1. Our privacy statement
The protection of your personal data is of major importance at Südwestdeutsche Salzwerke AG. Therefore, we always treat your personal data confidentially and in line with the applicable provisions relating to data protection.
A use of our website is fundamentally possible without providing any personal data. If, as a visitor to our website, you would like to use special services of our company via our website, it may however be necessary to process personal data. If the processing of personal data is necessary and if there is no statutory basis for such processing we generally obtain the consent of the data subject.
Our privacy statement provides you information about the type, scope and purpose of the personal data collected, used and processed by us. In this privacy statement we furthermore present which rights a data subject is entitled to in connection with their personal data.
We, as the responsible body for the processing, have implemented numerous technical and organizational measures in order to ensure as far as possible high protection of the personal data processed via this website. Nevertheless, we would like to point out that internet-based data transmissions may principally feature security gaps and therefore absolute protection cannot be guaranteed.
In our privacy statement we use terms that are also used in the General Data Protection Regulation (hereinafter: “GDPR”). In order to facilitate the reading and understanding of this statement for you, we will present the most important terms below.
2.1 Personal data
Personal data is all information that refers to an identified or identifiable natural person (hereinafter “data subject”). A natural person will be seen as identifiable, who can be directly or indirectly identified, in particular by means of allocation to an identifier such as a name, a code number, to location data, an online identifier or to one or several special features, which are an expression of the physical, physiological, genetic, mental, financial, cultural or social identity of this natural person.
2.2 Data subject
A data subject is each identified or identifiable natural person, whose personal data are processed by the responsible body for the processing.
Processing is each activity carried out with or without the aid of automated processes or each such series of activities in connection with personal data such as the collection, entry, organization, classification, storage, adjustment or change, the reading out, query, use, disclosure by transmission, distribution or any other form of provision, the comparison or linking, the limitation, erasure or destruction.
2.4 Limitation to the processing
Limitation to the processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is each type of the automated processing of personal data, which consists of the fact that these personal data are used in order to assess certain personal aspects, which refer to a natural person, in particular in order to analyze or foresee aspects with regard to work performance, financial position, health, personal preferences, interests, reliability, conduct, place of abode or change in location of this natural person.
Pseudonymization is the processing of personal data in a manner in which the personal data can no longer be allocated to a specific data subject without involving additional information, insofar as this additional information is stored separately and is subject to technical and organizational measures, which guarantee that the personal data are not attributed to an identified or identifiable natural person.
2.7 Data controller or responsible body for the processing
The data controller or the responsible body for the processing is the natural person or legal entity, authority, institution or other body, which decides solely or together with others about the purposes and means of the processing of personal data. If the purposes and means of this processing are stipulated by Union law or the law of the member states then the data controller respectively the certain criteria for its appointment can be envisaged according to Union law or the law of the member states.
2.8 Contract data processor
A contract data processor is a natural person or legal entity, authority, institution or other body, which processes personal data by order of the data controller.
A recipient is a natural person or legal entity, authority, institution or other body, to which personal data are disclosed, irrespective whether it concerns a third party or not. Authorities, which may receive personal data within the scope of a certain investigation order according to Union law or the law of the member states, shall however not be deemed as recipients.
2.10 Third party
A third party is a natural person or legal entity, authority, institution or other body except the data subject, the data controller, the contract data processor and the persons, who are authorized to process the personal data under the direct responsibility of the data controller or the contract data processor.
A consent is each declaration of intent submitted by the data subject voluntarily for the certain case unmistakably and in an informed manner in the form of a declaration or any other clear confirming act, with which the data subject gives to understand that he/she agrees with the processing of the personal data relating to him/her.
3. Name and address of the responsible body for the processing
The data controller within the meaning of the GDPR, other data protection laws applicable in the member states of the European Union and other provisions with the character of data protection law is:
Südwestdeutsche Salzwerke AG
4. Contact data of the data protection officer
The address of the data protection officer is as follows:
Südwestdeutsche Salzwerke AG
Data protection officer
Alternatively you can use the following e-mail address for your inquiries:
5. How we protect your data
We take the protection of your personal data very seriously and implement adequate technical and organizational measures in order to protect your data in connection with the use of this website, against access by unauthorized persons, manipulation, destruction and loss. The used security measures are continuously improved in accordance with technological progress.
