1. Our data protection statement
Protecting your personal data is a top priority for Südwestdeutsche Salzwerke AG. With this in mind, we always treat your personal data as confidential and in accordance with the applicable provisions on data protection.
In principle, it is possible to use our website without providing personal data. However, it you wish to utilize particular services of our company via our website as a visitor to our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no statutory basis for such processing, we generally obtain the consent of the data subject.
Our data protection statement provides you with information on the nature, scope and purpose of the personal data we collect, use and process. This data protection statement also explains what rights a data subject has in connection with your personal data.
As the controller responsible for processing, we have implemented numerous technical and organizational measures to ensure as much protection as possible for the personal data processed via this website. Still, please note that Internet-based data transfers can be subject to security gaps in principle, so it is not possible to guarantee absolute protection.
Our data protection statement uses terms that are also used in the General Data Protection Regulation (“GDPR”). To make it easier for you to read and understand this statement, the section below presents the most important terms.
2.1 Personal data
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2 Data subject
“Data subject” means any identified or identifiable natural person whose personal data are processed by the controller.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.4 Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.
2.10 Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. Name and address of the controller
The controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
Südwestdeutsche Salzwerke AG
4. Contact information for the data protection officer
The data protection officer’s address is as follows:
Südwestdeutsche Salzwerke AG
Data Protection Officer
Alternatively, you can send inquiries to the following e-mail address:
5. How we protect your data
We take protecting your personal data very seriously and implement appropriate technical and organizational measures to protect your data against access by unauthorized persons, manipulation, destruction and loss in connection with the use of this website. The security measures used undergo improvement on an ongoing basis in accordance with technological advances.
For example, communication via our website is protected via HTTPS (HyperText Transfer Protocol Secure). This establishes a secure connection between the server and client that cannot be read by unauthorized parties. This serves to protect the transmission of confidential content such as inquiries that you make to us as the site operator.
If service providers are involved in handling services of our website and these providers meet the definition of processors, we have set out provisions governing these relationships in order to protect your personal data via a contract for processing on our behalf within the meaning of Article 28 GDPR.
6. Collection of general data and information when our website is used
Every time our website is accessed, it collects a range of general data and information, which are stored in the server’s log files. The information collected may include the browser types and versions used, the operating system used by the user, the website from which a system accessing our site reaches our website (known as the “referrer”), the subpages to which a system accessing our site navigates on our website, the date and time of access to our website, an Internet Protocol (IP) address and the Internet service provider of the system accessing our site. No conclusions regarding the data subject, meaning you as the website visitor, are drawn when these general data and items of information are used. This information is needed in order to ensure the functionality of the website. We also use the data to optimize the website and ensure the security of our information technology systems. All anonymous server log file data are stored separately from all personal data provided by a data subject. The collection of the data on the provision of the website and storage of the data in log files are essential to the operation of the website. The user therefore has no possibility of objecting to this. The log file data are erased as soon as they are no longer required in order to achieve the purpose for which they were collected. In the case of collection of the data to provide the website, this is the case after seven days at the latest.
7. Data within the context of the use of a contact form offered on the website
For questions of all kinds, we offer you the possibility of contacting us via a form provided on the website or a corresponding online function. It is necessary to provide a valid e-mail address to do this so that we know who has sent us the inquiry and can respond to it. Further required information is marked with an asterisk (*) in the contact form. Depending on the subject, type of data, and whether or not you are already a customer, the processing of the data is based on the contract with you, your consent or your or our legitimate interest in clarifying the matter pursuant to Article 6(1)(a), (b), and (f) GDPR. We will erase your data relating to the inquiry unless we are under a legal obligation to continue to store or keep these data. Where the data are still needed to process outstanding inquiries, erasure thereof will take place after these inquires have been handled through to completion at the earliest. Your personal data will not be shared with third parties.
