Privacy Policies in the Sumitomo Electric Group
The Sumitomo Electric Group has established a Global Privacy Policy, which is supplemented by area-specific Local Privacy Policies and company-specific Website Privacy Policies. Additionally, you may be subject to service or product specific policies provided by our Group Companies. The purpose of these policies is to explain how and for what purposes we process personal data of customers, suppliers, employees, and other stakeholders.
The Global Privacy Policy is available at https://sumitomoelectric.com/global-privacy-policy.
The following Local Privacy Policies apply in conjunction with the Global Privacy Policy if you reside in one of the following territories:
➢Japan:Japan Privacy Policy
➢European Economic Area (EEA) /UK:EEA and UK Privacy Policy
➢California:Addendum for California Privacy Rights Act
The following company-specific Website Privacy Policy provides more detailed information regarding the data processing of [name of Sumitomo's subsidiary] ("Company") and should be read in conjunction with the above policies. In the event of any conflict between the above policies and the company-specific Website Privacy Policy, the terms of the company-specific Website Privacy Policy shall prevail.
Privacy Policy
SUMITOMO ELECTRIC Hartmetall GmbH
Konrad-Zuse-Straße 9
47877 Willich
Germany
We attach great importance to the protection of your privacy and your personal data when using our website. Your data is in safe hands with us. We are open and transparent about the use of your data and give you the opportunity to decide for yourself how we should handle your data. We collect only the most necessary data and use it only when absolutely necessary. We only process data that is not absolutely necessary if you give us your consent. We, SUMITOMO ELECTRIC Hartmetall GmbH (hereinafter also SHG or SUMITOMO), are aware that personal data of customers, service providers, applicants and employees reach us every day. Therefore, we attach great importance to data protection, data economy, transparency and data security. On our website, we provide the following information on the processing of personal data. Users or website visitors have the choice of which data they wish to share. Mandatory fields are required in order to process inquiries, orders or applications, while other data details are voluntary and are used to optimize our offerings. If you have any questions, please contact us at any time at the following email address: compliance@sumitomotool.com
1. Definitions
This privacy notice contains certain terms that we would like to explain briefly.
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”). For example: first and last name, date of birth, e-mail address, residential address, banking and payment data, IP address, online identifier, other identification number, location data, information about health, economic, social or cultural characteristics, etc.
“Processing” within the meaning of Art. 4 No. 1 of the General Data Protection Regulation (GDPR) is any operation that involves the handling of personal data. For example: collecting, recording, organizing, arranging, storing, adapting or modifying, reading, erasing, querying or disclosing by transmission, dissemination or otherwise making available.
“Controller” means any person, company or other institution, authority or body which alone or jointly with others determines the purposes and means of the processing of your personal data. SUMITOMO ELECTRIC Hartmetall GmbH is the controller of your data. To what extent there is joint responsibility for your data with SUMITOMO ELECTRIC Hartmetall GmbH can be found out under “Joint responsibility”.
“Processing on behalf” within the meaning of Article 28 GDPR is understood in simplified terms as a service in which your personal data is collected, processed and / or used by a service provider (processor) on behalf of and on instruction from the controller. Before we award such a contract to a service provider, we conclude a contract processing agreement with the service provider in accordance with Art. 28 GDPR. This contract regulates how the service provider has to deal with personal data. In addition, this contract contains regulations on further measures to protect your personal data.
“Third Party” means a person or company, public authority or any other body than the data subject, the controller and its associated persons and the processor and its associated persons. A third party is therefore not the service provider acting on behalf of the controller.
“Consent” according to Art. 4 No. 11 GDPR is any informed, voluntary and for a specific occasion unambiguously given consent or declaration of the data subject. In this way, the data subject expresses his or her consent to the processing of personal data about him or her.
“IP addresses” are numerical sequences that can be related to individual IT devices. Similar to postal addresses, the IP is used to assign data to the correct recipient.
