Privacy Statement by Sulzer GmbH in accordance with the provisions of the GDPR
We thank you for your visit to our website and your interest in our company. We take the protection of your personal data very seriously and want your visit to our website to be a secure and pleasant experience.
I. Name and address of the Controller
The controller as defined in the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations, is:
II. Name and address of the Data Protection Officer
III. Data processing
1. Scope of personal data processing
We collect and use personal data for our users only to the extent that this is necessary in order to provide a functional website as well as our content and services. As a rule, the collection and use of our users’ personal data only takes place with prior consent from the user. An exception applies in cases where it is not possible to obtain consent in advance for practical reasons, and where data processing is permitted by the statutory provisions.
2. Legal basis for the processing of personal data
If and to the extent that we obtain consent from the relevant person (data subject) to process their personal data, Art. 6 para 1 (a) EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 (b) GDPR serves as legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.
If and to the extent that personal data must be processed in order to fulfil a legal obligation for our company, Art. 6 para 1 (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or of another natural person necessitate the processing of personal data, Art. 6 para 1 (d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh this first interest, Art. 6 para. 1 (f) GDPR serves as the legal basis for processing.
3. Contact form
You can get in touch with us using a contact form available on our website. In general, the information you provide is forwarded to the respective contact and, depending on the service you requested, processed. Your request will not be forwarded to our locations outside the EU without your express consent. Your data will be deleted after final processing of your enquiry.
The legal basis for data processing is Art. 6 para. 1 (b) GDPR, which allows the processing of data to fulfil a contract or for pre-contractual measures.
A data record may comprise:
- Phone number
4. E-mail contact
You can also contact us using the e-mail address provided. In that case, the user's personal data transmitted via e-mail will be stored.
5. Electronic transmission of application documents
In the case of your electronically transmitted job applications, collection and processing of your personal application data is exclusively performed for the purpose to fill a position within our company. Your data is forwarded to the internal departments and our company’s specialist units in charge of handling the job application procedure.
The legal basis for the processing of your application documents is Art. 6 para. 1 (b) GDPR, which allows the processing of data to fulfil a contract or for pre-contractual measures.
If you have sent us application documents for a position at our locations outside the EU, your application documents will be forwarded to the relevant locations. The locations outside the EU offer suitable guarantees for your rights in the form of standard contractual clauses in accordance with Art. 46 (2) (c) GDPR. You can request access to closed standard contract clauses from our data protection officers.
Your personal job application data is, in general, erased six months after the application procedure’s completion. This does not apply, if erasure would conflict with statutory regulations requiring continued storage of personal data for documentation purposes if or you expressly provided your consent that your personal data is stored for a longer period.
6. Registration for the application portal
The storage of personal data for registration in the JobPortal serves to provide the interested party with timely information on his application process and available job offers that correspond to his preferences.
The information from the registration to the JobPortal is used exclusively for information purposes for the prospective customer or for the initialization of an application process and/or for information about this application process.
The legal basis for the processing of your application documents is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
The prospective customer has the possibility to delete his profile at any time.
Profiles are deleted 2 years after the last login.
7. Transmission of data when you access this website
Access data to a Sulzer.de web page, together with technical and statistical information transmitted by the browser, may be stored in a log file on our server or on servers of data processing service providers engaged by Sulzer. Sulzer only engages data processing service providers in compliance with data protection laws and only to the extent permitted by law.
A data record may consist of:
- The page from which the respective page was requested
- Request date and time
- Transmitted data volume
- Description of browser type
- Client IP address
- Used operating system / platform
The legal basis for data processing is Art. 6 para. 1 (f) GDPR. The log data is used exclusively to ensure the safe and trouble-free operation of our website.
8. Cooperation with processors and third parties
If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transmit the data to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6, Para. 1 (b) GDPR is required for contract fulfillment), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).
Provided that we commission third parties with the processing of data on the basis of a so-called 'order processing contract', this shall take place on the basis of Art. 28 GDPR.
9. Transfers to third countries
If we process data in a third-party country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfillment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual authorizations, we only process the data in a third country or have the data processed in a third country if the specific requirements of Art. 44 et seq. GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognized special contractual obligations (called "standard contractual clauses").
10. Cookies and right to object in direct marketing
Cookies are small files that are stored on the user's computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his/her visit to an online offering. Temporary cookies, 'session cookies' or 'transient cookies', are cookies that are deleted after a user leaves an online offering and closes his/her browser. For example, the content of a shopping cart in an online shop or a login status can be stored in a cookie of this nature. Cookies are referred to as "permanent" or "persistent" if they remain saved even after the browser is closed. For example, the login status can be saved if users visit it after several days have passed. Likewise, the interests of users may be stored in a cookie of this nature and used for range measurements or marketing purposes. "Third-party cookies" are cookies that are offered by providers other than the data controller who operates the online offering (otherwise, if the only cookies are run by the data controller, they are referred to as 'first-party cookies').
