Data protection

Protecting your personal data when you visit our website is very important to us. Your data is protected in accordance with legal regulations. Below, we would like to inform you about the type and scope of personal data processing via this website, in accordance with Article 13 of the General Data Protection Regulation (GDPR).

I. INFORMATION ON THE RESPONSIBLE PARTY

SHERA Werkstoff-Technologie GmbH Espohlstraße 53 49448 Lemförde Tel.: +49 (0) 5443/99330 E-Mail: info@shera.de

II. INFORMATION ON THE DATA PROTECTION OFFICER

For questions regarding data protection, please contact our external data protection officer: Mr. Arndt Halbach of GINDAT GmbH, Wetterauer Str. 6, 42897 Remscheid

Email: datenschutz@gindat.de
Tel. +49 (0) 2191 / 909 430

III. DATA PROCESSING VIA THE WEBSITE

Your visit to our website is logged. The following data, which your browser transmits to us, is primarily recorded:

• the IP address currently used by your PC or router
• Date and time
• Browser type and version
• your PC's operating system
• the pages you viewed
• Name and size of the requested file(s)
• as well as, if applicable, the URL of the referring website.

This data is collected solely for data security purposes, to improve our website, and for error analysis, based on Article 6 Paragraph 1 f of the GDPR. We reserve the right to use this data in the event of system misuse to determine the reasons for and the cause of the misuse, and, if necessary, to take legal action. Furthermore, your computer's IP address is only evaluated in anonymized form (shortened by the last three digits).

You can visit our website without providing any personal information.

Please note that data transmission over the internet (e.g., communication via email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible. Therefore, you should send us confidential data via another method, such as postal mail.

Applications

The data controller processes the personal data of applicants for the purpose of processing the application procedure. The legal basis for this is Section 26 Paragraph 1 Sentence 1 of the German Federal Data Protection Act (BDSG). Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents electronically, for example, by email or via a web form on the website. If the data controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If the data controller does not conclude an employment contract with the applicant, the application documents will be deleted in accordance with legal requirements after the advertised position has been filled, unless other legitimate interests of the data controller preclude deletion. A legitimate interest in this sense is, for example, the need to retain evidence in proceedings under the German General Equal Treatment Act (AGG). For this purpose, the data will be stored for six months after the conclusion of the application procedure and then deleted.

Applications can only be processed if they are sent to the email address "bewerbung@shera.de" or submitted via our application portal. If you use a different company email address, your application will unfortunately not be recognized by our systems and therefore will not be considered. Please bear in mind that email is not a secure medium. If your application reaches our email server at the above-mentioned email address, we protect it with robust technical and organizational measures. However, we have no control over the security of your application during its journey to our company via the public internet and therefore cannot guarantee its level of protection. If your sending email server supports STARTTLS, our email server will also use STARTTLS, thus ensuring transport encryption.

Link: Detailed information on applicant data protection

contact

Personal data (e.g., your name, address, or contact details) that you voluntarily provide to us, for example, as part of an inquiry or in any other way, will be stored by us and processed only for correspondence with you and only for the purpose for which you provided us with this data. This data is processed based on our legitimate interest in promptly responding to inquiries from prospective clients, in accordance with Article 6(1)(f) of the GDPR.

registration

You can register on our website to use additional features. We use the data you provide only for the purpose of providing the specific offer or service for which you registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration. For important changes, such as changes to the scope of services or technically necessary modifications, we will use the email address you provided during registration to inform you. The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. An informal notification by email to us is sufficient. The withdrawal of consent does not affect the lawfulness of data processing carried out before the withdrawal. The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

Newsletter

We offer you the option of subscribing to our newsletter via our website. When you subscribe, we collect your personal data. To ensure that the newsletter was indeed ordered by you and your email address, you will first receive a confirmation email. Only after you click the activation link in that email will you be added to our mailing list and receive the newsletter. Your newsletter subscription will be logged for verification purposes (IP address, date, time). You can unsubscribe from the newsletter at any time by notifying us. You can also use the unsubscribe link at the end of each newsletter. The legal basis for this processing is Article 6(1)(a) GDPR.

