Privacy Policy
 

Data Controller Information

This website (the “Site”) is operated by Micromach GmbH (“we,” “our” or “us”), which is the Data Controller responsible for your personal data. Our contact details are: Hansaallee 190, 40547 Düsseldorf, email: info@micromach.de, telephone: +49 173 798 1563. If applicable, our EU representative and Data Protection Officer can be reached at the same address. We determine the purposes and means of processing your data and are committed to GDPR compliance. You may contact us at any time regarding our handling of your personal data.

Types of Personal Data Collected

We collect personal data that you provide to us and that we obtain automatically when you use the Site. This includes: 
(a) contact details (such as name, email address, phone number) that you submit via contact forms or account registrations; 
(b) technical data (such as your IP address, browser type, device identifiers and operating system) and browsing behavior (pages visited, time on page, links clicked, and similar usage data); and 
(c) any other information you knowingly provide (for example, the contents of messages sent to us). 
Under EU law, personal data is defined broadly as any information relating to an identified or identifiable person. For example, IP addresses and cookie identifiers can be considered personal data when combined with other information. We will not collect special categories of sensitive data (such as health, race, religion, or sexual orientation) through this Site.

Purpose and Legal Basis of Processing

We process your personal data only for specified, legitimate purposes and rely on the legal bases permitted under the GDPR. Specifically:

Responding to Inquiries and Requests

When you submit information through our contact form or email us, we process your name and contact details to communicate with you and provide the requested services or information (legal basis: performance of a contract or our legitimate interest in providing customer support).

Site Analytics and Improvement

We use analytics tools to understand how users interact with the Site. This helps us improve the Site’s performance and content. Such processing is based on our legitimate interest in improving our website and services, provided it does not override your rights. Users are informed and given the option to consent to these analytics cookies (see below).

Marketing and Advertising

With your consent, we may use your contact details to send you marketing communications (e.g. newsletters or updates). You may withdraw consent at any time. When collecting consent, we ensure it is freely given, specific, informed and unambiguous.

Compliance with Legal Obligations

We may process personal data to comply with applicable laws or regulations (for example, tax or accounting laws). The legal basis for this is our compliance with a legal obligation.

In each case, we will only use data strictly for the purpose for which it was collected. We will not retain data longer than necessary and will delete or anonymize it when no longer needed (see Data Storage and Retention below).

Use of Cookies and Tracking Tools

The Site uses cookies and similar tracking technologies to enhance user experience and collect technical and usage information. 
Strictly Necessary Cookies: Some cookies are essential to enable core site functionality (for example, maintaining your session when you fill out a form or navigate the Site). These do not require prior consent, but we still explain their purpose to you. 
Preferences and Functional Cookies: We may use cookies to remember your preferences (e.g. language choice) and to provide enhanced features.
Analytics Cookies: We use Google Analytics to collect aggregated data about Site usage (e.g. pages visited, session duration). These analytics cookies are not strictly necessary, so we obtain your opt-in consent before activating them. (Google acts as our data processor for analytics, and you can disable Google Analytics cookies via your browser or by using Google’s opt-out add-on.) 
Marketing and Social Cookies: We may use cookies for advertising or to display social media content (for example, embedded YouTube videos or social plug-ins). Such cookies track visitors across websites and often require your explicit consent. When you first visit the Site, we present a cookie consent banner that explains the categories of cookies used and allows you to accept or decline cookies by category. You can withdraw or change your consent at any time by following the instructions in the banner or by adjusting your browser settings. We ensure that consent is granular, freely given and as easy to withdraw as to grant.

For all cookies and trackers, we provide clear, comprehensive information about their purpose, the data collected, and the parties that may receive that data. We do not use cookies or trackers to collect sensitive personal data, nor do we use them for purposes incompatible with the reasons originally explained to users. Details on specific cookies (names, duration and purposes) can be found in our Cookie Policy [link, if separate] or in the footer of this Site.

Third-Party Integrations

The Site integrates various third-party services, each of which may collect personal data and set their own cookies when you use the Site:

Google Analytics

We use Google Analytics to understand site usage. Google Analytics uses first-party cookies to collect user interaction data. Google acts as a data processor on our behalf; we remain the controller of the data collected and retain full rights over its collection, retention and deletion. We have a contract with Google that obligates it to process the data only according to our instructions. You can learn about Google’s privacy practices in Google’s Privacy Policy.

Embedded YouTube Videos

Pages on our Site may embed video content from YouTube. When you load a page with an embedded YouTube video, your data (such as your IP address, viewing activity and device information) is automatically sent to Google/YouTube. We may enable YouTube’s “privacy-enhanced” mode, which limits the data sent until you play the video, but data transfer still occurs once you play it. Google’s processing of this data is governed by Google’s privacy policy. By using the Site, you consent to the transfer of data to YouTube/Google as described.

Social Media Plugins

The Site may include social media buttons or widgets (such as Facebook, LinkedIn, Twitter, etc.) that let you share content or interact with our social profiles. These features are provided by the social networks themselves. When you visit a page with such a plugin, your browser may connect directly to the social network’s servers and they may set cookies or collect data (for example, to track that you visited our Site). We do not control these services, and you should review the privacy policies of the respective social networks. Under GDPR, we do not activate any social plugins that set cookies unless you have given consent.

In all cases, these third-party services may process data in ways outside our control. We recommend that you review their privacy policies for more information. By using our Site, you acknowledge and agree that these integrations may involve data transfers described here.

