Home • Privacy Policy
Privacy Policy
Thank you for visiting our website and for your interest in our company and our products. The protection of your personal data during the collection, processing and use on the occasion of your visit to our website is an important concern for us. Below you will find information about which data is collected during your visit to our website and how it is used.
General information and contact details
We process personal data of users only insofar as this is necessary for the provision of a functional and convenient website for the presentation of our content and services.
Name und contact details of the controller
Gimmi GmbH
Carl-Zeiss-Straße 6
78532 Tuttlingen
Germany
Phone: +49 7461 965900
Mail: contact@gimmi.com
CEO: Dr. Matthias Schmidt
Name and contact details of the data protection officer (DPO)
Bernd Knecht
Rotdornweg 7
73230 Kirchheim / Teck
Germany
Phone: +49 7021 487 628
Mail: datenschutz@gimmi.de
Collection and storage of personal data and the nature and purpose of their use
Calling the website
When our website www.gimmi.de is called up, information is automatically sent to the server of our website by the Internet browser used by the visitor. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
- IP address of the visitor’s terminal device*
- Date and time of the server request
* The IP address is not stored in full; it is reduced to the first (less specific) half.
This represents a legitimate interest within the meaning of Art.6 para.1 lit.f GDPR. The aforementioned data is processed by us for the following purposes:
- to establish the connection to the operator’s website quickly
- to enable a user-friendly application of the website
- to detect and ensure the security and stability of the systems
- to facilitate and improve the administration of the website
This data will not be merged with other data sources. The processing is expressly not carried out for the purpose of gaining knowledge about the person of the visitor to the website.
Contact form / OEM inquiries
Visitors can send us messages via an online contact form on our website. In order to receive a response, at least the name and a valid e-mail address are required, and for contact requests also the country of origin. All other information can be provided voluntarily by the requesting person. By sending the message via the contact form, you consent to the processing of the transmitted personal data. The data processing takes place exclusively for the purpose of handling and answering requests via the contact form.
This is done on the basis of the voluntarily given consent pursuant to Art.6 para.1 lit.a GDPR.
The personal data collected for the use of the contact form will be automatically deleted as soon as the request is completed and there are no reasons for further storage (e.g. due to a subsequent commissioning by the visitor).
Service inquiry
Visitors can submit a service request for repair or complaint via an online contact form on our website. In order to receive a response, at least the name, telephone number and a valid e-mail address of the contact person is required. By sending the message via the contact form, you consent to the processing of the transmitted personal data. The data processing is carried out exclusively for the purpose of handling and responding to requests via the contact form.
This is done on the basis of the voluntarily given consent in accordance with Art.6 para.1 lit.a GDPR or in accordance with Art.6 para.1 lit.b GDPR in the event that a contract performance is the basis for the data processing.
The personal data collected for the use of the contact form will be deleted as soon as the request is completed and there are no reasons for further storage (e.g. due to a subsequent assignment by the visitor and legal retention periods).
Registration for product training or service training
Visitors can submit a registration for product training or service training to us via an online contact form on our website. For the registration, the name, telephone number and a valid e-mail address of the contact person is required. By sending the message via the contact form, you consent to the processing of the transmitted personal data. The data processing takes place exclusively for the purpose of handling and answering inquiries via the contact form.
This is done on the basis of the voluntarily given consent in accordance with Art.6 para.1 lit.a GDPR or in accordance with Art.6 para.1 lit.b GDPR in the event that a contract performance is the basis for the data processing.
The personal data collected for the use of the contact form will be deleted as soon as the request is completed and there are no reasons for further storage (e.g. due to a subsequently concluded service contract by the visitor and legal storage periods).
Online application portal
Visitors interested in employment with our company can apply via our online application portal. In order to process the application, we require certain minimum information (name, e-mail address, country of origin). Please note our instructions on the relevant page. All other information can be provided voluntarily by the person applying. You can upload your documents (cover letter, resume, certificates, etc.) together with your short message in the portal. By sending the message via the application form, you consent to the processing of the personal data submitted. The data is processed exclusively for the purpose of reviewing your application.
This is done for decision-making on the establishment of an employment relationship in accordance with GDPR Art.88 in conjunction with GFDPA §26.
In this context, please also note our data protection information for applicants.