We use the Google service reCAPTCHA to determine whether a human or a computer is making a specific entry in our contact or newsletter form. Google uses the following data to verify whether you are a human or a computer: the IP address of the device you are using, the website you are visiting on our site where the CAPTCHA is integrated, the date and duration of your visit, the identification data of the browser and operating system you are using, your Google account if you are logged in to Google, mouse movements on the reCAPTCHA areas, and tasks in which you have to identify images. The legal basis for the data processing described is Article 6(1)(f) of the General Data Protection Regulation (GDPR). We have a legitimate interest in this data processing to ensure the security of our website and to protect ourselves from automated entries (attacks).

We use the newsletter service CleverReach to send our newsletter. CleverReach processes the data exclusively on our behalf and according to our instructions, in accordance with Article 28 of the GDPR.

Secure data transfer

To protect the security of your data during transmission, we use a state-of-the-art encryption method (SSL) via HTTPS.

Processing of data (customer and contract data)

We process personal data only to the extent necessary for establishing, defining the content of, or amending the contractual relationship (master data). This is done on the basis of Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or for taking steps prior to entering into a contract. We process personal data relating to the use of our website (usage data) only to the extent necessary to enable the user to access the service or for billing purposes. The collected customer data is deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data transfer during contract conclusion for services and digital content

We only transfer personal data to third parties if this is necessary for processing your order, for example, to the companies entrusted with delivering the goods or the bank responsible for processing payments. Your data will not be transferred beyond this scope unless you have expressly consented to it. Your data will not be shared with third parties without your explicit consent, for example, for advertising purposes. The legal basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or for taking steps prior to entering into a contract.

IV. RECIPIENTS OF PERSONAL DATA

We may use service providers for the execution and processing of data processing operations by way of commissioned data processing.

Our contractual relationships with our service providers are governed by the provisions of Article 28 GDPR, which includes the legally required points regarding data protection and data security.

V. DATA COLLECTION THROUGH GOOGLE ANALYTICS

This website uses Google Analytics, a web analytics service provided by Google Ireland Ltd. (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, Email: support-deutschland@google.com. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. The legal basis for this data processing is Art. 6 para. 1 f) GDPR.

If IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Please note that Google Analytics on this website has been extended with the code "anonymizeIp" to ensure an anonymized version of the IP address.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by adjusting your browser settings; however, please note that in this case you may not be able to fully utilize all the functions of this website. Furthermore, you can prevent Google from collecting and processing data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de .

The legal basis for data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by adjusting the corresponding setting in our cookie consent tool.

VI. GOOGLE WEB FONTS

This website uses web fonts provided by Google for the consistent display of fonts. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, Email: support-deutschland@google.com. When you access a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This allows Google to know that our website was accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font from your computer will be used. You can find further information about Google Web Fonts in Google's privacy policy:

https://www.google.com/policies/privacy/

VIa. External Resources and Third-Party Providers

On our website, we use various third-party services, for example, for fonts, technical functions, or analytics. When you visit our site, information such as your IP address, browser, or device may be transmitted to these providers.

Which third-party providers we use:

• Google : googleapis.com (Webfonts, JavaScript), fonts.googleapis.com, fonts.gstatic.com, www.google.com , www.googletagmanager.com , region1.analytics.google.com, stats.g.doubleclick.net
  
  
• Shopify : monorail-edge.shopifysvc.com, cdn.shopify.com
  
  
• Microsoft Clarity : scripts.clarity.ms, www.clarity.ms , z.clarity.ms
  
  
• Wikimedia : upload.wikimedia.org
  
  
• HulkApps : hulkapps-wishlist.nyc3.digitaloceanspaces.com
  
  
• Poptin : app.poptin.in
  
  
• Testimonial Hub : app.testimonialhub.com
  

We integrate these resources to make the website appealing, functional and secure, and to understand how our service is used.

Important instructions:

• Some services, such as ajax.googleapis.com, contain older software versions (e.g., AngularJS) that could theoretically bypass security policies. If possible, we recommend storing resources locally.
  
• Blocking the use of external services may result in parts of the website not being displayed correctly or not being able to use all functions.
  

