SPINNER GmbH welcomes your visit to this website and your interest in SPINNER products and services.
Table of Contents
- Controller and Data Protection Representative
- Collection, Processing and Use of Personal Data
- Use of Personal Data for Marketing and Advertising Purposes
- Collection and Processing of Web Use Data
- Embedded YouTube Videos
- Social Plugins
- Google Analytics
- Online Advertising
- Map Services
- Security of Your Personal Data
- Your Rights
1. Controller and Data Protection Representative
represented by managing directors Stephanie Spinner-König and Katharina König
Phone: +49 89 12601 0
Fax: +49 89 12601 1292
2. Collection, Processing and Use of Personal Data
Collection of data
Generally, you can visit this website without any collection of your personal data. If you wish to use our online shop, you must register as a user. When you register as a user, we will collect and store the user and company information you provide (name, address, e-mail, payment information, etc.). In addition, we will link certain information, such as prices, price lists, payment terms, Incoterms® 2010, or other terms and conditions that are applicable to you, to your profile. In each case disclosure of your personal data is completely optional. Personal data made available by you through this website will be used exclusively for the purposes for which such data are collected. We will use such data to review your profile (commercial customer, internal compliance, any credit check), to confirm and fill your orders and payments, to deliver products, including compliance with customs and export laws, to provide services, to communicate with you, and to analyze your use of this website.
Transfer of data
Recipients of data or categories of recipients
Recipients of data are the following:
- Government agencies that receive data in accordance with applicable law (laws that take priority over privacy concerns) (e.g., social security service providers and tax authorities);
- Internal offices involved in the settlement of transactions (e.g., bookkeeping, accounting, purchasing, electronic data processing);
- Third-party contractors: outsourced personal data processing or use in accordance with § 11 of the Federal Data Protection Act (hereinafter "BDSG") or, starting on May 25, 2018, Art. 28 et seq. of the General Data Protection Regulation (hereinafter "GDPR"); and
- Third parties involved in the settlement of transactions (e.g., shipping companies).
Legal basis of data processing
Data will be processed based on consent, to perform the contract, and/or to comply with a legal obligation (§§ 4, 4a, 28 of the BDSG or, starting on May 25, 2018, Art. 6 para. 6 (a), (b) and (c) et seq. of the GDPR.
Standard periods for erasure of data
Recordkeeping obligations for personal data vary. Thus, tax-relevant data generally are kept for a period of 10 years, and other data are generally kept for six years in accordance with commercial law. If there is no legal recordkeeping obligation, data will be erased or destroyed if and when they are no longer necessary for business purposes.
3. Use of Personal Data for Marketing and Advertising Purposes
We offer you a newsletter to provide you with information about us and our products and services.
For you to receive the newsletter, we will need your e-mail address. By subscribing to the newsletter you agree to receive the newsletter. Collected data will be used only to send the newsletter.
Our newsletter is sent via MailChimp. The plugins and functions of MailChimp are offered by The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308.
If you subscribe to our newsletter, the data provided by you will be transmitted to and stored by MailChimp. Following your subscription MailChimp will send you an e-mail to confirm your subscription ("double opt-in"). MailChimp uses the analysis tool Google Analytics. You will find additional details about Google Analytics in Section 8 below.
You may at any time revoke your consent to receive the newsletter and to the associated collection and storage of data. To revoke consent, you may use the link in the newsletter or notify us using the above contact options.
To ensure the secure transmission of confidential information such as questions that you submit to us, this website uses SSL encryption. You can tell when a connection is encrypted because a padlock icon appears in the browser line and "http://" switches to https://. When SSL encryption is enabled, it is impossible for third parties to read data you send to us.
5. Collection and Processing of Web Use Data
We collect web use data through this website for statistical purposes, to optimize this website, to identify and follow up on malfunctions or misuses of our online offers or telecommunication services and systems, and for marketing purposes (§ 28 para. 1 sent. 1 nos. 1 and 2 of the BDSG or, starting on May 25, 2018, Art. 6 para. 1 (f) et seq. of the GDPR). Provided that you have consented, we will use your web use data to create web use profiles. In this connection, web use data include, for example, the date and time you access this website, the browser version you use, and the time you spend on this website. Web use profiles will be linked to personal data of the customer.
The consent is worded as follows:
You may at any time informally revoke your consent to the creation of web use profiles by using the above contact options. Revocation will result in no costs of any kind for you – except for any applicable transmission or connection fees.
As a matter of principle, we will not use your data for advertising or market research purposes except with your consent. This also applies if you should revoke your consent later.
6. Embedded YouTube Videos
7. Social Plugins
Use of social plugins of Facebook, Google+, Twitter, and LinkedIn
Our website uses social plugins ("plugins") of social networking sites.
To increase the privacy of your data when visiting our website, plugins are not linked to our website without limitation, but merely by using an HTML link (so-called "Shariff solution"). This link guarantees that when you access a page of our website that contains plugins, no connection with servers of the social networking site provider will be made yet. If you click on a button, a new window will open in your browser and access the website of the service provider, on which you can click, for example, on the like or share button (where applicable, after entering your login data).
For the purpose and scope of data collection and the further processing and use of data by the providers on their websites, as well as for your related rights and setting options to protect your privacy, please refer to the data privacy policies of the providers.
8. Google Analytics
9. Online Advertising
10. Map Services
11. Security of Your Personal Data
SPINNER GmbH protects your personal data from unauthorized access, use, or publication. For this purpose SPINNER GmbH takes appropriate technical measures according to the latest state of the art. Should you have to enter bank account or credit card information for payment purposes, such information will be stored only by PCI-DSS certified payment services providers, not by us. SPINNER GmbH notes however that a transmission of data via the Internet (e.g., communication by e-mail) may have security gaps. It is therefore impossible to protect your personal data from unauthorized access by third parties 100%.
In addition, you should take steps of your own to protect your data from unauthorized access, for example by keeping your password secret.
12. Your Rights
You have a right to information, correction, or erasure (§§ 34 and 35 of the BDSG; starting on May 25, 2018, Art. 15, 16 and 17 of the GDPR) by the controller of personal data, as well as a right to restricted data processing (§ 35 of the BDSG; starting on May 25, 2018, Art. 18 of the GDPR). You have the right to object to the transmission and processing of data. If your data are erased or blocked, you will however no longer be able to use certain services on our website.
Beginning on May 25, 2018, you may also demand that data which are automatically processed or to the use of which you have consented be made available to you in machine-readable form or be transferred to other controllers (Art. 20 of the GDPR).
You may exercise your rights by informally notifying the data protection representative:
Data subjects may revoke consent at any time without thereby affecting the lawfulness of data processing that has occurred until consent is revoked.
If you have any complaints, you may also contact the competent regulatory authority for data protection in Ansbach, Germany: