As a rule it is possible to use our website without providing any personal information. Any personal data collected on our pages (e.g. name, address or email addresses) are provided by users on a voluntary basis as far as possible. These data are not passed on to third parties without your explicit consent. However, we would like to point out that transmitting data over the internet (e.g. when communicating by email) may be subject to security gaps. Full protection of data against access by third parties is not possible.
The processing of personal data such as name, address, email address or telephone number of a data subject is always carried out in accordance with the applicable country-specific data protection provisions and in compliance with the EU General Data Protection Regulation.
Consent for processing
The user of our websites and our services portfolio consents to the processing by us of the requisite personal data through his or her voluntary use of one of the respective purposes described as follows.
TREIF Maschinenbau GmbH only collects and processes user data for its business processes within the framework of its service provision and product creation in the interest of its prospects and customers. One part of the data are collected in order to ensure a flawless provision of the website. Other data can be used to analyse usage behaviour analysis of the website visitors.
So it can enable and implement these services in all areas, the user has hereby consented that TREIF Maschinenbau GmbH collects and processes the requisite details in this regard and if applicable transmits these to partner firms with whom TREIF Maschinenbau GmbH maintains an EU-GDPR compliant contract data processing relationship for the service provision of the stated purposes. The specified personal data, in particular, name, address, telephone number, bank details are solely necessary and required for the purposes of the performance of the service provision and for any possible existing contractual relationship and are collected on the basis of legal authorisation. Any further or additional use of personal data and the collection of additional information generally requires the consent of the data subject. More information in this regard, in particular relating to the right to withdraw consent is explained in more detail below.
1. Definitions of terms
a) Personal Data
Personal data means any information relating to an identified or identifiable natural person (henceforth “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data Subject
A data subject is every identified or identifiable natural person whose personal data are processed by a controller.
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of restricting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third Party
Third Party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of each data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation, other applicable data protection laws in the Member-States of the European Union and other provisions relating to data protection is:
TREIF Maschinenbau GmbH
Uwe Reifenhäuser (Controller within the meaning of the EU-GDPR)
Phone: +49 (0) 26 85 – 944 0
Fax: +49 (0) 26 85 – 10 25
Most of the cookies we use are session cookies. They are automatically deleted after your visit. Other cookies remain in the memory of your device until you delete them. These cookies enable us to recognise your browser the next time you visit the site.
4. Server Log Files
With every website access by a data subject or an automated system the page provider collects a series of general data and information and it automatically saves information in server log files which your browser transmits to us automatically. This includes:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server enquiry
- Other similar data and information used to avert risks in the event of attacks on our information technology systems.
These data are not stored in such a way as to be personally identifiable. These data are not compiled with other data sources. We reserve the right to retrospectively examine these data in the event of concrete evidence of illegal activity. The anonymised data of the server log files are stored separately from all personal data input by a data subject.
5. Registration on our website
As a data subject you are able to register your personal information on the website of the controller. Which personal data are transmitted to the controller are a function of the respective input menu used for the registration. The personal data input by the data subject will only be collected and saved for internal use by the controller and for its own purposes. The controller can - if this is justified - allow the forwarding to one or several contract processors who will also use the personal data assigned to them by the controller solely for internal use.
Registration on the website of the controller also triggers the saving of the IP address of the data subject specified by the internet service provider (ISP) as well as the date and time of registration. These data are saved because only in this way can misuse of our services be prevented and these data enable, if required, criminal offences to be clarified. To that extent the data must be saved to safeguard the data controller. These data are in principle not forwarded to third parties unless there is a legal obligation to forward them or such forwarding is to be used for criminal prosecution purposes.
The registration of the data subject with the voluntary input of personal data is used by the controller to offer content or services to the data subject which can only be offered to registered users due to the nature of the item. Registered persons have the option at any time to modify the personal data specified at the time of registration or to have them totally erased from the dataset of the controller.
The controller shall, on request and at any time, provide information to every data subject regarding the stored personal data of the data subject. Furthermore, the controller will rectify or erase personal data on the request or instruction of the data subject, unless statutory retention obligations oppose this.
