Privacy Policy

1. General provisions

1.1. Scope of application This Privacy Policy describes how our company handles personal data. Unless otherwise expressly set forth below, it applies both to data processing operations on our website and to any other kind of personal data use, including data processing for contract performance. For further explanations on specific online functionality please read the Attachment at the end of this Privacy Policy. 1.2. Controller The data processing controller (“contoller”) within the meaning of the European General Data Protection Regulation (GDPR) is:

Varinox GmbH
Bahnhofstraße 48
D-75417 Mühlacker
Tel.: +49 7231 778429-0
E-Mail: [email protected]

The controller will decide, either on its own or in cooperation with others, on the purposes and means of such processing of personal data (e.g., names, contact data, etc.)

1.3. Subject matter Data protection generally refers to the processing of personal data. This includes any information related to an identified or identifiable natural person (“data subject”), e.g., a contact person of your company. This kind of information includes, but is not limited to the name, address, email account, phone number, but also any other data that is automatically generated in the course of our business relationship such as information on individual orders and contracts.

In processing personal data, we adhere to the applicable data protection rules and regulations. This means that we will not process your data, unless you have granted your consent or where legally permitted, e.g., if data processing is required for meeting our contractual obligations (e.g., order processing), or legally required.

1.4. Technical security measures We take organizational and technical security measures based on the state of the art in order to ensure that data protection rules and regulations are complied with and to safeguard data processed by us against incidental or willful manipulations, loss, destruction, or access by unauthorized parties.

For safety reasons and in order to protect the transmission of confidential information that you send to us as the operator of this website, our website uses an SSL and/or TLS encryption. This means that any data you transmit via this website cannot be read by third parties. The “https://” and the lock icon in the address field of your browser indicate that the data transmission will be encrypted.

2. Data processing on the website

2.1.Access to our website When you access our website, the browser on your device will automatically – and without any action on your part – store

date and time of access and time zone deviation from Greenwich Mean Time (GMT);
the access method (verb, e.g. “GET”);
requested contents (specific page) and, if applicable, parameters (“query”);
user's IP address;
HPPT protocol version of the user;
information on the browser type and language/version used, preferences regarding the display of multi-language websites (e.g., EN, DE), information on the user’s operating system and installed plug-ins or NDK/SDK used;
cookies that may have been placed on the user’s system;
websites from which user’s system is referred to our website;
access status / HTTP (sub) status code;
amount of data transferred to the server of our website and temporarily stored in a so-called log-file for the following purposes:
ensure that connection is smoothly built up;
ensure a comfortable user experience;
analyze system security and stability.

The legal basis for processing the IP address is Art. 6, par. 1, sentence 1, lit. f) of the GDPR. We have a legitimate interest in the data processing purposes listed above.

Data will be stored during a period of seven (7) days and automatically deleted after the end of this period. 2.2. Cookies - general provisions We use so-called “cookies” on our website in accordance with Art. 6, par. 1, sentence 1, lit. f) of the GDPR. Our endeavors to optimize our website and its user- friendliness constitute a legitimate interest within the meaning of the above- mentioned regulation. Cookies are small files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies will not cause any harm to your device, do not contain viruses, trojans, or other malware. The cookie stores information that is created in connection with the specifically used device. However, this does not mean that we gain information which would immediately uncover your identity. On the one hand, the use of cookies allows us to make your browsing experience more comfortable. For example, we use so-called session cookies that indicate that you have already visited certain pages of our website before, or that you have already logged into your customer account. These cookies will be automatically deleted when you leave our website. Furthermore, we use temporary cookies, also for the purpose of improving the usability of our website, that will be stored on your device for a certain period of time. Next time you visit our website in order to take advantage of our services, our system will automatically know that you are revisiting our website, which data you entered, and/or which preferences you set and which articles, if any, you have already placed in your shopping basket so that you do not need to perform these actions a second time.

Most browsers automatically accept cookies. However, you may configure your browser in such a manner that no cookies will be stored on your computer (“disable cookies”) or that you will see a warning before a new cookie is stored. When cookies are fully disabled, this may prevent you from enjoying the full functionality of our website.

