Thank you for visiting our website and for your interest in our company. We feel protecting data is part of providing a quality service to our customers. The protection of your personal data and the safeguarding of your right to privacy are important to us.
In principle, it is possible to use our website without providing any personal information. However, should you wish to use our website to access services provided by our company, we may be obliged to process your personal data.
Data that is automatically collected when you visit our website or the data that you enter when you use our services is processed in accordance with current legal regulations concerning the protection of private data.
If it is necessary to process your personal data but there is no applicable legal framework in place, we shall always obtain consent for the specific processing purpose in question.
As the company that is responsible for information processing (data controller), we have set out technical and organisational measures to ensure the highest possible level of confidentiality with regard to your personal data.
However, it should be noted that the secure transfer of your data over the World Wide Web cannot be assured at all times.
If you wish to use our company’s services but would prefer not to transfer your personal data via the internet, we would advise you to contact us via telephone.
1. Data controller contact details
Data controller within the meaning of the General Data Protection Regulation (GDPR):
IMM Photonics GmbH
Tel.: +49 (0)89 321412 0
Data protection officer:
Mr Stephan Hartinger
Tel.: +49 (0) 8232 80988-70
2. Collection of general access data
Each time an internet user accesses our website, we automatically collect server log file data, which your browser sends to us. This comprises:
- the IP address (Internet Protocol Address) of the computer used to gain access
- the website from which you accessed our site (referrer)
- the address of the website you visited
- the date and the length of your visit
- the browser type and browser settings
- the operating system.
Please note that this data cannot be assigned to a specific individual. We use this technical access data solely for the following purposes:
- to improve the appeal and usability of our websites
- to recognise issues on our websites as soon as they arise
- to ensure our website content is supplied correctly
- to provide law enforcement agencies with the information necessary to pursue criminal proceedings in the case of a cyber-attack.
As a technical precaution, this data is stored for a maximum of seven days in order to protect data processing systems from unauthorised access.
3. Collection and disclosure of personal data
We only use your personal data for the purposes listed in this document.
The following entry forms exist on our website and are used to collect personal data:
3.1 Registering on our website
3.1.1 Subscription to our newsletter
On our website we offer users the option of signing up to our newsletter. This is sent out regularly and includes information on offers and products as well as details about the company.
To be able to receive our newsletter, you must provide a valid e-mail address.
If you wish to receive a personalised newsletter, you will need to provide the following information:
1. E-mail address
Title (optional), name, surname
Once your registration request has been sent, we are legally obliged to send you a confirmation e-mail to complete your request to be registered for our newsletter mailing list (a so-called ‘double opt in’).
The data listed above is solely used for the purpose of dispatching our newsletter.
This personal information is never disclosed to third parties.
If we receive your e-mail address in connection to the sale of a product or a service and we receive no objection from you, we reserve the right to regularly contact you via e-mail with offers on products featured in our range that are similar to those already purchased.
You have the right to cancel your subscription to this newsletter at any time and to revoke your permission for the use of your personal data as part of our newsletter mail-out. Each newsletter contains a link that allows you to unsubscribe.
3.1.2 Enquiry forms
Users are able to send enquiry forms to us including contact details and individual specifications regarding a desired product (these are featured below listed products).
Such forms require the following personal data:
- Telephone number
- E-mail address
Additional data is optional.
If you voluntarily transfer any of these personal details to us, they will solely be used to issue you with a quote, which we will then send out to you.
This personal information is never disclosed to third parties.
4. Why are cookies used?
So-called ‘cookies’ are used on a number of our website pages. Detailed information (including which cookies are used) can be found in our cookie guidelines (https://www.imm-photonics.de/en/cookie-richtlinie/).
5. The application and use of tracking, analysis tools and social plugins
This website uses Google Analytics, a web analytics service provided by Google Inc. (Google). Google Analytics uses so-called ‘cookies’, text files that are stored on your computer and that enable your use of our website to be analysed. The information generated by a cookie concerning how you interact with the website is usually transferred to a Google server in the US where it is stored. If IP addresses are anonymised for this website, your IP address will first be shortened by Google within EU member states or other signatories to the Agreement on the European Economic Area. The complete IP address is only transferred to Google’s US-based servers and shortened there in exceptional cases. Google will utilise this information on behalf of this website’s operator for the purpose of analysing your use of the specific website, compiling reports on website activity and providing other services to the website operator that concern use of the website and the internet. The IP address collected from your browser as part of Google Analytics will not be merged with other Google data. You can prevent cookies from being stored by adjusting the relevant settings within your browser; however, if you choose this course of action, you may not be able to utilise all of a website’s functionalities. You can also stop Google from collecting or processing any of the data generated by cookies or through your use of websites (including your IP address) by downloading and installing the browser plugin available under the following link (https://tools.google.com/dlpage/gaoptout?hl).
More detailed information is available here https://support.google.com/analytics/answer/6004245?hl=en (general information on Google Analytics and data security). Please note that on this website Google Analytics now includes an additional line of code (‘gat._anonymizeIp();’) to allow IP addresses to be collected anonymously (‘IP masking’).
6. Deleting and archiving personal data and the length of data storage
We only process and store your personal data for the length of time required to achieve the purpose for which the data was collected or for as long as we are legally entitled to in line with the statutory retention periods for personal data.
Once a specific objective for data storage has been fulfilled or if a statutory retention period has elapsed, personal data is routinely archived or deleted in line with legal requirements.
