Information on the processing of personal data (Privacy Notice)
(Version 2.0, Stand 14.04.2026)
Herzlich willkommen im Datenschutzbereich der EM Gerätebau GmbH
Precision & Service – powerful in metal. We are delighted that you have taken an interest in our company. In this privacy notice, we aim to provide you with detailed information about when we collect which data and how it is processed.
Data controller
The controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is:
Precision & Service – powerful in metal
Ahornstraße 8 – 14
82291 Mammendorf
Germany
08145 921 – 300
info@emg-gmbh.de
Managing directors with signing authority:
Daniel Henle, Manfred Merkl
Data Protection Officer
You can contact our Data Protection Officer at:
General information on the collection of personal data
The following information is provided to ensure transparency regarding the nature and scope of the processing of personal data,
- during your visit to our website,
- the use of our online services,
- external online presence on social media platforms
- as part of the recruitment process
- as well as in business dealings with customers and service providers
be collected.
The legal basis for our data protection policy is provided in particular by the provisions of the General Data Protection Regulation (GDPR), as well as the supplementary provisions of the Federal Data Protection Act (BDSG) and the Telecommunications and Digital Services Data Protection Act (TDDDG).
Purpose / Legal basis for processing
In cases where we seek your consent for the processing of personal data, Article 6(1)(a) of the GDPR serves as the legal basis.
Where we process personal data necessary for the performance of a contract concluded between you and us, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
Where the processing of personal data is necessary to comply with a legal obligation to which we are subject, Article 6(1)(c) of the GDPR serves as the legal basis.
Where the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, the legal basis is Article 6(1)(d) of the GDPR.
Where the processing of personal data is necessary to safeguard a legitimate interest of our company or of a third party, and your interests, fundamental rights and freedoms do not override that interest, the legal basis for the processing is Article 6(1)(f) of the GDPR.
Where cookies or similar technologies are used in the course of data processing, the storage of such cookies or similar technologies, or the access to information on a user’s device (e.g. device fingerprinting), is carried out in accordance with Section 25(1) of the TDDDG in conjunction with Article 6(1)(a) of the GDPR.
Where the use of cookies is strictly necessary, this is done in accordance with Section 25(2), second sentence, of the TDDDG.
Disclosure of personal data
If, in the course of our data processing activities, we transfer your personal data to other parties or disclose it to them, this is done exclusively on the basis of one of the legal grounds set out above. Recipients of this data may include, for example, payment service providers in connection with the performance of a contract. In cases where we are required to do so by law or by court order, we must transfer your data to authorities entitled to receive such information.
Where external service providers assist us in processing your data (e.g. data analysis, newsletter distribution), this is done within the framework of data processing on behalf of the controller in accordance with Article 28 of the GDPR. In such cases, we only enter into contracts with service providers who offer sufficient guarantees that appropriate technical and organisational measures will ensure the protection of your data.
Transfer of data to third countries
Data will only be transferred to third countries (outside the European Union or the European Economic Area) insofar as this is in accordance with legal requirements. Subject to express consent or where transfer is required by contract or law, we process or allow the processing of data only in third countries with a recognised level of data protection (e.g. adequacy decision by the European Commission pursuant to Article 45(1)(3) of the GDPR for the ‘EU-US Data Privacy Framework’) https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en) or in accordance with Article 44 et seq. of the GDPR on the basis of specific safeguards, such as a contractual obligation through the European Commission’s standard data protection clauses (European Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Data storage
As soon as the purpose for which your personal data was stored no longer applies, we will delete or block it. Furthermore, your personal data will only be retained if specific statutory retention periods (in particular retention obligations under commercial and tax law) at national or European level prevent its deletion.
Definitions
Our privacy policy is based on terminology used and defined in the GDPR. To ensure that our privacy policy is easy to read and understand, we would like to explain the key terms in advance.
Personal data
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is regarded as identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing
“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction.
Data controller
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
pseudonymisation
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
data processor
‘Data processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient
‘Recipient’ means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that body is a third party. However, public authorities which may receive personal data in the course of a specific inquiry carried out in accordance with Union law or the law of the Member States shall not be regarded as recipients.
Third
‘A third party’ means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.
Consent
“Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes, expressed in the form of a statement or by a clear affirmative action, by which the data subject signifies their agreement to the processing of personal data relating to them.