Further information can be found in the providers' privacy policies:

• Google
  
• Shopify
  
• Microsoft Clarity
  
• Wikimedia
• Facebook
  
  
  
  

VII. GOOGLE MAPS

This page uses the Google Maps service via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com .

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to and stored on a Google server in the USA. The provider of this website has no influence on this data transfer.

The use of Google Maps is in our legitimate interest in presenting our online services in an appealing manner and ensuring that the locations we specify on the website are easy to find. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

If you do not agree to this processing of your data, you can deactivate the “Google Maps” service and thus prevent the transfer of data to Google. To do this, you must deactivate JavaScript in your browser. However, please note that in this case you will not be able to use “Google Maps” at all or only to a limited extent. You can find more information about how Google handles user data in Google's privacy policy:

https://www.google.de/intl/de/policies/privacy/

The “eXactly GDPR Google Maps” plugin used for Google Maps comes from www.eXactly-webdesign.de

VIII. USE OF COOKIES

Our website uses cookies. Cookies are small text files that are stored by your browser on your computer. The use of cookies makes our website more user-friendly. For example, it allows us to recognize you for the duration of your session without requiring you to constantly re-enter your username and password. Cookies do not harm your computer and are deleted after you close your browser. The legal basis for this data processing is Article 6(1)(f) of the GDPR.

Some of the cookies we use are deleted immediately after you close your browser (so-called session cookies).

Other cookies remain on your device and allow your browser to be recognized on your next visit (persistent cookies).

Data processing in connection with cookies that serve solely to establish the functionality of our online service is based on our legitimate interest pursuant to Art. 6 I f) GDPR.

If you do not wish to use cookies, you can configure your browser to reject them. Please note, however, that in this case you may not be able to use all the functions of our website.

Facebook Business Tools

We use the Facebook Pixel on our website, a Facebook business tool provided by Facebook Ireland Limited (Ireland, EU). Information about Facebook Ireland's contact details and the contact details of Facebook Ireland's Data Protection Officer can be found in Facebook Ireland's Data Policy at www.facebook.com/about/privacy .

The Facebook pixel is a snippet of JavaScript code that allows us to track the activities of visitors on our website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data):

• Information about the actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
• Specific pixel information such as the pixel ID and the Facebook cookie;
• Information about buttons clicked by website visitors;
• Information contained in HTTP headers, such as IP addresses, information about the web browser, the location of the page, and the referrer;
• Information on the status of ad tracking deactivation/restriction.

Some of this event data is information stored on your device. Additionally, the Facebook pixel also uses cookies to store information on your device. Such storage of information by the Facebook pixel, or access to information already stored on your device, only occurs with your consent.

Tracked conversions appear in the dashboard of our Facebook Ads Manager and Facebook Analytics. We can use these tracked conversions to measure the effectiveness of our ads, define custom audiences for ad targeting, for Dynamic Ads campaigns, and to analyze the effectiveness of our website's conversion funnels. The functions we use via the Facebook Pixel are described in more detail below.

Processing of event data for advertising purposes
The event data collected via the Facebook pixel is used for targeting our advertisements and improving ad delivery, personalizing features and content, and improving and securing Facebook products.

For this purpose, event data is collected on our website using the Facebook pixel and transmitted to Facebook Ireland. This only occurs if you have given your prior consent. The legal basis for the collection and transmission of personal data by us to Facebook Ireland is therefore Article 6(1)(a) GDPR.

This collection and transmission of event data is carried out by us and Facebook Ireland as joint controllers. We have entered into a joint controllership agreement with Facebook Ireland, which defines the distribution of data protection responsibilities between us and Facebook Ireland. In this agreement, we and Facebook Ireland have agreed, among other things, to...

• that we are responsible for providing you with all information pursuant to Articles 13 and 14 of the GDPR regarding the joint processing of personal data;
• that Facebook Ireland is responsible for enabling the rights of data subjects pursuant to Articles 15 to 20 GDPR with regard to the personal data stored by Facebook Ireland after joint processing.

You can access the agreement concluded between us and Facebook Ireland at www.facebook.com/legal/controller_addendum .

