Directly to webshop +49 271 / 48964-0 sgb@sgb.de

Protection des données

Nous respectons votre vie privée

General information

The following information shows you at a glance what happens to your personal data when you visit our website. Personal data means any information that can be used to identify you as a person. Please refer to our privacy policy beneath this text for detailed information on data protection.

Various personal data is collected when you visit this website. Personal data means any data that can be used to identify you as a person. This privacy policy explains which data we collect and why we process it. It also explains how this is done and for which purpose.

The operators of these web pages take the protection of your personal data very seriously. We treat your personal data in the strictest confidence and in compliance with data protection law and this privacy policy.

This website uses SSL or TLS encryption for security reasons and to protect the transfer of confidential contents, such as orders or inquiries that you send to us, the website operators. You can recognize an encrypted connection in that the address line of the browser changes from "http://" to "https://" and displays the lock symbol. Data you transmit to us cannot be read by third parties when SSL or TLS encryption is activated.

We employ robust technical and organizational measures designed to provide maximum protection for personal data processed through this website. All our security measures are continuously improved to keep abreast of technological developments. The hosting provider guarantees robust security and data protection through automatic DDoS protection, firewalls, SSL encryption, secure data transmission and storage, as well as regular security audits and backups. The hosting provider is also certified to DIN ISO/IEC 27001. However, please be aware that data transmission over the Internet (e.g., when communicating by email) may involve security vulnerabilities. It is impossible to completely protect data against third-party access.

Information on the controller

The data processing controller for this website is:
SGB GmbH
Hofstr. 10
57076 Siegen
E-mail: sgb@sgb.de
Phone: +49 271 48964-0

Data Protection Officer

We have appointed a Data Protection Officer.
VIA Consult
Christian Post
Kurfürst-Heinrich-Str. 10
57462 Olpe
Phone: +49 2761 83668-0
E-mail: elaflex.datenschutz@via-consult.de
Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

Purposes and legal grounds of data collection, rights of data subjects, and transmission of data

Legal grounds

If you have consented to data processing, we shall process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR if special categories of personal data are processed in accordance with Art. 9 (1) GDPR. If you have given your express consent to the transfer of personal data to third countries, processing shall also carried out on the basis of Art. 49 (1) (a) GDPR, and if you have consented to the storage of cookies or access to information on your end device (e.g., by means of device fingerprinting), data processing shall also be based on Section 25 (1) TDDDG. Where the processing of personal data is required for the performance of a contract, such as the delivery of goods, or for pre-contractual steps taken at the request of the data subject, such as responding to inquiries, the legal basis is Art. 6 (1) (b) GDPR. If our company has to meet a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing shall be based on Art. 6 (1) (c) GDPR. Where processing of personal data is not based on one of the aforementioned legal grounds, it is carried out to protect our company's legitimate interests pursuant to Art. 6 (1) (f) GDPR.

Note on data transfer to third countries that are not secure in terms of data protection law and transfer to US companies that are not DPF-certified

Among other tools, we use services from companies in third countries that do not fully meet data protection requirements, as well as US-based services whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. Please be aware that in third countries without adequate data protection, a level of protection comparable to that in the EU cannot be guaranteed.

Bear in mind that the US, as a secure third country, generally has a level of data protection comparable to that in the EU. Data transfer to the US is therefore permissible if the recipient is certified under the EU-US Data Privacy Framework (DPF) or has appropriate additional safeguards in place. Information on data transfers to third countries, including data recipients, can be found in this privacy policy.

Recipients of personal data

We engage with a range of external service providers as part of our business operations. This sometimes requires that personal data is transferred to these external parties. We share personal data with external parties only if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g., sharing data with tax authorities), if we have a legitimate interest in sharing data in accordance with Art. 6 (1) (f) GDPR, or if another legal basis permits the sharing of such data. We only share our customers' personal data with processors on the basis of a valid data processing agreement. Where personal data is processed jointly, an agreement for joint processing is concluded.

Storage period

Unless a more specific storage period is specified in this privacy policy, your personal data will remain with us until such time as the purpose for data processing no longer applies. If you make a valid request for deletion or withdraw your consent for data processing, your data will be erased unless we are legally permitted or required to retain it (e.g., due to tax or commercial law retention periods). In such cases, deletion will occur once these legal obligations no longer apply.

