Personal data refers to information that makes it possible to identify a natural person. In particular, this includes name, date of birth, address, telephone number, email address, as well as your IP address.
Data is classified as anonymous when a personal reference to the user cannot be established.
2. Contact for data protection
The contact details of the Data Protection Officer for all uvex group companies based in Germany are:
3. Rights as a data subject
Firstly, we would like to inform you about your rights as a data subject. These rights are defined in Art. 15 - 22 EU GDPR. These include:
- The right of access (Art. 15 EU GDPR),
- The right to erasure (Art. 17 EU GDPR),
- The right to rectification (Art. 16 EU GDPR),
- The right to data transmission (Art. 20 EU GDPR),
- The right to restriction of processing (Art. 18 EU GDPR),
- The right to object to processing (Art. 21 EU GDPR).
To exercise these rights, please contact: firstname.lastname@example.org
The same applies if you have questions about data processing in our company, or if you wish to revoke consent that you had granted. You also have a right of appeal to a data protection supervisory authority.
4. Rights to object
Please note the following in connection with rights of objection:
If we process your personal data for the purpose of direct marketing, you have the right to object to such data processing at any time, without giving reasons. This also applies to profiling insofar as it relates to direct marketing.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. Lodging an objection is free of charge and can be made without any requirement as to form, addressed to: email@example.com.
In the event that we process your data to safeguard legitimate interests, you may object to this processing at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions.
We shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
5. Purposes and legal basis of data processing
When processing your personal data, the provisions of the EU GDPR and all other applicable data protection regulations are complied with.
The legal basis for data processing arises in particular from Art. 6 EU GDPR.
We use your data to establish business relationships, to fulfil contractual and legal obligations, to carry out contracts, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct marketing.
Your consent to data processing may also constitute a permission requirement under the terms of data protection law. Before you give your consent, we will inform you of the purpose of data processing and your right of withdrawal.
If consent also relates to the processing of special categories of personal data, we will expressly draw your attention to this in the consent. Special categories of personal data as defined in Art. 9 EU GDPR are only processed if this is required by law and there is no reason to assume that your legitimate interest in exclusion of the processing is overriding.
In certain cases, we also base the processing of your data on a legitimate interest in accordance with Art. 6 (1) (f) EU GDPR. In these circumstances, data is only processed if this serves to safeguard our own legitimate interests or the legitimate interests of third parties, and a weighing up of interests has not shown that your interests, fundamental rights and freedoms are overriding.
6. Disclosure to third parties
We will only pass on your data to third parties within the scope of statutory provisions or with the appropriate consent. Otherwise, data will not be passed on to third parties unless we are obliged to do so by mandatory legal provisions (e.g. passing on data to external parties such as supervisory authorities or law enforcement agencies).
7. Recipients of data / categories of recipients
Within the UVEX Group, we ensure that only those persons receive your data who need it to fulfil contractual and legal obligations. This concerns the following companies within the UVEX Group:
- UVEX WINTER HOLDING GmbH & Co. KG
- UVEX SPORTS GmbH & Co. KG
- UVEX ARBEITSSCHUTZ GmbH
- FILTRAL GmbH & Co. Vertriebs KG
- HIPLOCK GmbH
The transfer of data may be necessary, for example, if you apply for a job advertised by an affiliated company via our central recruitment portal. Data is passed on to UVEX WINTER HOLDING GmbH & Co. KG for the purpose of analysing our internal processes and providing technical support. In addition, marketing analysis data is passed on to the above-mentioned companies. It is possible that personal data will also be sent in the process.
In certain cases, other service providers support our departments in carrying out their work. The necessary data protection agreements have been concluded with all service providers.
8. Third country transfer / intention to transfer data to a third country
Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for performance of the contractual obligations or is required by law, or if you have given us your consent.
We transfer your personal data to service providers and group companies outside the European Economic Area, including to the US. You can find a list of the tools / service providers together with the processing location under point 14.1 "Tools used".
The agreements required under data protection law were concluded with all service providers.