If users do not want cookies stored on their computer, they will be asked to disable the option in their browser's system settings. Stored cookies can be erased using the system settings of the Browser. If storage of cookies is blocked, this may restrict functionality of this online offering.
Google Tag Manager
Google Tag Manager is a solution with which we can manage the so-called website tags via an interface (and thus integrate Google Analytics and other Google marketing services into our online offer, for example). The Tag Manager itself (which implements the tags) does not process any personal user data. With regard to the processing of users' personal data, reference is made to the following information on the Google services. Use Policy: https://www.google.com/intl/de/tagmanager/use-policy.html.
Google is certified under the Privacy Shield framework. Based on this certification Google provides a guarantee that Google complies with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyse usage of our Online Offering by users, to compile reports on these activities within the scope of our Online Offering and to provide for us additional services that are connected with the use of our Online Offering and the Internet. Within the scope of this process, pseudonymous user profiles can be created from processed data.
We only use Google Analytics with activated IP anonymisation. This means that the users’ IP address is abbreviated within the European Union member states or other member states of the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there.
The IP address transmitted by the User's browser is not associated with any other data held by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to its use of the online offer and the processing of such data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
Further information on data use by Google, setting and objection options, can be found in Google's data protection policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
Users' personal data will be deleted or made anonymous after 14 months.
Google Universal Analytics
We use Google Analytics in the design as “Universal Analytics”. "Universal Analytics" refers to a method of Google Analytics, in which the user analysis is based on a pseudonymous user ID and thus creates a pseudonymous profile of the user with information from the use of different devices (so-called 'cross-device tracking').
In order to prevent the detection by Google Analytics within this website in the future, please use the browser add-on, which you reach by clicking on "privacy settings" in the lower right corner of the screen (the Opt Out works only in this browser and only for this domain ). An opt-out cookie is stored on your device. If you delete your cookies in this browser, you must click this link again.
Targeting with Google Analytics
We use Google Analytics to display advertisements displayed within Google and its affiliate advertising services, only those users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in specific topics or products visited by them) Web pages) that we submit to Google (so-called "remarketing" or "Google Analytics audiences"). With the support of Remarketing Audiences, we also want to ensure that our ads correspond to the potential interest of users.
We use fonts ('Google Fonts') provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
We integrate the function for detecting bots, for example, when making entries in online forms, ("ReCaptcha") by the provider: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
We integrate maps from the service "Google Maps" by the provider Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The processed data may include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (as a rule within the framework of the settings of their mobile devices). The data can be processed in the USA. Privacy statement: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.
Points 7 to 10: Created with Datenschutz-Generator.de by Dr. Thomas Schwenke, attorney-at-law.
12. Integration of social networks plugins
Our website uses the respective buttons for the social networks:
Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
Xing, XING AG, Gänsemarkt 43, 20354 Hamburg, Germany
Kununu, Kununu GmbH, Neutorgasse 4-8, Top 3.02, A - 1010 Vienna, Austria
Twitter, Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
The buttons carry the logo of the respective network. These buttons are not the customary social plugins, but buttons with underlying links. You must separately activate these buttons by mouse click. As long as these buttons are not clicked, data is not transferred to the social networks. The buttons are activated and a connection is established only after you click on these buttons. By clicking on these buttons you declare your consent to the communication with the social network servers. After a button is clicked, the button is equivalent to a so-called Share-Plugin. The social network is provided with information on the visited page. You may share this information with your contacts in your social network. If you want to “share” the information, you must be logged in. If you are not logged in, you are routed to the log-on page of the clicked social network. You are then no longer on the Sulzer web pages. If you are logged in, the information is transmitted that you want to recommend the respective item. By activating the button, the social networks will also receive, among others, the information that and when you accessed the respective page on our website and, in addition, e.g. Your IP address, information on the used browser and language settings. When you click on a button, your click is transmitted to the social network and used according to the data use guidelines of the respective social network. You may access information on purpose and scope of data collection and further processing and use of the data by the respective social network, as well as your respective rights and browser setting options to protect your privacy:
at Facebook: http://www.facebook.com/about/privacy
at Xing: https://www.xing.com/privacy
at Kununu: https://www.kununu.com/us/privacy
at Twitter: https://twitter.com/en/privacy
at LinkedIn: https://www.linkedin.com/legal/privacy-policy
If you do not want the social network to receive any data about you, do not click on the button.
13. Deletion of data and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, such storage may take place if provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfilment of a contract.