8. Links to other websites and services of third parties
Our website can include links to websites of third parties and some of our services may, under certain circumstances, enable you to have access to the services of third parties (e.g. social networks). We have no influence on how the websites and services of third parties process your personal data. Websites and services of third parties are not checked by us and we are not responsible for their data protection practices. Please read the privacy statements of the websites respectively services of third parties, which you access via our website or services. If our website integrates other services you will find an explanation in this respect in this privacy statement. When integrating services of third parties we pay attention to implement this integration in a manner that is compatible to data protection. This means that we shall inform you accordingly and that we use technologies compatible to data protection with the integration. If integration or the implementation of services of third parties is based on your consent, we will accordingly obtain this from you through our Cookie-Pop-Up.
9. Cookie explanation
9.1 What are cookies?
Cookies are small files, which are deposited by a website, which you visit, on your PC or mobile terminal device (e.g. smartphone, tablet). We can, for example, recognize from this whether a connection already existed between your device and our websites already, we can take your settings into consideration, offer you certain functionalities or recognize your interests based on the use. For example, information can be recorded in these cookies relating to the site visit such as duration, login data, user inputs or similar details. Cookies can also include personal data. Cookies can either be "permanent" cookies or "session cookies". Permanent cookies consist of a text file, which is sent by a web server to a web browser. This file is stored by the browser and will remain valid until the stipulated expiration date (unless the user erases it before the expiration date). A session cookie, on the other hand, expires at the end of the user session when the web browser is closed. On the whole cookies serve to be able to make the internet offer more user-friendly and more effective on the whole.
9.2. Which types of cookies there are and how you can set your preferences
There are many designations for cookies. We make a distinction between cookies as follows:
- necessary cookies
- functional cookies
- marketing cookies
We present below which features the individual cookie types have, for what these are required and on which basis we use these cookies.
A Cookie-Pop-Up is opened on the first visit to our website. Exclusively necessary cookies are activated at this moment; all further cookies are deactivated. You now have the possibility to accept all cookies or to send us your preferences via the function "Manage my tracking settings". Only after you have selected your cookie preferences and have sent these to us by pressing the "send preferences" button, the corresponding cookies will be placed or, depending on the selected preference, the placement will be refrained from. The Cookie-Pop-Up will only be displayed again if you erase the corresponding cookies in your browser.
9.2.1 Necessary cookies (access to the website)
We use necessary cookies in order to enable the operation of the website and to ensure that certain functions function properly. This type of cookies are activated at all times as the website can otherwise not be displayed or certain necessary functionalities (such as, for example, the navigation between the various main and sub-sites or with the existence of a shopping basket the depositing of articles or execution of a payment transaction) does not function.
9.2.2 Functional cookies (improvement of the website)
We use functional cookies in order to analyze how our website is used. These cookies improve the functionality of our website and help us to optimize our website offer. Furthermore, these cookies permit us to test the effectiveness of our website or to provide knowledge for advertising analyses.
9.2.3 Marketing cookies (display of personalized advertising and use of plugins of third parties)
Marketing cookies concern targeting cookies, advertising cookies and social media cookies. The aim of these is essentially to display personalized, i.e. advertising customized to your interests, to you. This includes the display of "direct marketing on advertising platforms of third parties". If you do not agree with this kind of cookies random advertisements of Bad Reichenhaller will nevertheless be displayed to you on other platforms. Social media cookies can additionally be used in order to track your activities in social media platforms.
If we use functional or marketing cookies you will find information in this respect in this privacy statement. Furthermore, these cookies will only be used if you have agreed to the use through our Cookie-Pop-Up.
9.3 How you can manage cookies
Your cookie preferences are principally asked through the Cookie-Pop-Up on the first visit to our website. You can furthermore also erase or manage once set cookies again via your browser settings. The following links help you to find out hereby how you can correctly set your browser:
Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: http://support.mozilla.com/de-DE/kb/Cookies
Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
Adobe (Flash-Cookies): http://www.adobe.com/de/privacy/policies/flash-player.html
9.4 Updates to the cookie statement
10. Erasure and blockage of personal data
The controller processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage thereof or where this has been stipulated by the European legislative and regulatory authorities or another legislative authority in laws or regulations to which the controller is subject.
