(Version: May 2018)
We are happy to welcome you to our website at www.crt-gmbh.de and are delighted at your interest in our company as well as our products and services. We understand that the protection of your privacy while visiting our website is important to you. It therefore goes without saying that we comply with the statutory data protection regulations. In addition, we consider it important that you, as our customer, always know when and how we collect and store your data, and how we use them.
In this Privacy Notice, we explain how we collect and otherwise process (e.g. store, access, change and transfer) personal data when you use our website. Personal data are all data that make you identifiable, e.g. name, address, e-mail addresses and user behavior.
If we process your personal data when you use our website or if we engage a third-party service provider to process data in connection with individual functions, offerings or services on our website or if we wish to use your data for advertising purposes, we will provide you in each case with the relevant information below, in particular with the details of which data are processed. We will also specify the intended duration of storage or, in any case, the criteria adopted for the duration of storage and the relevant legal basis for processing in each case.
I. Name and Address of Controller
The controller within the meaning of the General Data Protection Regulation (GDPR), other national data protection legislation of the Member States and other data protection provisions is:
CRT Cleanroom-Technology GmbH
Tel.: +49 (0)2404/956900
II. Collection and Storage of Personal Data, and Type, Purpose, Legal Basis and Duration of their Use
§ 1 When You Visit Our Website
If you visit our website just for informational purposes, but do not register or otherwise disclose information to us, we will only save the personal access data that your browser sends to our server in our server log files. The following data are stored in server log files:
This data is analyzed exclusively for the purpose of ensuring that our website functions smoothly and is stable and secure, and for improving our offerings. The data are subsequently discarded. Art. 6(1)(f) of the GDPR provides the legal basis for data processing. Our legitimate interest is derived from the above-mentioned purposes of data collection.
These data are also stored in the log files of our system. This does not include the IP addresses of the user or other information which make it possible to assign the data to a user. The data are not stored together with other personal data related to the user.
It is absolutely necessary to collect and store data in log files to permit delivery and operation of the website. As a result, users may not object to such storage.
Data are erased as soon as they are no longer needed to achieve the purposes for which they were initially collected. In the case of data collected to permit delivery of our website, this occurs when the respective session is ended.
§ 2 When You Use Other Services, Functions and Offerings on Our Website
Apart from offering information simply for browsing purposes, our website has a number of functions that you may wish to use. In order to do this, you will, as a rule, need to provide additional personal data, which we will use to provide you with the respective service and for which the above-mentioned data processing principles apply. These functions are described in greater detail below.
If you use our contact form to reach out to us or send us a general enquiry, the data (your e-mail address, your name and your company) that you voluntarily provide will be stored by us so that we can respond to you. In such case, you will need to provide your e-mail address, name and company. We will reply to you via e-mail.
The legal bases for processing are Art. 6(1)(a) and (b) of the GDPR, which permit data to be processed where consent has been voluntarily granted or to respond to an enquiry.
After we have dealt with your enquiry, we erase the data which we have collected in this connection or, where we are required by law to retain such data, we restrict their processing.
§ 1 Scope of Data Processing
Cookies do not contain any personal data and thus cannot be directly assigned to a specific user. Please note that certain cookies are placed as soon as you access our website. Our website uses the following kinds of cookies:
You can configure your browser settings however you wish, for example, so as to refuse third-party cookies or all cookies. You can also configure your browser to first display a notification before installing a cookie. For further information, please consult the provider of your browser. We would like to point out that if you reject cookies, you may not be able to use all of the functions of this website.
Art. 6(1)(f) of the GDPR provides the legal basis for using cookies. The purposes mentioned above, namely to make our website more user-friendly and efficient constitute a legitimate interest.
Further information regarding cookies is provided in section IV.
IV. Use of Analysis Tools
Our website uses web analysis services so that we can tailor it to the market and for advertising purposes.
a. Google Analytics
We have activated the IP anonymization function on this website. Consequently, Google will truncate your IP address in the Member States of the European Union and other States that are contracting parties to the Agreement on the European Economic Area before transmitting it to the United States. Your full IP address will be transmitted to the United States and truncated on a server belonging to Google there only by way of exception. At the website operator’s request, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage for the website operator. Google will not associate any other data held by Google with the IP address obtained from your browser using Google Analytics.
