The protection of your personal data and your private sphere is very important to us. Therefore, we see our compliance with the General Data Protection Regulation (GDPR) as self-evident. The purpose of this law is to protect individual persons by ensuring the handling of their personal data does not infringe their personal rights. Because you have the right to information, in compliance with Article 12 to Article 23, GDPR, we hereby inform you of our data protection guidelines and measures to protect your personal data. Naturally, you can exert your right to revoke the use of your personal data at any time, to the extent that they are not required for developing a contractual relationship. To revoke the use of your data, please send an e-mail to our Data Protection Representatives under: Datenschutz@viscom·de. You will then receive an e-mail confirmation as soon as the revocation has been implemented. Our Data Protection Representatives would be happy to answer any further questions.

The entity primarily responsible for data protection is Viscom AG.

Address of the Responsible Location:

Viscom AG

Carl-Buderus Straße 9–15

D-30455 Hanover

Germany

The Viscom AG Data Protection Representatives:

E-mail: Datenschutz@viscom·de 

Telephone: +49 511 94996-0 
 

Responsible Supervisory Authority:

The Lower Saxony Regional Commissioner for Data Protection
Prinzenstraße 5

D-30169 Hanover

Germany

Purpose of the Data Processing of Personal Data (purpose limitation)

Viscom is a supplier of inspection systems for automatic optical (AOI) and X-ray (AXI/MXI) inspections to the electronics industry. Within the scope of their business activities, it is necessary for Viscom AG to collect, process and use personal and professional data for the following purposes:

• Determine whether a customer is legally competent and of legal age
• Issue a customer file
• Execute incidental contractual matters
• Technical testing and provision of products
• Calculate services rendered to the customer
• Execute dunning procedures
• Implement reimbursements and credits
• Respond to technical and contentual questions
• Prepare, arrange and implement bonus system structures
• Quality assurance measures and statistical purposes
• Prepare, realize and assure the quality of model and product forms
• Conclude and implement maintenance and customer service agreements
• Advise regarding product selection
• Coordinate the different departments
• Maintain inventory and usage data
• Gain new customers
• Other service performances for customers

Affected Groups of Persons:

• Our customers
• Shareholders of the Viscom AG
• Employees of the Viscom AG
• Employees of our representatives
• Suppliers and dealers
• Cooperation and sales partners
• Contact persons to the specified groups

Data or Data Categories – Part 1

• First and last names; as necessary, birth names
• Customer number
• Address
• Telephone number(s)
• E-mail address
• Bank details

Data or Data Categories – Part 2

• Shareholders’ shareholdings
• Features to identify a user
• Technical data to fulfill contracts (site conditions, RAS access data)
• Information regarding start, duration and end of a contractual relationship
• Type and scope for claims to specified performances, services and subscriptions
• Contract and component data
• Information about customer satisfaction (customer service)

• Consumer behavior analyses

Recipients of the Data or Data Categories …

• Internal departments and their employees
• Cooperation and sales partners
• Technical services, where required by the contractual relationship
• Public bodies when overriding statutory requirements apply

… and If You Have Granted Your Consent (Art. 7), Also for …

• Marketing research institutes
• Advertising actions and measures
• Market research

• External service providers
• Other bodies

Legality of Processing for Business Purposes (Art. 6)

Your data is collected and processed exclusively for business purposes as set forth in Article 6, paragraph 1, subparagraphs a-f, GDPR.

Retention/Deletion (Art. 17) / Right of Revocation (Art. 21) / Right to Information (Art. 15)

The deadlines for the retention obligation and deletion of personal data comply with statutory regulations. Normally, this is 10 years for business contracts, 10 years for business e-mails per GDPR, or when the purpose of the collection and processing has been fulfilled and no legal mandate specifies further retention.

In particular, this applies to the following data and deadlines: contact data according to right of revocation.

As set forth in Article 21, GDPR, you have the right to revoke the processing of your personal data and to retract any previous consent at any time. Unless prohibited by other statutory deadlines or statutory requirements, these data are then immediately deleted. If deletion is

not possible due to technical or organizational reasons, your data shall be blocked from further processing and use.