Mediacenter Login
For those interested in our products, we offer access to catalogs, product descriptions, factsheets and other information material on our website. This requires registration in the Mediacenter via an individual account. To create an account, we need information from you. In addition to personal data such as surname and first name, we need your contact details (telephone number and e-mail address), the name and address of your organization and your function in the organization, as well as a user name that you define by yourself.
In connection with a registration in the media center, we store information about logins and logouts and which documents were provided via download.
This is done on the basis of the consent voluntarily given in accordance with Art.6 para.1 lit.a GDPR. You can revoke your consent at any time by sending us a short mail to the contact persons mentioned above or by deactivating* your account directly in your account via the button “unsubscribe”. We will then no longer process your data. However, you will then no longer be able to access information in the Mediacenter.
*When a user account is deleted, the associated personal data is also deleted immediately. However, the IPS Gate administrator’s account cannot be removed in this way. If you would like to permanently delete your account, please contact us (see contact information). Please note that we may be required by law to preserve retention periods of your data. In this case, the data will be deleted after the expiry of the deadline.
Collection and storage of personal data and the nature and purpose of their use
So-called cookies are used on this website. These are data packets that are exchanged between the website server and the visitor’s browser. These are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when visiting the website. In this respect, cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. In the cookies, information is stored that arises in each case in connection with the specific end device used.
Cookies are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on the visitor’s terminal device. Session cookies are automatically deleted after the end of the visit. Permanent cookies remain stored on the end device until the visitor deletes them himself or until they are automatically deleted by the web browser. The operator can thus in no way gain direct knowledge of the identity of the visitor to the website.
Cookies are mostly accepted according to the basic settings of the browsers used. However, the browser settings can also be configured in such a way that cookies are either not accepted on the devices used or that a special notice is given in each case before a new cookie is created. It should be noted, however, that the deactivation of cookies can lead to the fact that not all functions of the website can be used in the best possible way.
Technically necessary cookies (essential)
The use of these cookies serves to make the use of the operator’s web offer comfortable and secure. For example, session cookies can be used to track which settings the visitor has made via the cookie banner, or which language settings have been made. After leaving the website, these session cookies are automatically deleted.
The data processed by these cookies are justified for the above purposes to protect the legitimate interests of the operator according to Art.6 Abs.1 lit.f GDPR.
Cookies requiring consent and data forwarding to third-party providers
All cookies that are not technically necessary to ensure the operation of the website are based on Art.6 para.1 lit.a GDPR and are therefore subject to consent. The processing is based on Art.7 GDPR and the consent is documented by your selection in the cookie settings. In this context, we would like to point out that you can revoke any consent you have given at any time (see chapter 6 of this privacy policy). This is done via the button “Individual privacy settings” in the footer of our website. There you can also give consent to processing at a later time if you wish to use offered functionalities of our site.
Google Maps
We use on the website for the display of an interactive map the service of Google Maps.
The data controller in the European Economic Area (EEA) is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Due to the implementation, Google collects device-related information, log data including the IP address, and location-related information.
The personal data collected by Google is transferred to a Google server in the USA and stored there. To protect the visitor’s personal data, the operator has concluded an order processing agreement with Google together with the EU standard contractual clauses (SCC).
Google uses the personal data to evaluate the use of the website, to compile reports on website activity and to provide other services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
The legal basis for the processing of personal data using third-party services is in principle the consent of the visitor pursuant to Art.6 para.1 lit.a GDPR. Visitors can prevent any data transfer to Google’s servers in connection with the use of Google Maps by refusing consent in the cookie consent tool. In this case, however, the visitor cannot use the map display. Once consent has been given, it can be revoked at any time via the “Individual privacy settings.
Further information on data protection in connection with Google Maps can be found in Google’s privacy policyhttps://policies.google.com/privacy?hl=de&gl=de
Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform design of fonts. When calling up our website, the browser used by the visitor loads the required web fonts into the browser cache in order to display texts and fonts correctly. This is particularly the case when using Google services such as Google Maps. For this purpose, the browser must connect to Google’s servers. Through this, Google obtains knowledge that our website was accessed via the visitor’s IP address.
If the visitor’s browser does not support web fonts, a default font of the end device used is used.
