Skip to main content

Europe

Austria
www.kinedo-bad.at www.sfa-sanibroy.at
Czech Republic
www.sfasanibroy.cz
Denmark
www.sfasaniflo.dk
France
www.sfa.fr www.sfagroup.com www.kinedo.com balneo.kinedo.com spa.kinedo.com www.europelec.com www.aquaturbo.com/fr sfa-enviro.com
Germany
www.sfa-sanibroy.de www.kinedo-bad.de www.zehnder-pumpen.de
Hungary
www.sfasanibroy.hu
Ireland
www.sfasaniflo.ie
Italy
www.sfa.it www.kinedo.it
Netherlands
www.sanibroyeur.info www.kinedo.info www.aquaturbo.com/nl
Norway
www.sfasaniflo.no
Poland
www.sfapumps.pl
Portugal
www.sfa.pt
Romania
www.sfasaniflo.ro
Russian Federation
www.sfa.ru
Slovakia
www.sfasanibroy.sk
Spain
www.sfa.es www.kinedo.es www.europelec.com/es www.aquaturbo.com/es
Sweden
www.sfasaniflo.se
Switzerland
www.sfa-sanibroy.ch www.kinedo-bad.ch
United Kingdom
www.sfasaniflo.co.uk www.kinedo.co.uk www.europelec.com/en

Northern America

Canada
www.sfasaniflo.ca
United States
www.sfasaniflo.com www.aquaturbo.com

Asia

China
www.sfachina.cn
India
www.sfapumps.in
Japan
www.sfa-japan.jp
South Korea
www.sfa-korea.co.kr
Turkey
www.sfapompa.com.tr www.sfa-export.com
Vietnam
www.sfapumps.vn

Oceania

Australia
www.sfapumps.com.au
New Zealand
www.sfapumps.co.nz

Southern America

Brazil
www.sfasanitrit.com.br

Imprint/Legal Notice

1. PREAMBLE AND PURPOSE 

In the context of operating the website (the ‘Website’) accessed at the address https://www.sanibroy.de/ SFA Deutschland GmbH, the data controller (‘we’, ‘us’, ‘our’), shall process the personal data of website users (‘data subjects’).

 

We undertake to process the personal data of the data subjects in accordance with the applicable regulations (the ‘Applicable Regulations’) and in particular Regulation No. 2016/679 (EU) of 27 April 2016, known as the General Data Protection Regulation (‘GDPR’). 

 

In this regard, we are committed to fulfilling our transparency and information obligations towards data subjects by making this Privacy Policy available to them, the purpose of which is to inform them about the nature of the processing of personal data in the context of using the website and about their rights in this respect.

 

2. DEFINITIONS 

Italicised terms, in particular ‘personal data’, ‘processing’, ‘data subjects’, ‘controller’, ‘processor’, ‘recipient’ or ‘data breach’, are either defined in this Privacy Policy or assume the meaning as defined by the applicable regulations and in particular the GDPR.

 

3. PROCESSING CHARACTERISTICS

The following tables present the processes that we implement on the basis of the personal data of the data subjects.

 

3.1 Contact form 

Purpose of processing
  • Management of contacts initiated by and with contacts with data subject(s)
  • Customer service
Legal basis of processing Legitimate interest/pre-contractual measures
Category of personal data
  • Identity data (last name, first name, title)
  • Contact details (email address, phone number, postal address)
  • Connection data (tracking, logs) 
  • Any other information provided by the data subjects in their messages or attachments
Duration of processing One year from the date of collection

Three years for personal data relating to a potential client from the date of collection or the last contact with the potential client.