9. Storage period of the data
We store your data as long as it is needed for the specific processing purpose. Please note that many retention time limits require that data (must) continue to be stored. This applies in particular to retention obligations under commercial or tax law (e.g. German Commercial Code (Handelsgesetzbuch), German Fiscal Code (Abgabenordnung), etc.).
Provided that there are no further retention obligations, data is routinely deleted after the purpose has been achieved.
In addition, we may retain data if you have given us permission to do so, or if there is a legal dispute and we use evidence under statutory limitation periods, which can be up to thirty years; the normal limitation period is three years.
10. Secure transfer of your data
We use appropriate technical and organisational security measures to protect the data stored by us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards.
Data exchange from and to our website is always encrypted. We offer HTTPS as the transmission protocol for our website, using the latest encryption protocols.
Alternative communication channels (e.g. post) may also be used.
11. Obligation to provide data
Various items of personal data are necessary for establishing, implementing and terminating the contractual obligation and for fulfilling the associated contractual and legal requirements. The same applies to use of our website and the various functions it provides.
In some cases, data must also be collected or made available due to legal requirements. Please note that it is not possible to process your enquiry or carry out the underlying contractual obligation if this data is not provided.
12. Categories, sources and origin of data
The data that we process is determined by the particular context: this depends on whether, for example, you place an order online or enter an enquiry on our contact form, or whether you send us a job application or lodge a complaint.
Please note that we may also provide information separately in a suitable location for special processing situations, e.g. when job application documents are uploaded or when a contact enquiry is made.
12.1 When you visit our website, we collect and process the following data:
- Name of the Internet service provider
- Information about the website from which you are visiting us ("referrer")
- Web browser and operating system used
- The IP address assigned by your Internet service provider
- Files requested, amount of data transferred, downloads/file export
- Information about the web pages that you access on our site, including date and time
This data processing is technically necessary so that the contents of our website can be delivered to your device. Accordingly, it is also necessary for your IP address to be collected and stored for the duration of the session. The same applies to other data, the processing of which is necessary for correct display of our website. The storage of data in log files also serves to further optimise the website, to ensure its functionality, to guarantee the security of our applications and for legal protection (e.g. detection of and defence against attacks on our website).
The legal basis for such data processing and temporary data storage is our legitimate interest as a website operator (Art. 6 (1) (f) EU GDPR).
The storage period for data is limited and the data is deleted as soon as it is no longer needed for processing purposes. In the case of data collection for correct display of our website, this occurs after the session has ended. When data is stored in log files, it is deleted or anonymised after 7 days.
12.2 For the purposes of a contact enquiry, we collect and process the following data:
A contact form on our website can be used to get in touch electronically. If you write to us using the contact form, we will process the data you provide in the contact form in order to contact you and respond to your questions and requests.
We collect the following data on the contact form:
- Email address
- Telephone number (for a possible callback in the case of a telephone enquiry)
- Content of the request
In doing so, the principle of data economy and data reduction is observed: you only have to provide the data that we definitely need from you for the purpose of contacting you (mandatory information). This is your name, your email address and your request itself. This mandatory information is marked with an asterisk (*).
In addition, your IP address is processed due to technical requirements and for legal protection. All other data is voluntary and may be provided optionally (e.g. to answer your questions more specifically).
We implement appropriate security measures to protect the security and confidentiality of your data in the best possible way. Your request will be transferred to us in encrypted form.
If you contact us by email, we will process the personal data provided in the email solely for the purpose of processing your enquiry. If you do not use the forms offered for contacting us, no further data will be collected.
12.3 We process the following data in the course of the registration process:
Our website provides users with the option of registering by entering personal data.
In doing so, we collect the following data:
- Form of address
- Last name, first name
- Email address
Registration is therefore necessary either to fulfil a contract with you (via our online shop), or to carry out pre-contractual measures
The principle of data economy and data reduction is observed in these cases, as only the data required for registration is marked as a mandatory field with an asterisk (*). This is your name, email address and password, including password repetition.
To place an order in our online shop, we also require information on the billing address for delivery (form of address, first name, last name, address). If the delivery address differs from the billing address, the above information must also be provided for the delivery address.