You can use our Consent Manager to decide which cookies and similar technologies may be used. We have divided all cookies into three categories:

Necessary - our website will not work without these cookies
Statistics - Anonymous visitor statistics
Comfort - videos, chat feature and recently viewed products

2.3. Contact form It goes without saying that we will treat personal data that you provide by filling in contact forms on the website, by phone, or email as strictly confidential. We will use your data only for a particular purpose in order to process your inquiry. The legal basis for this type of data processing is either Art. 6, par. 1, lit. b) or Art. 6, par. 1, lit. f) of the GDPR. Our legitimate interest in this type of data processing is derived from our common aim of answering your inquiries, resolving any issues that may exist, and, thus, to ensure and enhance your satisfaction as a customer or user of our website.

If you participate in a customer survey, you will do so on a strictly voluntary basis. Any personal information that you provide while answering survey questions will be deemed to have been provided on a voluntary basis. Please do not enter any names or similar information in plain text fields that will allow conclusions to be drawn on your or other individuals’ identity. In the event you grant your consent in connection with a customer survey, Art. 6, par. 1, lit a) of the GDPR is the applicable legal basis for data processing based on a consent. In the event that you have granted a consent or consents in connection with a customer survey, you may withdraw these consents at any time with effect for the future. For further details, please refer to the applicable data protection notes in the customer survey concerned.

2.4. Specific website functionality For a description of other website functions that are covered by data protection rules and regulations and/or additional online contact options please refer to the Attachment at the end of this Privacy Policy.

3. Data processing in the course of business relationships

We will give you, as an existing or prospective customer, an overview of the purposes and legal bases of data processing within the scope of our business relationship in the sections below.

3.1. Contract performance We process personal data if this is required for preparing, closing, or performing the contract entered with you. The purposes depend on the particular contract and include, but are not limited to

preparation and processing of offers;
performance of the entered contracts;
payment processing;
management and assistance prior to, during, and after the end of the business relationship with you;
processing of statutory warranty claims.

In this regard, your personal data will be processed in accordance with Art. 6, par. 1, lit b) of the GDPR, to the extent this is required for the above purposes. In the absence of this information, we will not be capable of entering the contract with you /or of performing it.

Data that we collect will only be stored as long as needed for attaining the purpose for which this data had been collected. As a general rule, this requirement will only cease to exist when the contractual services have been fully completed and the applicable statutory warranty periods have expired, unless we have the right and obligation to store the information for a longer period of time in accordance with legal retention obligations, in particular, under the trade and tax law.

3.2. Compliance with legal obligations We will also process your personal data for the purpose of compliance with our legal requirements. These requirements may exist under the trade, tax, money laundering, financial, or criminal code. The processing purposes are determined by the applicable statutory duty; generally, data processing will serve the purpose of compliance with disclosure duties under national law. Your data will be processed pursuant to Art. 6, par. 1, lit c) of the GDPR. We will delete your personal data when the legal obligation to store your data ceases to exist, unless other legal duties require the retention.

3.3. Safeguarding legitimate interests Furthermore, we will also process your personal data for safeguarding our legitimate interests and those of our affiliated companies, e.g., for the following purposes:

storage in our customer database, e.g., to facilitate a follow-up communication after the initial contact at a trade fair;
answering questions and business correspondence not related to a contract;
mailing of information material, price lists, and information on events;
credit screening;
optimization of our business processes.

In this regard, your personal data will be processed in accordance with Art. 6, par. 1, lit f) of the GDPR. Thus, our legitimate interest is based on the purposes described above and also on our general interest of an ongoing customer relationship management.

In addition, we reserve the right to process personal data, i.e., your name and your contact data, that you provided to us during negotiation of contracts or the business relationship in order to provide you with information on our own similar products or services, provided, however, that we will comply with the applicable unfair competition rules and regulations that may apply to such actions in addition to the GDPR. If you have entered into a contract with us, we will treat you as an existing customer. In that case, we will process your postal mail contact data, regardless of whether a specific consent had been granted, in order to provide you with information on new products and services. We will process your email account in order to send you information on our own, similar products and services via that communication channel. You may object to marketing measures at any time.

3.4. Consent If we process personal data based on your consent, the particular purpose will be described in each of the consent forms. In these cases, your data will be processed pursuant to Art. 6, par. 1, lit. a) of the GDPR. You may withdraw any consent that you granted at any time, which, however, will not affect the legitimacy of data processing that occurred based on this consent and prior to the date of withdrawal. We will delete your personal data if it is no longer required for the purposes we pursue or if you withdraw your consent and if there are no withstanding statutory provisions.