 

3.2 Application form 

Purpose of processing
  • Management and further processing of applications 
  • Invitation to interviews
  • Creation of a database of applicants within the following time frame
Legal basis of processing Pre-contractual measures at the candidate’s request that are likely to lead to the conclusion of an employment contract, as well as our legitimate interest in building the database.
Category of personal data
  • Identity data (last name, first name, title)
  • Contact details (email address, phone number, postal address)
  • Connection data (tracking, logs)
  • Any other information provided by the data subjects in their messages or attachments
Duration of processing Two years from the last contact with the unsuccessful applicant

3.3 Newsletter

Purpose of processing
  • Management of electronic mailshots: sending of information about the company, its products and services to data subjects
  • Subscription management
  • Compiling statistics for the service
Legal basis of processing Legitimate interest
Category of personal data
  • Contact details (email address)
  • Registration date
  • Registration date
  • Statistics on the newsletter service
Duration of processing We shall store the email address until the data subject unsubscribes (by clicking on the unsubscribe link in the newsletters).

3.4 Warranty registration form

Purpose of processing
  • Registering a purchased product for warranty management
  • Sending newsletters: sending of information about the company, its products and services to data subjects
  • Subscription management
  • Compiling statistics for the service
Legal basis of processing Fulfilment of a contract
Category of personal data
  • Identity data (first name, last name)
  • Contact details (email address, phone number, postal address)
  • Connection data (tracking, logs) 
  • Any other information provided by the data subjects in their messages
  • Information about the purchased product
  • Registration date
  • Statistics on the newsletter service
Duration of processing Three years from the time of collection or last contact with the customer.

For newsletters: We shall store the email address until the data subject unsubscribes (by clicking on the unsubscribe link in the newsletters).

 

3.5 Placing cookies 

 

For more information about the processing of your data in connection with the placement of cookies and other tracking devices, please refer to our cookie policy.

 

3.6 Management of potential disputes, judicial or extrajudicial proceedings 

Purpose of processing
  • Securing evidence in connection with possible disputes
  • Communication management in the event of a dispute
  • Preparation of the necessary documents in the event of judicial or extrajudicial proceedings
Legal basis of processing Legitimate interest
Category of personal data All of the above data as soon as it is required for the handling of the dispute.
Duration of processing Storage for the entire duration of the dispute and until all legal remedies (court proceedings) have been exhausted.

 

4. RECIPIENTS OF PERSONAL DATA 

We may disclose the personal data of data subjects to authorised  recipients (internal or external) who are subject to an appropriate confidentiality obligation:

 Internal recipients:

  • Employees of ours, whose duties, functions and tasks involve the processing of the personal data of data subjects (e.g. communications department, marketing department, department for relations with customers and potential customers, IT department) exclusively for the purposes set out in this Privacy Policy and within the framework of the confidentiality and security of personal data that we maintain as set out below;

External recipients:

  • SFAGroup companies and the parent company in their capacity as processors whose duties, functions and tasks justify them processing personal data of data subjects (e.g. SFA Tech responsible for IT services at Group level).
  • Service providers or processors that we may use in connection with processing (e.g. hosting service providers, call centres, emailing);
  • Authorities responsible for advice, auditing and financial control (auditors, lawyers);
  • Administrative or judicial authorities within the scope of their powers;
  • In the case of a planned fund-raising, acquisition or disposal of a business or assets in any way, including by means of a sale of the company that conducts the relevant business or owns the assets, the potential buyer(s) and their advisors as part of the preliminary review of the transaction. In the event of a takeover by a third party, the personal data is part of the transferred assets and as such will be processed by the acquiring party, who shall act as the new data controller in accordance with its own privacy policy.