Profiling
‘Profiling’ means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Rights of data subjects
The processing of personal data gives you, as the data subject, certain rights which you may exercise at any time. These are:
- Right to withdraw consent under data protection law in accordance with Article 7(3) of the GDPR
- Right to access your personal data held by us in accordance with Article 15 of the GDPR
- Right to rectification of inaccurate data or to have incomplete data completed in accordance with Article 16 of the GDPR
- Right to erasure of your data stored by us in accordance with Article 17 of the GDPR
- Right to restrict the processing of your data in accordance with Article 18 of the GDPR
- Right to data portability under Article 20 of the GDPR
- Right to object under Article 21 of the GDPR
- Automated decision-making in individual cases, including profiling, in accordance with Article 22 of the GDPR.
Right of access
You have the right to ask us whether we are processing any of your personal data and, if so, what data we are processing, as well as to request copies of your personal data from us. Please note that your right of access may be restricted in certain circumstances in accordance with the law.
Right to rectification
If the information relating to you is no longer accurate, you have the right to request, without delay, the rectification of any inaccurate personal data relating to you and, where necessary, the completion of any incomplete personal data.
Right to erasure
In accordance with the relevant legal provisions, you have the right to request that data relating to you be deleted without delay, for example if the data is no longer required for the purposes for which it was collected and there are no legal retention or archiving requirements preventing its deletion.
Right to restriction of processing
Under the provisions of Article 18 of the GDPR, you have the right to request that the processing of your personal data be restricted, for example if you have objected to the processing, for the duration of the assessment as to whether your objection can be upheld.
Right to data portability
You have the right to receive the data you have provided to us, or to have it sent to a third party, in a commonly used, machine-readable format. If you request that the data be transferred directly to another data controller, this will only be done where technically feasible.
Right to withdraw consent under data protection law
Where the processing of your personal data is based on consent you have given us, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of that consent prior to its withdrawal.
Please send your cancellation in writing to EM Gerätebau GmbH, Präzision & Service – kraftvoll in Blech, Ahornstraße 8–14, 82291 Mammendorf, info@emg-gmbh.de. Please note that your objection may also be raised in other proceedings, or may need to be raised for technical reasons. Further information on this can be found in the relevant services described.
Right to object to processing
Under the conditions set out in Article 21(1) of the GDPR, you may object to data processing carried out on the basis of Article 6(1)(e) or (f) of the GDPR on grounds relating to your particular situation. This also applies to profiling based on these provisions. If you exercise your right to object, we will no longer process your personal data in question, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
Please send your objection in writing to EM Gerätebau GmbH, Präzision & Service – kraftvoll in Blech, Ahornstraße 8–14, 82291 Mammendorf, info@emg-gmbh.de. Please note that your objection may also be raised in other proceedings, or may need to be raised for technical reasons. Further information on this can be found in the relevant services described.
Right to lodge a complaint with the data protection authority
Under Article 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that your personal data is being processed unlawfully.
Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.
Use of online services
Below, we explain when and in what context data is processed when you use our online services.
Collection of personal data when visiting our website
When you use the website purely for information purposes – i.e. if you do not register or otherwise provide us with information – we only collect the personal data that your browser transmits to our server. When you view our website, we collect the data listed below. This data is technically necessary to display our website to you and to ensure the stability and security of the display. The legal basis for storing information in the form of cookies or in the server log file on your device, or for accessing this information on your device, is Section 25(2)(2) of the German Telemedia Act (TDDDG). The associated data processing is based on Article 6(1)(f) of the General Data Protection Regulation (GDPR):
- IP-Adresse
- Date and time of the enquiry
- Time difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status / HTTP status code
- the amount of data transferred in each instance
- Website from which the request originates
- Browser
- Operating system and its user interface
This data will be retained for a maximum period of seven are temporarily stored in our system’s log files. They may be stored for longer periods; however, in such cases, the IP addresses are partially deleted or anonymised so that it is no longer possible to identify the client that made the request.
Use of cookies
In addition to the data mentioned above, cookies are stored on your device (e.g. PC, laptop, smartphone) when you use our website. Cookies are small text files that are stored on your device and associated with the browser you are using, and through which certain information is transmitted to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transfer malware to your devices. They serve to make the online service as a whole more user-friendly and effective.
This website uses the following types of cookies, the scope and functionality of which are explained below:
Transient Cookies
Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be associated with the same session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
Persistent cookies
Persistent cookies are automatically deleted after a set period of time, which may vary depending on the cookie. You can delete these cookies at any time via your browser’s security settings.