6. Subscription to our Newsletter
The website offers users’ the option to subscribe to our company Newsletter. Which personal data are transmitted to the controller when the Newsletter is ordered is a function of the respective input menu used for the registration. We use a Newsletter to inform our customers and business partners at regular intervals about company offers. Our company Newsletter can in principle only be received by the data subject if
- The data subject has a valid email address and
- The data subject has registered to receive the Newsletter.
For legal reasons the double opt-in procedure is used whereby a confirmation email is sent to the email address input by a data subject for the first Newsletter distribution. This confirmation email is used to verify whether, as a data subject, the owner of the email address has authorised receipt of the Newsletter.
With the registration for the Newsletter we also save the IP address of the data subject specified by the internet service provider (ISP), the computer system used at the time of registration and the date and time of the registration. These data must be collected in order to retrace any (possible) misuse of the email address of a data subject at a later time and is therefore used for the legal safeguarding of the controller.
The personal data collected within the context of registration for the Newsletter are solely used for the purposes of sending out our Newsletter. Furthermore, subscribers of the Newsletter may be informed by email, if this is required for the operation of the Newsletter service or if a registration in this regard is required, as could be the case in the event of changes to the Newsletter offer or a modification of the technical circumstances. Within the context of the Newsletter service, no personal data are forwarded to third parties. The subscription to our Newsletter can be cancelled at any time by the data subject. Consent for the saving of personal data granted to us by the data subject for the Newsletter distribution, can be withdrawn at any time. For the purposes of withdrawal of consent, each Newsletter contains a corresponding link. It is also possible to de-register from the Newsletter distribution at any time directly on the website of the controller or to inform the controller of this in another way.
7. Contact possibility via the website
Due to legal provisions our website contains details which enable a fast electronic contact process to our company as well as an immediate communication with us which also includes a general email address. If a data subject makes contact with the controller by email or via a contact form, the personal data transmitted by the data subject are saved automatically. Such personal data transmitted to the controller on a voluntary basis by the data subject are saved for processing purposes or for making contact with the data subject. These personal data are not forwarded to third parties.
This website uses the functions of SalesViewer® to collect and store data on this website for marketing, market research and optimisation purposes. From these data user profiles can be created under a pseudonym. To this end tracking scripts are used which serve to collect company-related data. Data obtained using these technologies are not used without a separate consent of the data subject to personally identify the visitors to the website and they are not amalgamated with personal data via the bearer of the pseudonym.
Opposition to data collection
Data collection through SalesViewer® can be opposed at any time with future effect by visiting the following link: https://www.salesviewer.com/opt-out, in order to prevent future data collection by SalesViewer® within the website. Here an opt-out cookie is filed for this website on your device. If you delete cookies in your browser, you must click on this link again.
9. Google Analytics
This website also uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
You may prevent the storage of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) for Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link:
Opposition to data collection
You can also prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie is set which prevents the collection of your data on future visits to this website: Disabling Google Analytics
10. SSL Encryption
This website uses SSL encryption for reasons of security and to protect the transfer of confidential content, such as the enquiries you send to us as the website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
When SSL encryption is activated the data that you transfer to us cannot be read by third parties.
11. Routine erasure and blocking of personal data
The controller only processes and saves the personal data of the data subject for the period required to achieve the purpose of the save or if this is specified by European Directives and Regulators or another legislator in laws or provisions which the controller is subject to.
If the purpose of saving the data no longer applies or a storage period specified by European Directives and Regulators or another competent legislator expires, the personal data are routinely blocked or erased in accordance with the statutory provisions.
12. Rights of the data subject to access, rectification, erasure, blocking
a) Right for confirmation
Each data subject has the right granted by European Directives and Regulators to request a confirmation from the controller as to whether they are processing relevant personal data. If a data subject wants to exercise this right for confirmation, he or she can turn in this regard at any time to our data protection officer or to another employee of the controller.