At any time, you have a right to information (Art. 15) about the collection, saving and processing of your data. For inquiries in this regard, please contact: Datenschutz@viscom·de

Right of Appeal to the Responsible Supervisory Authority in Lower Saxony per Article 77, GVO

If you believe the processing of your data does not comply with applicable law, you are entitled to lodge a complaint with the responsible supervisory authority.

Data Transfer (DT) to Foreign Countries / DT to Thirds

At present, your personal data is only transferred to other EU countries or non-member countries when sent to our Viscom cooperation partners for localized support and for commercial and contract processing in the respective countries of Viscom customers or those interested in Viscom. This affects personal data that, as set forth by Article 6 lit 1b EU GDPR, is necessary for processing pre-contracts or contracts with those interested in Viscom or Viscom customers. Except for this, no personal data of Viscom customers or those interested in Viscom is transferred to thirds in foreign countries without a prior consent statement from the affected party.

Technical and Organization Measures (TOM) per Article 25, GDPR

We have enacted a number of precautions to protect your data. Any precise explanation of the measures set in place would be counterproductive since this would reveal their structure, thus making them vulnerable to attack. For this reason and in accordance with the GDPR, the legislators find it in their interest to not make the technical and organizational measures available to the public. Nonetheless, we assure you that in accordance with the following requirements of Article 25, GDPR, we have enacted numerous technical organizational measures appropriate to a company of our size, and are constantly working to improve them.

These include:

• Access control (premises/equipment)
• Access control (use of system)
• Access control (specific data)
• Disclosure control
• Data entry control
• Contract control
• Availability control
• Separation rule

Google Terms for Cookie and Data Use for Google Tools, Websites and Apps on our Websites or our Partners’ Websites and Services

Google technologies are used in many websites to improve their content and facilitate long-term, no-cost use. When you visit a website that uses Google analysis tools such as Google Analytics, your Web browser automatically sends specific information to Google. This information includes, for example, the Web address of the visited page and your IP address. It is possible that we also insert cookies in your browser or read the cookies that are already there. When you visit websites or use apps which themselves use Google technologies, we receive information about these websites and apps and can apply this information, for example, for the following purposes:

• Increase the effectiveness of advertisements
• Provide reports about advertising and activities for advertisers and websites that

          host these advertisements, as well as to secure payment to these

          website publishers

• Support the operators of websites and apps so they, with the use of Google

          Analytics, can determine how users interact with their websites or apps

• Improve your Google+ user experience
• Detect and defend against fraud attempts to protect users and partners

• Observe statutory obligations
• Improve our products

To support optimization and as a service to you, we employ the following tools from Google LLC, headquartered in Ireland and the USA:

•        Google Fonts – Font types – Online use of free Google fonts

•        Google reCaptchas – reCaptchas determine whether entries in forms are made by a natural person or improperly by mechanical and automatic processing

•        Google Maps – Map display for visualization of subsidiary, service and support locations

Your options for controlling the information you send to Google, tips and suggestions for your security and how you can manage your data online are available on the comprehensive Google Security Center under: https://www.google.com/policies/privacy/

Source: https://www.google.com/policies/

Additional security links:

Deactivating cookies: Mozilla Firefox

• https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored   

Deactivating cookies: Internet Explorer

• https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-deletemanage-cookies  

Deactivating cookies: Google Chrome

• https://support.google.com/accounts/answer/61416?hl=en  

Deactivating cookies: Safari

• https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

      Viscom’s Social Media Profile

On our website and in our newsletter, we place social media links (buttons) to the social networks XING, LinkedIn, YouTube and Twitter in accordance with Art. 6, Paragraph 1 S. 1 lit. f GDPR, as a means for enhancing our company recognition. The underlying advertising purpose is to be viewed as legitimate interest as defined by the GDPR. The responsibility to ensure operations comply with data protection regulations lies solely with the respective provider. To integrate these links, we use the “one-click method,” which allows visitors to Viscom’s social media profile the free choice of whether they would also like to visit the Viscom profiles hosted by other social media providers. In these cases, the data protection terms of the corresponding provider (currently: XING, LinkedIn, YouTube and Twitter) are applicable.