We use cookies on our website that are generated by us as the website operator and are necessary for the full functionality and presentation of our website. The legal basis for storing information in the form of cookies on your device or accessing this information on your device is Section 25(2)(2) of the TDDDG. We use these cookies on the basis of a legitimate interest pursuant to Article 6(1)(f) of the GDPR to ensure the provision of our online service.
In addition to the cookies set by us as the data controller, we also use cookies provided by other providers. We process these cookies on the basis of your consent in accordance with Article 6(1)(a) and Section 25(1) of the TDDDG (storage of cookies or access to information on an end device, e.g. via device fingerprinting). Further information on the use of cookies and our cooperation with external service providers can be found in the privacy policy of the respective online services.
You can configure your browser settings as you wish and, for example, refuse to accept cookies from third-party providers or block all cookies. Please note, however, that this may prevent you from using all the features of this website. If you have consented to the use of cookies but wish to withdraw your consent in future, you can delete the stored cookies in your browser settings.
Cookie settings in web browsers
Web browsers can be configured to notify you when cookies are set, or to block or disable cookies either completely or partially. By disabling and deleting all cookies, you can also withdraw any consent previously given. If you disable or restrict cookies via your browser, certain functions on our website may not be available to you. You can delete stored cookies at any time using your web browser, including automatically.
You can find out more about these options for the most commonly used browsers via the following links:
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-informationen-websites-auf-ihrem-computer
Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=de&answer=95647
Apple Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Microsoft Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge: https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies
Opera: https://help.opera.com/de/latest/web-preferences/
If no restrictions have been applied to your cookie settings, cookies that are necessary to enable and ensure the required technical functions will remain on your device until you close your browser; other cookies may remain on your device for longer. The exact cookie durations are displayed by the respective services used.
SSL- BZW. TLS- Verschlüsselung
Unsere Website verwendet zur Sicherheit und zum Schutz bei Übertragung vertraulicher Inhalte die TLS-Verschlüsselung (ehemals SSL). Bestellungen oder Kontaktanfragen, die Sie an uns senden, erfolgen somit per Transportverschlüsselung. Diese erkennen Sie, je nach Browser-Typ, entweder am Schloss-Symbol und/oder am https-Protokoll in der Adresszeile.
Externes Hosting
We host our website externally. The personal data collected on this website is stored on the servers of the hosting provider(s). This may include all information relating to users of our online service that is generated during use and communication, such as, in particular, content data (e.g. entries in online forms); usage data (e.g. websites visited, access times); meta/communication data (e.g. device information, IP addresses).
We collect the aforementioned data in order to ensure the secure, fast and efficient provision of our online services. The legal basis for storing information in the form of cookies on your device or accessing this information on your device is Section 25(2)(2) of the German Telemedia Act (TDDDG). The associated processing of your data is carried out in accordance with Article 6(1)(f) of the General Data Protection Regulation (GDPR) on the basis of our legitimate interest in the correct display and functionality of our website.
We use the following hosting provider(s):
Mittwald CM Service GmbH & Co. KG, Königsberger Str. 4 – 6, 32339 Espelkamp
For further information on data protection, please visit https://www.mittwald.de/datenschutz.
We have also entered into a data processing agreement (DPA). This agreement sets out the scope, nature and purpose of the access rights granted to the above-mentioned provider(s) to the data. These access rights are limited solely to what is necessary for the provision of hosting services and in compliance with the GDPR.
Getting in touch
Contact form
When you contact us via a contact form, the data you provide (Ihre E-Mail-Adresse, ggf. Ihr Name, Ihre Telefonnummer, der Inhalt Ihrer Nachricht) stored by us in order to respond to your enquiry. The processing of data entered into the contact form is based on your consent in accordance with Article 6(1)(a) of the GDPR. If your contact enquiry relates to the performance of a contract or the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) of the GDPR. We will delete the data collected in this context once storage is no longer necessary, or restrict processing if statutory retention obligations apply. You may withdraw this consent at any time. The lawfulness of the data processing operations carried out prior to withdrawal remains unaffected by the withdrawal.
Enquiries by email or telephone
When you contact us by email, telephone or fax, the personal data you provide (Your email address, your name (if applicable), your telephone number, and the content of your message) are stored by us in order to process your enquiry. We will not pass on this data without your consent.
Data processing is carried out on the basis of Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, we process your data on the basis of your consent in accordance with Article 6(1)(a) of the GDPR and/or on the basis of our legitimate interests in accordance with Article 6(1)(f) of the GDPR. Our legitimate interest lies, in particular, in the effective handling of your enquiry.
