§1 Name and contact details of the data controller

VMT GmbH, Stegwiesenstr. 24, 76646 Bruchsal, Germany, as operator of the website https://vmt.global is the data controller within the meaning of the GDPR.

§2 Contact with the data protection officer

You can contact our data protection officer at any time with any data protection concerns at labol1736558682g.tmv1736558682@ztuh1736558682csnet1736558682ad1736558682.

§3 What is personal data?

Personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

§4 Purposes of data processing

The scope and nature of the collection, processing and use of your data will vary depending on whether you visit our website merely to access generally available information or to take advantage of additional services. In principle, we process your personal data in the course of our business activities for pre-contractual or contractual purposes. In addition, we may also process your personal data for our legitimate interests, to obtain your consent, or to comply with legal requirements. We will inform you of the specific purposes of data processing in the following sections.

§5 Legal basis for data processing

The processing of your personal data is based on the following legal grounds:

• for the fulfilment of pre-contractual or contractual obligations (Art. 6 para. 1 b) GDPR)
• on the basis of your consent (Art. 6 para. 1 a) GDPR)
• in the context of balancing interests (Art. 6 para. 1 f) GDPR)
• on the basis of legal requirements (Art. 6 para. 1 c) GDPR)

We will inform you about the specific legal basis for the data processing in our respective processing activities.

§6 Right to object

If we process your personal data on the basis of our overriding legitimate interest (legal basis for data processing is Art. 6 para. 1 f) GDPR), you have the right to object to this processing at any time for reasons arising from your particular situation. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing (except for direct marketing, in which case we will comply with your objection immediately) if we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or if the processing is necessary for the establishment, exercise or defence of legal claims. Other rights of data subjects remain unaffected.

§7 Use of our website for information purposes

When you use our website for purely informational purposes, it is generally not necessary for you to provide any personal information. Rather, when you visit our website, we only collect the data that your internet browser automatically transmits to us, such as

• Referrer (previously visited website)
• requested web page or file
• Browser type and version
• Operating system used
• Type of device used
• Date and time of access
• IP address in anonymised form
• other similar data and information used for security purposes in the event of an attack on our information technology systems.

This typically involves the use of log files. The purpose of the processing is to ensure the functionality and compatibility of our website for technically unproblematic use, including troubleshooting and protection against technical attacks and misuse. The legal basis for this processing is our legitimate interest pursuant to Art. 6 para. 1 f) GDPR. Our legitimate interest is the proper operation of our website. Log file data is deleted once it is no longer needed for processing purposes.

§8 Use of our website for further services

If you make use of further services of our company via our website, it may be necessary for you to provide personal data for this purpose. Which personal data is required for the provision of services can be seen from the respective input mask or application. You can provide further information voluntarily. You can recognise which information is required and which is voluntary by the fact that the mandatory information is marked with an asterisk (*) or with the note ‘mandatory field’. Your data is processed solely for the purpose of providing the service you have requested. The legal basis for the processing of your personal data and the information about when your personal data will be deleted can be found in the description of the specific services.

§9 Hosting

We use an external service provider to host our website. The personal data collected on this website is stored on the host’s servers. The host is used in the interest of secure, fast and efficient provision of our website (Art. 6 (I) (f) GDPR). Our host will only process your data to the extent necessary to fulfil its contractual obligations and instructions from us. We use STRATO AG, Pascalstraße 10, 10587 Berlin as our host. We have concluded an order processing contract with the host in accordance with Art. 28 GDPR.

§10 Contacting us

Our website offers you the opportunity to contact us by e-mail. Please note that unencrypted communication by e-mail is not secure. It is possible that data transmitted in this way could be read, copied, altered, or deleted by unauthorised parties. The personal data you provide when contacting us by e-mail will only be used for the purpose of processing your e-mail enquiry. It will only be passed on to third parties if this is necessary for the purpose of processing this contact. The legal basis for this is Art. 6 para. 1 b) GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the legal basis is our legitimate interest in the effective processing of inquiries addressed to us pursuant to Art. 6 para. 1 f) GDPR. Your personal data will be deleted when it is no longer required to fulfil the purpose for which you contacted us. We would like to point out that your messages may have to be stored as part of the legal obligation to retain them. In this case, the legal basis is Art. 6 par. 1 c) GDPR

§11 Newsletter

11.1 Newsletter subscriptions via the website

Newsletter registration is not available through our website.

11.2 Sending newsletters to existing customers

If you order goods or services from us and provide us with your email address, we may subsequently use that email address to send you newsletters unless you have expressly objected and you have been/will be informed that you may object to receiving newsletters at any time. We will only send information and direct advertising for our own similar goods or services via the newsletter.

The legal basis for sending the newsletter is 6 para. f GDPR in connection with § 7 para. 3 UWG.

You can unsubscribe at any time. Each newsletter contains an unsubscribe link. After you unsubscribe, we may add your email address to a blacklist to prevent future mailings to you. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest as defined by Article 6(1)(f) of the GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

§12 Security

We have taken technical and organisational measures to protect our website and other systems against loss, destruction, access, modification or distribution of your data by unauthorised persons. We use the TLS 1.3 (Transport Layer Security) encryption system.

§13 Cookies and similar technologies

We do not use cookies or similar technologies.

§14 Web analysis

14.1 Matomo

We use the open source software Matomo to analyse and statistically evaluate the use of the website. We have installed Matomo locally on our server. The information is not shared with third parties. We only process information that your browser automatically sends when you visit our website; we do not use cookies or similar technologies. IP addresses are anonymised and usage data is not aggregated. Information obtained to identify users is not used for any other purpose. The legal basis for the use of Matomo is Art. 6 para. 1 f) GDPR. The legitimate interest lies in the needs-based design of our website and the analysis of the use of the website.

