’s system reaches our website
  6. Websites the user’s system accesses from our website

The data is also stored in our system's log files. This data is not stored together with any of the user’s other personal data.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6, Par. 1, lit. f of the GDPR.

3. Purpose of data processing

The system needs to store the IP address temporarily in order to provide the website to the user’s computer. The user's IP address must remain stored for the duration of the session for this purpose.

Storage in log files is carried out to guarantee the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. No data is evaluated for marketing purposes in this context.

The above purposes also constitute our legitimate interest in data processing under Art. 6, Para. 1, lit. f of the GDPR.

4. Duration of storage

The data shall be erased as soon as it is no longer required to achieve the purpose for which it was collected. When data is collected in order to provide the website, this is the case when the respective session is ended.

When data is stored in log files, this is the case after 7 days at the latest. Extended storage is possible. In this case, users' IP addresses are erased or modified so that they can no longer be allocated to the accessing user.

5. Option to object and remove

It is absolutely essential to collect data in order to provide the website; it is necessary to store data in log files in order to operate the website. As a result, the user has no option to object.

VI. Use of cookies

Our website uses cookies. Cookies are text files which are stored in the user’s Internet browser or on the user’s computer system by the Internet browser. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic character string which enables unique identification of the browser the next time the website is called up.

I. Own cookies

1. Description and extent of data processing

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to also be identifiable after a page change.

When our website is accessed, an information banner informs users about the use of cookies, refers them to this data privacy statement and obtains their consent to processing their personal data used in this respect.

The following data is stored and transferred in the cookies:

Content Management System cookie

  1. is_mobile – Information on whether they are using a mobile device
  2. is_new – Information on whether it is a first-time visit to the website
  3. region_select
  4. user_language – Selected language
  5. user_locale
  6. user_region – Region from which the user comes
  7. true (if data privacy regulation agreed)
  8. User's time zone

2. Legal basis for data processing

The legal basis for processing personal data using technically necessary cookies is Art. 6, Par. 1, lit. f of the GDPR. The legal basis for processing personal data using cookies, provided that the user has given their consent to this effect, is Art. 6, Para. 1, lit. a of the GDPR.

3. Purpose of data processing

Technically necessary cookies are employed to make it easier for users to use websites. Some functions of our website cannot be offered without the use of cookies. To this end, the browser must be recognised even after a page change.

We need cookies for the following applications:

  1. Shopping basket
  2. Adopt the language settings
  3. Reminder list

The user data collected by technically necessary cookies is not used to create user profiles. The above purposes also constitute our legitimate interest in processing personal data in accordance with Art. 6, Para. 1, lit. f of the GDPR.

4. Duration of storage and option to object and remove

Cookies are stored on the user’s computer, which transfers them to our page. As a user, therefore, you have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transfer of cookies. You can delete cookies that have already been stored at any time. This can be done automatically. If cookies are deactivated for our website, it may not be possible to use all of the website’s functions in full.

II. Cookies used by third parties - etracker

On our website, data is collected and stored for marketing and optimisation purposes using the technologies developed by etracker GmbH from Hamburg, Germany (http://www.etracker.com). As standard we do not use cookies for web analysis. Where we do use analysis and optimisation cookies, we obtain your explicit consent separately in advance. If this is the case and you give your consent, cookies will be used that enable a statistical range analysis of this website, allow us to measure the success of our online marketing activities and enable test procedures that test and optimise different versions of our online offer or its component parts. Cookies are small text files that the Internet Browser stores on the user's end device. etracker Cookies do not contain any information that enables a user to be identified.

1. Description and extent of data processing

When our website is accessed, an information banner informs users about the use of cookies for analysis purposes, refers them to this data privacy statement and obtains their consent to processing their personal data used in this respect.

A user profile can be generated from the data collected under a pseudonym. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the website user’s Internet browser. The cookies enable recognition of the Internet browser. The data collected is not used to identify website visitors personally. We use this information exclusively to find out how attractive our website is and to work to improve it.

For example, the data collected includes details of the browser and operating system used, which website a person arrives from, the average time spent on the website and which pages are called up.

etracker cookie:

  1. etracker Analytics visitor recognition
  2. etracker Analytics cookie recognition
  3. Recognition of returning visitors
  4. Recognition of whether the scroll depth is measured for the visitor

The data generated using etracker is processed and stored exclusively on our behalf in Germany by etracker and so is subject to strict German and European data privacy laws and standards. etracker has been independently audited and certified in this regard and has been awarded the data protection quality seal.