XING – Data Protection Information

Essentially, the portal XING processes personal data in order to fulfill its contractual obligations to its users. The data processing allows XING to, for example, recommend appropriate contacts, offers and information about existing employment opportunities to its users. You can view more detailed information about XING data protection and the XING data protection policy here:

• https://privacy.xing.com/de/datenschutzerklaerung

Source: www.xing.com

LinkedIn – Data Protection Information

LinkedIn has undertaken the task of networking specialized and management professionals with each other worldwide, to help them improve their productivity and success. As LinkedIn sees it, the center of this task is transparency toward its users regarding which personal data LinkedIn collects, how it is used, and with whom it is shared. All use of LinkedIn is subject to the LinkedIn data protection guidelines. LinkedIn gives its users the opportunity to make and adapt settings controlling the use of their data:

• https://www.linkedin.com/help/linkedin?trk=microsites-frontend_legal_privacy-policy&lang=en

You can view more detailed information about LinkedIn data protection and the LinkedIn data protection policy here:

• https://www.linkedin.com/legal/privacy-policy 

Source: https://www.linkedin.com

YouTube (Google subsidiary) – Data Protection Information

When you use the Google service YouTube, you entrust Google with your data. Google is aware of the magnitude of this responsibility and devotes every effort to protect your data and to guarantee that you maintain control over it. Viscom AG uses the YouTube website to embed product videos from the Viscom Group on the YouTube platform operated by Google. The operator of this site is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a YouTube page featuring our Viscom video presentations, a connection to the Viscom servers is established. This requires use of YouTube plugins to communicate which pages of ours you visit to the YouTube servers. When you log on to your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging off from your YouTube account. We use YouTube to promote effective display of our online presence. This constitutes a legitimate interest as stated in Art. 6 para. 1 lit. f GDPR. YouTube videos were embedded in the Viscom AG website in the extended data protection mode.

Additional information about processing of user data is available in the YouTube data protection declaration under: www.google.de/intl/de/policies/privacy .

Sources: www.youtube.com / www.google.com / www.bitmotion.de

Use of Twitter Services

For these short messaging services, Viscom AG employs the technical platform and services provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. Responsibility for data processing from outside the U.S.A. is held by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. We advise, that you use the Twitter short messaging service and functions on your own discretion and responsibility. This applies especially to the use of interactive functions such as sharing, rating, etc. Information about which data Twitter processes and the purposes for which they are used is available in the Twitter data protection declaration under: https://twitter.com/en/privacy

Twitter Inc. has committed to the general principles of the EU-US Privacy Shield. For further information, see:

https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

Sources: https://twitter.com

Google Analytics

If you have given your consent, this website uses Google Analytics, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Scope of processing

Google Analytics uses cookies that enable an analysis of your use of our Viscom website. The information collected by the cookies about your use of this website is

We use the function ‘anonymizeIP’ (so-called IP-Masking): Due to the activation of IP-anonymization on this website, your IP-address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.

During your website visit the following data will be collected:

• the pages you call up, your “click behaviour“
• Achievement of “website goals” (e.g. newsletter registrations, downloads, purchases)
• Your user behavior (for example clicks, dwell time, bounce rates)
• Your approximate location (region)
• Your IP address (in abbreviated form)
• technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
• Your internet provider
• the referrer URL (via which website/advertising medium you came to this website)

Purposes of processing

On behalf of the operator of this website, Google will use this information to evaluate your (pseudonymous) use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website www.viscom.com / www.viscom-battery-inspection.com and the success of our marketing campaigns.

Recipient

The data recipient is

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

as data processor. For this purpose we have concluded a contract with Google. Google LLC, headquartered in California, USA, and, if applicable, US authorities can access the data stored at Google.

Transfer to third countries

A transfer of data to the USA cannot be excluded.

Duration of storage

The data sent by us and linked to cookies is automatically deleted after 14 months. Data is automatically deleted once a month as soon as the storage period is reached.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by
a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to disable Google Analytics HERE.

By setting your browser software accordingsly you can also prevent the storage of cookies. If your browser is set to refuse all cookies, the functionality of this and other websites may be limited.

Legal basis and right of withdrawal

Your consent is the legal basis for this data processing, Art.6 para.1 S.1 lit.a GDPR. You can revoke your consent at any time with effect for the future by changing your selection in the cookie settings https://tools.google.com/dlpage/gaoptout?hl=en .

For more information about Google Analytics terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/gb/ and under https://policies.google.com/?hl=en.