7. Data protection rights for affected persons (data subjects)
If you have any questions concerning your personal data, you can write to us at any time. Germany’s General Data Protection Regulation (GDPR) guarantees you the following rights:
7.1 Right of access (Art. 15 GDPR)
You have the right, at any time, to find out what information and what categories of personal data are being processed by us and for what purpose, how long and according to which criteria this data is stored and whether any automated decision-making, including profiling, is applied throughout this process. You also have the right to know the recipients or categories of recipient to whom the data has been or will be disclosed, in particular recipients in third countries or international organisations. In such cases, you also have the right to be informed of the appropriate safeguards in place regarding the transfer of your personal data.
Alongside the right to complain to supervisory authorities and the right to information concerning the origin of your data, you also have the right to erasure, to rectification as well as the right to restriction of or the right to object to processing of your personal data.
In all of the above-mentioned cases, you have the right to obtain a copy of your personal data from the controller (free of charge) detailing the data that we are currently processing. For any further copies requested or which exceed the data subject’s right to information, we reserve the right to charge a reasonable administrative fee.
7.2 Right to rectification (Art. 16 GDPR)
You have the right to obtain, without undue delay, the rectification of inaccurate personal data and, taking into account the purpose of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If you wish to exercise your right to rectification, you can contact our data protection officer or the data controller at any time.
7.3 Right to erasure (Art. 17 GDPR)
You have the right to ask for your data to be immediately erased (‘right to be forgotten’), particularly in cases where data storage is no longer necessary, you withdraw your consent for the processing of data, and your data has been unlawfully processed or unlawfully collected and its erasure is a legal obligation in accordance with EU or domestic law.
However, the right to be forgotten does not apply if processing is necessary to exercise the right of freedom of expression and information, data storage is required to fulfil a legal obligation (e.g. retention requirements), archiving purposes take priority over data erasure or data storage is required for the establishment, exercise or defence of legal claims.
7.4 Right to restriction of processing (Art. 18 GDPR)
You have the right to restrict the processing of your data by the controller if: you contest the accuracy of your personal data; the processing is unlawful; you oppose the erasure of your personal data and would like to request the restriction of its use instead; the personal data is no longer required for the purposes of processing; or if you have objected to processing pursuant to Article 21(1), pending the verification as to whether we have legitimate grounds to override your request.
7.5 Right to data portability (Art. 20 GDPR)
You have the right to portability of the personal data that you have provided to our company in a conventional format for the purpose of transmitting this personal data to another controller without prejudice, providing that your consent has been granted and the data processing is carried out by automated means.
7.6 Right to object (Art. 21 GDPR)
You have the right to object to the collection, processing or use of your personal data for the purposes of direct marketing or marketing and opinion research as well as data processing for general commercial purposes, unless we can provide compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms.
Moreover, you cannot exercise your right to object if a statutory provision stipulates the collection, processing or use of the data or obliges data collection, processing or use.
7.7 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with § 19 German Federal Data Protection Act)
You have the right to lodge a complaint with the responsible supervisory authority if you consider that an infringement has been committed during the processing of your personal data.
7.8 Right to withdraw consent (Art. 7(3) GDPR)
If you have granted consent for the processing of your personal data, you reserve the right to withdraw this consent at any time without having to state any reason. This also applies to the withdraw of consent granted to us prior to the coming into effect of the EU’s General Data Protection Regulation.
8. Legal framework for data processing
The legal basis for the processing of personal data which requires consent from the data subject is Art. 6(1)(1a) of the German General Data Protection Regulation (GDPR).
When processing personal data that is required for the performance of a contract and where a contractual party is therefore the data subject, Art. 6(1) (1b) (GDPR) shall serve as the legal basis. This regulation also includes processing steps that are required for the fulfilment of pre-contractual measures.
If personal data needs to be processed in order for our company to comply with a legal obligation that it is subject to, Art. 6(1)(1C) (GDPR) shall serve as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6(1)(1F) (GDPR) shall serve as the legal basis. Our company’s legitimate interests are understood as conducting our business activities as well as analysing, optimising and maintaining the security of our online content.
9. Transferring data to third parties
As a general rule, we do not sell or loan user data to third parties. Any transfer of data to third parties beyond the limits set out in this privacy declaration shall only be permitted if such steps are necessary in order to process the requested service.
We only transfer data if we have a legal obligation to do so. This is the case when government entities (e.g. prosecution authorities) submit a written request for information or if a court order has been issued.
The transfer of personal data to third countries outside of the EU/EEA region is not permitted.
10. Statutory or contractual requirements concerning the provision of personal data as well as the potential consequences of non-provision
It is important to state that in some cases the provision of personal data may be a legal obligation (e.g. with regard to tax regulation) or may arise as a result of contractual requirements (e.g. you may need to provide details on or from a contractual partner). For example, in order to conclude a contract, it may be necessary for the data subject/contractual partner to provide their personal data in order for us to be able to handle their specific request (e.g. an order). An obligation to provide personal data usually arises during the signing of a contract. If no personal data is provided in such cases, it may not be possible to conclude the contract with the data subject. Before personal data is provided by the data subject, the individual in question can contact our data protection officer or the data controller. The data protection officer or the data controller will then explain to the data subject whether the provision of the necessary personal data is set out as a legal or contractual obligation and/or necessary for the conclusion of a contract and whether the request submitted by the data subject necessitates the provision of personal data and/or will outline the potential consequences if the data is not provided.
11. The existence of automated decision-making
As a responsible company, we do not use any automated decision-making or profiling with any of our business partners.