You can also opt-out of web analytics by Matomo by clicking on the following link and selecting the opt-out option. Please note that in this case a cookie must be set in your browser to signal your objection.

You have the option to prevent your actions from being analysed and linked. This protects your privacy, but also prevents the owner from learning from your actions and improving the experience for you and other users.

§15 Social media

We maintain public profiles on social networking sites. The specific social networking sites we use are listed below.

Social networks such as Facebook, etc. can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media sites triggers a number of processing operations relevant to data protection.

In detail: If you are logged into your social media account and visit our social media presence, the operator of the social media portal may associate this visit with your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the social media portal in question. In this case, the information may be collected through cookies that are stored on your device or by logging your IP address.
The data collected in this way allows the social media sites to create user profiles that store your preferences and interests. In this way, interest-based advertising can be displayed to you both within and outside of the social network. If you have an account with the social network in question, the interest-based advertising may be displayed on all devices on which you are or have been logged in.

Please also note that we cannot track all of the processing that takes place on the social media portals. Depending on the provider, further processing may be carried out by the operators of the social media portals. Please refer to the terms of use and privacy policies of each social media portal for details.

15.1 Legal basis

Our social media presence is intended to provide an informative presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 f) GDPR. In necessary cases, the legal basis is also Art. 6 para. 1 a) GDPR. The analysis processes initiated by the social networks themselves may rely on other legal bases to be specified by the operators of the social networks (e.g. consent in the sense of Art. 6 para. 1 a) GDPR).

15.2 Data controller and enforcement of rights

If you visit one of our social media sites, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal.

Please note that despite our joint responsibility with the operators of the social media portals, we do not have full control over the data processing procedures of the social media portals. Our ability to do so depends largely on the policies of the social media provider.

15.3 Retention period

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for which it was stored no longer applies, you request us to delete it or you revoke your consent to its storage. Stored cookies will remain on your device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

We have no influence on the retention period of your data, which is stored by the operators of social networks for their own purposes. Please contact the social network operator directly for details (e.g. in their privacy policy, see below).

15.4 Social networks in detail

LinkedIn

We use LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We provide a link to this profile on our website. If you follow such a link by clicking on it, this provider will store and use your data (IP address and other personal data) for the provision of the service and for its own business purposes.

Your personal data may also be transferred to LinkedIn Corporation, which is based in the USA. LinkedIn has been certified under the EU-US Privacy Framework to meet the level of data protection that applies in the EU. The certificate is available at https://www.dataprivacyframework.gov/s/

For more information about LinkedIn’s privacy practices, please visit https://www.linkedin.com/legal/privacy-policy.

XING

We have a profile on XING. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Further information on data protection at XING can be found at: https://privacy.xing.com/de/datenschutzerklaerung

§16 Additional features and content

We do not use any additional functions and content (e.g. map or font services) on our website.

§17 Links to other websites

Where we provide links to the websites of other organisations, this Privacy Policy does not apply to the processing of personal data by those organisations. We therefore encourage you to read the privacy notices of the other websites you visit.

§18 Recipients and data transfers

We have centralised certain data processing operations within our company. These may be carried out centrally by our individual departments, e.g. for processing enquiries. External contractors and service providers (e.g. logistics companies or IT service providers) may also be involved to ensure the fulfilment of our tasks and contracts. In addition, data may be disclosed to recipients to whom we are obligated or authorised to disclose data under contractual or legal obligations or on the basis of your consent.

§19 Transfer of data to third countries

19.1 Transfer of data to third countries

Data will only be transferred to third countries (countries outside the EU and the European Economic Area EEA) if this is necessary for the performance of a contract/order/business relationship, including the initiation thereof, or if permitted by our legitimate interests or your consent, and always in accordance with applicable data protection requirements.

19.2 Note on data transfers to the USA

As part of the so-called ‘Data Privacy Framework’ (DPF), the EU Commission has also recognised the level of data protection for certain companies from the USA as being safe as part of the adequacy decision of 10 July 2023. The list of certified companies and more information about the DPF can be found on the US Department of Commerce website at https://www.dataprivacyframework.gov/. We will inform you which of our service providers are certified under the DPF in the privacy policy for that service.

§20 Deletion of your data

We will only process your personal data for as long as is necessary to fulfil the relevant purpose or until there is no longer a legal basis for the processing (e.g. revocation of consent to data processing). We will comply with existing legal retention and storage periods.

§21 Your rights

You have the right:

• to obtain free information about the personal data we hold about you (right of access).
• to obtain confirmation as to whether we are processing personal data relating to you (right of confirmation).
• to request that we erase personal data concerning you without undue delay, provided that the processing is no longer necessary and the other requirements of the GDPR for erasure are also met (right to erasure).
• to request the prompt correction and completion of inaccurate personal data (right to rectification).
• to request the restriction of the processing of your personal data (right to restriction of processing).
• obtain the personal data concerning you in a structured, commonly used and machine-readable format (right to data portability).
• to object to the processing of your personal data (right to object).
• the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (right to an individual decision).
• to withdraw your consent to the processing of your personal data at any time with effect for the future.
• lodge a complaint with the data protection supervisory authority if you consider that the processing of your personal data is in breach of the GDPR (right to complain).

For more information about your rights, please contact our Data Protection Officer.

§22 Changes to our privacy policy

We reserve the right to make changes to our Privacy Policy at any time in order to ensure that it always complies with current legal requirements. This also applies if the Privacy Policy needs to be adapted due to new or revised services, e.g. new services.

§23 Privacy information according to Art. 13 / Art. 14 GDPR

Privacy information for business partners

Privacy information for applicants