14. Links to other web pages
In the case of direct or indirect links to other web pages ('Hyperlinks') that are outside of Sulzer’s sphere of responsibility, Sulzer is only liable if Sulzer has knowledge of any unlawful content and Sulzer does not remove the link to the respective web page(s) without undue delay. For this reason, Sulzer expressly declares that the linked web pages were free from obvious unlawful content at the time the link was set. Sulzer GmbH does not have any influence on the current and future content of the linked web pages. For this reason, Sulzer expressly distances itself from the content of all linked web pages that are modified after the link was set. The provider of the web page to which the link referred to is exclusively liable for unlawful, incorrect or incomplete content and for damages arising from the use or non-use of information presented in such manner.
Sulzer GmbH applies technical and organisational security measures to protect any data managed on our systems against accidental or intentional manipulations, loss or access by unauthorised individuals. Our security measures are improved on an ongoing basis in accordance with technological developments. Sulzer GmbH stores data protection relevant information exclusively on secured systems within Germany. Only a few authorised individuals, specifically bound to data protection, have access to these systems. These authorised individuals are entrusted with tasks to provide technical, administrative or editorial services in relation to data.
16. Your rights as a data subject
If your personal data is processed, you are the data subject as defined in the GDPR and you have the following rights with regard to the controller:
a. Right of access
You are entitled to obtain from the controller confirmation as to whether or not personal data concerning you is being processed, and,
Where that is the case, you can request access to the following information:
(1) the purposes of the processing;
(2) the categories of personal data concerned, which are being processed;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not obtained from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You are entitled to request information about whether your personal data is transmitted to a non-EU country or an international organisation. In this context, you can ask to be informed about the appropriate guarantees as per Art. 46 GDPR in conjunction with this transmission.
b. Right to rectification
You are entitled to ask the controller to rectify and/or complete your personal data if your processed data is inaccurate or incomplete. The controller must perform such corrections without undue delay.
c. Right to restriction of processing
You are entitled to request that processing of your personal data be restricted under the following conditions:
(1) you contest the accuracy of the personal data for a period of time enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but you need these for the establishment, exercise or defence of legal claims;
(4) you object to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of yours.
Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Once you have obtained restriction of processing pursuant to the above, you will be informed by the controller before the restriction of processing is lifted.
d. Right to erasure
Obligation to erase
You are entitled to request that the controller erase your personal data without undue delay and the controller shall be obligated to erase personal data without undue delay where one of the following grounds applies:
(1) Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) You withdraw your consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR
(4) Your personal data has been unlawfully processed;
(5) Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Information to third parties
If the controller has published your personal data and is obligated to erase it as per Art. 17 (1) GDPR, it will take appropriate (technical) measures – with consideration for the available technology and the implementation costs – to inform the parties responsible for processing your personal data that you as a data subject have asked them to delete all links to that personal data and any copies or replications of that personal data.
The right to erasure does not apply if processing is required:
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation that requires processing according to the law of the Union or the member states to which the controller is subject, or to perform a task that is in the public interest or was assigned to the controller in the exercise of public authority;
(3) for the sake of public interest in the sphere of public health as per Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR;
(4) for archival purposes, scholarly or historical research purposes that are in the public interest, or for statistical purposes as per Art. 89 (1) GDPR, to the extent that the right referred to in Section a) is likely to enable to fulfil the objectives of the processing or will significantly impair it, or
(5) in order to assert, exercise or defend legal claims.
e. Right to information
If you have asserted your right to have the data rectified or erased or its processing restricted by the controller, the latter must inform all recipients to whom your personal data was disclosed about such rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You are entitled to be informed about the recipients by the controller.
f. Right to data portability
You are entitled to obtain the personal data that you provided to the controller, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as:
(1) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
(2) the processing takes place using automated procedures.
In exercising this right, you are also entitled to have the relevant personal data transmitted directly from one controller to another wherever technically feasible. Other people’s freedoms or rights may not be impaired.
The right to data portability does not apply to the processing of personal data that is necessary in order to perform a task that is in the public interest or was assigned to the controller in the exercise of public authority.
g. Right to object
For reasons relating to your particular situation, you are entitled to object at any time to the processing of your personal data that takes place on the basis of Art. 6 (1) (e) or (f) GDPR.
The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You have the option to exercise your right to object in conjunction with the use of information society services – regardless of Directive 2002/58/EC – by way of automated processes in which technical specifications are used.
h. Right to revoke the declaration of consent under data protection law
You are entitled to revoke your declaration of consent under data protection law at any time. Revoking your consent will not affect the legality of any processing that took place before the revocation.
i. Right to submit a complaint to a supervisory authority
Regardless of any other administrative or judicial action, you are entitled to submit a complaint to a supervisory authority, particularly in the member state where you reside, place of work or in the place of the alleged infringement, if you believe that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint is submitted will then inform the complainant about the status and results of the complaint, including the possibility of taking legal action as per Art. 78 GDPR.