1. Our privacy policy
Protecting your personal data is a top priority at Südwestdeutsche Salzwerke AG. With this in mind, we always treat your personal data as confidential and handle this information in accordance with the applicable provisions on data protection and privacy.
In principle, it is possible to use our website without providing any personal data. However, if you wish to make use of particular services provided by our company via our website as a website visitor, it may become necessary to process personal data.
Our privacy policy provides information on the nature, scope, and purpose of the personal data we collect, use, and process. This privacy policy also explains what rights data subjects have in conjunction with their personal data.
In our role as controller, we have taken numerous technical and organizational measures to ensure that the personal data processed via this website are protected to the fullest possible degree. Still, please note that Internet-based data transfers may involve security vulnerabilities in principle, so it is not possible to guarantee absolute protection.
2. Definitions
Our privacy policy uses terms that are also found in the EU General Data Protection Regulation (GDPR). To make it easier for you to read and understand this document, key terms are explained in the section below.
2.1 Personal data
“Personal data” means all information relating to an identified or identifiable natural person (the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2 Data subject
“Data subject” means any identified or identifiable natural person whose personal data are processed by the controller.
2.3 Processing
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.4 Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
2.5 Profiling
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
2.6 Pseudonymization
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
2.7 Controller
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2.8 Processor
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
2.9 Recipient
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.
2.10 Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
2.11 Consent
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. Name and address of the controller
The controller within the meaning of the GDPR, other data protection acts applicable within the Member States of the European Union, and other provisions of a data protection and privacy nature is:
Südwestdeutsche Salzwerke AG
Salzgrund 67
74076 Heilbronn
Germany
4. Contact details of the data protection officer
The address of the data protection officer is:
Südwestdeutsche Salzwerke AG
Data Protection Officer
Salzgrund 67
74076 Heilbronn
Alternatively, you can also use the following e-mail address for your inquiries:
5. How we protect your data
We take protecting your personal data very seriously and implement appropriate technical and organizational measures to protect your data associated with the use of this website against access by unauthorized parties, manipulation, destruction, and loss. The security measures used are improved on an ongoing basis in keeping with advances in technology.
For example, communication via our website is protected via HTTPS (HyperText Transfer Protocol Secure). This establishes a secure connection between the server and client that cannot be read by unauthorized parties. This serves to protect the transfer of confidential content such as inquiries that you submit to us as the operator of this site.
Where service providers are involved in the handling or performance of services of our website and these service providers should be viewed as processors, we have entered into processing agreements within the meaning of Article 28 GDPR to govern these relationships with an eye to protecting your personal data.
6. Collection of general data and information during use of our website
Where our website is used for purely informational purposes, i.e., without registering for a customer account, using the contact form for inquiries, or placing an order in the online shop, we collect only those personal data that your browser transmits to our server. If you wish to view our website, we collect the following data:
- the IP address;
- date and time of query;
- the region (not the address) from which the IP address accesses the website;
- the browser language, type (e.g., Chrome, Firefox, Safari), and version;
- operating system;
- device type (e.g., mobile device, desktop computer, tablet);
- browsing behavior on the website (e.g., when was the website visited, which areas of the website were clicked, how much time was spent on the website); and
- the website from which the request comes.
We process and store these data for purposes of ensuring the functionality of the website, improving the content of the website, and preparing statistical analyses based on aggregated data on surfing. We also process and store them to analyze the technical operation of the website and ensure the security of our information technology systems.
Our legitimate interest in data processing pursuant to point (f) of Article 6(1) GDPR lies in the necessity of displaying this website to you and ensuring stability, functionality, and security. The storage of server logfiles also serves the purpose of potential criminal prosecution with an eye to possible cyberattacks. With an eye to logfile rotation, logfiles and the IP addresses they contain are stored until a limit of 100 MB is reached and then automatically overwritten or deleted once that limit is passed. The duration of storage is 60 days.