2. Contact and responsible body
Do you have any questions? Or would you like to use your rights? Then please feel free to contact us:
SUMITOMO ELECTRIC Hartmetall GmbH
Konrad-Zuse-Straße 9
47877 Willich
Germany
Phone: +49 2154 4992 0
Fax: +49 2154 4992 161
E-mail: compliance@sumitomotool.com
Contact information of the company data protection officer:
Brands Consulting
External data protection officer of SHG
Auf dem Hahn 11
D-56412 Niedererbach
E-mail: sumitomotool@nrw.brands-consulting.eu
Responsible supervisory authority:
State Representative for Data Protection and Freedom of Information of Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Germany
Phone: +49 211 384 24 0
Fax: +49 211 384 24 999
E-mail: poststelle@ldi.nrw.de
3. What data is processed when you use our website
Every time you visit this website, data is automatically logged, which also includes the calling of files (log data). In this context, we collect and use the technically essential data in order to provide you with the website. The technically necessary data transmitted by your browser to our web server includes, for example:
- browser type / browser version
- Operating system in use
- referrer URL (the last page visited)
- pages called up
- IP address
- Date and time of the server request
For some smartphones, tablets and other mobile devices, the producer or type designation may also be transmitted to us. As a preventative measure to avert danger, e.g. hacking attempts, we store IP addresses for a period of 30 days. This is to analyze hacking attempts and suspicious behavior and to prevent future threats to our systems. A 30-day period of storage of your data also takes place if we detect multiple unsuccessful login attempts, e.g. with invalid passwords in our online store.
We need this data to ensure the functionality of the website and to make your visit to this website as comfortable as possible. We reserve the right to analyze the logged data for the purpose of data security or to identify hacker attacks against our systems. Wo do not carry out individual profiling, which provides information about your individualized usage behavior, on the basis of the technically necessary data. The log data is not connected or merged with other data sources.
The legal basis for the processing of the data described – in so far as it is personal – is Art. 6 (1) lit. f) GDPR. The processing of the mentioned data is necessary for the provision of our website, including danger prevention, and thus serve the perception of a legitimate interest of our company. Our legitimate interest is to secure a trouble-free connection setup and to evaluate the security and stability of our digital systems. Data processing is capable of reaching this purpose. We do not have any less invasive measures to satisfy our interests.
4. Data security
We take adequate technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction or against unauthorized access by third parties (e.g. encryption for our website TLS_AES_256_GCM_SHA384, 256-bit key, TLS 1.3). This is done taking into account the state of the art, the implementation costs and the scope and purpose of the data processing as well as the existent risks of a data breach for data subjects. The security measures we take are constantly improved in line with technical developments. If you would like more information about this, please contact our data protection officer.
5. Communication via e-mail, telephone or fax
If you contact us via e-mail, fax, telephone or postal delivery, we will use the information you give us to contact you and for the purpose of processing and responding to your inquiry. The same procedure applies to order processing with regard to the products and other services offered by us (e.g. holding seminars on working with our products). If no other legal regulations conflict with this and your inquiry does not serve the preparation of a contract conclusion or is not assigned to a contract, your information will be deleted by us within a reasonable period after completion of the processing. If your inquiry is made for the purpose of initiating a contract or is assigned to an already existing contract, we will delete the accruing data after the deadlines for the duration of the contract, provided that no other legal provisions oppose the deletion. If there are legal obligations to retain data (e.g. in accordance with the German Commercial Code or the German Fiscal Code), we restrict data processing to the extent that it is only processed to fulfill our legal obligations.
The legal basis for processing in the context of a mere contact is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is the adequate response and processing of your request.
For the conclusion, execution or termination of your contract or order or your other request within our contractual relationship (e.g. complaint), we also require personal data from you.
This includes for example:
- First name, last name
- Invoice and delivery address
- e-mail address
- fax number
- telephone number
The processing of your product order includes, among other things, the shipping of ordered products, the processing of payments, the sending of electronic confirmations of your order and the sending of bills. It also includes the situation that we contact you in cases of other services with regard to your request made to us. In doing so, we use the personal data you have provided to us. We store your data collected in this respect until the expiry of the contractual warranty and guarantee rights.
The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR. This means that we process your personal data on the basis of a pre-contractual relationship or for the performance of an existing contract.
In addition, we keep your data within the legal time limits according to the German Commercial Code and the German Fiscal Code (usually 6 to 10 years). The data is used exclusively for verification purposes vis-à-vis the tax authorities and for tax and auditing purposes. The legal basis for this is Art. 6 para. 1 lit. c) GDPR.
Also, as long as the data is still stored in our systems, it may be processed again, if necessary, to investigate any criminal acts. The legal basis for the processing is Art. 6 para. 1 lit. e) GDPR.