For example, the communication via our website is protected through an HTTPS-protocol (HyperText Transfer Protocol Secure). A secured connection is thus set up between server and client, which cannot be read by unauthorized persons. This serves to protect the transmission of confidential contents such as, for example, in case of requests which you send to us as the site operator.
If service providers are involved in the processing of services of our website and these are to be qualified as contract data processors, then we have regulated these order relationships for the protection of your personal data through a contract data processing contract within the meaning of Art. 28 GDPR.
6. Entry of general data and information with the use of our website
Each time our website is called our website enters a host of general data and information which are stored in the log files of the server. The used browser types and versions, the operating system used by the user, the website, from which an accessing system comes to our website (so-called referrer), the sub-websites, which are directed to our website via an accessing system, the date and time of the access to our website, an Internet Protocol address (IP address), the internet service provider of the accessing system can be entered. When using these general data and information no conclusions will be drawn about the data subject, this means about you as the website visitor. This information is required in order to ensure the functionality of the website. Moreover, the data serve us to optimize the website and to ensure the security of our IT systems. All anonymous server log file data are stored separately from all personal data entered by a data subject. The entry of the data for the provision of the website and the storage of the data in log files is absolutely essential for the operation of the website. There is, therefore, no possibility for an objection by the user. The log file data will be erased as soon as they are no longer necessary for achieving the purpose of their collection. In the event of the entry of the data for the provision of the website this will be the case after seven days at the latest.
7. Data within the scope of the use of a contact form offered on the website
In case of questions of all kinds we offer you the possibility to contact us via a form that is made available on the website or a corresponding online function. For this purpose it is necessary to enter a valid e-mail address so that we know from whom the request stems and in order to be able to reply to this request. Further necessary mandatory details are marked with an asterisk in the contact form. Depending on the topic, type of date and whether you are already a customer or not, the processing of the data is based on the contract with you, your consent or your respectively our legitimate interest in the clarification of the matter pursuant to Art. 6 Para. 1 S. 1 a), b) and f) GDPR. We will erase your data with regard to the request if we are not obliged by law to the further saving or storage. Insofar as the data are still required in order to process outstanding requests, the erasure will be carried out after the processing of these requests at the earliest. Your personal data will not be forwarded to third parties.
8. Links to other websites
Our website can contain links to websites of third parties and some of our services may, under certain circumstances, enable you to have access to the services of third parties (e.g. social networks). We have no influence on how the websites and services of third parties process your personal data. The websites and services of third parties will not be checked by us and we are not responsible for such websites and services of third parties or their data protection practices. Please read the privacy statements of the websites or services of third parties, which you access via our website or services. If our website integrates other services you will find an explanation in this respect in this privacy statement.
9. Cookie statement
9.1 What are cookies?
Cookies are small text files, in which the web browser files information relating to visited websites which are sent by the web server. This may be information regarding the visit to the site such as the duration, login data, user inputs or similar details.
These cookies will be stored on your computer or mobile device when you visit a website. They require hardly any storage space and will be deleted automatically after expiration. Certain cookies expire at the end of your internet session, others are stored for a limited period of time.
9.2. Which types of cookies are there?
9.2.1 Absolutely essential cookies
These cookies are absolutely essential in order to guide you through the website or to enable you to access certain functions, which you have requested.
9.2.2 Functionality cookies
These cookies improve the functionality of a website by storing your settings. These enable you, for example, to store an available shopping basket, to optimize a display of the website depending on the terminal device used by you or to store your shipping details for a faster payment process.
9.2.3 Performance cookies
These cookies help to improve the performance of the website and offer better user experience.
9.2.4 Cookies for the management of web statistics
Cookies are also used in order, for example, to identify the frequency of the use and also the repeated visit to websites.
Targeting cookies, advertising cookies and social media cookies record your preferences in order to display relevant advertising on third party websites to you. Social media cookies can additionally be used in order to track your activity in social media platforms.
If we use such services you will find information in relation hereto in this privacy statement.
