Data privacy
CONTACT
UEV Umwelt, Entsorgung Verwertung GmbH
Data protection enquiries
Bergrat-Bilfinger-Strasse 1
74177 Bad Friedrichshall
Email: datenschutzsalzwerkede
1. Our privacy policy
The protection of your personal data is of utmost importance at Südwestdeutsche Salzwerke AG. Therefore, we always treat your personal data confidentially and in accordance with applicable data protection regulations. With this privacy policy, we aim to inform you about the personal data we process about you on our website, for what purpose, and on what legal basis.
Furthermore, we outline the rights of data subjects in connection with the processing of their personal data.
Please note that our websites may contain links that are not covered by this privacy policy.
2. Definitions of terms
We use terms in our privacy policy that are also used in the General Data Protection Regulation: (hereinafter referred to as "GDPR"). Below, we have listed the most important terminology to make it easier for you to read and understand this privacy policy.
2.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person.
2.2 Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
2.3 Processing
Processing is any operation or set of operations which is carried out on personal data, whether by automated means, e.g. collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.4 Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
2.5 Profiling
Profiling is any form of automated processing of personal data which uses such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of such natural person.
2.6 Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
2.7 Data controller or entity responsible for processing
The data controller or entity responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of the personal data. If the purposes and methods of such processing are determined by EU or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
2.8 Commissioned data processor
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
2.9 Recipient
The recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed, regardless of whether the recipient is a third party. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not deemed recipients.
2.10 Third parties
A third party is a natural or legal person, public authority, agency or other body in addition to the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
2.11 Consent
Consent denotes any specific and informed indication of the data subject's wishes, granted voluntarily, in the form of a statement or other unambiguous affirmative act by whereby the data subject signifies their consent to the processing of their personal data.
3. Name and address of the controller / entity responsible for processing
The controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
UEV Umwelt, Entsorgung und Verwertung GmbH
Bergrat-Bilfinger-Straße 1
74177 Bad Friedrichshall
Deutschland
4. Kontaktdaten für Datenschutzanfragen
You can contact the Data Protection Officer at the following address:
UEV Umwelt, Entsorgung und Verwertung GmbH
Data Protection Officer
Bergrat-Bilfinger-Straße 1
74177 Bad Friedrichshall
Alternatively, use the following email address for any enquiries:
Datenschutzsalzwerkede
5. How we protect your data
We take the protection of your personal data very seriously and implement the appropriate technical and organisational measures to protect your data with respect to the use of this website against access by unauthorised persons, manipulation, destruction and loss. The security measures implemented are continuously improved in line with technological progress.
For example, communication via our website is protected by an HTTPS protocol (HyperText Transfer Protocol Secure). This establishes a secure connection between the server and client that cannot be accessed by unauthorised persons. This serves to protect the transmission of confidential content, such as enquiries you send to us as the site operator.
If we designate service providers to process the services offered on our website and these are designated as processors, we have regulated these contractual relationships to protect your personal data via a processing contract in the sense of Art. 28 GDPR.
6. Links to Other Websites
Our website may contain links to third-party websites, and some of our services may provide you with access to third-party services. We have no control over how third-party websites and services process your personal data. These third-party websites and services are not reviewed by us, and we are not responsible for such third-party websites or their privacy practices. Please read the privacy policies of the third-party websites or services you access through our website. If our websites integrate other services, you will find an explanation in this privacy policy.
7. Hosting of Our Website
We host our website exclusively on servers located in Germany through our hosting partner.
In accordance with data protection regulations, we have entered into a data processing agreement pursuant to Art. 28 GDPR.
For the purpose of providing and delivering the website, connection data is processed. Beyond the mere purpose of delivering and providing the website, the data is not stored. However, our data processor retains the connection data for security purposes. The duration of processing for security purposes is variable and ends when security measures are no longer necessary. Additionally, our data processor anonymizes the collected data immediately after collection and provides us with the anonymized data in the form of statistics for evaluation. We use these statistics for troubleshooting and the continuous improvement of our website.