4. Use of recruitment data

In the event that you send us an application, including by email, for a job vacancy, we will process the data that you provide in connection with your application in order to check your suitability for the open position (or, if applicable, for other vacancies within our group of companies) and to conduct the recruitment process. Upon receipt of your application, your data will be reviewed by the human resources department and the heads of department within our group of companies. As a general rule, only those staff members will have access to your data that need this information for purposes directly related to the recruitment process.

The processing of your personal data in the course of a recruitment process is, in particular, based on section 26 of the German Federal Data Protection Act (BDSG). In accordance with this provision, the processing of personal data is permissible to the extent it is needed in connection with the hiring decision and for offering an employment. Any other additional information that you may have provided will be stored in accordance with Art. 6, par. 1 lit f) of the GDPR, since we also have a legitimate interest in considering your voluntarily provided information in the course of the recruiting process. If upon the – unsuccessful – completion of the recruiting process you grant your consent to the continued storing of your personal data in our recruiting pool, this continued further processing will occur based on Art. 6, par. 1, lit a) of the GDPR. You may revoke your consent at any time with effect for the future without giving reasons.

In the event of a negative reply, applicants’ personal data will be deleted by us after four (4), but no later than after six (6) months. If you grant your consent to the continued processing of your personal data in our recruitment pool, your data will be deleted when it is no longer required for the purposes for which it had been collected and processed, typically, upon the expiration of a period of five months following its inclusion in the recruitment pool. In the event that during the recruitment process you should be selected and offered a job, your data will be taken over into our HR management system and processed therein to the extent required for creating an employment contract and performing the obligations under this contract.

5. Third parties

5.1. Disclosure of data and categories of recipients Varinox GmbH cooperates with VAR INOX d.o.o., Šetalište Mate Raosa 34, 21276 Vrgorac, Croatia, and exchanges data with this company. However, the transfer of personal data to VAR INOX d.o.o. only takes place if there is a legal basis for doing so and if the transfer is necessary for the purposes pursued in connection with the respective data processing. In particular, data of customers and suppliers are exchanged between Varinox GmbH and VAR INOX d.o.o. in the context of contract performance on the basis of Art. 6 (1) (b) GDPR and on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest is based on reasons that include, but are not limited to the optimization of our inhouse administrative processes for enhanced efficiency and improvement of customer care services.

We will only disclose your personal data to external third parties, if this is required for performing the contract, if this is permitted based on another legal bases, or if you have granted your consent. The disclosure will then occur based on the Art. 6, par. 1 lit. a), lit. b), lit. c) and/ or lit. f) of the GDPR.

The external recipients may be service providers that were commissioned by us with the provision of services (“processors”) pursuant to Art. 28 of the GDPR (e.g., in the area of IT services, marketing services, or document shredding). These processors will be carefully selected and audited at regular intervals. They shall use the data exclusively for the purposes indicated by us and in accordance with our instructions. Besides, we also disclose data to external service providers based on a legal obligation or for safeguarding our own legitimate interests, if these parties provide us with third-party expert services in their own responsibility, e.g., mail service providers, tax advisors, or chartered accountants.

Furthermore, we may be required to transmit personal data to public authorities and government institutions in accordance with compelling legal requirements, such as public prosecution, courts, customs, fiscal, and tax authorities.

In the event data is transmitted to third parties whose registered office, place of residence, or place of data processing is not within a member state of the European Union or another country that is a party to the Agreement on the European Economic Area, we will ensure prior to passing on your data that, except for the statutorily permitted exceptions, the recipient complies with a reasonable level of data protection or that you have provided your sufficient consent.

5.2. Storage period For further information on the storage period for personal data please refer to the description of the corresponding offer and/or service in this Privacy Policy before consulting other reference sources. In addition and/or unless provided otherwise in the corresponding description of the offer and/or service, the following rules shall apply:

We will store your personal data only as long as required for meeting the processing purposes or – if a consent was granted – as long as you have not withdrawn your consent. In the event you withdraw your consent, we will erase your personal data, unless their continued processing is permissible under the applicable statutory provisions. We will also erase your personal data if we are obligated to do so subject statutory requirements. If and as long as statutory retention periods apply, we will not erase data, until the corresponding periods have expired.

5.3. Your rights as data subject(s)
5.3.1. Overview In addition to your right to withdraw any consent you have given, you may also exercise the following rights if the corresponding legal prerequisites are met:

Right to access to your personal data stored by us in accordance with Art. 15 of the GDPR and section 34 of the German Federal Data Protection Act;
Right to rectification of incorrect data or completion of incomplete data in accordance with Art. 16 of the GDPR;
Right to erasure of your personal data stored by us in accordance with Art. 17 of the GDPR and section 35 of the German Federal Data Protection Act;
Right to restriction of the processing of your data in accordance with Art. 18 of the GDPR;
Right to data portability in accordance with Art. 20 of the GDPR;
Right to object in accordance with Art. 21 of the GDPR.