As an alternative to using a browser plug-in, especially in the case of browsers on mobile devices, you can prevent collection by Google Analytics by clicking on the following link. This will place an opt-out cookie on your device that will prevent the collection of your data when you visit this website in the future:
The opt-out cookie applies only with this browser and only for our website. It is placed on your device. If you delete the cookies in this browser, you will have to reset the opt-out cookie.
Processing of data by a third party
We have concluded a data processing contract with Google and implement the stringent requirements of the German data protection authorities when using Google Analytics.
We use Google Analytics to analyze the use of our website and so as to be able to make continual improvements to it. The statistics obtained enable us to enhance our offerings and make them more attractive for you as the user. In those cases where, by way of exception, personal data are transmitted to the USA, Google has committed to comply with the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework. Art. 6(1)(f) of the GDPR provides the legal basis for using Google Analytics. Our legitimate interest is derived from the above-mentioned purposes.
b. MyFonts Counter
V. Links to Our Social Media Presence
Our website contains links to our social media presence
When you visit our website none of your personal data are initially shared with social network providers. Only if you click on the link and thus land on our page of the respective social network does the social network provider receive information that you accessed the relevant webpage of our online offering. In addition, the data specified in section III. §1 of this Privacy Notice are transferred. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymized immediately after it is collected. When you click on the link, your personal data are transferred to the respective social network provider and stored there (in the case of US providers in the USA). Since the provider uses, in particular, cookies to collect data, we recommend that you adjust your browser’s security settings to delete all cookies before you click on the link.
We have no control over the data collected or the plug-in provider’s data processing activities. Nor are we aware of the extent to which data are collected, the purpose of such collection or how long the data are stored. In addition, we have no information regarding the erasure of data collected by social network providers.
Social network providers store the data they collect about you to create a user profile, which they then use for advertising, market analysis and to tailor their websites to the market. This kind of analysis is carried out, in particular (including in respect of users who are not logged in) for the purposes of presenting advertising tailored to the market and to inform other social network users about your activities on our website. You have the right to object to the creation of this user profile. However, to exercise this right, you need to contact the respective social network provider which is the controller under data privacy law. We offer you the opportunity to interact with social networks and other users through links so that we can improve our offerings and make them more attractive for you. Art. 6(1)(f) of the GDPR provides the legal basis for this. Our legitimate interest is derived from the above-mentioned purposes.
Your data are passed on regardless of whether or not you have an account with the social network provider and are logged in with it. If you are logged in, the personal data collected from our site are directly assigned to your account with the respective provider. If you click on the link and, for example, link the page, the plug-in provider will also store this information in your user account and share it publicly with your contacts. We recommend that you regularly log out after using a social network, in particular, however, that you log out before clicking the link since this will allow you to avoid having your data assigned to the profile that the provider has for you.
More information about the purpose and scope of data collection and processing by social network providers can be found in their privacy policies set out below. These also include information about your privacy rights and settings to protect your privacy.
Addresses of the respective plug-in providers, their URLs and their privacy notices:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information about data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/ your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info# everyoneinfo. Facebook has committed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
VI. Integration of Google reCaptcha and Google Fonts/MyFonts
We use Google reCAPTCHA (“reCAPTCHA”) on our webpages. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). reCAPTCHA is a system designed to establish whether data entered on our website (e.g. in a contact form) was entered by a human or an automated program. To do this reCAPTCHA analyzes the behavior of website visitors according to various criteria. Analysis automatically begins when a visitor accesses our website. reCAPTCHA analyses various pieces of information (e.g. IP address, time a visitor spends on the website or the number of mouse movements). Data collected during the analysis are transferred to Google.
Before transmitting it to the United States, Google will, however, truncate your IP address in the Member States of the European Union and other States that are contracting parties to the Agreement on the European Economic Area with the help of the IP anonymization feature used on this website (see section IV). Your full IP address will be transmitted to the United States and truncated on a server belonging to Google there only by way of exception. At the website operator’s request, Google will use this information for the purpose of evaluating your use of these services. Google will not associate any other data held by Google with the IP address obtained from your browser using reCaptcha.
Art. 6(1)(f) of the GDPR provides the legal basis for data processing. We have a legitimate interest in protecting our web offerings from abusive, automated spying and spam.
b) Google Fonts
We use Google Fonts to enhance the appearance of various information on our website (https://fonts.google.com/). The webfonts are locally installed on this website. There is no connection to Google servers.