8. Collection of general data and information when using our website
During the purely informational use of the website, i.e., without registration in the customer account, use of the contact form for inquiries, or placing an order through our online ticket shop, we only collect the personal data that your browser transmits to our server. When you want to view our website, we collect the following data:
-
IP address,
-
Date and time of the request,
-
Region (not the address) from which the IP address accesses the website,
-
Browser language, browser type (e.g., Chrome, Firefox, Safari), and version
-
Operating system,
-
Device type (e.g., mobile device, desktop computer, tablet),
-
Browsing behavior on the website (e.g., when the website was visited, which areas of the website were clicked, how much time was spent on the website),
-
The website from which the request comes.
We process and store this data for the purpose of ensuring the functionality of the website, improving the content of the website, creating statistical analyses based on aggregated browsing data, and analyzing the technical operation of the website to ensure the security of our information technology systems.
Our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR lies in the necessity of displaying this website to you and ensuring its stability, functionality, and security. Furthermore, the storage of server log files, in the context of potential cyber-attacks, serves the purpose of appropriate law enforcement. The retention period is 60 days.
9. Data within the framework of the use of a contact form provided on the website
If you have any questions, you can use a contact form provided on the website or contact us via the corresponding online function. You must provide a valid email address so we know from whom the request originates and we can then respond to it. Any additional information required is marked with an asterisk in the contact form. Depending on the subject, the type of data and whether you are already a customer, the basis for the processing of data is the contract we have with you, your consent or your/our legitimate interest in responding to the request in accordance with Art. 6 para 1 sentence 1 a), b) and f) GDPR. We will delete your data relating to the request unless we are required by law to continue to store or retain it. Insofar as the data is still required for the processing of outstanding enquiries, it will be deleted at the earliest after these enquiries have been processed. Your personal data will not be disclosed to third parties.
10. Cookie policy
10.1 What are cookies?
Cookies are small text files in which the web browser stores information sent by the web server regarding websites visited. This may be information about the site visit; e.g. duration, login data, user input, etc.
The cookies are stored on your computer or mobile device when you visit a website. They require hardly any storage space and are automatically deleted after expiry. Some cookies expire at the end of your Internet session, and others are stored for a limited period.
We primarily use cookies to make your visit to our website as user-friendly as possible. Additionally, we use cookies for analyzing tracking on the website and for advertising purposes during your future visits to other websites. The types of cookies and their respective purposes are detailed in our COOKIE GUIDE.
10.2. Cookie consent through Cookiebot via “COOKIE GUIDE”
Our website uses the Cookie Consent technology from Usercentrics to obtain your consent for storing certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.
We have entered into a data processing agreement with Usercentrics, in which Usercentrics undertakes to ensure the necessary protection of your data and to process it exclusively on our behalf and in accordance with our instructions, in compliance with applicable data protection regulations. The use of a cookie banner, as well as the management and storage of your consents to the processing of your personal data, is based on our legal obligation to provide a data protection-compliant website (Art. 6 para. 1 lit. c) GDPR in conjunction with § 26 TTDSG). The processing of data to provide a cookie banner is essential for the operation of the website. There is no option for the user to object as long as there is a legal obligation to obtain user consents for certain data processing operations before loading the website.
When you enter our website, a Cookiebot cookie is stored in your browser, which contains the consents you have given or the revocation of these consents. This data is anonymized and transferred to the provider of Cookiebot. Cookiebot processes the following data to provide and manage the cookie banner:
-
our IP address anonymized by Cookiebot (the last three digits are set to "0"),
-
Additional information about the browser used and its version,
-
Date and time of your visit to our website or your settings via our cookie banner,
-
The URL of the accessed website,
-
An anonymous, random, and encrypted key (ID),
-
Your given consents or individual privacy settings.
Cookiebot uses both local storage and the setting of cookies to store this information locally in your browser. Your individual settings and your ID are stored in a cookie so that your settings are taken into account when you revisit our website.
For more information about the data processing by Cookiebot, please visit: Cookiebot Privacy Policy.
10.3 Cookie Management via "COOKIE GUIDE"
In the COOKIE GUIDE, you can view your cookie settings and adjust them according to your needs at any time. Additionally, you can see the types of cookies and their respective purposes outlined there.
Here is your cookie overview:
11. Deletion and blocking of personal data
The controller shall process and store personal data of the data subject only for the period necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.
If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be blocked or deleted in accordance with the statutory provisions.
12. Legal basis for the processing of personal data
Art. 6 I lit. a GDPR is our company’s legal basis for processing operations in which we obtain consent for a specific processing purpose; e.g. to use a contact form integrated on the website.