2. Legal basis for data processing

The legal basis for processing personal data using cookies for analysis purposes, provided that the user has given their consent to this effect, is Art. 6, Par. 1, lit. a of the GDPR. The legal basis for the use of etracker without such consent is Art. 6, Para. 1, Clause 1, lit. f of the GDPR.

3. Purpose of data processing

The analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies allow us to find out how the website is used and therefore allow us to continuously optimise it. The statistics acquired allow us to improve our website and to design it in a way that is more interesting to you as a user. We have a legitimate interest in this regard.

4. Duration of storage and option to object and remove

The collected data is permanently stored and pseudonymised before analysis. You may withdraw your consent to data being collected and stored at any time with effect for the future.

You can withdraw consent to the above data processing at any time. There are no adverse consequences to withdrawing consent.



5. Further information

Third party supplier information:

etracker GmbH
Erste Brunnenstraße 1
20459 Hamburg

https://www.etracker.com/en/data-privacy

6. Cookiebot - Overview of the cookies used

Third party supplier information:

etracker GmbH
Erste Brunnenstraße 1
20459 Hamburg

https://www.etracker.com/en/data-privacy

VII. E-Mail contact

1. Description and extent of data processing

You can contact us on the E-Mail address provided. In this case, the user's personal data that is transferred with the E-Mail is stored.

Your data shall not be disclosed to third parties in this regard. Data is only used for processing the conversation.

2. Legal basis for data processing

The legal basis for data processing, provided that the user has given their consent to this effect, is Art. 6, Par. 1, lit. a of the GDPR. The legal basis for processing data transferred in the course of sending an E-Mail is Art. 6, Para. 1, lit. f of the GDPR. If you have contacted us by E-Mail with the aim of concluding a contract, Art. 6, Para. 1, lit. b of the GDPR forms an additional legal basis.

3. Purpose of data processing

Processing of personal data from the input screen serves only to allow us to process the contact request. If the user makes contact by E-Mail, there is also a required legitimate interest in data processing.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

The data shall be erased as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the contact form's input screen and the data sent by E-Mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the situation concerned has been conclusively clarified.

The personal data also collected during the sending process is erased after a period of seven days at the latest.

5. Option to object and remove

Users have the option to withdraw their consent to the processing of their personal data at any time

If users contact us by E-Mail, they can object to the storage of their personal data at any time. The conversation cannot be continued in a case such as this.

All personal data stored during the course of contact is erased in this case.

6. LinkedIn - Generating leads through a form

By means of ads we place forms via LinkedIn; these give you the opportunity to receive further information or take advantage of additional offers. We use this form to ask for your personal data (first name and surname, company, E-Mail address, telephone number) and, depending on the type of ad, other personal data provided by LinkedIn in the form.

You send the data you enter in the form by pressing the "Send" button. This is sent to LinkedIn first, then LinkedIn makes this data available to us via an interface.

The data you provide is processed exclusively on the basis of your consent (Art. 6, Par. 1, lit. a of the GDPR). You can withdraw that consent at any time. An informal notification via E-Mail is enough to withdraw your consent. The legality of any data processing operations carried out before consent is withdrawn shall remain unaffected.

We shall store the data submitted to us via the form until such time as you instruct us to erase it, withdraw your consent to it being stored or there is no further need to store the data. Mandatory statutory provisions - in particular retention periods – shall remain unaffected. In accordance with its internal data privacy policies, LinkedIn stores your data independently for a period of 90 days and then erases it automatically.

VIII. Rights of the data subject

If your personal data is processed, then you are the data subject under the provisions of the GDPR and you are entitled to the following rights vis-à-vis the controller:

1. Right of access

You can request confirmation from the controller as to whether we are processing personal data concerning you.