General information about privacy can be downloaded from the Google privacy center at: https://policies.google.com/privacy?hl=en
To display the fonts on our website, we use web fonts from “myfonts.com”, a font service of MyFonts lnc. (“myfonts.com”), 600 Unicorn Park Drive, Woburn, MA 01801, USA. MyFonts provides licensed fonts that can be integrated on websites. For billing and license control a so-called Counter Pixel / Web Beacon of MyFonts has been deposited on our website. In this way, for example, the IP address or technical data of the terminal of the website visitor can be transmitted to MyFonts. Further information on data protection at MyFonts can be found at the following link: https://www.myfonts.com/legal/privacy-policy
Use of Google AdWords Conversion
We use the services of Google AdWords on third-party websites to draw attention to our attractive offerings. We can ascertain, based on data from an advertising campaign, how successful individual advertising activities are. In this way, we pursue our interest in displaying advertising that will interest you, making our website more interesting and achieving an unbiased calculation of advertising costs.
AdWords are delivered by Google’s Ad Server. For this purpose, we use Ad Server cookies, through which certain parameters can be applied for measuring success such as the overlaying of advertisements or the number of clicks by users. If you reach our website via a Google advertisement, Google AdWords will store a cookie on your computer. These cookies normally remain active for 30 days and are not used for personal identification. As a rule, the following are stored with the cookie: the unique user ID, the impression frequency per user, the last impression (relevant for post-view conversions) and opt-out information (notice that the user does not wish to receiver further advertising).
These cookies enable Google to recognize your browser when you revisit our website. Where a user visits certain pages on the website of an AdWords customer and if the cookie that is stored on the customer’s computer has not expired, Google and the customer can see that the user clicked on the advertisement and was transferred to such page. A different cookie is assigned to each AdWords customer. Cookies thus cannot be traced back to the user via the websites of AdWords customers. We ourselves do not collect and process personal data in AdWords. Google provides us with only the statistical analysis. These analyses indicate to us which AdWords are particularly effective. The use of AdWords does not provide us with any further information, in particular we cannot use this information to identify users.
Your browser connects to Google’s server automatically due to the marketing tools. We have no control over the scope or further use of data that Google collects using this tool and are thus informing you based on as much as we know: Through the embedding of AdWords conversion, Google is informed that you have accessed the relevant part of our website or that you have clicked on one of our advertisements. If you are registered for a Google service, Google will be able to associate your visit with your account. Even if you are not registered with Google or have not logged into your account, there is a possibility that Google will determine your IP address, store it and link it with other data.
There are different ways that you can prevent tracking:
a) by selecting the appropriate settings in your browser software, in particular, by blocking third-party cookies you can ensure that you do not receive any advertisements from third-party providers;
b) by deactivating the cookies for conversion tracking by configuring your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.com/settings/ads; however, this setting will be deleted if you delete your cookies;
c) by deactivating interest-based advertising from providers who participate in the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices; however, this setting will be deleted if you delete your cookies;
d) by permanently deactivating tracking in your Firefox, Internet Explorer or Google Chrome browsers using the following link http://www.google.com/settings/ads/plugin. We would like to point out that you may not in this case be able to use all of the functions of this website.
Art. 6(1)(f) of the GDPR provides the legal basis for processing your data. Our legitimate interest is derived from the above-mentioned purposes.
For further information about privacy at Google, please visit:
Google Inc., 1600, Amphitheater Parkway, Mountainview, California, 94043, USA; https://policies.google.com/privacy?hl=en and https://services.google.com/sitestats/en.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org . Google has committed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
VIII. Your Rights
Where we process your personal data, you may exercise the following rights against us in relation to such data:
Right to Access, Art. 15 of the GDPR:
You have the right to request information from the controller on whether it is processing your personal data.
If that should be the case, you can request information on the following from the controller:
Right to Rectification, Art. 16 of the GDPR:
You have the right to require that the controller rectify and/or complete your personal data if the data that are processed are inaccurate or incomplete. The controller must make such changes without undue delay.