For more information on Google Web Fonts, see https://developers.google.com/fonts/faq
The legal basis for the processing of personal data using third party services is in principle the consent of the visitor pursuant to Art.6 para.1 lit.a GDPR. Visitors can prevent any data transfer to Google’s servers in connection with the use of Google Web Fonts by refusing consent in the Cookie Consent Tool. Once consent has been given, it can be revoked at any time via the “Individual privacy settings”.
Further information on data protection in connection with Google Web Fonts can be found in Google’s privacy policyhttps://policies.google.com/privacy?hl=de&gl=de
Google Tag Manager
On our website we use the Google Tag Manager. This is an external service from a third-party provider. The responsible party for data processing in the European Economic Area (EEA) is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
The purpose of data collection and processing is tag management. Tags are small snippets of JavaScript code. These are used in various statistics or web analysis products (for example, Google Analytics or Google Ads). This is used, for example, to record (track) your activities on our website, set cookies or collect browser information.
In principle, we could include the code snippets for every single web analytics tool in our source code. This is very cumbersome and it’s easy to lose track. That’s why we use the Tag Manager. With it, we can manage the code snippets centrally and easily include them in our source code. This way we always have the overview of used tags.
The tag manager itself does not set cookies or store any data. It is only active as a tag organizer. The information is forwarded to the various tracking tools in the Tag Manager. The data processing then takes place there. The Tag Manager does, however, collect your IP address, which is also passed on to the parent company of Google in the USA.
As part of the use of the Tag Manager, Google also receives anonymized data from us about the use of the service. This is not information and data about you personally. Google combines our information with information from other users and can then use this anonymized data to continuously improve the service.
For more information about the Google Tag Manager, please visit Google at the following link: https://www.google.com/intl/de/tagmanager/faq.html
The legal basis for the processing of personal data using third-party services is in principle the consent of the visitor pursuant to Art.6 para.1 lit.a GDPR. Visitors can prevent any data transfer to Google’s servers in connection with the use of Google Tag Manager by refusing consent in the Cookie Consent Tool. Once consent has been given, it can be revoked at any time via the “Individual privacy settings”.
Further information on data protection in connection with Google Tag Manager can be found in Google’s privacy policyhttps://policies.google.com/privacy?hl=de&gl=de
Google Analytics
We use Google Analytics to analyze website usage. The data obtained from this is used to optimize the website itself as well as advertising measures.
The data controller in the European Economic Area (EEA) is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google processes website usage data on our behalf and is contractually obligated to take measures to ensure the confidentiality of the processed data.
During your visit to the website, the following data, among others, are recorded:
- pages viewed
- Achievement of “website goals” (e.g., contact inquiries and newsletter sign-ups)
- behavior on the pages (for example, clicks, scrolling behavior, and dwell time)
- the approximate location (country and city) of the visitor
- the IP address (in shortened form, so that no clear assignment is possible)
- technical information (browser, Internet provider, terminal device and screen resolution)
- source of origin of the visit (i.e. via which website or via which advertising medium the visitor came to the website)
This data is transferred to a Google server in the USA. To protect the visitor’s personal data, the operator has concluded an order processing agreement with Google together with the EU standard contractual clauses (SCC).
Google Analytics stores cookies in the visitor’s web browser for a period of two years since the last visit. These cookies contain a randomly generated user ID with which the visitor can be recognized during future website visits.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.
The legal basis for the processing of personal data using third-party cookies is generally the consent of the visitor pursuant to Art.6 para.1 lit.a GDPR. Visitors can prevent any data transfer to Google’s servers in connection with the Google Analytics application by refusing consent in the cookie banner. Once given, consent can be revoked at any time via the cookie settings.
Further information on data protection in connection with Google Analytics can be found in Google’s privacy policyhttps://policies.google.com/privacy?hl=de&gl=de
Woocommerce
In connection with the registration in the area of the Mediacenter, we use on the website the open source store system Woocommerce from the company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA (hereinafter “Automattic”).
With Woocommerce we control the login and thus the access to our media center similar to an online store. This means that you do not have to log in again each time you visit a different page in the Mediacenter. By using the service, data is sent to Automattic, stored and processed there. In addition to cookies, other technologies are also used to recognize Internet users, but these are used solely for the purpose described here.
The legal basis for the processing of personal data using third-party services is generally the consent of the visitor pursuant to Art.6 para.1 lit.a GDPR. Visitors can prevent any data transfer to Automattic’s servers in connection with the use of Woocommerce by refusing consent in the Cookie Consent Tool. Once consent has been given, it can be revoked at any time via the “Individual privacy settings”.