6. Use of our digital application system and other applications
We use external application management software from the company HRworks GmbH for personnel recruitment and recruiting. We have concluded an order processing contract with the service provider in accordance with Art. 28 GDPR. Our data protection information regarding applicant management and applications can be found in the data protection declaration for applications
7. Conditions for the transfer of personal data to third countries
Your personal data may be transferred or disclosed to third party companies as part of our business relationship. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such data processing takes place exclusively for the fulfillment of contractual obligations and for the purpose of maintaining your business relationship with us. The legal basis is your consent pursuant to Art. 6 (1) a) GDPR, if there is no adequacy decision from the European Commission for the respective third country and the other requirements of Art. 44 et seq. GDPR are not fulfilled, e.g. USA. We will inform you about the respective details of the transfer at the relevant points below.
The European Commission certifies data protection comparable to the EEA standard for some third countries by means of so-called adequacy decisions. In other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is guaranteed by binding corporate guidelines, standard contractual clauses of the EU Commission for the protection of personal data pursuant to Art. 46 (1), (2) (c) GDPR, certificates or recognized codes of conduct. Please contact our data protection officer if you would like more information on this.
8. Transfer of personal data to service providers
We only transfer the data required for the respective task to the service provider used, if any. Our partners have been extremely carefully selected by us in the context of contract award with respect to proper contract processing. They are obligated to us within the framework of order processing contracts in accordance with Art. 28 GDPR to treat your data properly and to comply with data protection and our own data protection standards. There is no further use of your data by the service provider. In particular, our service providers are not permitted to share your data or use it themselves for commercial purposes. We also continue to be responsible for the protection of your data. By concluding the contract, the service providers used are not considered so-called third parties. Within the context of order processing, we transfer your data to the following recipients:
- Webweisend Media GmbH – Wiesenstraße 21, 40549 Düsseldorf (purpose: creation and support around the website of the SHG);
- Recast IT GmbH & Co. KG – Stephanstraße 24, 42119 Wuppertal (purpose: IT support services, in particular hosting of the website);
- CleverReach GmbH & Co. KG – CRASH Building, Schafjückenweg 2, 26180 Rastede (purpose: service for providing and sending our newsletter).
9. Newsletter
With our newsletter we inform you about our current offers. You can subscribe to our newsletter by giving your consent. To subscribe to our newsletter, we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address you provided. In this e-mail, we ask you to confirm that you are the owner of the e-mail address you provided and that you wish to receive messages in the form of the newsletter. The only mandatory information is your e-mail address. In addition, we store your consent. The purpose of this procedure is to prove your registration in the case of possible inquiries by the supervisory authorities and, if necessary, to determine any misuse of your personal data.
You can withdraw your consent to receive the newsletter at any time by clicking on the following link, so that you can unsubscribe from the newsletter at any time. You can withdraw your consent by clicking on the link provided in every newsletter e-mail or by sending an e-mail to marketing@sumitomotool.com. Please note that the processing of your personal data will stay lawful until you withdraw your consent.
10. Use of Salesforce
We use Salesforce, a software for managing contacts and customer relationships (customer relationship management) and for marketing automation. For this purpose, we have concluded an order processing agreement in accordance with Art. 28 GDPR. The following personal data is processed by Salesforce on our behalf:
- First and last name
- Title
- Position
- Employer
- Contact information (company, e-mail, telephone, physical business address)
- ID card data
- Professional life data
- Personal life data
- Localization data
The software is a product of Salesforce, an American company based in San Francisco, California, USA. Data stored in Salesforce is stored in Salesforce's data centers. The company operates data centers in the USA, Canada, Europe. It should be noted that if the data is stored in the US, it is subject to US laws, including Patriot Act and other laws that may allow US authorities to access the data. A level of data protection equivalent to the EU General Data Protection Regulation does not exist in the USA. The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.
You can find Salesforce's data protection information under the following link: https://www.salesforce.com/company/privacy/
11. Joint controllership and transfer of your data within the SUMITOMO Group
In specific cases and if necessary, we transfer your data within the group to our group companies in order to fulfill contractual obligations or to process your inquiry or for our own organizational purposes. The transfer of data between the group companies is, as far as the registered office of the companies is located in the EEA or the EU, based on an agreement on joint controller of your data in accordance with Art. 26 GDPR. If your personal data is affected by joint controller responsibility, we will inform you about this separately.
12. Use of Cookies and web analytics services on our site
a) Cookies
Our website uses cookies. Cookies are pieces of information that are stored on your operating system when you visit our website. Cookies contain a characteristic string of characters that allows the browser to be uniquely identified when you return to the website.
We use cookies that serve the user-friendly design of our website. Some functionalities of our website make it necessary that the calling browser can be identified even after a page change.