If the processing of personal data is necessary to perform a contract to which the data subject is a party, e.g. to carry out processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I lit. b GDPR. The same applies to such processing operations that are necessary to implement pre-contractual measures, e.g. for enquiries about our products or services.
If our company is subject to a legal obligation whereby the processing of personal data is necessary, e.g. to fulfil tax obligations, the processing is based on Art. 6 I lit. c GDPR.
Processing operations may also be based on Art. 6 I lit. f GDPR. This is the case if the processing is necessary to protect a legitimate interest of our company or a third party and provided this does not override the interests, fundamental rights and freedoms of the data subject. We are permitted to carry out such processing operations notably because they have been specifically stipulated by the European legislator. In this respect, a legitimate interest could be assumed if the data subject is a customer of the controller or is in the service of such customer. (Recital 47, sentence 2 GDPR). Where the processing of personal data is based on Art. 6 I lit. f GDPR, our legitimate interest is to conduct our business for the benefit of our shareholders, taking into account the legitimate interests of the data subjects. When considering the respective interests, the focus will be on an appropriate relationship between the data subject and us as a company at all times.
13. Duration for which the personal data is stored
The criterion for the storage period of personal data are legal retention periods which may arise from tax or commercial law and other applicable legal provisions and, in any case, if such legal provisions can be applied to your personal data. After expiry of the deadline, the corresponding data will be deleted if it is no longer required for the fulfilment of the contract, the initiation of the contract or the maintenance of the business relationship. If no retention periods are applicable and you have provided your consent to store and use your personal data, the data will be stored and used for the purpose specified in the consent or until you revoke your consent to its use in the future.
14. Legal or contractual requirements to provide the personal data; necessity to conclude the contract; obligation of the data subject to provide personal data; potential consequences of not providing the data
We would like to inform you that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). It may sometimes be necessary for a data subject to provide us with personal data which must subsequently be processed by us to conclude a contract. For example, data subjects are obliged to provide personal data if our company concludes a contract with them. Failure to provide such personal data would mean that it would not be possible to conclude the contract with the data subject.
15. Data protection regulations on the use of Google Analytics (opt-in solution, subject to consent only with the anonymisation function)
We have integrated the component Google Analytics (with anonymisation function) and implemented this as an opt-in solution.
This means that we only use this technology with your explicit consent. When you visit our website, a cookie pop-up will open. It will give you the option of setting your cookie preferences. If you consent to the use of Google Analytics, the Google Analytics cookie will be placed on your end device; otherwise, it will not be used.
Google Analytics is a web analysis service. Web analysis is the collection, accumulation and analysis of data about the behaviour of website visitors. A web analysis service collects, for example, data about the website from which a data subject accessed the website (referrer), which subpages of the website were accessed and when and how often they were accessed, and the period of time for which a subpage was viewed. Every time our website is visited using the IP address of the internet connection used by the data subject, these data are transferred to Google in the USA. These personal data are stored by Google in the USA. Google may pass these personal data that are collected via the technical process on to third parties. The purpose of the Google Analytics component is to analyse the visitor flows on our website. Google uses the data and information obtained to analyse the use of our website in order to compile online reports that show the activity on our websites and provide other services related to the use of our website.
The operating company for the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google acts as the processor for the data processing. Therefore, we have concluded a data processing contract with Google.
In the spirit of data privacy, the web analysis by Google Analytics will be integrated with the addition “_gat._anonymizeIp” if you grant your consent. With the aid of this addition, the IP address of the data subject’s internet collection will be shortened and anonymised if our website is being accessed from a member state of the European Union or from another state that is a signatory to the Agreement on the European Economic Area.
The data sent by us and linked to cookies, user IDs or advertising IDs are automatically deleted after 50 months. Data that have reached the end of their storage period are automatically deleted once a month. You can find more detailed information about the terms of use and data privacy at https://www.google.com/analytics/terms/de.html and https://policies.google.com You can access further information and Google’s applicable privacy policy at www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Follow this link to find a more detailed explanation of Google Analytics https://www.google.com/intl/de_de/analytics/.
For information on how to manage cookies in general and how to disable them or withdraw your consent, we refer you to our generalised statement in this privacy policy, especially in the cookie policy.
