Skip to main content

Privacy information

UNITED FELT FABRICS AG

Name and address of the responsible party

The controller is the entity that, alone or jointly with others, decides on the purposes and means of processing personal data. The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations, is:

Vereinigte Filzfabriken AG
Board of Directors: Jürgen Haggenmüller
Giengener Weg 66
89568 Hermaringen

Telephone: +49 7322-144-0
Fax: +49 7322-144-102
Mail: This email address is protected against spambots! JavaScript must be enabled to view it.
Website: www.vfg.de

Contact details of the data protection officer

We have appointed an external data protection officer:
BerIsDa GmbH |
Website: www.berisda.de

You can reach the data protection officer by mail at
Vereinigte Filzfabriken AG,
Attn: Data Protection Officer,
Giengener Weg 66,
89568 Hermaringen, Germany.

by phone
+49 661 29698090
or by email at
This email address is protected against spambots! JavaScript must be enabled to view it..

I. GENERAL INFORMATION ON DATA PROCESSING

1. Scope of processing personal data

The data controller collects and uses personal data of its users (hereinafter also referred to as "data subject" or "visitor") only to the extent necessary for providing a functional website and for displaying its content and services. The collection and processing of users' personal data for other purposes generally only occurs with the user's consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons, processing is based on pre-contractual or contractual measures, processing is permitted by law, and/or the data controller has a legitimate interest in the processing.

Your personal data is generally collected directly from you, for example, when you contact us, consent to services on this site, or use forms on this website. In addition, technical data that is essential for the operation of the site is automatically collected when you access the site.

2. Legal basis for the processing of personal data

Where the controller obtains consent from the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. Where special categories of data pursuant to Article 9(1) GDPR are processed, Article 9(2)(a) GDPR serves as the legal basis. Any transfer to a non-safety-based third country based on consent is carried out on the basis of Article 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your device, data processing is additionally based on Section 25(1) of the German Telecommunications Data Protection Act (TDDDG).

When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures. If the person is the contact person of a (potential) business partner (customer, supplier, partner), the legal basis for (pre-)contractual measures is Article 6(1)(f) GDPR.

Where the processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, Article 6(1)(c) GDPR serves as the legal basis.

In the event that the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and the interests or fundamental rights and freedoms of the data subject do not override those interests, then Article 6(1)(f) GDPR serves as the legal basis for the processing.

3. Data deletion and duration of processing

Unless a specific retention period is stated within this privacy policy, the personal data of our website visitors will remain with us until the purpose for data processing no longer applies. The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply, or the data subject withdraws their consent, or objects to processing. Data may also be stored if this is provided for by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or erased when a storage period prescribed by the aforementioned regulations expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

4. Data transfer to a third country or an international organization

The European General Data Protection Regulation (GDPR) stipulates that the transfer of personal data, whether already processed or intended for processing after transfer to a third country or international organization, is only permissible if a level of data protection comparable to that of the GDPR is guaranteed. This means ensuring compliance with the GDPR provisions – for example, through an adequacy decision by the European Commission pursuant to Article 45(1) and (3) GDPR, or the implementation of internal company data protection rules approved by a supervisory authority (so-called "appropriate safeguards," Article 46(2) and (3) GDPR). If a level of data protection comparable to that of the GDPR is not in place, processing in a third country may pose risks.

Risks of transferring data to a non-secure third country: Personal data could potentially be shared by the provider with other third parties beyond the actual purpose of fulfilling the contract, who might then use the data for purposes such as advertising. Furthermore, effective enforcement of any data subject rights against the provider is likely to be impossible. There is also a higher probability of incorrect data processing, as the provider's technical and organizational measures for protecting personal data may not fully meet the quantitative and qualitative requirements of the GDPR. It is also possible that government agencies could access the provided personal data without the data subject's knowledge. This is generally consistent with European legal regulations, for example, for the purpose of preventing threats. However, the threshold for the permissibility of such data processing is higher in the European Union than in the recipient country. In summary, non-secure third countries do not offer a level of data protection comparable to that of the GDPR.

