Privacy

Preliminary note on data protection

We are very pleased about your visit to our website and your interest in our company. We take the protection of your personal data very seriously and are committed to protecting your privacy and treating your data confidentially.

By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data protection declaration informs data subjects about their rights.

We do not use statistical programs to analyze user behavior.

Our company, as the data controller, has implemented numerous technical and organizational measures to ensure that the personal data processed via this website is protected as completely as possible.

Nevertheless, internet-based data transmissions can generally have security gaps (e.g. when communicating by email), so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

1. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

S.E.T. GmbH

Lindenstrasse 22

97892 Kreuzwertheim

Germany

Email: info@set-gmbh.net

Website: www.set-gmbh.de

2. Scope of the processing of personal data

It is generally possible to use our website without providing any personal data. However, if a data subject wishes to make use of special services provided by our company via our website, it may be necessary to process personal data.

If it is necessary to process personal data and there is no legal basis for such processing, we generally obtain the consent of the data subject.

We also process personal data in the course of our daily business activities. This information is provided to us through inquiries and orders placed by phone or email or at our trade fairs and stored for the purpose of (pre-)contractual tasks for as long as is necessary to fulfill the tasks and legal requirements.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with other data protection regulations and the country-specific data protection regulations applicable to our company.

3. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subjects for the processing of personal data, Art. 6 (1) point a GDPR serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required for the fulfillment of a legal obligation that we have to fulfill, Art. 6 (1) lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

Disclosure of personal data for shipping purposes

The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods.

CleverReach

We use CleverReach on our website, an email marketing service.

The service provider is the German company:

CleverReach GmbH & Co. KG, Schaffückenweg 2, 26180 Rastede, Germany.

You can find out more about the data that is processed by using CleverReach in the CleverReach privacy policy.

4. Data deletion and storage duration

The personal data of the data subject will be deleted and blocked as soon as the purpose of storage no longer applies. Storage beyond this period is possible if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Blocking and deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

5. Provision of the website and creation of log files

Each time our website is accessed, the provider of our website automatically collects and stores a range of general data and information that your browser automatically transmits in so-called log files.

The server automatically logs:

- Information about the browser used and the version used

- the user's operating system

- the user's IP address

- the date and time of the visit

This data is not stored in our system but on our provider's server. We do not have access to the stored log files and cannot evaluate them. This data is neither evaluated by our provider nor passed on to third parties and is deleted at regular intervals, provided that this is not prevented by legal storage obligations.

This information is required to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

6. Use of cookies

Our websites partly use so-called cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the computer system of the

user.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters by which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A particular internet browser can be recognized and identified by its unique cookie ID.

Cookies enable us to recognize our website users. The purpose of this recognition is to make it easier for users to use our website.

We mainly use so-called “session cookies” on our site. These are automatically deleted after your visit. Other cookies remain stored on your end device until you delete them.

We do not use cookies that enable an analysis of users' surfing behavior.

Cookies are stored on the user's computer and transmitted to our website by the user's computer. Therefore, you as a user also have full control over the use of cookies.

By changing the settings in your internet browser, you can be informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If you deactivate the setting of cookies in the internet browser used, not all functions of our website may be fully usable.

7. Registration

If you wish to use the media library on our website to download image material, the contact data you provide there will only be stored in case of follow-up questions. The data is entered into an input mask and transmitted to us and stored. It will not be passed on to third parties. The following data is collected during the registration process:

Company name

Name

Street, no. and town

Telephone number

E-mail address

Users must register to use our media library because we only pass on the rights to use our images to our customers.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for the data collected during the registration process if the registration on our website is canceled or modified.

As a user, you have the option to cancel the registration at any time. You can modify or delete the data stored about you at any time.

8. Contact options via the website

On our website, you have the option of contacting us directly via email. If you contact us by email, we will only store or use the data for the purpose of communicating with you. This personal data will not be passed on to third parties.

9. SSL encryption

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from http:// to https:// and by the lock symbol in your browser line. When SSL encryption is activated, the data you send to us cannot be read by third parties. The data is stored and used by us only for the purpose of communicating with you.