Right to Erasure, Art. 17 of the GDPR:
a) Duty to erase
You have the right to require that the controller erase personal data concerning you without undue delay. The controller must then erase such personal data without undue delay if one of the following grounds applies:
b) Information provided to third parties
If the controller has made public personal data concerning you and is obliged to erase such data pursuant to Art. 17(1) of the GDPR, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply if processing is necessary
Right to Restrict Processing, Art. 18 of the GDPR:
You have the right to require that the controller restrict processing of your personal data under the following conditions:
If the processing of your personal data has been restricted, such personal data may, except as regards storage, be processed only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have succeeded in restricting processing as described above, you will be notified by the controller before such restriction is lifted.
Right to Notification, Art. 19 of the GDPR:
If you have the right to require that a controller rectify, erase or restrict processing, the controller must notify all recipients to whom personal data concerning you were disclosed of such rectification, erasure or restriction of processing unless notification proves impossible or would entail an unreasonable effort.
You have the right to be notified of such recipients by the controller.
Right to Data Portability, Art. 20 of the GDPR:
You have right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you that you have made available to a controller. You also have the right to transmit such data to another controller without hindrance from the controller to which the personal data were provided
In exercising this right, you also have the right to have personal data concerning you transmitted directly from one controller to another if technically feasible. This may not be allowed to adversely affect the freedoms and rights of others.
The right to erasure remains unaffected.
The right to data portability does not apply to the processing of personal data required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to Object, Art. 21 of the GDPR:
You have the right to object, on grounds relating to your particular situation, to processing of your personal data and to the processing of your data for advertising purposes. For further information about this, please refer to section IX of this Privacy Notice.
Right to Withdraw Consent under Data Protection Law:
You may withdraw your consent to our processing of your personal data at any time. Please remember that your withdrawal is only effective with regard to future processing. Withdrawal of consent will not affect the lawfulness of processing based on your consent prior to its withdrawal.
Automated Individual Decision-Making, Including Profiling, Art. 22 of the GDPR:
You have the right not to be subject to a decision based solely on automated processing, including profiling, where such decision legally affects you or entails effects that are of similar importance. This will not apply in the case of any decision that is
(1) necessary for the entry into or performance of a contract between you and the controller;
(2) permissible under Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) based on your explicit consent.
In the cases referred to in (1) and (3) above, the controller must implement suitable measures to safeguard your rights and freedoms as well as your legitimate interests; such measures must at least include the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
However, a decision based solely on automated processing may not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR unless Art. 9(2)(a) or (g) of the GDPR applies and suitable measures have been taken to safeguard your rights and freedoms as well as your legitimate interests.
Right to Lodge Complaints with a Supervisory Authority, Art. 77 of the GDPR:
Additionally, you have the right to lodge a complaint about the processing of your data with a data protection authority. You may address your complaints to the supervisory authority in the Member State of your residence, place of work or the place of the alleged infringement. The supervisory authority with which the complaint is lodged will inform you as the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.
IX. Right to Object Pursuant to Art. 21 of the GDPR
Right to Object in a Particular Case:
You have the right to object, on grounds related to your particular situation, at any time to the processing of personal data concerning you on the basis of Art. 6(1)(e) of the GDPR (processing carried out in the public interest) and Art. 6(1)(f) of the GDPR (processing for the purposes of the legitimate interests of the controller or a third party); this applies accordingly as regards profiling based on these provisions. Where you exercise your right to object, we will then cease to process your personal data unless we can demonstrate compelling legitimate reasons for such processing that outweigh your interests, rights and freedoms, or where such processing serves to establish, exercise or defend legal claims.
Right to Object to the Processing of Data for Advertising Purposes:
In certain cases, we process your personal data for direct advertising. You may, at any time, object to the processing of your personal data for such advertising purposes; this will apply accordingly to any profiling related to such direct marketing activities. Where you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
No formal requirements exist for lodging an objection. To do so, simply call us or write to us, preferably with “Objection” in the subject line.
CRT Cleanroom-Technology GmbH
Tel.: +49 (0)2404/956900
X. Data Security
We take every possible technical and organizational measure that we can to ensure that your personal data cannot be accessed by third parties. Nonetheless, we cannot guarantee that communications by e-mail are completely secure and we therefore recommend that you use the postal service for sending confidential information.
We use SSL encryption on our website for security reasons and to protect the transfer of content of a confidential nature such as enquiries that you send to us as the website operator. You can see that a connection is encrypted when your browser’s address bar changes from “http://” to “https://” and a lock symbol is displayed in your browser bar. When SSL encryption is activated, the data that you send to us cannot also be read by third parties.