Data Storage and Retention

We store your personal data on secure servers and systems within data centers in [countries/regions]. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The retention period depends on the type of data and the applicable legal or business needs. For example, data submitted through contact forms may be kept only until your inquiry is resolved (plus any period needed to respond to follow-up questions). In no case will we retain personal data longer than is permitted by law. Our organization has policies that specify retention periods for each data category and ensure that data is securely deleted or anonymized when those periods expire. We periodically review the personal data we hold and either delete or anonymize it when it is no longer needed.

By GDPR principle, we do not simply keep data indefinitely. Our approach follows the “data minimization” and “storage limitation” principles – we only keep data for the minimum duration needed for legitimate purposes. If you request deletion of your data (see User Rights below), we will erase it unless we are legally required to retain it for a longer period (e.g. for tax or record-keeping obligations).

User Rights under GDPR

If you are in the EU, you have the following rights regarding your personal data, as provided by the GDPR:

Right of Access

You can request confirmation of whether we process your personal data, and obtain a copy of the data we hold about you. Upon request, we will inform you of the purpose of processing, categories of data, recipients, retention period, and other information.

Right to Rectification

If you believe any of the data we hold about you is incorrect or incomplete, you can ask us to correct or update it without undue delay.

Right to Erasure (“Right to be Forgotten”)

In certain circumstances (for example, if the data is no longer needed for the purposes collected or if you withdraw consent and no other legal basis applies), you can request that we delete your personal data. We will comply unless an exemption applies (such as compliance with a legal obligation or for exercise of legal claims).

Right to Restrict Processing

You may ask us to limit the processing of your data in certain situations (for example, while we verify your concerns about accuracy). During restriction, we will only store the data and not use it for other purposes.

Right to Data Portability

Where we process your data with your consent or under a contract and the processing is by automated means, you have the right to receive the data in a structured, commonly used, machine-readable format and to have it transferred to another controller.

Right to Object

You can object at any time to our processing of your personal data if the processing is based on our legitimate interests (for example, profiling, analytics, marketing). If you object, we will stop processing the data unless we can demonstrate compelling legitimate grounds or a legal requirement to continue. You also have the right to object to direct marketing at any time, in which case we will cease such marketing immediately.

Right to Withdraw Consent

If we process your personal data based on consent (such as for cookies or marketing communications), you have the right to withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal. Withdrawal is as easy as it was to give consent. After withdrawal, we will stop any processing that relied on that consent.

To exercise any of these rights, please contact us using the contact details below. We will respond to your request in accordance with the GDPR timelines (generally within one month). If you have provided data about others (for example, a contact you referred), please ensure you have their permission or legal basis to provide that data to us.

You also have the right to lodge a complaint with a supervisory authority (for example, your local data protection authority) if you believe our processing violates data protection laws.

Security Measures

We implement appropriate technical and organizational measures to ensure the security of your personal data, in line with GDPR Article 32. These measures include, where applicable, encryption of data in transit (e.g. using TLS/SSL) and at rest, firewalls, access controls (such as unique user IDs and strong passwords), and regular security testing. We pseudonymize data when feasible, so that individuals cannot be readily identified, and we limit internal access to personal data only to authorized personnel who need it to perform their jobs. Our staff receive training on data protection practices, and we maintain physical security of any premises where data is stored. We also have procedures for detecting, reporting and responding to security incidents. In the event of a breach that poses a risk to your rights and freedoms, we will notify the relevant data protection authority within 72 hours and inform affected individuals where required.

No system is completely secure, but we regularly review and improve our security practices to protect your information. For example, we conduct vulnerability scans and update our systems promptly to address emerging threats.

Data Transfers Outside the EU

Some of the third-party services we use (such as Google Analytics, YouTube, Facebook, LinkedIn, or our cloud hosting providers) are based outside the European Economic Area (EEA) and may receive or process personal data in countries without an EU adequacy decision. We ensure that any such transfer complies with GDPR requirements. Specifically, we rely on:

Adequacy Decisions: If a transfer is to a country or organization recognized by the EU as providing adequate protection, no additional measures are required.

Standard Contractual Clauses and Other Safeguards: For transfers to countries without an adequacy decision (such as the United States), we implement appropriate safeguards. This may include adopting the EU’s Standard Contractual Clauses or similar approved mechanisms in our agreements with data recipients.

Consent or Other Derogations: In limited cases (e.g. a transfer based explicitly on your consent), we may rely on your consent to transfer data outside the EU. Where we do so, we will inform you and document your consent.

For example, Google Analytics and YouTube are provided by Google Inc. (in the U.S.), Facebook and LinkedIn are U.S. companies; these transfers are governed by the respective companies’ commitments under the EU-US Data Privacy Framework or Standard Contractual Clauses. We review these arrangements periodically to ensure ongoing compliance.

Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your data protection rights, please contact us at:

Micromach GmbH  Address: Hansaallee 190, 40547 Düsseldorf  Email: info@micromach.de   Phone: +49 173 798 1563

We will make every effort to address your inquiries promptly. If you are an EU resident, you may also reach out to our designated EU representative at the above address if applicable.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will update the “Last Updated” date at the top of this page. Significant changes (if any) will be highlighted or notified to you through the Site or via email if we have contact details for you. We encourage you to review this Policy periodically to stay informed of how we collect, use and share your personal data.

Effective Date: 2025-05-22