On our website, we use tools from providers whose headquarters or the headquarters of their parent company (or affiliated companies) is located in a third country from a data protection perspective. We also transfer data to the USA. Data transfers to the USA are permitted if the recipient is certified under the EU-US Data Privacy Framework (DPF) or has appropriate additional safeguards in place. The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company commits to adhering to these data protection standards. You can find a list of certified companies at: https://www.dataprivacyframework.gov/list . There, you can search by provider name and view their certification directly.
If data is transferred to a DPF-certified provider, you will find a separate notice on the respective service provider's website.

Furthermore, we also use tools from other providers in third countries and US providers that are not certified under the EU-US Data Privacy Framework (DPF) on our website. The transfer and processing of personal data of data subjects in connection with these tools is carried out under the conditions of Article 49 Paragraph 1 Sentence 1 Letter a GDPR – based on consent given by the data subject.

If data is transferred based on consent to a provider whose processing takes place in a non-safety-compliant third country, a separate notice will be provided by the respective service provider.

If data is transferred to a third country or an international organization, we will inform you about this by a separate notice in this privacy policy for the respective processing activity.

5. Recipients of personal data

Within our organization, access to your personal data is generally granted only to those departments and areas that require it in the course of our work and for the purposes described, and that are authorized to process this data.

As part of our service provision, we engage data processors who contribute to fulfilling our contractual obligations. We work with service providers, such as those for IT maintenance, video conferencing tools, or newsletter distribution (so-called data processors). These service providers act only on our instructions and are contractually obligated to comply with applicable data protection requirements. We conclude corresponding data processing agreements with these service providers in writing. If specific data processors are used to process personal data, we will inform you of this through a separate notice within this privacy policy, specifically regarding the respective processing activity.

We may transfer personal data to courts, supervisory authorities or law firms if there is a legal obligation to do so pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR or if it is necessary for the establishment, exercise or defense of legal claims pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and there is no reason to assume that our data subjects have an overriding legitimate interest in not disclosing the data.

6. Necessity of providing personal data

Providing your personal data is generally neither legally nor contractually required. There is no obligation to provide it. However, failure to provide it may prevent you from using certain functions, services, forms, and other features on our website. We recommend that you only provide personal data that is necessary, for example, to process your request, fulfill your offer, and use the features we offer. If providing your personal data is legally or contractually required, we will inform you of this with a separate notice in this privacy policy for the respective processing activity.

The collection of technical data (and potentially the collection of your IP address as personal data) for the provision of the website and the storage of this data in log files is essential for the operation of the website and occurs automatically when you access this website. If you do not wish this to happen, you must leave this website.

II. Rights of the data subject

When we process your personal data, you as the data subject have the following rights against us as the controller:

1. Right of access, Art. 15 GDPR

Under applicable legal provisions, you have the right at any time to receive (free) information about your personal data that has been collected and stored. This includes, among other things, information about the purposes of processing, the origin and recipients of the data, the storage period, and the existence of various rights.

2. Right to rectification, Art. 16 GDPR

You have the right to rectification (including completion) of your data by the data controller if the processed personal data concerning you is inaccurate or incomplete for the purpose of the processing. The data controller must carry out the rectification without undue delay.

3. Right to erasure, Art. 17 GDPR

Under the conditions of Article 17 GDPR, you can request the deletion of your personal data at any time, unless there are circumstances that entitle or oblige the controller to continue processing your personal data (such as statutory retention obligations).

4. Right to restriction of processing, Art. 18 GDPR

If the legal requirements are met, you can request a restriction of the processing of your personal data in accordance with Article 18 GDPR.

5. Right to information, Art. 19 GDPR

If your personal data has been processed by recipients to whom the controller has disclosed the data, the controller is obliged to inform these recipients of your requests regarding rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You may request that the controller inform you about these recipients.

6. Right to data portability, Art. 20 GDPR

If you have provided us with personal data, and this data is processed automatically based on your consent or on the basis of a contract, you have the right, pursuant to Article 20 of the GDPR, to data portability, provided that this does not adversely affect the rights and freedoms of other persons. The data will be provided in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if technically feasible.

7. Right to object, Art. 21 GDPR

You have the right to object at any time to the processing of your data, provided the processing is based on a balancing of interests. This is the case if the controller relies on the public interest or its legitimate interests for the processing (see Art. 6 para. 1 sentence 1 lit. e and f). This requires that you assert grounds relating to your particular situation which override the controller's interests. The controller will then no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

Article 21(2) of the GDPR contains a specific, different rule if your personal data for direct marketing . In this case, you have the right to object to the processing of your personal data at any time, without any further requirements. Your personal data will then no longer be processed for direct marketing purposes. You can also object to profiling insofar as this direct marketing involves such profiling.