9.4 How you can manage cookies
You can adjust your browser settings in order to delete cookies or to prevent certain cookies being stored on your computer or mobile device without your consent. Under “help” you should be able to find information in your browser about the management of your cookie settings. The following links will help you to find out hereby how to set your browser correctly:
Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: http://support.mozilla.com/de-DE/kb/Cookies
Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
Adobe (Flash-Cookies): http://www.adobe.com/de/privacy/policies/flash-player.html
9.5. Actuality of the cookie statement
Our cookie statement may change occasionally. For example, in order to take changes to the cookies used by us into consideration or if this is necessary for other operational or legal reasons. Therefore, we request you to call this cookie statement regularly in order to remain informed and up-to-date about our use.
10. Erasure and blocking of personal data
The responsible body for the processing shall only process and store personal data of the data subject for the period of time, which is necessary in order to achieve the storage purpose or if this was envisaged by the European directive and regulation maker or another legislator in laws or regulations, which the responsible body for the processing has to comply with.
If the storage purpose ceases to apply or if a storage deadline stipulated by the European directive and regulation maker or another responsible legislator expires, the personal data will be blocked or erased in accordance with the statutory regulations.
11. Legal bases of the processing of personal data
Art. 6 I lit. a GDPR serves our company as the legal basis for processing activities, with which we obtain a consent for a certain processing purpose; thus for example in the event of the use of a contact form integrated into the website.
If the processing of personal data is necessary in order to fulfill a contract, of which the data subject is a contractual party, as, for example, the case with processing activities, which are necessary for a delivery of goods or the provision of another service or consideration, then the processing is based on Art. 6 I lit. b GDPR. The same applies to those processing activities which are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services.
If our company is subject to a legal obligation through which it is necessary to process personal data, such as for example to fulfill tax obligations, then the processing is based on Art. 6 I lit. c GDPR.
Processing activities can furthermore be based on Art. 6 I lit. f GDPR. This is the case if the processing is necessary to safeguard a legitimate interest of our company or of a third party, insofar as the interests, basic rights and basic freedoms of the data subject do not prevail. We are in particular permitted to carry out such processing activities, because they were especially mentioned by the European legislator. It was insofar of the opinion that a legitimate interest could be assumed if the data subject is a customer of the data controller or performs services for it. (Recital 47 Sentence 2 GDPR). If a processing of personal data is based on Article 6 I lit. f GDPR our legitimate interest lies in the execution of our business activity for the welfare of our shareholders by paying attention to the legitimate interests of the data subjects. When weighing up this interest the focus is always placed on a reasonable relationship between the data subject and us as a company.
12. Duration, for which the personal data are stored
The criterion for the duration of the storage of personal data is statutory storage deadlines, which may arise hereby from tax or commercial law as well as further applicable legal regulations, always when these legal regulations are applicable to your personal data. After expiration of the deadline the corresponding data will be erased, insofar as they are no longer necessary in order to fulfill the contract, for the initiation of a contract or in order to maintain the business relationship. If no storage deadlines are applicable and if you have granted us your consent to store and use your personal data then the data will be stored earmarked and used as long as stated within the scope of the consent, respectively until you revoke your consent to the use for the future.
13. Statutory or contractual regulations regarding the provision of the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of the failure to provide the data
We inform you that the provision of personal data is partly stipulated by law (e.g. tax regulations) or may also arise from contractual regulations (e.g. details regarding the contractual partner). Among others, it may be necessary for the conclusion of a contract that a data subject makes personal data available to us, which must subsequently be processed by us. The data subject is, for example, obliged to provide us personal data if our company concludes a contract with him/her. A failure to provide the personal data would result in the fact that the contract could not be concluded with the data subject.
14. Data protection provisions regarding the use of Google Analytics (with anonymization function and opt-in)
We have integrated the component Google Analytics (with anonymization function) on our website and implemented this via an opt-in solution.
This means that we only use this technology with your explicit consent. If you visit our website you have the choice to agree to the use or to decide against the use (opt-in cookie). In the event of your consent the Google Analytics cookie will be placed on your terminal device. If you decide against a use the Google Analytics cookie will not be placed with the consequence that no analysis will take place.