Rights of the data subject

Withdrawing your agreement to process data

Numerous data processing activities can only be performed with your explicit consent. You may withdraw previously issued consents at any time. The withdrawal does not affect the legality of the data processing activities performed until the withdrawal.

Information, correction, and deletion

Under the applicable legal provisions, you have the right to obtain, free of charge, information at any time about your stored personal data, its origin, recipients, and the purpose for which the data is processed. You may also have the right to correct or delete this data. Please feel free to contact us at any time if you have any questions about personal data.

Right to restrict processing activities

You have the right to restrict the processing of your personal data. This applies in particular if you dispute the accuracy of the data stored by us and we need time to verify it, if the processing has been carried out unlawfully and you request restriction instead of deletion, if we no longer need the data, but you need it to exercise, defend, or assert legal claims, or if you have lodged an objection pursuant to Art. 21 (1) GDPR and it is not yet clear whose interests prevail. You may request that the processing of your personal data be restricted. During such a restriction, the data in question will only be processed – with the exception of storage – with your consent, or to assert, exercise, or defend legal claims, to protect the rights of another natural person or legal entity, or for important public interest reasons of the European Union or a Member State.

Right to data portability

You are entitled to have data that we process automatically on the basis of your consent or for the performance of a contract handed over to you or to a third party in a commonly used, machine-readable format. Your data will be transmitted to another controller upon your request only if this is technically feasible.

Right to object to data collection in specific situations and against direct advertising (Art. 21 of the General Data protection Regulation – GDPR)

If your personal data is processed on the basis of Art. 6 (1) (e) or (f) GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions. Please refer to this privacy policy for the respective legal basis for processing. Should you object, we shall stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

If your personal data is processed for the purposes of direct marketing, you have the right to object to such processing at any time. This also applies to profiling insofar as it is related to such direct marketing. Should you object, your personal data will no longer be used for direct marketing purposes.

Right to complain to the competent supervisory authority

In the event of violations of the GDPR, you have the right to lodge a complaint with a supervisory authority. This can be done in particular in the member state of your habitual residence, your place of work, or the location of the alleged violation. This right to complain exists without prejudice to other administrative or judicial remedies.

Data collection on this website

Server log files

Server log files are also generated for technical reasons. These files contain technical data – such as browser type and version, operating system, time of request, IP address, etc. – which your browser automatically transmits to the provider. This data is not combined with other data and therefore cannot be linked to specific individuals. Technical data includes:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of server request
  • IP address

This data is not combined with other data sources.

This data is collected on the basis of Art. 6 (1) (f) GDPR. Server log files are collected to fulfill the website operator's legitimate interest in ensuring the technically flawless operation and optimization of the website.

Cookies

Our websites also makes use of cookies. Cookies are text files that are stored on a computer system via an Internet browser. The use of cookies allows the websites and servers visited to distinguish the individual browser of the data subject from others.

Some cookies are deleted after visiting the site, while others are stored permanently. In addition to our cookies, cookies from third-party companies (third-party cookies) may also be used.

Certain cookies are essential for the operation and presentation of the website and do not collect any personal information. Others, however, enable us to tailor your visit to the site to your preferences and user behavior. In this case, we ask for your consent to set these optional cookies when you visit our website for the first time.

You can prevent cookies from being set on all websites by changing your Internet browser settings. You can configure your browser settings according to your preferences, for example, to block third-party cookies or all cookies. Cookies already set can be deleted. Please bear in mind that you may then not be able to use all the functions of this website.

Cookie banner

We use an open source cookie consent technology called DP Cookie Consent. This enables us to obtain and manage website users' consent to data processing. Such processing is necessary to comply with a legal obligation (Art. 7 (1) GDPR) applicable to us (Art. 6 (1), sentence 1 (c) GDPR).

When you access our website, a DP cookie containing the consents you have given or revoked is stored in your browser. This data is never shared. The collected data is stored in the browser until you delete the cookie yourself or have it automatically deleted by the browser.

External hosting

This website is hosted by an external service provider. The personal data collected on this website is stored on the servers of the hosting provider. This may include, but is not limited to, IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website access data, and other data generated through the use of the website.

We use the hosting provider to ensure our online services are delivered securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR).

Our hosting provider will process your data only as necessary to perform its service obligations and will follow our instructions regarding the handling of this data.