b) Right of access
Each data subject whose personal data is being processed has at any time the right granted by European Directives and Regulators to have access to the information free of charge from the controller about the personal data saved regarding him/her as well as a copy of this information. Furthermore, European Directives and Regulators have conceded that the data subject must have access to the following information:
- The processing purposes
- The categories of personal data which are being processed
- The recipients or categories of recipients to whom the personal data has been disclosed or will be disclosed, in particular in the case of recipients in third-countries or in international organisations
- The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period
- The existence of a right of rectification or erasure of the personal data concerning him/her or of the restriction of the processing by the controller or a right to object to this processing
- The right to lodge a complaint with a supervisory authority
- When the personal data have not been obtained from the data subject: All available information about the origin of the data
- The existence of automated decision-making, including profiling, referred to in GDPR Article 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
The data subject shall also have the right to be informed whether personal data have been transferred to a third country or to an international organisation. To the extent that this is the case the data subject shall also have the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wants to exercise this right of access, he/she can turn in this regard at any time to our data protection officer or to another employee of the controller.
c) Right to rectification
Each data subject whose personal data is being processed shall have the right at any time granted by European Directives and Regulators without undue delay to the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wants to exercise this right to rectification he/she can turn in this regard at any time to our data protection officer or to another employee of the controller.
D) Right to erasure (right to be forgotten)
Each data subject whose personal data is being processed shall have the right granted by European Directives and Regulators to demand the erasure of personal data concerning him or her from the controller without undue delay where one of the following grounds applies and the processing is no longer required:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based pursuant to GDPR Article 6 (1)(a), or Article 9 (2)(a), and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to GDPR Article 21 (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to GDPR Article 21 (2).
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in GDPR Article 8 (1).
Where one of the above grounds applies and a data subject wants to trigger the erasure of personal data stored by us, he/she can turn in this regard at any time to our data protection officer or to another employee of the controller. Our data protection officer or another employee shall do what is required to comply with the erasure request without undue delay.
If personal data has been disclosed by our company, and our company as a controller, is obliged pursuant to GDPR Article 17 (1) to erase the personal data, then taking account of available technology and the costs of implementation, we shall take reasonable steps, including technical measures, to inform other controllers which are processing the disclosed personal data that the data subject has requested the erasure by such controllers of any links to, or copies or replications of, those personal data, provided that processing is not required. Our data protection officer or another employee shall do what is required on a case-by-case basis.
e) Right to restriction of processing
Each data subject whose personal data is being processed shall have the right granted by European Directives and Regulators to demand the restriction of processing where one of the following grounds applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has objected to processing pursuant to GDPR Article 21 (1) and it has not yet been verified whether the legitimate grounds of the controller override those of the data subject.
Where one of the above grounds applies and a data subject wants to demand the restriction of processing of personal data stored by us, he/she can turn in this regard at any time to our data protection officer or to another employee of the controller. Our data protection officer or another employee shall do what is required to restrict the processing.
f) Right to data portability
Each data subject whose personal data is being processed shall have the right granted by European Directives and Regulators to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. The data subject shall also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to GDPR Article 6 (1)(a), or GDPR Article 9 (2)(a) or on an agreement pursuant to GDPR Article 6 (1)(a) and the processing is carried out by automated means; this shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to GDPR Article 20 (1), the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and where it shall not adversely affect the rights and freedoms of others.
To exercise the right to data portability the data subject can turn at any time to our data protection officer or to another employee.
g) Right to object
Each data subject whose personal data is being processed shall have the right granted by European Directives and Regulators to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her pursuant to GDPR Article 6 (1) (e) or (f). This also applies to profiling based on these provisions.
In the event of an objection, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to us regarding the processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Furthermore, where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to GDPR Article 89 (1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing by us of personal data concerning him or her, unless such processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object the data subject can turn at any time to our data protection officer or to another employee. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
h) Automated individual decision-making, including profiling
Each data subject whose personal data is being processed shall have the right granted by European Directives and Regulators not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision (1) is not necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.
If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller or (2), it is based on the data subject's explicit consent, we shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wants to exercise this right to automated decision-making he/she can turn in this regard at any time to our data protection officer or to another employee of the controller.
i) Right to withdraw privacy consent
Each data subject whose personal data is being processed shall have the right at any time granted by European Directives and Regulators to withdraw consent to the processing of personal data.