7. Hosting of our website
We host our website via our hosting partner exclusively in Germany as a server location (server(s) in Germany). In keeping with the provisions of data protection and privacy law, we have entered into an agreement on processing of data on another entity’s behalf pursuant to Article 28 GDPR. Connection data are processed for the purpose of providing and delivering the website. The data are not stored beyond the visit itself for the mere purpose of delivering and providing the website. However, our processor does store the connection data for security purposes. The duration of processing for security purposes is variable and ends when there is no longer a need for the security measures in question.
8. Data in the context of use of a contact form offered on the website
If you have questions of any kind, we give you the option of contacting us using a form provided on the website or an online function that serves this purpose. Providing a valid e-mail address is required so that we know who sent the inquiry and can respond to it. Further required information is indicated with an asterisk (*) in the contact form. Depending on the topic, the nature of the data involved, and whether or not you are already a customer, the processing of the data is based on the contract with you, your consent, or your or our legitimate interest in clarifying the matter pursuant to points (a), (b), and (f) of Article 6(1) GDPR. We will erase your data concerning the inquiry where we are not legally obligated to continue to store or retain them. Where the data are still required to handle outstanding inquiries, they will not be erased until after these inquiries are settled. Your personal data are not shared with third parties.
9. Links to other websites and services of third parties
Our website may contain links to third-party websites, and some of our services may allow you to access the services of third parties (such as social networks) under some circumstances. We have no influence over how third-party websites and/or services process your personal data. We do not review or verify third-party websites or services, nor are we responsible for their data protection and privacy practices. Please read the privacy policies of the third-party websites and/or services you access via our website or services. Where our website includes other services, you will find explanatory information regarding this in this privacy policy.
10. Cookie policy
10.1 What are cookies?
Cookies are small text files in which a Web browser stores information transmitted by a Web server regarding the Internet sites that have been visited. This may be information on the site visit, such as duration, login details, user entries, and similar information.
These cookies are stored on your computer or mobile device when you visit a website. They take up hardly any storage space and are automatically deleted when they expire. Certain cookies expire at the end of your Internet session, while others are stored for a limited period.
10.2. Cookie consent through Cookiebot via “COOKIE GUIDE”
Our website uses cookie consent technology from Cookiebot to obtain your consent to the storage of certain cookies on your device and document this in a manner compliant with data protection and privacy law. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (“Cookiebot”).
When you enter our website, a connection is established to the Cookiebot servers to obtain your consent and other declarations regarding the use of cookies. Then Cookiebot stores a cookie on your browser to be able to associate the consent you have granted or withdrawn with you. The data collected in this way are stored until you request that we erase them or delete the Cookiebot cookie itself or the purpose of storing the data ceases to apply. Cookiebot is used in order to obtain the legally required consent to the use of cookies. The legal basis for this is point (c) of Article 6(1) GDPR.
Agreement on processing of data on another entity’s behalf
We have entered into an agreement on processing of data on another entity’s behalf with Cookiebot. This is an agreement required by data protection and privacy law that ensures that Cookiebot processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
10.3. COOKIE GUIDE
What kinds of cookies are there?
Strictly necessary cookies
Strictly necessary cookies help to make a website usable by enabling basic functions such as site navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Statistical cookies
Statistical cookies help website operators understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing cookies
Marketing cookies are used to track visitors on websites. The intention is to display ads that are relevant and appealing to the individual user and are therefore of greater value for publishers and third-party advertisers.
Preference cookies
Preference cookies enable a website to remember information that affects how a website behaves or looks, such as your preferred language or the region where you are located.
Why do we use cookies?
We use cookies primarily to make your visit to our website as user-friendly as possible. We also use cookies with which tracking on the website can be analyzed and for advertising purposes when you visit other websites in the future.
How you can manage cookies on our website
You can easily view your cookie settings at any time and make changes as needed. You can click the “Change consent” or “Withdraw consent” button to access the cookie banner and make the appropriate adjustments at any time.