If such processing is taking place, you can request access to the following information from the controller:

  1. The purposes for which the personal data is being processed;
  2. The categories of personal data that are being processed;
  3. The recipients or categories of recipients to whom the relevant personal data has been disclosed or is being disclosed;
  4. The planned duration of storage of the personal data concerning you or, if that is not possible, the criteria used to define that period;
  5. The existence of the right to request from the controller rectification or erasure of personal data concerning you, the right to restrict processing by the controller or the right to object to this processing;
  6. The right to lodge a complaint with a supervisory authority;
  7. All available information about the origin of the data, if the personal data is not obtained from the data subject;
  8. The existence of automated decision-making, including profiling, referred to in Art. 22 Par. 1 and 4 of the GDPR and – at least in those cases – meaningful information about the logic involved, as well as the implications and intended effects of such procedures for the data subject.
  9. You have the right to request information about whether the personal data concerning you is transferred to a third country or an international organisation. In this context, you can request to be informed of the appropriate safeguards according to Art. 46 of the GDPR in connection with such transfer.

2. Right to rectification

You have a right to obtain rectification and/or completion from the controller, where the processed personal data concerning you is incorrect or incomplete. The controller shall rectify the data without delay.

3. Right to restrict processing

You can request that processing of the personal data concerning you be restricted under the following conditions:

  1. When you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
  2. Processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  3. The controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims, or
  4. When you have objected to processing pursuant to Art. 21 Par. 1 of the GDPR, pending verification of whether the legitimate grounds of the controller override yours.

Where processing of the personal data concerning you is restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of rights of another natural or legal person or for reasons of important public interest of the Union or of a member state.

If restriction of processing was obtained in accordance with the aforementioned conditions, you shall be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to erase

You can make a request to the controller that the personal data concerning you be erased without undue delay and the controller shall be obliged to erase this data without undue delay where one of the following grounds applies:

  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which processing is based in accordance with Art. 6, Para. 1, lit. a or Art. 9, Para. 2, lit. a of the GDPR and there are no other legal grounds for processing.
  3. You object to processing pursuant to Art. 21, Para. 1 of the GDPR and there are no other overriding legitimate grounds for processing or you object to processing pursuant to Art. 21, Para. 2 of the GDPR.
  4. The personal data concerning you was processed unlawfully.
  5. The personal data concerning you must be erased for compliance with a legal obligation in Union or member state law to which the controller is subject.
  6. The personal data concerning you was collected in relation to the offer of information society services referred to in Art. 8, Para. 1 of the GDPR.

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged to erase the personal data pursuant to Art. 17, Par. 1 of the GDPR, taking account of the available technology and the cost of implementation, the controller shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you as the data subject have requested the erasure of any links to, or copy or replication of this personal data.

c) Exceptions

The right to erasure shall not apply where processing is necessary

  1. For exercising the right of freedom of expression and information;
  2. For compliance with a legal obligation which requires processing by Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. For reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 Par. 2 as well as Art. 9 Par. 3 of the GDPR;
  4.  For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Par. 1 of the GDPR, in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  5. For the establishment, exercise or defence of legal claims.

5. Right to notification

If you have asserted your right to rectification, erasure or restriction of processing from the controller, the controller shall be obliged to inform all the recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You are entitled to receive information about these recipients from the controller.

6. Right to data portability

You have the right to receive the personal data concerning you, which you provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

Processing is based on consent pursuant to Art. 6 Par. 1 lit. a or Art. 9 Par. 2 lit. a of the GDPR or on a contract pursuant to Art. 6 Par. 1 lit. b of the GDPR and processing is carried out by automated means.

In exercising this right, you further have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by the exercising of this right.

7. Right to object

You shall have the right, on grounds relating to your particular situation, to object at any time to processing of the personal data concerning you based on Art. 6, Para. 1, lit. e or f of the GDPR; this shall also apply to profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If the personal data concerning you is processed for direct marketing purposes, you shall have the right at any time to object to processing of the personal data concerning you for the purposes of such marketing; this shall also apply to profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you can exercise your right to object by automated means using technical specifications.

8. Right to withdraw your declaration of consent under data privacy legislation

You have the right to withdraw your declaration of consent under data privacy legislation at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.

IX. Right of amendment

We reserve the right to amend this data privacy statement in order to adapt it to current regulations; the same applies to the offerings on our website.

Get in contact with our experts

Pilz Global Distillery Business Unit
Cork Business and Technology Park,
Model Farm Road
Cork, Ireland

Telephone: +353 21 4346535
E-Mail: distillery@pilz.com