If the purpose of storage no longer applies or a storage period stipulated by the European legislative and regulatory authorities or another legislative authority with jurisdiction expires, the personal data will be blocked or erased in accordance with the statutory provisions.
11. Legal bases of the processing of personal data
Article 6(1)(a) GDPR serves as our company’s legal basis for processing operations in which we obtain consent for a specific purpose of processing; this is the case with the use of a contact form integrated into the website, for example.
If the processing of personal data is necessary in order to perform a contract to which the data subject is party, such as in the case of the processing operations that are necessary in order to deliver goods or provide other services or consideration, then the processing is based on Article 6(1)(b) GDPR. The same applies to those processing operations that are necessary in order to take steps prior to entering into a contract, such as in the case of inquiries regarding our products or services.
If our company is under a legal obligation that necessitates the processing of personal data, such as to fulfill tax obligations, then the processing is based on Article 6(1)(c) GDPR.
Furthermore, processing operations may be based on Article 6(1)(f) GDPR. This is the case if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are permitted to engage in such processing operations in particular because they were specifically mentioned by the European legislative authorities. The legislature took the view, in this regard, that there could be a legitimate interest if the data subject is a client of the controller or is in the service of the controller (recital 47, second sentence, GDPR). If processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest consists in carrying on our business activities for the benefit of our shareholders, with consideration for the legitimate interests of the data subjects. When these interests are weighed, the focus is always on an appropriate relationship between the data subject and us as a company.
12. Period for which the personal data are stored
The criterion for the duration of the storage of personal data is statutory storage periods, which may arise from tax or commercial law or from other applicable legal provisions, wherever these legal provisions apply to your personal data. After the time limit expires, the data in question are erased if they are no longer needed for the performance of a contract, to prepare to enter into a contract, or to maintain the business relationship. If there are no applicable storage periods and you have given us your consent to store and use your personal data, then the data will be stored and used for the specific purpose thereof for the period indicated within the scope of the consent or until you withdraw your consent to the use thereof for the future.
13. Statutory or contractual provisions on providing the personal data; necessity of entering into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide the personal data
Please note that providing personal data is required by law in some cases (e.g. under tax law) or may also arise from contractual provisions (e.g. information regarding the other party to the contract). In some cases, it may be necessary for a data subject to provide us with personal data, which we are then required to process, in order to enter into a contract. For example, the data subject is obligated to provide us with personal data if our company enters into a contract with the data subject. Failure to provide the personal data would render it impossible to enter into the contract with the data subject.
14. Data protection provisions relating to the use and utilization of Google Analytics (opt-in solution, With the consent only by means of anonymization function)
We have integrated the component Google Analytics (with anonymization function) on our website and implemented this through an opt-in solution.
This means we will only use this technology with your explicit consent. A Cookie-Pop-Up is opened if you visit our website. You have the possibility to set your cookie preferences there. If you agree with the use of Google Analytics then the Google Analytics cookie will be placed on your terminal device, otherwise the use is refrained from.
Google Analytics is a web analysis service. Web analysis is the survey, collection and evaluation of data regarding the behavior of visitors of websites. A web analysis service records, among others, data regarding from which website a data subject has come to a website (so-called referrer), which sub-sites of the website when and how often were accessed and for which dwell time a sub-site was viewed. This data is transferred to Google in the United States of America with each visit to our website by using the IP address (anonymized) of the internet connection used by the data subject. This personal data is stored by Google in the United States of America. Google will, under certain circumstances, forward this personal data collected through the technical process to third parties. The purpose of the Google-Analytics component is to analyze the visitor flows to our website. Google uses the acquired data and information, among others, to evaluate the use of our website in order to compile online reports for us, which demonstrate the activities on our websites, and in order to provide further services associated with the use of our website.
The operator company of the Google-Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google appears as contract data processor for the processing of the data. We have therefore concluded a contract data processing contract with Google.
Within the meaning of data protection the web- analysis is integrated by means of Google Analytics, in the event of your consent, through the supplement "_gat._anonymizeIp". The IP address of the internet connection of the data subject is abbreviated by Google by means of this supplement and anonymized if the access to our website is carried out from a member state of the European Union or from another contracting state of the Treaty on the European Economic Area.
We moreover refer to our general presentation in this privacy statement, in particular to the cookie explanation, for the general handling of cookies and their deactivation respectively the revocation of your consent.
15.Overview of your rights as a data subject
Pursuant to the provisions of the GDPR, a data subject has specific request rights that can be asserted in connection with your personal data. For example, you have a right of access and a right to rectification, erasure, restriction of processing and data portability, along with individual rights to object and a right to lodge a complaint with a supervisory authority. This section provides an overview of the individual rights and the time limits that apply.
15.1 Time limits for the “request rights” pursuant to Articles 15 through 21 GDPR
We as the controller will respond to any requests received from the data subject pursuant to Articles 15 through 21 GDPR within a time limit of one month after receipt. This time limit may be extended by a further two months if necessary, taking into account the complexity and number of requests. In this case, we will let you know that we are exercising our right to extend this period within one month after we receive your request. If the data subject makes the request electronically, we will answer it by electronic means if possible unless you state otherwise.
15.2 Ways to make a request
You can submit requests by mail or e-mail. The contact address is listed in section 4 of this statement.
15.3 Right of access by the data subject pursuant to Article 15 GDPR
A data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and further information as described in Article 15 GDPR.
Please note that the controller can only provide information if there are no concerns about the data subject’s identity. The controller will use all reasonable means to check the identity of a data subject who is seeking access.
15.4 Right to rectification pursuant to Article 16 GDPR
A data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
15.5 Right to erasure pursuant to Article 17 GDPR
A data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where the prerequisites listed in Article 17 GDPR are met.
15.6 Right to restriction of processing pursuant to Article 18 GDPR
The data subject has the right to obtain from the controller restriction of processing where the prerequisites listed in Article 18 GDPR are met.
15.7 Right to data portability pursuant to Article 20 GDPR
A data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a format as described in Article 20 GDPR or to have them transferred to another controller at the data subject’s instructions if the prerequisites described in Article 20 GDPR are met.
15.8 Right to object pursuant to Article 21 GDPR
A data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which have been collected based on Article 6(1)(e) GDPR (processing takes place within the scope of a task assigned to the controller in the public interest or in the exercise of official authority) or Article 6(1)(f) GDPR (processing takes place on the basis of a legitimate interest of the controller or a third party).
The controller will no longer process the personal data in these cases unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed by the controller for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
15.9Right to object pursuant to Article 13(2)(c) GDPR
Where the processing of personal data of a data subject by the controller is based on point (a) of Article 6(1) GDPR (the data subject has given consent to the processing of his or her personal data for one or more specific purposes) or point (a) of Article 9(2) GDPR (the data subject has given consent to the processing of the special categories of personal data concerning him or her for one or more specified purposes), the data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You can withdraw consent by mail or e-mail. The contact address is listed in section 4 of this statement.
16. Right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR
Without prejudice to any other administrative or judicial remedy, any data subject shall have the right to appeal to a supervisory authority if he or she considers that the processing of personal data concerning him or her is contrary to the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the company's registered office for this purpose.
The supervisory authority to which the complaint was submitted informs the complainant of the status and results of the complaint and of the possibility of a judicial remedy pursuant to Article 78 GDPR.
The data protection authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Home address: mailing address:
Königstraße 10a P.O. Box 10 29 32
70173 Stuttgart 70025 Stuttgart
More information on www.baden-wuerttemberg.datenschutz.de.
17. Updates to this data protection statement
It may be necessary to adjust our data protection statement for legal or technical reasons. We reserve the right to make changes accordingly at any time and therefore ask that you consult this data protection statement at regular intervals for information about the current status.
Last updated December 2019