You can find out which cookies we use, for what purpose and on what legal basis in our Cookie Information.
The legal basis for the processing of personal data using technically necessary cookies within the meaning of Section 25 (2) No. 2 Telecommunications Telemedia Data Protection Act (TTDSG) is Article 6 (1) f) GDPR. The purpose of the use of technically necessary cookies is to provide the use of our website for site visitors. Without the use of cookies, some functions of our website cannot be offered. For these functionalities, it is necessary that the browser is recognized even after a page change.
The legal basis for the processing of personal data using cookies for analysis purposes or other, additional services is - if the user has given his consent in this regard - Art. 6 para. 1 lit. a) GDPR.
We require cookies for the following applications and purposes:
You can find out the exact purpose of the individual analysis cookies .
Cookies are stored on the user's terminal device and transmitted from it to our website. As a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the storage of cookies. If cookies have already been stored, you can delete them at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full. You can find out more about the exact duration of storage here. You can withdraw your consent to the use of optional cookies at any time in the cookie settings.
b) Web tracking by Google Analytics
We use the web tracking service Google Analytics of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on our website. We use Google Analytics to analyze your user interactions and, through the statistics and reports obtained, to improve our offer and make it more interesting for you as a user.
We record the interactions between you as a user of the website and our website primarily with the help of cookies, data on the device/browser and IP addresses. Google Analytics also collects your IP addresses. This is to ensure the security of the service and to collect information about which country, region or location the respective user comes from (so-called "IP location determination").
However, we use the anonymization function ("IP masking") for your security. This means that Google shortens the IP addresses within the EU/EEA by the last octet.
The full IP address is only transmitted to a Google server in the USA in exceptional cases and shortened there.
The information generated by the cookies and the (usually shortened) IP addresses about your use of this website are usually transmitted to a Google server in the USA and processed there.
More information on terms of use and data protection as well as data use by Google can be found at:
https://policies.google.com/technologies/ads?hl=de and https://policies.google.com/privacy?hl=de.
The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your given consent (Art. 6 para. 1 p. 1 lit. a) GDPR). The withdrawal of your consent is possible at any time, without affecting the legitimacy of the processing until the withdrawal. The easiest way to withdraw your consent is to use our Consent Manager or to install the Google browser add-on, which can be accessed via the following link: https://tools.google.com/dlpage/gaoptout?hl=de/
For more information on the scope of services provided by Google Analytics, please visit https://marketingplatform.google.com/about/analytics/terms/de/. Google provides information on data processing when using Google Analytics at the following link: https://support.google.com/analytics/answer/6004245?hl=de/
13. Social media use and appearances
Our websites use icons or symbols of social media providers (Xing, LinkedIn, Youtube, Facebook, Instagram). We only use these for passive linking to the pages of the respective providers.
The privacy policies of the social media providers can be found at:
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany: https://privacy.xing.com/de/datenschutzerklaerung
LinkedIn Irland Unlimited Company, Wilton Place, Dublin 2, Irland:
https://de.linkedin.com/legal/privacy-policy
Youtube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland:
https://policies.google.com/privacy?hl=de
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland:
https://m.facebook.com/privacy/policy/version/20220104/
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland:
https://help.instagram.com/155833707900388
a) Privacy policy of the SHG for Facebook
We use under SHG | Facebook the Facebook fan page of the provider Meta Platforms Ireland Ltd ("Facebook") to inform you about our offers and to communicate with you. We would like to inform you that your data may be processed outside the European Union (EU). The processing of personal data outside the EU involves general risks with regard to the enforcement of your data subject rights and the safeguarding of the general protection aims of data protection.
(1) Jointly responsible for the processing are:
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Dublin 2
Ireland
impressum@support.instagram.com
Fax: +1 650 543 5340
and
SUMITOMO Electric Hartmetall GmbH
Konrad-Zuse-Straße 9
47877 Willich
Germany
Further information on the responsible SUMITOMO together with contact details, for example the telephone number, can be found in the imprint.
Facebook assumes primary responsibility for the processing of Insights data to comply with the obligations arising from the GDPR. These include the fulfillment of necessary information obligations, data subject rights that can be asserted against Facebook, notification obligations in the event of data protection violations, and ensuring appropriate technical and organizational measures for secure processing.
Of course, you can also assert your request for information or other rights to us. In that case, we will be pleased to forward your request to Facebook, as Facebook has access to the relevant user data and can take measures in accordance with your user rights.