5.3.2. Right to access in accordance with Art. 15 of the GDPR. Pursuant to Art. 15, par. 1 of the GDPR you have the right to free access to the personal data stored by us about you. This shall include, but is not limited to the following:

purposes for which personal data is processed;
the categories of personal data that are processed;
recipients and/or categories of recipients to whom your personal data has been or will be disclosed;
the intended storage period of your personal data or, if exact information cannot be provided, criteria for determining the storage period;
the lawful right to request from the controller rectification or erasure of your personal data or a right to restrict the processing of your personal data by the controller, or a right to object to such processing;
the lawful right to lodge a complaint with a supervisory authority;
all available information as to the data origin, if personal data was not obtained from the data subject;
the existence of automated decision-making, including profiling, referred to in Art. 22 par. 1 and 4 of the GDPR. And ‒ at least in these cases ‒ meaningful information about the logic involved, as well as the significance and the envisaged consequences of this kind of processing for the data subject.

Where personal data is transmitted to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Art. 46 of the GDPR relating to the transmission.

5.3.3. Right to rectification in accordance with Art. 16 of the GDPR You have the right to request the controller to rectify inaccuracies in your personal data without undue delay. Taking into account the purposes of processing, you have the right to have incomplete personal data completed ‒ including by means of providing a supplementary statement.

5.3.4. Right to erasure in accordance with Art. 17 of the GDPR You have the right to have your personal data promptly erased if either of the following grounds applies:

the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
you withdraw your consent on which the processing is based according to Art. 6, par. 1, lit a) or Art. 9, par. 2, lit a) of the GDPR and there is no other legal ground for the processing;
you object to the processing pursuant to Art. 21, par. 1 or par. 2 of the GDPR, and in the case of Art. 21, par. 1 of the GDPR, there are no overriding legitimate grounds for the processing;
the personal data has been unlawfully processed;
the personal data has to be erased for compliance with a legal obligation;
the personal data has been collected in relation to the offer of information society services referred to in Art. 8, par. 1 of the GDPR.

If we have made personal data public and are obligated to erase it, we will take reasonable steps, taking account of available technology and the cost of implementation, to inform third parties processing your personal data that you have requested erasure by such processors of any links to, or copy or replication of, this personal data.

5.3.5. Right to restriction of processing pursuant to Art. 18 of the GDPR You have the right to require us to restrict processing where one of the following prerequisites is met:

you contest the accuracy of the personal data;
the processing is unlawful and you request the restricted use of personal data instead of its erasure;
the controller no longer needs the personal data for the processing purposes, but you require it for the establishment, exercise, or defense of legal claims, or
you have objected to processing pursuant to Art. 21, par. 1 of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

5.3.6. Right to data portability in accordance with Art. 20 of the GDPR You have the right to receive the personal data concerning yourself that you provided to us in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller without hindrance from us, where:

the processing is based on consent pursuant to Art. 6, par. 1, lit a) or Art. 9, par. 2, lit a) or on any other agreement in accordance with Art. 6, par. 1, lit b) of the GDPR; and
the processing is carried out by automated means.

In exercising your right to data portability you have the right to have your personal data transmitted directly from us to another controller, where technically feasible.

5.3.7. Right to withdraw your consent(s) granted You have the right to withdraw any consent that you granted at any time without any effect on the legitimacy of data processing prior to this withdrawal. If the consent is withdrawn, we will discontinue the corresponding data processing.

5.3.8. Right to object in accordance with Art. 21 of the GDPR. Pursuant to Art. 21, par. 1 of the GDPR you have the right to object to the processing of your personal data that has been collected based on Art. 6, par. 1, lit. f) of the GDPR on grounds relating to your particular situation. We shall no longer process the personal data unless we can show that compelling, protection-worthy grounds exist for the processing which override the interests, rights and freedoms of the data subject or if the processing serves the purpose of establishing, exercising, or defending legal claims.

Furthermore, pursuant to Art. 21, par. 2 of the GDPR you have the right to object to the processing of your personal data for the purpose of direct marketing, and your exercising this right will either result in the discontinuation of this processing for the purpose of direct marketing or in the safeguarding legitimate interests.