Google Analytics is a web analysis service. Web analysis is the survey, collection and evaluation of data regarding the behavior of visitors of websites. A web analysis service records data, among others, relating to from which website a data subject has come to a website (so-called referrer), which sub-pages the website accessed or how often and for which dwell time a sub-page was viewed. A web analysis is primarily used to optimize a website and for the cost-benefit-analysis of internet advertising.
The operator company of the Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
We have integrated the supplement "_gat._anonymizeIp" hereby within the meaning of the data protection for the web analysis by means of Google Analytics. By means of this supplement the IP address of the internet connection of the data subject is abbreviated by Google and anonymized if the access to our websites is carried out from a member state of the European Union or from another contracting state of the Treaty on the European Economic Area.
The purpose of the Google-Analytics component is the analysis of the visitor flows on our website. Google uses the acquired data and information among others to evaluate the use of our website in order to compile online reports for us, which present the activities on our websites, and in order to provide further services associated with the use of our website.
These purposes also constitute our legitimate interest in the data processing. The legal basis for the use of Google Analytics is Section 15 Para. 3 TMG or Art. 6 Para. 1 lit. f GDPR. The data sent by us and linked with cookies, user identifiers (e.g. User-ID) or advertising IDs will be erased automatically after 50 months. The erasure of data, of which the storage duration has been reached, will be carried out automatically once a month. You can find more detailed information pertaining to conditions of use and data protection under https://www.google.com/analytics/terms/de.html
Google Analytics places, in the event of an explicit consent by the user (opt-in), a cookie on the IT system of the data subject. What cookies are, was explained in our cookie statement already, which is part of this privacy statement. With the setting of the cookie it is made possible for Google to conduct an analysis of the use of our website. By each call of one of the individual pages of this website, which is operated by the responsible body for the processing and on which a Google-Analytics component was integrated, the internet browser on the IT system of the data subject is automatically initiated by the respective Google-Analytics component to transmit data to Google for the purpose of the online analysis. Within the scope of this technical process Google gains knowledge of personal data, such as the IP address (anonymized) of the data subject, which among others serve Google to track the origin of the visitors and clicks and to accordingly enable commission settlements.
By means of the cookie personal information, for example the access time, the place, from which an access stemmed and the frequency of the visits to our website by the data subject, are stored. With each visit to our websites these personal data, including the IP address of the internet connection used by the data subject, are transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google will, under certain circumstances, forward these personal data collected via the technical process to third parties.
Deactivation of a granted (opt-in) consent to the web analysis with Google Analytics
You as website user can, even after a granted consent to the Google Analytics use (opt-in) prevent the storage of the cookie by a corresponding setting of your browser software; moreover, a cookie that was already placed by Google Analytics be deleted at all times through an internet browser or other software programs. However, we would like to inform you that in this case you may, if applicable, not be able to use all functions of this website in full.
You may, in addition, prevent the transfer of the data generated by the cookie and which refers to your use of the website (incl. your IP address) to Google as well as the processing of these data by Google by downloading and installing the browser plug-in that is available under the following link http://tools.google.com/dlpage/gaoptout?hl=de.
Further information and the applicable data protection provisions of Google can be called under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more precise detail under this link https://www.google.com/intl/de_de/analytics/.
15. An overview of your rights as a data subject
According to the regulations of the GDPR a data subject has individual application rights, which can be asserted in connection with their personal data. There is, for example, a right to information, rectification, erasure, limitation to the processing, data portability as well as individual rights to object and a right to lodge a complaint at a supervisory authority. Below we will give you an overview of the individual rights as well as their deadlines.
15.1 Deadlines for the so-called application rights pursuant to Art. 15 - 21 GDPR
We as data controller will reply to possible applications of the data subject pursuant to the Articles 15 - 21 GDPR within a deadline of one month after receipt. This deadline can be extended by a further two months if this is necessary by taking the complexity and the number of applications into consideration. In this case we will notify you about the use of the extension to the deadline within one month after receipt of your application. If the data subject files the application electronically then we will reply to it by using electronic means as far as possible if you do not state otherwise.
15.2 Application channels
You can file possible applications by normal mail or by e-mail. You can find the contact address under Subclause 4 of this statement.