(2) Data processing with Facebook
(a) Running a Facebook fan page
We use our Facebook fan page to be able to inform you with news about our offers and to get in contact with you. For example, if you comment on our posts, we process the content of your comment and, if applicable, other data that you provide to us or that is transmitted during your Facebook activity. Depending on the privacy settings of your user profile, we may also have access to further information about your user profile and your Facebook activities (e.g. posts and "likes").
Every time you access our Facebook fan page, your personal data (e.g. IP address; browser data; operating system and device; web pages visited; date and time of access, etc.) is processed by Facebook and cookies are set. However, we have no control over the data collected and the data processing, nor are we made aware of the full extent of the data collection, the purposes of the processing, the storage periods or the deletion of the data collected. This enables Facebook to use your data to create cross-device usage profiles for the purposes of advertising, market research and/or demand-oriented design of its websites. Such use may also occur if you do not have an account with Facebook or are not logged in there. If you are logged in to Facebook, your data will be directly assigned to your existing Facebook account and, if applicable, publicly communicated to further contacts.
Our legal basis for the processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is the external presentation and communication with you.
(b) Use of Facebook Insights
The processing of personal data in the use of Facebook takes place with Facebook Insights and also includes processing purposes for market research, advertising and the collection of statistical data. For example, usage profiles can be created from your usage behavior and your resulting interests.
The usage profiles may in turn be used, for example, to serve ads within and outside of Facebook that are presumed to match your interests. Cookies are generally placed on your device to record your user behavior, preferences and interests, as well as to create and store user profiles. The purpose of Facebook is to show you targeted advertising within and outside of Facebook. Furthermore, data may also be stored in the usage profiles regardless of the devices you use (especially if you are logged in as a user of Facebook). However, even if you do not have a Facebook profile, or are not logged into it during your visit to our Fanpage, Facebook may be able to assign this data to a user profile. Cookies remain on your end device until you delete them. Facebook may change or modify the storage periods of the cookies from time to time without our ability to influence this.
Data from Facebook Insights is only available to us in anonymized form, so that we can only analyze the general user behavior of visitors to our fan page. However, this does not allow us to draw conclusions about individual users.
Our legal basis for the processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to analyze the reach and effectiveness of our Facebook activities in order to optimize our online offering on this basis
(c) Further information
For a detailed explanation of the respective processing, the opt-out options, and the legal basis, please refer to the Facebook data protection information linked below:
Information on Facebook Insights
https://www.facebook.com/business/pages/manage#page_insights
Joint Controllers arrangement with Facebook:
https://www.facebook.com/legal/terms/page_controller_addendum
Privacy policy:
https://www.facebook.com/about/privacy
Opt-out option:
https://www.facebook.com/help/568137493302217/
Legal basis of processing:
https://www.facebook.com/about/privacy/legal_bases
and
https://de-de.facebook.com/policy.php
(3) Data subject rights
We refer you to your data subject rights within the meaning of Art. 13 et seq. GDPR. In particular, you have a right to access your data (Art. 15 GDPR), a right to rectification (Art. 16 GDPR), a right to erasure (Art. 17 GDPR), a right to restriction of processing (Art. 18 GDPR), a right to information (Art. 19 GDPR), a right to data portability (Art. 20 GDPR) and a right to object to processing (Art. 21 GDPR). We also ensure your rights under Art. 22 GDPR. You or your data in our area of responsibility are therefore not subject to decisions based solely on automated processing - including profiling. In addition, you have the right to lodge a complaint with a supervisory authority at any time (Art. 77 GDPR). In addition, you have the right to withdraw consent with effect for the future (Art. 7 (3) GDPR).
(4) Data Protection Officer
If you would like access to information about the processing of your personal data in connection with Facebook or would like to claim your data subject rights in this context, we would like to point out that the most effective way to do this is to address your request directly to Facebook. A contact to the data protection officer of Facebook is available under the link:
https://www.facebook.com/help/contact/540977946302970
If you wish to make use of your data protection rights, please contact our external data protection officer at the e-mail address sumitomotool@nrw.brands-consulting.eu and provide us with as much detail as possible regarding your specific concern. We will be pleased to forward your concern to Facebook, as Facebook has access to the relevant user data and can take measures in accordance with your user rights.
For further information on data protection, please refer to the general privacy policy of SHG on the web presence.
b) Privacy policy of SHG for Instagram
We use the Instagram business profile of the provider Meta Platforms Ireland Ltd. (formerly and now still abbreviated as "Facebook") to inform you about our offers with photos and videos. We would like to point out that your data may be processed outside the European Union (EU). The processing of personal data outside the EU involves general risks with regard to the enforcement of the rights of the data subject and the safeguarding of the general protection aims of data protection.