10. Rights of the data subject

In accordance with the GDPR, we hereby draw your attention to your rights. You have the following rights:

a. Right to confirmation

Every data subject has the right, as granted by the European directive and regulation maker, to require the controller to confirm whether personal data relating to him or her is being processed. If a data subject wishes to exercise this right of confirmation, they can contact an employee of the controller at any time.

b. Right of access by the data subject

The data subject has the right to receive information from the controller of our company free of charge about the personal data stored about him or her and to receive a copy of this information. Furthermore, you are entitled to receive the following information:

- the purposes of the processing

- the categories of personal data concerned

- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations

- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period

- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing

- the existence of the right to lodge a complaint with a supervisory authority

if the personal data are not collected from the data subject: All available information on the origin of the data

the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Furthermore, the data subject has the right to be informed as to whether personal data has been transferred to a third country or an international organization. If this is the case, the data subject also has the right to receive information about the appropriate safeguards in connection with the transfer.

The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject makes the request electronically, the information shall be provided in a commonly used electronic form, unless the data subject requests otherwise. The right to receive a copy must not adversely affect the rights and freedoms of others.

c. Right to rectification

The data subject has the right to request that we correct any inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.

d. Right to erasure (“right to be forgotten”)

The data subject has the right to request that we delete personal data concerning him or her without delay. We are also obliged to delete personal data without delay if one of the following reasons applies:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed

the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing

- the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR

- the personal data have been unlawfully processed

the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject

the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Paragraphs 1 and 2 shall not apply to the extent that processing is necessary

- for exercising the right of freedom of expression and information

to fulfill a legal obligation that requires processing under the law of the Union or of the Member States to which the controller is subject, or to carry out a task that is in the public interest or in the exercise of official authority that has been transferred to the controller

for reasons of public interest in the area of public health in accordance with Article 9 (2) lit. h and lit. i GDPR as well as Article 9 (3) GDPR;

for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

for the establishment, exercise or defense of legal claims.

e. Right to restriction of processing

The data subject shall have the right to obtain from us restriction of processing where one of the following applies:

the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data

the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead

- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims, or

- the data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A data subject who has obtained a restriction on processing shall be informed by the controller before the restriction of processing is lifted.

f. Right to data portability

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

the processing is based on consent pursuant to Article 6(1) a) GDPR or Article 9(2) a) GDPR or on a contract pursuant to Article 6(1) b) GDPR, and

the processing is carried out by automated means.

In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17 of the GDPR. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right referred to in paragraph 2 shall not adversely affect the rights and freedoms of others.

g. Right to object

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

We will no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

h. Right to withdraw consent under data protection law

Every data subject affected by the processing of personal data has the right, granted by the European legislative and regulatory authority, to withdraw consent to the processing of personal data at any time.

i. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with the competent data protection authority at any time. If you wish to exercise your right to lodge a complaint, you can do so with the following authority:

The Bavarian State Commissioner for Data Protection (BayLfD)

Prof. Dr. Thomas Petri

Postfach 22 12 19, 80502 Munich

Wagmüllerstraße 18, 80538 Munich

Tel.: 089 212672-0

Fax.: 089 212672-50

poststelle@datenschutz-bayern.de

11. Data protection for job applications in the application process

We collect and process the personal data of applicants for the purpose of processing the application. The processing can also be done electronically. This is particularly the case if an applicant submits the relevant application documents electronically, for example by email. If we conclude an employment contract with the applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents shall be deleted immediately after the decision to reject the applicant has been made, provided that no other legitimate interests preclude such deletion. Another legitimate interest in this sense is, for example, a duty of proof in proceedings under the German General Equal Treatment Act (AGG).

12. Data security and changes to the privacy policy

The transmission of information via the internet is not completely secure. We cannot therefore guarantee the security of the data transmitted to our website via the internet despite the protection of our website and our other facilities with which data is transmitted to us by means of appropriate technical and organizational measures against the loss of availability, confidentiality or integrity. In this respect, reference is made to Section 10 of this data protection declaration.

We reserve the right to change this data protection declaration in part or in full at any time with effect for the future. The current version of our data protection declaration can be viewed on our website.