Facebook Ireland is solely responsible for the subsequent processing of the transmitted event data. Further information on how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and how you can exercise your rights with respect to Facebook Ireland, can be found in Facebook Ireland's Data Policy at www.facebook.com/about/privacy .

Processing of event data for analysis purposes
We have also commissioned Facebook Ireland to generate reports on the effectiveness of our advertising campaigns and other online content (campaign reports) and to create analyses and insights about users and their use of our website, products, and services (analyses), based on event data collected via the Facebook pixel. For this purpose, we transmit personal data contained in the event data to Facebook Ireland. The transmitted personal data is processed by Facebook Ireland as our data processor in order to provide us with the campaign reports and analyses.

Personal data will only be processed for the creation of analyses and campaign reports if you have given your prior consent. The legal basis for this processing of personal data is therefore Article 6(1)(a) GDPR.

The transfer of data to Facebook Inc. in the USA cannot be ruled out. The legal basis for this transfer is the Standard Contractual Clauses for the transfer of personal data to processors in third countries. Please refer to the information in the section "Data Transfer to Third Countries".

Google Marketing Services
We use the Google Ads Conversions marketing service from Google Ireland Limited (Ireland/EU). Google Ads allows us to place relevant ads for users within the Google advertising network (e.g., in search results or on other websites), improve campaign performance reports, and prevent users from seeing ads multiple times. Each Ads customer sets a different conversion cookie. Therefore, these cookies cannot be tracked across the websites of different Ads customers. A cookie ID records which ads are displayed in which browser. This prevents users from seeing the same campaign multiple times. Furthermore, cookie IDs allow us to track conversions, i.e., whether a user sees an ad and later visits the advertiser's website and makes a purchase.

We use the DoubleClick Floodlight marketing service from Google Ireland Limited (Ireland/EU). This service allows us to track and analyze the actions of users who visit our website after seeing or clicking on one of our advertisements. For this purpose, so-called "floodlight tags" or tracking pixels and cookies are placed on our website. This function allows us to determine the effectiveness of our online campaigns on our website.

Remarketing allows us to target users who have already interacted with our website. Our ads are then displayed when this target group visits a Google website or a website within the Google advertising network. For this purpose, when our website is accessed, Google executes a code and integrates so-called (re)marketing tags into the website. These tags store an individual cookie on the user's device. The cookies can be set by various domains, including google.com, doubleclick.net, googlesyndication.com, and googleadservices.com. This file records which websites users have visited, which content they are interested in, and which offers they have used. In addition, technical information about the browser and operating system, referring websites, visit time, and other information about the use of the online service is stored. All user data is processed only as pseudonymous data and does not contain any information that could be used to personally identify users. The displayed ads are therefore not targeted to a specific individual, but rather to the owner of the cookie.

The use of Google Marketing Services only occurs with your consent in accordance with Art. 6 para. 1 letter a GDPR.

When using Google services, the transfer of data to Google Inc. in the USA cannot be ruled out. Please refer to the information in the section "Data Transfer to Third Countries". Further information on data protection at Google can be found in Google's privacy policy at www.google.com/policies/privacy .

Data transfer to third countries
Visiting our website may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that the third country in question ensures an adequate level of data protection. If no such adequacy decision by the European Commission exists, personal data will only be transferred to a third country if appropriate safeguards are in place pursuant to Article 46 GDPR or if one of the conditions of Article 49 GDPR is met.

Unless otherwise stated below, we use the EU Standard Contractual Clauses as suitable safeguards for the transfer of personal data to processors in third countries: eur-lex.europa.eu/legal-content/DE/TXT/ .

VIIIa. Social media presences

We maintain publicly accessible profiles on social networks (e.g., Facebook, Instagram, LinkedIn, TikTok). You can find links to the individual social networks below.

When you visit our profiles, personal data is processed by the respective provider. This includes, in particular:

• Your interactions with our content (likes, comments, messages)
  
  
• Statistical analyses of the use of our site
  
  
• Technical data such as your IP address, device used, browser data
  
  

Please note that this data may also be processed by the platform operators outside the European Union. We have only limited influence over this processing by the platform operators.