(1) Responsible respectively Controller
(a) Facebook
Responsible for the processing of your data, insofar as it is processed exclusively by Facebook, is:
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Dublin 2
Ireland
impressum@support.instagram.com
Fax: +1 650 543 5340
(b) SUMITOMO
SUMITOMO ELECTRIC Hartmetall GmbH
Konrad-Zuse-Straße 9
47877 Willich
Deutschland
Further information about the responsible SHG together with contact details, such as the telephone number, can be found in the imprint.
(c) Joint controllership for processing
Insofar as your submitted data is processed jointly by Facebook and by SHG and both decide on the purposes and means of the processing, Facebook and SHG are jointly responsible within the meaning of Art. 26 GDPR. By operating our Instagram company profile, we enable Facebook to process your data, which is made available to us via the Instagram Insights analytics service in the form of statistics. For this reason - in connection with the ruling of the European Court of Justice [ECJ of June 05, 2018 (Ref.: C-210/16)] on the existence of joint responsibility for the operation of a Facebook fan page as well as the use of Facebook's own analytics service - we analogously assume joint responsibility for our Instagram company profile and the use of Instagram Insights. However, Facebook does not currently provide an agreement on joint responsibility pursuant to Article 26 of the GDPR in which the data protection obligations of each controller can be defined and delimited from one another.
(2) Use of Instagram
We use our Instagram business profile to be able to inform you with news about our offers and to get in contact with you. For example, if you comment on our posts, we process the content of your comment and, if applicable, other of your data that you share with us or that is transmitted during your Instagram activity. In this process, depending on the privacy settings of your user profile, we may also have access to further information of your user profile and your Instagram activities (e.g. "likes").
Every time you visit our Instagram company profile, your personal data (e.g. IP address; browser data; operating system and device; web pages visited; date and time of visit, etc.) is processed by Facebook and cookies are set. However, we have no control over the data collected and the data processing, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods or the deletion of the collected data. This enables Facebook to use your data to create cross-device user profiles for the purposes of advertising, market research and/or demand-oriented design of its websites. Such use may also occur if you do not have an account on Instagram or are not logged in there. If you are logged in on Instagram, your data will be directly assigned to your existing Instagram profile and, if applicable, publicly shared with your contacts.
Our legal basis for the processing is Art. 6 (1) lit. f) GDPR. Our legitimate interest is the external presentation and communication with you.
(a) Use of Instagram Insights
The processing of personal data in the context of the use of Instagram takes place with Instagram Insights and also includes processing purposes for market research, advertising as well as the collection of statistical data. The usage profiles may in turn be used, for example, to serve advertisements within and outside of Instagram and Facebook, respectively, that presumably correspond to your interests. Cookies are usually stored on your device to record your user behavior and to create and store user profiles. For example, user profiles can be created from your usage behavior to certain posts, stories, IGTV videos, reels, live videos and your resulting interests. Furthermore, data may also be stored in the usage profiles regardless of the devices you use (especially if you are a member of Instagram or Facebook and logged in on these platforms). However, even if you do not have an Instagram profile or are not logged into it during your visit to our business profile, Facebook can match this data to a user profile. Cookies remain on your end device until you delete them.
Data from Instagram Insights is only available to us in anonymized form, so that we can only analyze the general user behavior of visitors to our Instagram profile. However, this does not allow us to identify individual users.
Our legal basis for the processing is Art. 6 (1) lit. f) GDPR. Our legitimate interest is to analyze the reach and effectiveness of our Instagram activities in order to optimize our online offering.
(b) Furter information
For a detailed description of the respective processing, the opt-out options, and the legal basis, please refer to the privacy policy of Instagram and Facebook linked below:
Instagram insights information: https://www.facebook.com/help/instagram/788388387972460
Privacy policy:
Opt-out and customization options:
https://www.facebook.com/help/instagram/2885653514995517?locale=de
and
https://help.instagram.com/615366948510230
Legal basis of processing:
https://www.facebook.com/about/privacy/legal_bases
and
https://de-de.facebook.com/policy.php
(3) Data subject rights
We would like to inform you of your data subject rights as defined in Art. 13 ff. GDPR. In particular, you have a right to access your data (Art. 15 GDPR), a right to rectification (Art. 16 GDPR), a right to erasure (Art. 17 GDPR), a right to restriction of processing (Art. 18 GDPR), a right to information (Art. 19 GDPR), a right to data portability (Art. 20 GDPR) and a right to object to processing (Art. 21 GDPR). We also ensure your rights under Art. 22 GDPR. You or your data in our area of responsibility are therefore not subject to decisions based solely on automated processing - including profiling. In addition, you have the right to lodge a complaint with a supervisory authority at any time (Art. 77 GDPR). In addition, you have the right to withdraw consent with effect for the future (Art. 7 (3) GDPR).