Our hosting provider is:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen

To ensure compliance with data protection requirements, we have concluded a data processing contract with our hosting or service provider as part of a subcontracting arrangement.
Information on data protection and the legal framework of Hetzner Online GmbH is available at the following link: https://www.hetzner.com/de/legal/privacy-policy/

Contact form, inquiry by email or telephone

The contact form allows interested parties to send inquiries to us directly by electronic means.

If an interested party contacts us in this way, the data provided in the form (first name/last name, email address, telephone number, etc.) is automatically stored. The data is stored solely for the purpose of processing the inquiry or contacting the data subject.

We can also be contacted us via the email addresses provided on the website. In such instances, all data provided by the person will be stored. In most cases, the emails sent are delivered to general departmental mailboxes. The stored data is likewise used for the purposes outlined above.

The data you enter will be stored by us until such time as you revoke your consent. Mandatory legal provisions, e.g., specific retention periods, shall remain unaffected.

Newsletter

We offer a newsletter that provides updates on company news and offers on an irregular basis.

To subscribe to our newsletter, please provide a valid email address and indicate your preferred language. Further data will not be collected or will only be collected on a voluntary basis. We will verify the email address you have entered to ensure that you are the owner or that you are authorized to receive the newsletter. To complete the process, we will send you a confirmation email (double opt-in). You consent to our use of your email address to send you the newsletter to share news and updates.

We use the following service providers to manage the newsletter:
B3 Interactive
We work with B3 Interactive, Urnenstr. 56, 51069 Cologne, to create and circulate our newsletters. We have concluded a contract with B3 Interactive for order data processing.

CleverReach
We use CleverReach from CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, for the circulation of our newsletter. This enables us to contact subscribers directly. We also analyze your usage patterns to optimize our content.

The data you enter for the purpose of subscribing to the newsletter (e.g., your email address) is stored on CleverReach's servers in Germany or Ireland.

Conversion tracking also allows us to evaluate whether a predefined action, such as purchasing a product on our website, was completed after clicking a link in the newsletter. Further information on data analysis by CleverReach newsletters can be found at: https://www.cleverreach.com/de-de/newsletter-tool/newsletter-reporting/

The legal basis for such processing is your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent to the processing of your personal data at any time. A link to do so can be found in all newsletters circulated. You can also revoke your consent using the contact options provided. Revoking your consent does not affect the legality of processing that occurred before doing so.

We provide a link for this purpose in every newsletter. Alternatively, you can unsubscribe from the newsletter directly via our website. The data you provide for the purpose of receiving the newsletter will be stored by us until such time as you unsubscribe from the newsletter. Once you unsubscribe, this data will be deleted from both our servers and those of CleverReach, provided you had previously confirmed your consent. Otherwise, unsubscribed email addresses may be retained for up to three years based on our legitimate interests, in order to demonstrate that consent was previously given, before they are deleted from the newsletter distribution list. The data is processed solely for the purpose of possible legal defense. For further information, please refer to CleverReach's privacy policy at: https://www.cleverreach.com/de-de/datenschutz/

Job applications

You can submit your application by mail or email (karriere@sgb.de). When you apply for a position with us, we process the information you provide as part of the application process, including cover letter, resume, references, and similar documents. In addition to your contact details, we are especially interested in information regarding your education, qualifications, work experience, and skills. We will only assess you based on your suitability for the position in question. You do not need to send us a photo.

Your data will initially be processed exclusively for the purpose of completing the application process and to make decisions regarding potential employment. The legal basis for this processing of your personal data is Art. 6 (1) (b) GDPR and Section 26 BDSG. If your application is successful, your personal data will become part of your personnel file. All applications are retained for up to 6 months following the completion of the selection process and are then either permanently deleted or returned to you in full. If it becomes apparent that the data will still be needed after the 6-month period, for example due to an (impending) legal dispute, it will be deleted once it is no longer required for that purpose. If your application is of interest to us but we are currently unable to offer you a position, we will request your explicit consent to store your application data in our applicant pool for an extended period to allow us to consider you for future vacancies. In this case, Art. 6 (1) (a) GDPR applies as the legal basis for the extended period of storage. You can revoke your consent at any time.

Speculative applications are retained indefinitely and added to our applicant pool. This allows us to consider them as soon as a suitable position becomes available. You can object to this storage at any time.

Your personal data will only be collected or processed by persons responsible for managing the application.

