Privacy Policy
This Privacy Policy tells you how we process your personal data ("data").
1. Controller
The controller as defined in the General Data Protection Regulation (GDPR) is:
Weller Tools GmbH
Carl-Benz-Straße 2
74354 Besigheim
Germany
Tel.: +49 (0)7143 580-0
2. Contact details of our data protection officer
Mr Thomas Stiller
Weller Tools GmbH
Carl-Benz-Straße 2
74354 Besigheim
Germany
Tel.: +49 (0)7143 580-176
Datenschutz@ApexToolGroup.com
3. Joint processing
We process personal data together in the APEX Group for the purpose of efficient internal administration of personal data and of Group systems. To this end, we will transfer your data to companies that are affiliated with us pursuant to Section 18 of the German Companies Act and we will process the data in systems operated together with companies that are affiliated with us.
You can view the people involved in our group of companies here: apextoolgroup.com
The legal basis for this joint data processing is our overriding legitimate interest in an efficient administration and IT infrastructure pursuant to Article 6, Paragraph 1 f) of the GDPR.
We are jointly responsible with our affiliated companies for the processes that are subject to joint data processing in accordance with Art. 26 GDPR. Accordingly, we have defined the internal responsibilities and accountabilities in a binding contract.
The information requirements of the GDPR will be met by the company with whom you first had contact.
We have set up a shared contact point to deal with the rights of affected persons:
Contact point Group Data Privacy
dataprivacy@apextoolgroup.com
You are welcome to make contact with the contact point detailed in Section 1. at any time with questions or in order to assert your rights as an affected person. We will forward your request internally for processing.
The specific processes that are subject to joint processing are marked below accordingly.
4. General information on data processing
We process data as part of our corporate and website operation.
This includes disclosing data to third parties and, where necessary, to "third countries" outside the European Union ("EU") and the European Economic Area ("EEA"). We have indicated below when we pass on data to countries outside the EU or the EEA.
5. Data processing
The specific data concerned, processing purposes, legal bases, recipients, and any disclosures to third countries are listed in the sections below:
a) Log file when you visit our website
We log your visits to our website. As part of this, we process:
- Name(s) of our web page(s) you access,
- Date and time of access,
- The volume of data transferred,
- The browser type, including the version,
- The operating system you use,
- The referrer URL (the site visited beforehand),
- Your IP address,
- The provider making the request.
The legal basis for data processing is our overriding legitimate interest in the continued provision and security of our website pursuant to Article 6, Paragraph 1 f) GDPR.
The log file is deleted after seven days unless it is needed to provide evidence of or clarify specific breaches that have come to our attention within the retention period.
b) Hosting
To provide our online offering, we use services from web hosting providers who we contract to process the above data as well as all data to be processed in connection with the operation of this website (log file when you visit our website).
The legal basis for data processing is our overriding legitimate interest in the provision of our website pursuant to Article 6, Paragraph 1 f) GDPR.
c) Making contact
If you contact us, we process the following data that you supply so that we can handle your inquiry: name, contact details (if supplied by you), and your message.
The legal basis for data processing is our obligation pursuant to Article 6, Paragraph 1 b) GDPR to perform a contract and/or to meet our obligations prior to entering into a contract and/or our overriding legitimate interest in handling your inquiry pursuant to Article 6, Paragraph 1 f) GDPR.
d) Making contact to apply for a job
If you contact us to apply for a job by email or via a contact form, for example, we will process the data you supply (e.g. name, email address, preferred place of employment), your message and your accompanying application documents exclusively for the purpose of handling your application.
The legal basis for data processing is primarily Section 26 of the German Federal Data Protection Act (BDSG). This permits data required for decisions on the establishment of an employment relationship to be processed.
Should the data be needed for legal proceedings after the completion of the application process, data processing may take place pursuant to Article 6, Paragraph 1 f) GDPR to preserve our legitimate interests, namely to assert and/or defend against claims.
e) Customer account
With respect to opening and using a customer account, we process your existing data (name, address, email address, bank account details) and your usage data (user name, password). This allows you to administer your orders and jobs and enables us to identify you as a customer. The legal basis for this data processing is your consent pursuant to Article 6, Paragraph 1 a) GDPR.
f) Contract processing
We process your existing data for the purpose of managing the contractual relationship between you and us.
The legal basis for data processing is the fulfillment of our contractual obligations pursuant to Article 6 Paragraph 1 b) GDPR and in individual cases the fulfillment of our statutory obligations pursuant to Article 6 Paragraph 1 c) GDPR.
We will transmit your address data to the company contracted with the delivery. If it is necessary to process your contract, we will also transfer your email address or your telephone number to the company contracted with the delivery for the purpose of agreeing a delivery date (notification).
Your transaction data (name, date of order, method of payment, shipping date and/or date of receipt, amount and payment recipient, if applicable bank account details or credit card data) will be transmitted to the payment service provider contracted to process the payment.
g) Newsletter
To give you regular information about our company and offers, we provide an email newsletter service. If you register to receive our newsletter, we will process the data you supply during registration (email address and other voluntary information). To prevent misuse, we will send you an email after you register, in which we will ask you to confirm your registration (double opt-in procedure). We will log your registration so that we are able to provide legally-compliant evidence of the registration process. The log will include your registration and confirmation date/time and your IP address.