16. Your rights as a data subject at a glance
A data subject has individual rights to request under the GDPR that can be asserted with respect to their personal data. Data subjects can therefore exercise their right of access, to rectification, erasure, to a restriction of processing, to data portability and individual rights to object to processing and a right to lodge a complaint with a supervisory authority. The following contains an overview of the individual rights and their deadlines.
16.1 Deadlines for the rights to request pursuant to Art. 15 - 21 GDPR
As the controller, we will respond to any requests from the data subject pursuant to Art. 15 - 21 GDPR within one month after receipt. This period may be extended by a further two months if this is necessary, taking into account the complexity and number of applications. In this case, we will inform you within one month after receipt of your request regarding the extension. If the data subject makes the request electronically, we will respond to such electronically where possible, unless you indicate otherwise.
16.2 Channels for requests to exercise rights
Requests to exercise rights may be sent by surface post or email. The contact address is available in section 4 of this policy.
16.3 Right of access by the data subject pursuant to Art. 15 GDPR
A data subject has the right to obtain confirmation from the controller as to whether their personal data is being processed; if so, they have a right of access to such data and further information as described in Art. 15 GDPR.
Please note that the controller may only provide information if there are no doubts about the identity of the data subject. The controller will use all reasonable means to verify the identity of a data subject who is seeking information.
16.4 Right to rectification pursuant to Art. 16 GDPR
A data subject shall have the right to obtain rectification from the controller of any inaccurate personal information without delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including via a supplementary statement.
16.5 Right to erasure pursuant to Art. 17 GDPR
A data subject has the right to require the controller to erase their personal data without undue delay and the controller shall erase personal data without undue delay if the conditions stipulated in Art. 17 GDPR are satisfied.
16.6 Right to restriction of processing pursuant to Art. 18 GDPR
The data subject shall have the right to obtain from the controller restriction of processing if the conditions in Art. 18 GDPR are satisfied.
16.7 Right to data portability pursuant to Art. 20 GDPR
A data subject has the right to obtain the personal data concerning them which they have provided to a controller in a format stipulated in Art. 20 GDPR or to request such data to be transferred to another controller as instructed by the data subject, provided the conditions in Art. 20 GDPR are satisfied.
16.8 Right to object pursuant to Art. 21 GDPR
A data subject shall have the right to object at any time on grounds relating to their specific situation, to the processing of personal data concerning them which has been collected based on Art. 6 para 1 lit. e GDPR [the processing is to perform a task carried out in the public interest or in the exercise of official authority vested in the controller] or Article 6 para 1 lit. f GDPR [processing is carried out based on the legitimate interest of the controller or a third party].
The controller shall cease processing the personal data in such cases, unless it can demonstrate compelling legitimate grounds for such processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
If personal data is processed by the controller for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of their personal data for such marketing; this shall also apply to profiling insofar as it relates to such direct marketing.
16.9 Right to withdraw consent pursuant to Art. 13 para 2 lit. c GDPR
If the processing of a data subject's personal data by the controller is based on Art. 6 para 1 lit. a GDPR [the data subject has consented to the processing of their personal data for one or more specific purposes] or Art. 9 para 2 lit. a GDPR [the data subject has consented to the processing of specific categories of their personal data for one or more specific purposes], the data subject has the right to withdraw their consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up the date of such withdrawal.
You can request withdrawal by surface post or email. The contact address is available in section 4 of this policy.
Please address all applications pursuant to Art. 15-21 GDPR in connection with the (online) application process directly to the email address provided under the heading "Personal data in the (online) application process".
17. Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR
Every data subject has the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, if the data subject considers that the processing of personal data concerning them violates the GDPR. In general, you can contact the supervisory authority at your habitual residence, place of work, or the location of the alleged infringement.
The supervisory authority to which the complaint has been lodged shall inform the complainant about the progress and the outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
The supervisory authority responsible for Südwestdeutsche Salzwerke AG is: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Physical Address: Mailing Address:
Lautenschlagerstraße 20 Postfach 10 29 32
70173 Stuttgart 70025 Stuttgart
Germany Germany
For more information, please visit www.baden-wuerttemberg.datenschutz.de.
18. Topicality of this privacy policy
Amendments to our privacy policy may become necessary for legal or technical reasons. We reserve the right to make the relevant amendments at any time and therefore request that you consult this privacy policy at regular intervals to ensure you are aware of the current status of such.
Stand: January 2025