Google services

Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The competent body for users of Google services whose habitual residence is in the European Economic Area or in Switzerland is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google collects data about the apps, browsers, and devices you use when accessing Google services in the form of individual activities (e.g., search terms, browser history, purchase activities) or location data (e.g., GPS, IP address, Wi-Fi access points).

The legal basis for the integration of all Google services and the associated data transfer to Google is your consent (Art. 6 (1) (a) GDPR).

Your IP address is truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA, where it is subsequently truncated.

You can find Google's privacy policy here: https://policies.google.com/privacy?hl=de and the additional terms and conditions for use of Google Maps here: https://www.google.com/intl/de_de/help/terms_maps.html

The company is certified under the EU-US Data Privacy Framework (DPF). This agreement between the EU and the US is designed to ensure that European data protection standards are upheld whenever data is processed in the USA. Certified companies commit to complying with these standards. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/list

Google Maps

We use Google Maps, a service provided by Google Inc., on our website. When you use Google Maps, Google collects information about how visitors interact with the Maps features. Once Google Maps is activated, we have no control over the transfer of data to Google. You can stop Google Maps from being activated by changing your cookie settings.

Matomo

We use the web analytics platform Matomo (InnoCraft, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand) on our website.

Matomo uses analytics cookies. The information generated by the cookies, such as the time, place, and frequency of your website visit, including your IP address, is transmitted to Matomo and stored there. Your IP address is instantly anonymized in this process, ensuring that you remain anonymous to us as a user. The information generated about your use of this website is not shared with third parties. You can prevent the use of cookies as described above by changing your browser software settings, but this may limit the functionality of the website.

If you do not consent to the collection and processing of this data regarding your visit, you can object at any time by clicking below. An opt-out cookie will then be set, preventing Matomo from collecting any further data about your visit. Please bear in mind that if you delete cookies via your browser settings, the Matomo opt-out cookie will also be deleted and must be reactivated.

Information on data protection at Matomo can be found in the company's privacy policy: https://matomo.org/privacy-policy/



Social media

We create online profiles on social networks to communicate with active prospects and active users, and to provide information about our organization. This constitutes a legitimate interest pursuant to Art. 6 (1) (f) GDPR.

User data may be processed by the operator of the social media portal (service provider) outside the European Union. This may result in risks for users, as it could, for example, make it more difficult to enforce user rights.

The text below explains how we handle your personal data in connection with our online profiles. In its ruling of June 5, 2018, the ECJ confirmed the joint responsibility of service providers and site operators.

The social media platform you visit allows you to react to our posts, comment on them, create your own posts, and send us private messages about issues that concern you. The data you provide in this setting and to which we may have access (e.g., user name, images, interests, contact details) will be used by us solely for the purpose of communicating with existing and potential customers. We aim to provide a platform where the latest information can be shared and where you can communicate your concerns to us to ensure a timely response.

Our website contains links to social networks. The links are identified by the logos of those networks. Only when you click on these links does your browser establish a connection to the service providers' servers and redirect you to their social media portal.

We also use social plug-ins on our websites for the social networks we use. You can recognize the plug-ins of the respective providers by their logos. When you visit a page with such a plug-in, the service provider is informed about which pages you are visiting. The processed data can be used to create user profiles. This being the case, we therefore have no influence over the scope of data that an activated plug-in collects and how it is used by the provider. If you are logged into your social media account and visit our social media profile, the service provider can assign this visit to your user account. We use the "Shariff" tool to allow this data transfer only after you have given your consent. The "Shariff buttons" establish direct contact between the social network and you. When you actively click on the share button, thereby giving your consent to the transfer of data, the browser establishes a direct connection to the servers.

We do not carry out any further data processing beyond the basic functions of the site. However, please be aware that the service provider may use tracking tools and cookies regardless of our use of the site. Data may be collected even if you are not logged in or do not have an account with the social media portal concerned.

For a detailed description of the respective processing and the options for objection (opt-out), please refer to the information provided by the providers we use. We would like to point out that requests for information and the assertion of user rights can be most efficiently made directly to the providers. Only the providers have access to the user data and are able to take appropriate measures and provide information directly. Please reach out if you still require assistance.

We operate the following profiles and use the following plug-ins on our website:
• Google/YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The competent body for users of Google services whose habitual residence is in the European Economic Area or in Switzerland is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) – Privacy Policy: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) – Privacy Policy: https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out