You have the option to exercise your right to object to the processing of your personal data in connection with the use of information society services by means of automated procedures using technical specifications.

8. Automated decision-making in individual cases, Art. 22 GDPR

According to Article 22 of the GDPR, you have the right not to be subject to decisions that produce legal effects concerning you or similarly significantly affect you, based solely on automated processing, including profiling. Exceptions may apply where appropriate safeguards are in place to protect your interests, where necessary contractual provisions or legal regulations exist, or where you have given your explicit consent.

9. Right to withdraw your consent, Art. 7 para. 3 GDPR

You have the right to withdraw your consent to data processing at any time. The lawfulness of data processing carried out before the withdrawal remains unaffected. You can send your withdrawal by email or post to the data controller.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority responsible for us is the State Commissioner for Data Protection and
Freedom of Information of Baden-Württemberg. If you are located in another German state or outside of Germany, you can also contact the data protection authority there.

III. SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential information, such as inquiries you send to us as the website operator. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the padlock icon in the browser bar. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

IV. External Hosting

1. Description and scope of data processing

This website is hosted by an external service provider (so-called host). The personal data collected on this website is stored on the host's servers. This may include, in particular, IP addresses, contact requests, metadata and communication data, contract data, contact details, names, page views, and other data generated via a website.

2. Legal basis for data processing

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR for the provision of the website.

3. Purpose of data processing

The use of the hosting provider serves the purpose of ensuring the secure, fast, and efficient provision of our online services, as well as the reliable display and provision of our website by a professional provider. These purposes constitute our legitimate interest.

4. Duration of storage, right to object and erasure

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended.

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no possibility for the user to object

5. Conclusion of a data processing agreement

In connection with the data processing described above, data is transferred to and processed by our external hosting provider: Wirth Fulda GmbH, Frankfurter Straße 62, 36043 Fulda. We have concluded a data processing agreement with them. This is a legally required contract under data protection law, which ensures that our hosting provider processes the personal data of our website visitors only according to our instructions and in compliance with data protection regulations (GDPR, BDSG, etc.).

V. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the system of the accessing device.

The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The user's internet service provider
  • The user's IP address
  • Date and time of access
  • Websites from which the user's system accessed our website

The data is also stored in our system's log files. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

The data is stored in log files to ensure the website's functionality. We also use this data to optimize the website and to ensure the security of our IT systems. The data is not used for marketing purposes.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Duration of storage, right to object and erasure

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this occurs after a maximum of [seven days]. Storage beyond this period is possible. In this case, the users' IP addresses are deleted or anonymized so that it is no longer possible to identify the requesting device.

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no possibility for the user to object.

USING GOOGLE MAPS

This website uses the Google Maps service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transmitted to and stored on a Google server in the USA. The provider of this website has no influence on this data transfer.

For more information on how user data is handled, please see Google's privacy policy: https://www.google.de/intl/de/policies/privacy/

GOOGLE ANALYTICS

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

The purposes of data processing are to analyze website usage and compile reports on website activity. Based on this website and internet usage, further related services will then be provided. This processing is based on the legitimate interest of the website operator.

You can prevent the storage of cookies by adjusting your browser settings; however, please note that in this case you may not be able to fully utilize all the functions of this website. Furthermore, you can prevent Google from collecting and processing data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: Browser Add-on for deactivating Google Analytics .

In addition to or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking this link. This will install an opt-out cookie on your device. This will prevent data collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser.

USE OF SCRIPT LIBRARIES (GOOGLE WEBFONTS)

To ensure our content is displayed correctly and attractively across different browsers, we use script and font libraries such as Google Web Fonts ( https://www.google.com/webfonts/ ) on this website. To avoid multiple downloads, Google Web Fonts are cached in your browser. If your browser does not support Google Web Fonts or blocks access to them, content will be displayed in a standard font.

Calling up script or font libraries automatically establishes a connection to the library operator. It is theoretically possible – though currently unclear whether and, if so, for what purposes – that the operators of such libraries collect data.

The library operator Google's privacy policy can be found here: https://www.google.com/policies/privacy/