The legal basis for sending the newsletter is your consent in accordance with Art. 6 Paragraph 1 a) GDPR. The data processing in connection with the sending of the confirmation email for your registration and the associated data logging is carried out in accordance with Art. 6 Paragraph 1 f) GDPR due to our legitimate interest in proving your proper registration.
Subject to your consent, we also use the newsletter to assess whether you have opened the newsletter and your scrolling and click behavior in the newsletter. This is done with the purpose of optimally aligning our newsletter to your interests and improving the content of our newsletter. The legal basis for analyzing the newsletter is your consent pursuant to Article 6, Paragraph 1 a) GDPR.
h) Customer data administration and newsletter by way of HubSpot
To administer our customer data and to send our newsletter, we use systems provided by HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. ("HubSpot"). The data we process as part of maintaining your customer account and processing purchases are thus processed in HubSpot systems.
The processing of your data with HubSpot systems does not constitute an additional purpose. The legal basis for processing thus corresponds with the legal basis specified above in Sections 5 d), f) and g).
HubSpot is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.
The use of HubSpot is managed as part of joint responsibility pursuant to Section 3.
a) Webinars and meetings via Microsoft Teams
We use Teams Meetings to offer quick and low-threshold meeting opportunities for us and our customers and interested parties. Thanks to the video conferencing function of Microsoft Teams, we can also offer you the option of participating in our meetings and online events via chat, video and audio. We also offer live events and webinars via Microsoft Teams to provide and market content and maintain our relationships with our customers and partners.
The legal basis for this is our legitimate interest in providing communication options with our customers, business partners and interested parties via the Internet and for internal coordination in accordance with Art. 6 Paragraph 1 f) GDPR.
Transcriptions
We use AI applications from Microsoft that analyze the content of the meeting / webinar using artificial intelligence and create an automatic transcription and summary. This is done in order to document the content of the meeting and to enable barrier-free participation in meetings. Your name, your presence and all comments made during the meeting are also processed. The legal basis for this is your prior consent in accordance with Art. 6 Paragraph 1 a) GDPR. You may revoke this consent at any time with effect for the future.
Records
For live events and webinars, if all participants agree, we will make audio and video recordings in order to make the content of the event permanently accessible to interested parties / to document the content permanently. These recordings are then made available to all meeting participants. If we record a webinar or video conference, this is done with your prior consent in accordance with Art. 6 Paragraph 1 a) GDPR. You may revoke this consent at any time with effect for the future.
The MS Teams service
Microsoft Teams is a product of Microsoft Office 365; a software of the company:
Microsoft Ireland Operations Limited
One Microsoft Place, South County Business Park Leopardstown, Dublin 18 D18 P521 Ireland.
Microsoft can request remote access for the purpose of remote maintenance. This access is checked and approved by us on a case-by-case basis if this is necessary for Microsoft to provide support services (e.g. for troubleshooting). In this case, such access may also be provided by Microsoft affiliates from outside the European Union. These may also be countries for which there is no adequacy decision by the EU Commission. We have concluded standard contractual clauses with Microsoft exclusively for the case of this access from non-EU countries for which there is no adequacy decision. A copy of the contractual provisions will be made available upon request. In this case please contact dataprivacy@apextoolgroup.com.
When using MS Teams, data may also be transferred to Microsoft in the USA. Microsoft is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.
b) Use of cookies
We use cookies on our website. Cookies are small text files that are set on your device (PC, smartphone, tablet, etc.) and stored by your browser.
Information about the specific cookies used by us, their providers and purposes can be found in our consent banner. Here you can log your consent to the relevant services, revoke such consent or subsequently change your settings.
Our consent banner
To document your settings for certain data processing processes and to fulfill our statutory data protection obligations, we use a consent banner. When you open our website, your cookie preferences are requested in a banner. We then set a cookie in which data regarding consent granted or revoked is stored. We process the following data to document your consent: consent ID, consent number, date and time of consent, implicit or explicit consent, banner language, customer setting, template version, device information, browser information (http agent, http referrer) and your abbreviated IP address. The data processing is performed to fulfill our statutory obligations pursuant to Article 6, Paragraph 1 c) GDPR.
We employ a technical service provider for the use of the consent banner.
c) Analysis/marketing
aa) Google services
We use various services from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on our website. Data may also be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 in the USA.
Google is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.
Google Analytics
We use Google's tracking tool, Google Analytics, on our website. We use Google Analytics to analyze your use of our website, to create reports on activities within our web offering, and to provide further services associated with the use of our website to make it more user-friendly.
When Google Analytics is used, interaction from visitors to our website is primarily logged using cookies and analyzed systematically.
We use Google Analytics with the "anonymizeIp()" feature. This abbreviates IP addresses in EU Member States or the EEA. If data is transferred to Google servers in the USA, your full IP address will only be transmitted there in exceptional cases and this will be in an abbreviated form. This usually prevents any direct reference to individuals. In particular, it is not possible to identify the computer or device used by the website's visitor.