(4) Data protection officer
If you would like information about the processing of your personal data in connection with Facebook's Instagram service or would like to assert your data subject rights in this context, we would like to point out that the most effective way to do this is to address your request directly to Facebook. You can contact Facebook's data protection officer at the link https://www.facebook.com/help/contact/540977946302970.
If you would like to make use of your rights as a data subject, our external data protection officer will be pleased to help you at the e-mail address sumitomotool@nrw.brands-consulting.eu. Please provide us with as much detail as possible regarding your specific concern. We will be pleased to forward your concern to Facebook, as Facebook has access to the relevant user data and can take measures in accordance with your user rights.
For further information on data protection, please refer to SHG's general data protection policy for the website.
c) Integration of Youtube videos
We have integrated Youtube videos into our online offer, which are stored on YouTube.com and can be played directly from our website. By first clicking on the correspondingly marked button of the respective product videos, you manually establish a connection to YouTube. If you click again, the corresponding video will be played. With the first click you agree to the data transfer to Youtube. Only when you play the videos, the data mentioned in the following paragraph will be transmitted. We have no influence on this data transmission. The legal basis for the display of the videos is Art. 6 para. 1 sentence 1 lit. a) GDPR, which means that the integration only takes place after your consent.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the above-mentioned basic data such as IP address and timestamp are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly associated with your account. If you do not want the association with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
The information collected is stored on Google servers, including in the USA. We would like to point out that there is no adequate data protection in the USA and that the security authorities there may be able to access your data without a legal basis. There are also no data protection rights.
For more information on the purpose and scope of data collection and its processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy:
https://policies.google.com/privacy?hl=en.
14. Your rights
As far as the legal requirements are fulfilled, you are entitled to claim your rights listed below against us:
a) Right of access information according to Art. 15 GDPR.
You can request information about whether we process personal data about you. If this is the case, you can also request information about the circumstances and more detailed arrangements of the processing and more detailed information about the processed data.
In order to process your request, we are obliged to verify your identity to prevent unauthorized data access. If necessary, and depending on the sensitivity and criticality of the data, we will ask you to provide a redacted copy of your ID, which must show only your name and address. The clear identification of the requestor also serves to protect your personal data. We will of course inform you of this in writing or in text form.
In addition, you are entitled to receive copies of data from us in accordance with Article 15 (3) GDPR, provided that this does not affect the rights and freedoms of other persons. We ask for your understanding that we will only provide unreasonably frequent data information against payment of a fee. Of course, we will also inform you of this in writing or in text form before providing the information.
In the case of data access, we will store your request and information in this regard in our systems for a period of 2 years. If you provide us with a copy of your ID card in order to be able to claim your right to data access and to verify your identity, this will be destroyed immediately after the identity check has been carried out. The legal basis for data processing is Art. 6 para. 1 lit. c) GDPR.
b) Right to correct inaccurate information or to have it completed in accordance with Art. 16 GDPR.
You have the right to request that existing inaccurate information about yourself be corrected, unless you are able to make a change yourself. Personal data is incorrect if it does not correspond to reality.
Taking into account the purposes of the processing, you as the data subject have the right to request that incomplete personal data be completed - also by means of a supplementary declaration.
c) Right to erasure pursuant to Art. 17 GDPR.
You are entitled to demand that we delete your personal data if the legal requirements are met.
d) Right to restriction according to Art. 18 GDPR.
According to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you. In this case, processing will be restricted for as long as is necessary for the controller to verify the accuracy of the personal data. Furthermore, a right of restriction also exists if the processing is unlawful and you request the restriction of the use of your personal data instead of the erasure of your personal data. Restriction of processing may consist of temporary transfer of data to another processing system, blocking or removal of published data.
e) Right to information according to Art. 19 GDPR
If you have claimed the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom your personal data have been communicated of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients in accordance with Art. 19 GDPR.
f) Right to data portability according to Art. 20 GDPR.