Use of Video and Online Conferences

Purpose of Use

At this time, we are using the Online Tool Teams from Microsoft Cooperation, One Microsoft Way Redmond, WA 98052-6399 USA to facilitate teleconferrences, online meetings or video conferences. While Online Tool Teams is in use, information can be exchanged via the integrated chat or by file exchange.

Teams is an element of the Microsoft Cloud application Office 365. A user account is required to use the service. Because Microsoft reserves the right to use the data for its own purposes, however, this account may pose a security risk for the user. To minimize this risk for you, we have concluded an contract data processing agreement with Microsoft per standard EU clauses:

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:31995L0046&from=DE

For information regarding the purpose and scope, please see Microsoft’s data protection statements, listed below: https://privacy.microsoft.com/en-us/privacystatement and

https://docs.microsoft.com/en-us/microsoftteams/teams-privacy

These Data Are Collected

• User information, e.g., display name, email address, contact number, department
• For guest users, this depends on the data entered for registering to the service from Teams before an online meeting.
• Text, audio or video data
• Participant IP addresses, as well as devices and hardware information
• If telephones are used, contact numbers and country information

What personal data does Microsoft Teams collect and for what purposes do Microsoft Teams and Viscom use this data?

Microsoft processes the personal data in Microsoft Teams to deliver the agreed-upon services defined in the Online Services Terms and ultimately for the purposes determined by the data controller obtaining the service at Viscom. Microsoft Teams, as a cloud-based service, processes various types of personal data as part of delivering the service. This personal data includes:

• Content: Your meetings and conversations chats, voicemail, shared files, recordings and transcriptions.
• Profile Data: Data that is shared within your company about you. Examples include your email address, profile picture, and phone number.
• Call History: A detailed history of the phone calls you make, which allows you to go back and review your own call records.
• Call Quality Data: Details of meetings and call data are available to your system administrators.
• This allows your administrators to diagnose issues related to poor call quality and service usage.
• Support/Feedback Data: Information related to troubleshooting tickets or feedback submission to Microsoft.
• Diagnostic and Service Data: Diagnostic data related to service usage. This personal data allows Microsoft to deliver the service (troubleshoot, secure and update the product and monitor performance) as well as perform some internal business operations, such as:
  • Determining service usage
  • Conducting product and capacity planning

To the extent Microsoft Teams processes personal data in connection with Microsoft’s legitimate business operations, Microsoft will be an independent data controller for such use and will be responsible for complying with all applicable laws and controller obligations.

Scope of Processing

Viscom AG uses Microsoft Teams to conduct online meetings. For online meetings that are to be recorded, notification is sent prior to the meeting and where required, with a request for consent. When required for the purposes of keeping a record of an online meeting, Viscom AG will log the contents of the chat.

Legal Foundation for the Processing

The legal basis for the data processing of Teams online conferences for employees is § 26 BDSG – new. In other cases: Article 6(1)(b) applies when the meeting is held in performance of a contractual relationship; Article 6(1)(f) when the meeting is held with you for other business purposes.

Who Has Access to the Data and where Is Data Processing Performed?

Access is restricted to the employees of Viscom AG and the employees of the Microsoft Corporation as the basis for presenting the conferencing services. Since Microsoft is domiciled in the USA, data transfer there cannot be excluded. Normally, however, the data are processed through the Microsoft server in the EU. The transfer of personal data to third countries is conducted on the basis of standard contract clauses between our company and Microsoft per Art. 46 (2)(c) DSGVO.

How long does Microsoft Teams retain personal data?

Because this data is required to provide the service, this typically means that we retain per-sonal data until the user stops using Microsoft Teams, or until the user deletes personal da-ta.  If a user (or an administrator on the user’s behalf) deletes the data, Microsoft will ensure that all copies of the personal data are deleted within 30 days.

If a company terminates service with Microsoft, corresponding personal data will all be deleted between 90 and 180 days of service termination.  In some circumstances, local laws require that Microsoft Teams retain telephone records (for billing purposes) for a specific period of time;  in those circumstances Microsoft Teams follows the law for each region.

Source: https://docs.microsoft.com/en-us/microsoftteams/teams-privacy

Hanover, Germany, May 2021, the Viscom AG Data Protection Representatives