The following data is processed through our use of Google Analytics:
- 3 bytes of the IP address of the website visitor's system (anonymized IP address),
- the website accessed,
- the website which the user visited directly before accessing the page on our website (referrer),
- the subpages accessed from the website,
- the time spent visiting the website,
- the frequency of visits to the website.
According to Google, under no circumstances will it link your IP address to other data held by Google.
Legal basis and revocation
The legal basis for data processing using the Google services described above is your prior consent pursuant to Article 6, Paragraph 1 a) GDPR.
You may revoke your consent with effect for the future by changing your preferences in our consent banner.
bb) HubSpot Analytics
Our website uses the HubSpot Analytics tracking tool, provided by HubSpot Germany GmbH. We use HubSpot Analytics to analyze your use of the website, to create reports on activities within our web offering, and thus to provide more focused advertising measures, and to make our website more user-friendly.
When HubSpot Analytics is used, interactions between website visitors are systematically registered and assessed.
The legal basis for data processing is your consent pursuant to Article 6, Paragraph 1 a) GDPR.
You may revoke your consent with effect for the future by changing your preferences in our consent banner.
HubSpot Germany GmbH is a subsidiary of HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. It can thus not be ruled out data is transmitted to the USA during processing. HubSpot is certified under the EU-US Data Privacy Framework and is therefore covered by the EU adequacy decision for the USA.
d) External content
We use dynamic content ("Content") from third parties to optimize the display and the offering of our website. When you visit our website, an interface is used to automatically place a request to the server of the content provider concerned, during which certain log data (e.g. the IP address of the user) are transmitted. The dynamic content is then transmitted to our website, where it is displayed.
We use external content with respect to the following functions:
aa) Integration of YouTube videos
Videos provided by the "YouTube" portal of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") are integrated into our website. Google does not store cookies in your browser for this.
The legal basis for processing is your prior consent pursuant to Article 6, Paragraph 1 a) GDPR.
It cannot be ruled out that data are transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google is certified under the EU-US Data Privacy Framework and is therefore covered by the adequacy decision of the EU Commission.
bb) Integration of Vimeo videos
Videos provided by the Vimeo portal of Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA are integrated into our website. When such videos are played, log data are transmitted to Vimeo servers in the USA. This processing is performed on the basis of our overriding legitimate interest in optimum marketing of our offering pursuant to Article 6, Paragraph 1 f) GDPR.
Further information can be found at: https://vimeo.com/privacy
cc) nexMart
To visualize product details in our shop, we use the service nexMart provided by nexMart GmbH & Co. KG, Gropiusplatz 10 D-70563 Stuttgart. When visiting out website, the displayed content is called up directly from the nexMart servers. Here, the following data are transmitted to nexMart:
- IP address, time stamp (date and time of access) of the requesting computer
- Websites/file names called up
- Web browser and operating system of the requesting computer
- Volume of data transmitted and message about successful call-up.
This processing is performed on the basis of our overriding legitimate interest in optimum marketing of our offering and to guarantee the adequate performance of our website pursuant to Article 6, Paragraph 1 f) GDPR.
6. Data retention period
We store personal data only for as long as required for the purposes for which it is processed or until you have revoked the consent you had granted. If we are required by law to comply with specific data retention periods, the retention period for certain types of data may be up to 10 years regardless of the processing purposes.
7. Your rights as a data subject
a) Disclosure
On request, you can obtain information at any time, free of charge, about all of the personal data we hold that relates to you.
b) Rectification, erasure, restriction of processing (blocking), objection
If you no longer agree to the storage of your personal data, or if your data has been stored incorrectly, we will, once notified of this, arrange for your data to be erased or blocked or make the necessary corrections (to the extent possible under the applicable law). This also applies if we are to restrict the processing of your data in the future. You have a right to objection in particular in cases where your data is required to undertake a task in the public interest, or when data is processed in our legitimate interests, including profiling based on this. You also have a right to objection if data processing is undertaken for the purpose of direct marketing.
c) Right to revocation of consent with effect for the future
You may revoke consent you have granted at any time with effect for the future. Your revocation will not affect the legitimacy of processing up to the time of withdrawal.
d) Data portability
You have the right to data portability if data is processed on the basis of a contract, negotiations conducted prior to a contract being concluded, consent, or an automated process. On request, we will give you your data in a commonly used, structured, machine-readable format, so that you can transmit the data to another controller if you wish.
e) Restriction of processing
Data that does not allow us to identify the data subject, for example data that has been anonymized for analysis purposes, is not covered by the above-mentioned rights. Disclosure, erasure, blocking, rectification, or transmission to another company may be possible for such data if you provide additional information that allows us to identify you.
f) Exercising your rights as a data subject and the right of complaint
If you have any questions about how we process your personal data or about disclosure, rectification, objection, revocation or deletion of data, or if you wish to transmit your data to another company, please contact dataprivacy@apextoolgroup.com.
You also have the right to lodge a complaint with a supervisory authority regarding your rights as a data subject.