5.4. Modifications and amendments of this Privacy Policy We reserve the right to modify and amend this Privacy Policy in order to ensure that it complies with the legal requirements at all times or in order to adapt our products and services to the Privacy Policy, e.g., when new services are launched. This Privacy Policy shall apply as amended.

5.5. Questions to the Data Protection Officer If you should have any questions on data protection, please write an email or contact our data protection officer.
Angelina Heling, Varinox GmbH
Bahnhofstraße 48 D-75417 Mühlacker
E-Mail: [email protected]

Attachment: Specific website functionality

1. Google AdWords and Google Conversion Tracking

Our website uses Google AdWords. This service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
AdWords is an online advertising program. As part of our online advertising program, we use conversion tracking. Following a click on an advertisement placed by Google, a conversion tracking cookie will be placed. Cookies are small text files that your web browser stores on your device. Google AdWords cookies expire after thirty (30) days and do not serve the purpose of identifying the user’s identity. The cookies allow Google and us to recognize that you have clicked on an advertisement and were directed to our website.

Every Google AdWords customer is given a separate cookie. The cookies cannot be tracked across the websites of AdWords customers. Conversion cookies are used to generate conversion statistics for AdWords customers that use conversion tracking. AdWords customer are informed about how many users have clicked on their advertisement and were redirected to pages with the conversion tracking tag. However, AdWords customers will not receive any information that allows them to personally identify the users. If you wish not to be tracked, you may object to this use of your data. In this case, you need to disable the conversion cookie in the user preferences of your web browser. In that event, you will not be included in the conversion tracking statistics.

“Conversion cookies” will be stored in accordance with Art. 6, par. 1, lit f of the GDPR. We, as the website operator have a legitimate interest in analyzing the user behavior in order to optimize our web offer and our advertising campaigns.

For further details on Google AdWords and Google Conversion Tracking please refer to the Google Privacy Policy: https://www.google.de/policies/privacy/.

Any up-to-date web browser will enable you to monitor, restrict, or disable the placing of cookies. When you disable cookies, you may not be able to experience the full functionality of our website.

2. Customer portal on our website

Our customers may create a customer account on our website for which they need to register; this account will allow them to see and display their orders, product prices, or delivery status of their orders. No contracts will be concluded via the customer portal. During the registration process, some personal data such as name, address, contact and communication data, e.g., phone number and email account, will be gathered. If necessary, users of our customer portal may change or delete data which they provide during their registration at any time. Of course, we will be glad to provide you with information about your personal data stored by us at any time. We will also be glad to rectify and/or erase data upon your request, unless statutory retention duties provide otherwise.

As long as you use the enhanced functionality / features of our customer portal, we will store your data that you provided in the course of your registration for managing your customer account and for the purposes of contract performance (Art. 6, par. 1, sentence 1, lit. b) of the GDPR). Furthermore, we will store any data that you voluntarily disclose while using this portal based on your relevant consent (Art. 6, par. 1, lit a) of the GDPR). Following the deletion of your customer account we will erase your data, unless there are statutory provisions that allow their continued storage.

3. Google Analytics

3.1. Use of Google Analytics We use Google Analytics, a web analytics service provided by Google LLC (“Google”), to analyze and improve the use of our website. Google Analytics uses cookies that enable us to recognize your device and analyze how visitors interact with our website.
The information generated by these cookies about your use of the website is generally transmitted to and stored on a Google server in the United States.

To protect your privacy, we use Google Analytics with the extension “anonymizeIP”, which ensures that your IP address is shortened and anonymized before being transmitted. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.
We have entered into a data processing agreement with Google pursuant to Art. 28 GDPR, under which Google processes data only on our behalf and in accordance with our instructions.

3.2. Legal Basis The legal basis for the use of Google Analytics and the associated data processing is Art. 6(1)(f) GDPR (legitimate interests) in conjunction with Art. 28 GDPR. Our legitimate interest lies in the analysis and optimization of our website and the continuous improvement of our online services.

3.3. Purpose of Processing We use the data collected by Google Analytics to better understand how visitors use our website, to measure the effectiveness of our content, and to continuously improve the functionality, user experience, and performance of our online presence.

3.4. Data Retention and Opt-Out Options You can prevent the collection of data generated by cookies and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Further details on how Google handles user data in the context of Google Analytics can be found in Google’s Privacy Policy: https://www.google.com/analytics/terms/en.html