15.3 Right to information of the data subject pursuant to Art. 15 GDPR
A data subject has the right to request a confirmation from the data controller concerning whether personal data relating to him/her are processed; if this is the case then the data subject has the right to information about these personal data as well as more detailed information as described in Art. 15 GDPR.
Please note that the data controller can only provide information if there are no misgivings about the identity of the data subject. The data controller will use all reasonable means in order to check the identity of a data subject who requests information.
15.4 Right to rectification pursuant to Art. 16 GDPR
A data subject has the right to request from the data controller without delay the rectification of incorrect personal data relating to him/her. By taking the purposes of the processing into consideration the data subject has the right to request completion of incomplete personal data – also by means of a supplementary declaration.
15.5 Right to erasure pursuant to Art. 17 GDPR
A data subject has the right to request from the data controller that personal data relating to him/her are erased without delay, and the data controller is obliged to erase personal data without delay if the prerequisites as imposed in Art. 17 GDPR have been fulfilled.
15.6 Right to limitation to the processing pursuant to Art. 18 GDPR
The data subject has the right to request from the data controller the limitation to the processing if the prerequisites exist as in Art. 18 GDPR.
15.7 Right to data portability pursuant to Art. 20 GDPR
A data subject has the right to receive the personal data relating to him/her, which he/she provided to a data controller, in a format as described in Art. 20 GDPR or to have these transmitted to another data controller, after instruction by the data subject, insofar as the prerequisites exist as described in Art. 20 GDPR.
15.8 Right to object pursuant to Art. 21 GDPR
A data subject has the right, for reasons which arise from their particular situation, to file and objection at all times against the processing of personal data relating to him/her, which were collected owing to Art. 6 Para. 1 lit. e GDPR [processing is carried out within the scope of a task assigned to the data controller in the public interest or while exercising a public power] or Art. 6 Para. 1 lit. f GDPR [processing is carried out based on a legitimate interest of the data controller or of a third party].
In these cases the data controller will no longer process the personal data, unless it can prove essential reasons for the processing that are worthy of protection, which outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercising or defense of legal claims.
If personal data are processed by the data controller in order to carry out direct marketing the data subject has the right to file an objection at all times against the processing of personal data relating to him/her for the purpose of such advertising; this shall also apply to the profiling, insofar as it is associated with such direct marketing.
15.9 Right to object pursuant to Art. 13 Para. 2 lit. c GDPR
If the processing of personal data of a data subject by the data controller is based on Art. 6 Para. 1 lit. a GDPR [The data subject has granted his/her consent to the processing of the personal data relating to him/her for one or more certain purposes] or Art. 9 Para. 2 lit. a GDPR [The data subject has granted his/her consent to the processing of the special categories of personal data relating to him/her for one or more certain purposes], the data subject has a right to revoke the consent at all times , without affecting the lawfulness of the processing that is carried out until the revocation owing to the consent.
You can declare your revocation by post or e-mail. You can find the contact address under Subclause 4 of this statement.
16. Right to lodge a complaint at a supervisory authority pursuant to Art. 77 GDPR
Irrespective of another legal remedy under administrative law or a legal remedy in court each data subject has the right to lodge a complaint at a supervisory authority if the data subject is of the opinion that the processing of the personal data relating to him/her breaches the GDPR. As a rule, you can for this purpose contact the supervisory authority of your customary place of abode or workplace or of the registered seat of the company.
The supervisory authority, at which the complaint is lodged, will notify the complainant about the status and the results of the complaint as well as the possibility of a legal remedy in court according to Art. 78 GDPR.
The data protection authority that is responsible for us is:
The regional officer for data protection and freedom of information in Baden-Württemberg
Home address: Postal address:
Königstraße 10a P.O. Box 10 29 32
70173 Stuttgart 70025 Stuttgart
Further information in the internet under www.baden-wuerttemberg.datenschutz.de .
17. Actuality of this privacy statement
For legal or technical reasons it may become necessary to make adjustments to our privacy statement. We reserve the right to make corresponding changes at all times and therefore request you to inform yourself at regular intervals about the current status in this privacy statement.
As of: November 2018