 

5. RIGHTS OF THE DATA SUBJECT 

5.1 EXPLANATION OF RIGHTS 

 

In accordance with the applicable regulations, the data subjects have the following rights with regard to their personal data:

 

  • The right to obtain confirmation that their data is being processed, to obtain information about the nature of this processing, to access the data and to request a copy (right of access and copy); 
  • The right to correct or supplement incorrect or outdated data concerning them (right to correction);
  • The right to withdraw consent at any time, provided that the corresponding processing is based solely on this legal basis (right to withdraw consent); 
  • The right to object to the processing of their personal data for reasons relating to their particular situation and to request its deletion, in which case we shall comply with the request unless the processing is justified on the basis of legitimate and compelling reasons (right to object on justified grounds and right to deletion); 
  • The right to obtain a temporary restriction of processing in the event of a request for rectification or an objection for legitimate reasons for the duration of the examination of the request; in practice, this means that the personal data is retained but cannot be processed by us (right to restriction); 
  • The right to data portability, i.e. the right to have the personal data they have provided returned by us in a common format if the processing is automated and based on consent or the fulfilment of a contract;
  • The right to give instructions regarding the processing of their data after their death and to request the retention, deletion or transfer of their data to specifically named third parties, whereby, as soon as we become aware of the death of a data subject and have no instructions from them, we shall destroy their personal data, unless it is necessary to retain it for evidentiary purposes or to fulfil a legal obligation (post-mortem right).

 

5.2 HOW TO EXERCISE THESE RIGHTS 

 

If the data subject wishes to exercise any of the above rights, they can contact us using our contact form.

 

Requests from data subjects must be made exclusively by the data subjects themselves (except where a third party has been duly authorised) and must be as clear and detailed as possible so that we can respond as quickly as possible, within one to three months depending on the level of complexity. 

 

We may ask the data subject to supplement their request if it is not specific enough, if the right they wish to exercise is not immediately apparent, or if they are unable to prove their identity; in this case, we may request further information, including proof of identity, which shall be deleted as soon as possible after verification of their identity.

 

Furthermore, we shall not be obliged to respond to a request from a data subject if it is manifestly unfounded or excessive, in particular because it is repetitive or because it is complex to process and could destabilise our business activities or could have that effect.

 

6. SAFETY 

We implement appropriate technical and organisational security measures to safeguard the confidentiality and security of the personal data we process and to prevent its unauthorised destruction, alteration or disclosure or its loss.

 

For example, the following measures have been implemented and documented in a security plan:

 

  • Hosting of personal data on servers within the European Union, on the territory of a Member State;
  • Awareness of our employees who process the data of the data subjects; 
  • User authentication features that provide personal and secure access using strong, confidential and frequently changed login details and passwords;
  • Procedure for managing permissions (definition and verification of permission profiles corresponding to the profile of the information system user, deletion of obsolete access rights);
  • Access tracking, connection logs, incident management and, if necessary, encryption of certain personal data;
  • Regular performance of internal audits and, if necessary, differentiated penetration tests to check and evaluate the efficacy of the implemented security measures; 
  • Physical security of the company premises (codes, keys and access passes) and workplaces (automatic session lock, virus protection and firewall).

 

When we use processors, i.e. service providers that we have commissioned to carry out a processing operation or parts thereof and that process the personal data of data subjects in accordance with our instructions, we undertake to obtain security guarantees from them that correspond to the measures we have implemented to protect the relevant personal data, and we reserve the right to carry out audits to ensure compliance with their obligations.

 

We undertake to inform the relevant supervisory authority in the event of a data breach in accordance with the requirements of the applicable regulations and, if the said breach poses a high risk to the data subjects, to inform them and provide them with the necessary information and recommendations. 

 

7. UPDATES TO THIS POLICY 

We may amend, supplement or update this Policy at any time to reflect legal, regulatory and/or case law developments, changes in the processing characteristics or the introduction of a new form of processing. 

 

8. CONTACT 

Data subjects may address any questions or complaints they may have regarding this Policy, as well as any recommendations or comments regarding this Policy, to us in writing at the following address: 

  • By post: Waldstraße 23, Building B5, 63128 Dietzenbach or
  • Via our contact form 

SFA Deutschland GmbH’s company Data Protection Officer can be reached as follows: Michael Breker, MBits, Spessartstraße 1, 63546 Hammersbach, phone. +49 (0)170 851 1186, email mb@mbits.solutions

Data subjects may also submit any questions or complaints to the relevant supervisory authority.