The processing of your data when you visit our social media pages is based on our legitimate interests in a modern public image and effective communication with our customers and prospective customers (Art. 6 para. 1 lit. f GDPR). If you have given your consent to the platforms (e.g., by ticking a box), Art. 6 para. 1 lit. a GDPR is the legal basis.

Shared responsibility (Facebook/Instagram):

We share responsibility for our Facebook and Instagram pages with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The relevant agreements can be found here:

https://www.facebook.com/legal/terms/page_controller_addendum

Your rights:

You can generally assert your rights (information, deletion, objection, etc.) both against us and against the provider of the respective platform.

Further information on data processing can be found here:

• Facebook & Instagram: https://www.facebook.com/policy.php
  
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
  

IX. YOUR RIGHTS

According to Articles 15-21 GDPR, you can assert the following rights with regard to the personal data we process, provided the conditions described therein are met.

Data transfer during contract conclusion for services and digital content

According to Articles 15-21 GDPR, you can assert the following rights with regard to the personal data we process, provided the conditions described therein are met.

Right to information

You have the right to information about the personal data concerning you that is processed by us.

Right to rectification

You can request the correction of incomplete or incorrectly processed personal data.

Right to erasure

You have the right to have your personal data erased, in particular if one of the following grounds applies.

• Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
• You are withdrawing your consent, on which the processing of your data was based.
• You have asserted a right to object to the processing and there are no overriding legitimate grounds for the processing.
• Your data has been processed unlawfully.

However, the right to erasure does not apply if it conflicts with the legitimate interests of the data controller. Legitimate interests are assumed in the following cases:

• Personal data is required for the establishment, exercise or defense of legal claims.
• Deletion is not possible due to legal retention requirements.

If data cannot be deleted, there may be a right to restrict processing (see below).

Right to restriction of processing

You have the right to request that we restrict the processing of your personal data if

• If you dispute the accuracy of the data and we therefore verify its accuracy,
• the processing is unlawful and you object to the deletion and instead request the restriction of use,
• we no longer need the data, but you require it for the establishment, exercise or defense of legal claims,
• You have objected to the processing of your data, and it is not yet clear whether our legitimate grounds override your grounds.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent or a contract and the processing is carried out by automated means.

Right to object

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.

Right of withdrawal

Insofar as the processing of your personal data is based on consent, you have the right to withdraw this consent at any time.

X. STANDARD DEADLINES FOR DATA DELETION

Unless a statutory retention period applies, data will be deleted or destroyed when it is no longer required for the purpose of data processing. Different retention periods apply to personal data; for example, data relevant for tax purposes is generally retained for 10 years, while other data is generally retained for 6 years in accordance with commercial law regulations. Finally, the storage period may also be governed by statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.

XI. Right to lodge a complaint with a supervisory authority

Under Article 77 of the GDPR, every data subject has the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data infringes the GDPR. The competent supervisory authority for data protection matters is the State Data Protection Commissioner of the federal state in which our company is based.

The State Commissioner for Data Protection of Lower Saxony, Prinzenstr. 5, 30159 Hannover, Germany, Telephone: +49 511 120-4500, Fax: +49 511 120-4599, Email: poststelle@lfd.niedersachsen.de

XII. DISCLAIMER

Liability for content

As a service provider, we are responsible for our own content on these pages in accordance with general law (pursuant to Section 7 Paragraph 1 of the German Telemedia Act (TMG)). However, as a service provider, we are not obligated to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity (Sections 8 to 10 TMG). Obligations to remove or block the use of information in accordance with general law remain unaffected. However, liability in this respect is only possible from the point at which we become aware of a specific legal infringement. Upon becoming aware of such legal infringements, we will remove this content immediately.

Liability for links

Our website contains links to external websites of third parties, over whose content we have no control. Therefore, we cannot assume any liability for this external content. The respective provider or operator of the linked pages is always responsible for their content. The linked pages were checked for possible legal violations at the time the links were created. Illegal content was not identified at the time the links were created. However, continuous monitoring of the content of linked pages is not reasonable without concrete evidence of a legal violation. Upon notification of legal violations, we will remove such links immediately.

Visit website | Visit shop