If the data subject wants to exercise this right to withdraw privacy consent he/she can turn in this regard at any time to our data protection officer or to another employee of the controller.
j) Right to consult the Federal Commissioner(s) for Data Protection
Each data subject whose personal data is being processed shall also have the right to consult the Federal Commissioner(s) for Data Protection. They are currently contactable at:
Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (Federal Commissioner for Data Protection and Freedom of Information) Postfach 14 68, 53004 Bonn
Mailing Address: Husarenstraße 30, 53117 Bonn Tel. +49 (0) 228 997799-0, Fax +49 (0) 228 997799-550,
Email: firstname.lastname@example.org, Internet: http://www.datenschutz.bund.de
13. Privacy in job applications and the application procedure
The controller collects and processes personal data from applicants for the purposes of handling the application process. The processing can be performed electronically. This is the case in particular when an applicant transfers the relevant application documentation electronically, for instance by email, or via a web form on the website to the controller. If the controller concludes an employment contract with an applicant the transferred data will be stored for the purposes of processing the employment relationship, taking the statutory provisions into account. If no employment contract is concluded with the applicant by the controller, the application documentation will be automatically deleted six months after notification of the rejection decision provided that no other legitimate interests of the controller oppose this. Other legitimate interest in this sense for example is a burden of proof in proceedings in accordance with the General Equal Treatment Act (AGG).
14. Legal basis of the processing
GDPR Article 6 (1)(a) serves as the legal basis for our company for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is required to perform a contract where the contractual party is the data subject, as this is for example in processing operations required for a delivery of goods or the provision of any other service or return service, then the legal basis for the processing is GDPR Article 6 (1)(b). The same applies for such processing operations necessary prior to entering into a contract, for instance in cases of enquiries into our products and services. If our company is subject to a legal obligation due to which processing of personal data is necessary, such as for the fulfilment of taxation obligations, the processing is based on GDPR Article 6 (1)(c). In rare cases the processing of personal data may be required to protect the vital interests of the data subject or another natural person. For example this would be the case if a visitor were to be injured in our company and when his/her name, age, health insurance company data or other vital information had to be forwarded to a doctor, hospital or other third party. Then the processing would be based on GDPR Article 6 (1)(d). Finally processing operations could be based on GDPR Article 6 (1)(f). Based on this legal basis are processing operations which are not covered by any of the preceding legal bases, when the processing is necessary to safeguard a legitimate interest of our company or a third party, unless the interests, basic rights and basic freedoms of the data subject are overriding. Such processing operations are permissible for us in particular because they are mentioned specifically by the European legislator. It represented the view that accepting a legitimate interest could be when the data subject is a client of the controller (GDPR Recital 47, Sentence 2).
15. Legitimate interests in the processing performed by the controller or a third-party
If the processing of personal data is based on GDPR Article 6 (1)(f), our legitimate interest is the performance of our business activities for the benefit or all our employees and shareholders.
16. The period for which personal data will be stored
The criterion used to determine the storage period of personal data is the respective legal retention period. Upon expiry of the period the relevant data are routinely erased provided that they are no longer required to fulfil or progress the contract.
17. Recipient of personal data / transfer to a third country
Pursuant to GDPR Article 4 (9) only the company is considered here as the recipient of collected personal data and in an individual case potentially legitimate recipients such as public authorities or partner companies or suppliers (such as the website provider).
There is no transfer of personal data to a third country, except for the notifications stated under Point 9 “Google Analytics” and data access by our foreign subsidiaries which observe and comply with the same privacy provisions as the parent company.
18. Statutory or contractual provisions for the provision of personal data; requirement for concluding a contract; obligation of the data subject to provide personal data; possible consequences of failure to provide such data
We hereby inform you that the provision of personal data is partially legally prescribed (e.g. taxation provisions) or can arise due to contractual rules (e.g. details of the contractual partners). Sometimes when concluding a contract a data subject will need to provide personal data that will subsequently be processed by us. For example, a data subject is obliged to provide us with personal data when our company concludes a contract with it. In this regard failure to provide personal data would make it impossible to conclude the contract with the data subject. Before any provision of personal data by the data subject, the data subject can turn to our data protection officer. Our data protection officer will explain to the data subject on a case-by-case basis whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data.
19. Existence of automated decision-making
As a responsible company we do not use automatic decision-making or profiling.
20. Data protection officer
You can contact our data protection officer at email@example.com, Telephone: +49 (0) 26 85 – 944 0.