Privacy Policy

 

1      Privacy Policy of AMCM gmbH

The protection of your personal data is very important to us. In this privacy statement, we, AMCM GmbH ("AMCM" or "we"), inform you about how we handle your personal data and what rights you have in connection with your personal data. With this privacy statement, we would like to fulfill in particular our legal information obligations according to Regulation (EU) 2016/679 (General Data Protection Regulation - "GDPR").

 

A large part of our customers are organizations and companies (so-called legal entities). Insofar as you contact us as an employee of an organization or company, we will store and process the data presented below essentially in relation to this organization or company, but link this to the information that you are employed by this organization or company and are our contact.

 

 2      WHO IS THE DATA CONTROLLER AND HOW CAN YOU CONTACT US?

AMCM GmbH, Petersbrunner Str. 1b, 882319 Starnberg is the provider of the website Additive Customized Machines von AMCM and the responsible party for data processing in connection with the use of the website.

You can contact our data protection officer Sabina Hrnjica-Ceman, Robert-Stirling-Ring 1, 82152 Krailling, Munich, Germany, at datenschutz@amcm.com at any time with regard to all questions concerning data protection.

 

You will find our contact details below:

AMCM GmbH

Petersbrunner Str. 1b,

82319 Starnberg, Germany

Phone: +49 8151 368 54 – 0

Fax: +49 8151 368 – 99

E-Mail: amcm@amcm.com

Webseite: www.amcm.com

 

3      WHAT DATA DO WE COLLECT FROM YOU?

3.1      VISIT OUR WEBSITE

When you visit our website, our web server will temporarily record the domain name or IP address of the requesting computer, the access date, the file request of the client (file name and URL), the HTTP response code and the website from which you are visiting us, the number of bytes transferred during the connection and, if applicable, other technical information that we use and statistically evaluate for the technical implementation of the website’s use (delivery of the content, guaranteeing the website’s functionality and security, protection against cyberattacks and other abuses).

It is necessary to store and process the information referred to above for the duration of your session in order to deliver our website content to your computer. We also store some of this information in the log files of our servers. We will not combine this information with your IP address or other personal data relating to you.

This processing will take place for the fulfilment of the existing contract of use with you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), as far as it serves the purpose of the technical implementation of the website’s use and to otherwise protect our legitimate interest in making our website as user-friendly, safe and attractive as possible (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

Log files are deleted after 30 days. After expiry of those periods information will be deleted or made anonymous.

 

We use cookies to process some of the data mentioned above. With your consent we may also use additional cookies and Marketing & Analytics. You can find more information on cookies and Marketing & Analytics and on your rights and options in this respect in our Cookie- Manager.[Cookie Statement] 

 

 

4      WHAT DATA DO WE PROCESS FROM YOU?

4.1      CUSTOMER MANAGEMENT SYSTEM

When you express interest in any information, product or service or if a customer relationship exists or is established with you, we will set up a customer account in our Customer Database. The customer account contains your master data (name, address, account etc.). All correspondence and documents (correspondence, orders, contracts, complaints, etc.) within the scope of the customer relationship will then be stored in, or linked to, this customer account.

We will store and process the above information on the one hand to perform the respective contractual relationship with respect to the information, product and/or service we deliver to you (legal basis for processing: Art. 6 no. 1 lit. b) of the GDPR), and, on the other hand, to protect our legitimate interest in improving our deliveries and services according to your individual requirements and thus promoting the sale of our products and services, and possibly offering you additional products or services in accordance with your interests, documenting contractual agreements and correspondence for establishing, exercising or defending related legal claims, and, where relevant, fulfilling our product monitoring obligation with respect to our products and services (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR) as well as fulfilling statutory documentation and document retention obligations (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR).

When establishing the customer relationship, or at any time during the customer relationship, we may process customer data in the context of “know your customer”, anti-corruption, anti-money laundering, anti-terror and export control or similar screenings or audits in order to perform our compliance obligations and give effect to our compliance policies. The legal basis for such audits and screenings is the fulfilment of a legal obligation, where they are legally required (legal basis for processing: Art. 6 no. 1 lit. c) of the GDPR), and otherwise our legitimate interest in avoiding business relationships which we consider to violate our ethical standards (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR).

If you express interest in a product or service but no customer relationship is established, your data will be deleted 2 years after the last correspondence with you.

 

 4.2      VISIT EOS FACILITIES

When you visit our facility, we ask you to register either in advance or on-site. Typically your name and company and the date and time of visit will be recorded and you may be asked to sign a confidentiality undertaking. 

We will store and process the above information to protect our legitimate interest in preventing abusive behaviour during visits and in establishing, exercising or defending possible legal claims (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). Unless one of the longer retention periods set forth below applies, the information will be retained for one year after the visit. If you are a customer, they may be stored in your customer account.

 

 5      WHO MAY RECEIVE MY DATA?

5.1      EXCHANGE WITHIN THE EOS GROUP

AMCM is part of a globally active group (EOS group). The data exchange includes EOS Group companies located in the European Economic Area but also in insecure third countries. In order to ensure uniform data protection throughout the Group and an adequate level of data protection, all EOS Group companies are party to agreements on intra-group data transfers, which incorporate the standard data protection clauses, including appropriate technical and organizational measures, issued by the EU Commission for this purpose with regard to data transfers to an insecure third country. (EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

The data exchange serves to protect our legitimate interest in centrally coordinating sales, business and administrative activities, corporate planning and also IT administration, and in managing our deliveries and services and their range as closely as possible to our customers (legal basis: Art. 6 Art. 1 lit. f) GDPR).