You have the right, under the conditions of Art. 20 GDPR, to demand that we transfer your personal data to you in a structured, common and machine-readable format (e.g. .csv); you also have the right to transfer this data to another controller. When using this right, you have the right to obtain that your personal data is transferred directly from the controller to another controller, insofar as this is technically possible. This does not include where the processing is necessary for the fulfilment of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g) Right to object pursuant to Art. 21 GDPR.
You have the right to object at any time to the processing of your personal data which is in the public interest or necessary for legitimate reasons. This enables you to request us to stop processing if the applicable conditions for this are fulfilled.
h) Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you.
This does not apply if the decision
(1) is necessary for the conclusion or fulfillment of a contract between you and the controller,
(2) is permitted by legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests; or
(3) is done with your explicit consent.
With regard to the cases mentioned in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express your point of view and to contest the decision.
i) Right to withdraw your consent under data protection law
You may withdraw your consent to the processing of your data at any time with effect for the future. The data processing carried out until the withdrawal remains lawful in accordance with Art. 7 (3) sentence 2 GDPR. With the use of the right of withdrawal, the data processed on the basis of the withdrawn consent will be deleted. Please be aware that we may be obliged or entitled to further process your data if the applicable legal requirements for this are fulfilled. You can address your declaration of withdrawal to:
SUMITOMO ELECTRIC Hartmetall GmbH
Konrad-Zuse-Straße 9
47877 Willich
Deutschland
Telephone: +49 2154 4992 0
Fax: +49 2154 4992 161
E-mail: compliance@sumitomotool.com
j) Right to lodge a complaint with the data protection supervisory authority in accordance with Art. 77 GDPR.
You have the right to lodge a complaint with a data protection supervisory authority if you should have a reason to complain, in particular if you believe that the processing of your personal data violates the GDPR.
You may lodge the complaint with a data protection supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement. The data protection supervisory authority responsible for us is:
State Representative for Data Protection and Freedom of Information of Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: +49 211/38424-0
Fax: +49 211/38424-999
E-mail: poststelle@ldi.nrw.de.
15. Details about your rights
Data access and data portability
You have the right to receive, at any time and free of charge, information about the data stored by us and concerning you. In addition, you are entitled to have the data provided by us on the basis of your consent or on the basis of a contract concluded between us transferred to yourself or to a third party. To do so, please contact us in text form at compliance@sumitomotool.com.
Please keep in mind that a request for information by e-mail may result in us also providing the information digitally, unless you expressly request written postal information. The additional information about you obtained for identification purposes will be used solely for identification purposes. The time and procedure of identification are documented by us for evidence purposes vis-à-vis the data protection supervisory authority. The legal basis is Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 5 para. 2 GDPR.
Rectification, deletion and restriction
Insofar as other legal obligations (e.g. legal retention and deletion periods under the German Commercial Code or the German Fiscal Code) or other legitimate interests on our part (e.g. retention for the assertion of claims or for legal defense) do not exist, we will correct, block or delete your personal data stored with us at your request. For this purpose, please contact compliance@sumitomotool.com.
Withdrawal of your consent
If you have given us your consent to process your personal data, you can withdraw this consent at any time by sending us a short message, without incurring any costs other than the transmission costs according to the prime rates. Also in this regard, we ask you to send your withdrawal to: compliance@sumitomotool.com.
16. Changes of the privacy policy
Advancing technology, legal requirements or changed processes may have an effect on this data protection information, among other things. We therefore reserve the right to change this policy at any time with effect for the future. The current version of the data protection information can be found on this website. Please visit this subpage of the homepage regularly to inform yourself about the applicable conditions. This privacy notice is current as of January 2023.
Cookie information
Consent to data processing
By means of cookies and similar technologies, information can be stored, enriched and read on your end device. By clicking on "Accept all", you consent to access to your end device as well as to the processing of your data, the creation and processing of individual usage profiles across websites as well as partners and devices, and the transfer of your data to third-party providers, some of which process your data in countries outside the European Union (Art. 49 GDPR). We as SUMITOMO ELECTRIC Hartmetall GmbH may not be able to ensure that the European level of data protection is observed in all cases. It is therefore possible that our partners may also use your data for their own purposes. By clicking on "Only necessary", we restrict ourselves to the services and cookies that are absolutely necessary.
For more information, including on data processing by third-party providers and the withdrawal of your consent, which is possible at any time, please refer to the cookie settings as well as our privacy policy. You can find more information about the responsible person in the imprint.