The data you send us via contact enquiries will be retained by us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been dealt with). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.
Embedded third-party content
Google Maps
We have added a link to Google Maps on our website so that you can more easily locate us on a map. [Clicking on our ‘Directions’ tab will take you directly to the Google Maps website].
Please note that we have no control over the content or data processing activities of external third-party websites.
Third-party provider details: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Further information on the purpose and scope of data collection and its processing by Google can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and the settings available to protect your privacy: https://policies.google.com/privacy?hl=de&gl=de.
Google Fonts (Lokal)
We use “Google Fonts” on our website, a service provided by Google Ireland Limited (hereinafter referred to as “Google”). This service enables us to use external fonts, known as Google Fonts. The Google Fonts are installed locally on our server. No connection is made to Google’s servers.
Data protection in relation to job applications
We offer you the opportunity to join us by email, post, via the online application form or via our careers portal to apply. Below, we provide information on the scope, purpose and use of your personal data collected during the application process.
Scope and purpose of data collection
In order for us to consider your application for a specific role, we require a standard and comprehensive application, which provides us with information about your personal profile and qualifications.
The personal data you provide and submit to us as part of your application generally includes: Cover letter, CV containing the usual personal details (first name and surname, date of birth, address, telephone number, email address, photograph), as well as supporting documents and certificates.
As a general rule, we will only use your application documents to decide on the filling of the specific position for which you have explicitly applied. We process the personal data provided to us only to the extent necessary for the purpose of deciding on the establishment of an employment relationship with us. The legal basis for this is Article 6(1)(b) GDPR, Article 88 GDPR in conjunction with Section 26(1) sentence 1 BDSG (new), insofar as this concerns information we receive from you as part of the application process (name, contact details, date of birth, details of your professional qualifications and school education, or details of further professional training). If you voluntarily provide us with further information, we process this on the basis of your consent in accordance with Article 6(1)(a) of the GDPR. During the application process, further personal data may be collected from you personally and from publicly available sources for this purpose. Your personal data will be disclosed within our company exclusively to those persons involved in processing your application.
Should we process personal data about you in order to defend ourselves against legal claims you have brought against us arising from the recruitment process, we rely on Article 6(1)(f) of the GDPR as the legal basis. The legitimate interest in this context is, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG).
Categories of recipients of personal data
Your personal data will only be disclosed to third parties for the purposes set out below. We will only disclose the personal data we have received from you as part of the application process to third parties if:
- you have given your explicit consent to this in accordance with Article 6(1)(a) of the GDPR and Section 26 of the BDSG (new),
- the disclosure is necessary pursuant to Article 6(1)(f) of the GDPR for the establishment, exercise or defence of legal claims, and there is no reason to believe that you have an overriding legitimate interest in preventing the disclosure of your data,
- in the event that there is a legal obligation to disclose data pursuant to Article 6(1)(c) of the GDPR, and
- this is permitted by law and is necessary, in accordance with Article 6(1)(b) of the GDPR and Section 26(1), first sentence, of the BDSG (new), for the establishment or performance of contractual relationships with you.
Furthermore, your data will be disclosed to technical service providers in accordance with Article 28 of the GDPR; these providers will use your data solely on our behalf and under no circumstances for their own business purposes. These include IT-service providers, hosting providers or providers of applicant tracking systems.
We do not intend to transfer your data to third countries outside the EU or the European Economic Area.
Data retention period
If we are unable to offer you a position, you decline a job offer, withdraw your application, revoke your consent to data processing, or request that we delete your data, the data you have provided, including any remaining physical application documents, will be retained for a maximum of 6 months stored or retained after the application process has been completed (retention period) so that the details of the application process can be traced in the event of any discrepancies (Article 6(1)(f) of the GDPR).
Should the application process result in your appointment, we will include your application documents in your personnel file in accordance with Article 6(1)(b) of the GDPR and Section 26(1) of the BDSG-neu, for the purpose of establishing the employment relationship and in relation to the personality profile you have described and the qualifications you have stated, which form the basis of your appointment.
Provision of data
You are not legally required to provide your personal data during the initial stages of the recruitment process. However, the provision of personal data is necessary for us to enter into an employment contract with you. This means that, unless you provide us with personal data when applying for a job, we cannot and will not enter into an employment contract with you.
Automated decision-making
No automated decision-making takes place in individual cases within the meaning of Article 22 of the GDPR. This means that we assess your application personally and the decision regarding your application is not based solely on automated processing.