By registering on our website, the user's IP address, the date and time of registration are also stored (technical background data). By clicking the "Register now" button, you consent to the processing of your data.
Please note: the password you enter is stored in encrypted form. Employees of our company cannot read this password. As a result, they cannot give you any information if you forget your password.
In this case, use the "Forgot password" function, which will send you a new automatically generated password by email. Employees are not authorised to request your password from you by telephone or in writing. For this reason, please never provide your password if you receive a request of this nature.
When the registration process has been completed, your data is stored with us so that you can use the protected customer area. As soon as you log on to our website with your email address as user name and your password, this data is made available for actions you carry out on our website (e.g. to place orders in our online shop). Completed orders can be traced in the order history. You can make changes to the billing or delivery address here.
Registered persons may themselves make changes/corrections to the billing or delivery address in the order history. Our customer service staff will also be happy to make changes/corrections upon request. You can of course also cancel or delete the registration or your customer account.
13. Automated decisions on individual cases
We do not use any purely automated processing procedures to make decisions.
14. Technologies to evaluate your usage behaviour on our website (Art. 6 (1) (a) EU GDPR)
Our website uses technologies at several points to evaluate your usage behaviour and to optimise the website. Cookies, third-party providers and local storage are used for this purpose. Cookies are small text files which are placed on your computer and saved by your browser (locally on your hard drive).
We only use these technologies with your consent (Art. 6 (1) (a) EU GDPR). This enables us to analyse how visitors use our websites. For example, we can then design the website content based on visitors' needs. In addition, cookies allow us to measure the effectiveness of a particular ad and to place it accordingly, for example depending on the topics that a user is interested in.
If you have given your consent to this, you can revoke it at any time for the future by accessing the Consent banner again HERE and changing the relevant setting.
We use Google Tag Manager to manage the various cookies and tools integrated into this website.
On our website, we use the tools and services described in section 14.1. The legal basis for use is your consent, which you provide using the consent banner that is displayed when you first visit our website. Details on the tools and services used can be found in the following sections.
You can, of course, revoke your consent at any time by either deleting the stored opt-in cookie manually in your Internet browser or using appropriate software and then reloading our website, or by clicking on the button "Change data protection settings".
14.1 Tools used
15. Links to other providers
Our website also contains (clearly recognisable) links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence over their contents. As a result, no guarantee or liability can be accepted for these contents. Sole liability for the content of these websites rests with the relevant provider or operator.
The linked websites were checked for possible infringements and identifiable breaches of the law at the time the link was created. No unlawful content could be identified at the time the link was created. Nonetheless, we cannot reasonably be expected to exercise ongoing scrutiny over external links unless there are specific grounds for suspecting a breach of the law. If we become aware of any such infringements, we will remove the relevant links immediately.
16. Links to social media
Our website has links to the social media services of Meta, Facebook, YouTube, TikTok and Instagram. You can recognise links to the websites of social media services by the company logo. These links will take you to the uvex group's corporate presence on the particular social media service. When you click on a link to a social media service, a connection to the servers operated by the social media service is established. Information that you have visited our website is transferred in this way to the social media service's servers. Additional data is also transferred to the provider of the social media service. This includes for example:
- Address of the website on which the activated link is located
- Date and time the website was accessed or the link was activated
- Information about the browser and operating system used
- IP address
If you are logged in to the relevant social media service at the time of activating the link, the provider of the social media service may be able to determine your username and possibly even your real name from the sent data, and associate this information with your personal user account with the social media service. You can ensure that this information is not associated with your personal user account if you log out of your user account beforehand.
The servers operated by the social media services are located in the US and other countries outside the European Union. For this reason, the data may also be processed by the social media service provider in countries outside the European Union. Please note that companies in these countries are subject to data protection legislation that generally does not protect personal data to the same extent as in the Member States of the European Union.
17. Online services and children
Persons under 16 years of age may not send any personal data to us or submit a statement of consent without the consent of their legal guardian. We urge parents and guardians to play an active role in their children's online activities and interests.