You can find more information about security and privacy at Automattic here: https://automattic.com/privacy/
Cloudflare CDN (Contend Delivery Network)
In order for certain content on our website to load quickly, we partially use the services of Cloudflare on the website. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).
For this purpose, Cloudflare offers a globally distributed content delivery network with DNS. The data flow between your browser and our website is routed through Cloudflare’s network when you visit our website. Therefore, Cloudflare can analyze the traffic between your browser and our website. In the course of this analysis, Cloudflare can detect and filter out potentially malicious traffic from the Internet. In order to recognize Internet users, Cloudflare also uses other technologies in addition to cookies, but these are used solely for the purpose described here.
The legal basis for the processing of personal data using third party services is basically the consent of the visitor according to Art.6 para.1 lit.a GDPR. Visitors can prevent any data transfer to Cloudflare’s servers in connection with the use of the CDN by refusing consent in the cookie consent tool. Once consent has been given, it can be revoked at any time via the “Individual privacy settings”.
You can find more information about security and privacy at Cloudflare here: https://www.cloudflare.com/privacypolicy/
Links to other websites
This website contains links to websites of external operators. These were carefully checked before their activation. However, it cannot be ruled out that the respective operators may subsequently make changes to the content. This data protection declaration (privacy policy) applies only to the Internet presence of our company. We do not accept any liability for the content or accuracy of the data protection statements of other providers’ websites. For information on the data protection information of other providers, please check the respective website or contact the respective provider.
Data transfer
Personal data is transferred to third parties
- when the data subject has expressly consented to this according to Art.6 para.1 lit.a GDPR
- when this is necessary for the fulfillment of a contractual relationship with the data subject pursuant to Art.6 para.1 lit.b GDPR
- in case there is a legal obligation for the data transfer according to Art.6 para.1 lit.c GDPR
- when the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art.6 para.1 lit.f GDPR and there is no reason to assume that the data subject has an overriding legitimate interest in the non-disclosure of his or her data
- within the scope of commissioned processing pursuant to Art.28 of the GDPR and within the scope of joint responsibility pursuant to Art.26 of the GDPR to service providers in accordance with the provisions of the GDPR
In other cases, personal data collected when visiting the website will not be disclosed to third parties.
Your data protection rights
We have defined processes within our company so that you can exercise your legal rights with us. You have a right to,
- revoke consent at any time with effect for the future (Art.7 para. 3 GDPR)
- to receive information (Art.15 GDPR) about your data stored by us
- that incorrect data about you will be corrected by us (Art.16 GDPR)
- that we delete data about you that is no longer required (Art.17 GDPR)
- that under certain conditions the processing of your data is restricted (Art.18 GDPR). This may be the case, for example, if deletion is not possible, but the data may not be processed further.
- That your data is transferable (Art. 20 GDPR). This right applies in particular if you have given your consent to the processing of your data or if the processing of the data is necessary to fulfill a contract. The right to data portability does not exist insofar as your data is not
processed using automated procedures. - to object to the further processing of your personal data in a special situation (Art. 21 GDPR), insofar as the processing is based on the legitimate interest (Art.6 para.1 lit.f GDPR) as well as in the case of profiling based on this. You may also object at any time if the data is used for direct marketing purposes (Art. 21 (2) GDPR).
- complain to a supervisory authority (Art. 77 GDPR) if you are of the opinion that the processing of your data violates the legal requirements. The supervisory authority responsible for us is
Der Landesbeauftragte für den Datenschutz und
die Informationsfreiheit Baden-Württemberg (LfDI-BW)
Lautenschlagerstraße 20
DE- 70173 Stuttgart
If you wish to exercise any of the rights, please contact the data controller or the data protection officer. You can find the contact details under point 1 of this privacy policy.
Scope of your obligations to provide us with your data
You only need to provide the data that is necessary for the visit to our website and for the purpose of your request. Without this data, we will generally not be able to display the website and/or process your request. If we request additional data from you, you will be informed separately of the voluntary nature of the information you provide.
Status and update of this privacy policy
This Privacy Policy is current as of September 19, 2023. We reserve the right to update the Privacy Policy in due course to improve data protection and/or to adapt it to changes in government practice or case law.