 

 5.2      EXCHANGE WITH SERVICE PROVIDERS AND PARTNERS

Insofar as we store and process data for the purpose of processing contractual relationships, we may pass this on to vicarious agents within the scope of contract processing (e.g. forwarding agents). Insofar as we resell third-party products, we may pass on your contact data and information on the product to the manufacturer or supplier, for example as part of a product registration, for invoicing purposes or with regard to maintenance or support services provided by the manufacturer.

If your data is transferred to service providers in countries outside the EU, we will include appropriate safeguards to ensure adequate data protection, such as the standard data protection clauses including appropriate technical and organizational measures issued by the EU Commission for this purpose. (Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

 

 5.3      COMPLIANCE WITH LEGAL REQUIREMENTS

We will transmit your personal data to competent law enforcement, regulatory or other authorities, institutions or bodies if we are legally obliged to do so (legal basis: Art. 6 Art. 1 lit. c) GDPR) or we have a legitimate interest in averting coercive measures by such authorities, institutions or bodies within the scope of their legal competences through the transmission (legal basis: Art. 6 Art. 1 lit. f) GDPR). Such legally required or necessary transfers are not the subject of this privacy policy.

 

 6      HOW LONG DO WE STORE YOUR DATA?

We have enacted a data retention and deletion policy in order to ensure that personal data are only stored for as long as necessary for their purpose.

Our data retention and deletion policy takes account of the principle that personal data should be retained for limited periods even after the original purpose has become obsolete, in order to preserve our legitimate interest in preventing unintentional deletions, in enabling the establishment, exercise or defence of legal claims and in rendering the administration of retention and deletion periods practicable (legal basis for processing: Art. 6 no. 1 lit. f) of the GDPR). We assume that your interests do not conflict with this, because these additional retention periods are appropriate with respect to the interests to be protected.

Unless detailed information on deletion periods has already been provided above, the following general deletion periods will apply in accordance with our data retention and deletion policy. Where data fall under several different deletion periods, the longest will always apply:

§  We will retain customer data for the duration of the customer relationship. After the end of the customer relationship such data will continue to be retained for as long as these data are necessary for the maintenance of the customer account and for the administration of documents or data relating to the customer which fall into any of the categories identified hereinbelow. Otherwise customer data will be deleted after expiry of one year.

§  We will retain contract data until expiry of the statute of limitation for potential claims and will then delete or anonymize them after an additional cooling-off period of several months.

§  For compliance with the statutory retention period for commercial letters and tax documents we will retain correspondence for seven years and invoices and other booking documentation for 11 years.

§  We will retain contract-related data and documents for 11 years after the end of the contractual relationship in view of the statutory limitation period for claims and statutory document retention obligations for booking receipts.

§  We will retain all product safety documents and product data including information on safety-relevant incidents and accidents or customer complaints to comply with our statutory product monitoring obligation and to assert, exercise or defend legal claims within the statutory limitation periods for 30 years after the end of product sales.

If the term "deletion" is mentioned in this Privacy Statement, we reserve the right to anonymise the relevant data record, such that it can no longer be assigned to you, instead of complete deletion.

 

Anonymised data may be processed and used by us and our processors for an unlimited period. The processing and use of anonymised data is not subject to the GDPR and is not the subject of this Privacy Statement.

 

7      EXERCISE YOUR RIGHTS

7.1      RIGHT TO INFORMATION

Under the conditions of Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data relating to you is being processed, a copy of this data and comprehensive information about this data. Please note that your right to information may be restricted by law under certain circumstances (in particular pursuant to Section 34 BDSG).

 

 7.2      RIGHT TO RECTIFICATION

Under the conditions of Art. 16 GDPR, you have the right to request us to correct inaccurate and complete incomplete personal data about you.

 

 7.3      RIGHT TO DELETION

You have the right to request deletion of your data under the conditions of Art. 17 GDPR, for example, if its storage is no longer necessary for the fulfillment of legitimate purposes (such as the assertion, exercise or defense of legal claims).

 

 7.4      RIGHT TO RESTRICTION OF PROCESSING

You have the right under the conditions of Art. 18 GDPR to request the restriction of the processing of personal data relating to you, for example, if you dispute its accuracy.

 

 7.5      Right to data portability

Under the conditions of Art. 20 GDPR, you have the right to request that we provide you, or a third party designated by you, with the personal data you have provided to us in a machine-readable format if automated processing of personal data is carried out solely on the basis of your consent or for the performance of a contract with you or for the implementation of pre-contractual measures.

 

 7.6      Right to object

Under the conditions of Art. 21 GDPR, you have the right to object to certain processing of data relating to you on grounds relating to your particular situation. Whether we comply with this depends on whether there are compelling legitimate grounds for the processing that override your interests or the processing serves the assertion, exercise or defense of legal claims.

In addition, you have the right to object to data processing for direct marketing purposes. This also applies to profiling, insofar as it is related to direct advertising.

 

7.7      Right of revocation

We will not, without your consent, make any decision which produces legal effects concerning you or similarly significantly affects you and which is based solely on automated processing (including profiling).

You may contact us in any form to exercise your rights, in particular to revoke consent, including in particular the data protection officer. To exercise your rights, it may be necessary for you to identify yourself to us as the data subject.

All necessary information can be found under "Who is the data controller and how can you contact us? ".

 

 8      RIGHT OF APPEAL

You have the right to complain to a supervisory authority. This can be, among others, the supervisory authority responsible for your place of residence or the supervisory authority generally responsible for us. The supervisory authority generally responsible for us the Bavarian State Office for Data Protection Supervision

If you wish to file a complaint, you may also use the complaint form provided at https://www.lda.bayern.de/de/beschwerde.html.

 

 9      HOW ARE CHANGES TO THIS PRIVACY STATEMENT COMMUNICATED?

We may modify our processes and this Statement in the future. We will post updated versions of this statement here or notify you by other appropriate means.

 

 AMCM GmbH

22.12.2022