Privacy Policy

Thank you for your interest in our company (“FPM Holding GmbH” or “we” or “us”). The security of your personal data is very important to our general managers. In general, the use of our website is always possible without the necessity to provide any personal data. However, if you use certain services that are provided on some of our web pages, the processing of personal data may be required. If it is required to process your personal data and there is no legal basis for such action, we will always ask for your explicit authorization.

The processing of personal data, for instance name, address, e-mail address or telephone number will only be done in compliance with European data protection rules (General Data Protection Regulation, GDPR) and country-specific laws and regulations. This privacy policy is to inform you on the way how we obtain your personal data as well as the scope and purposes of the processing. Furthermore you will find information on your rights with regard to the processing of your personal data.

We have implemented appropriate technical and organizational measures to protect your personal data that we obtain from you when you perform certain activities on our web site. However, the risk of security gaps on web sites and internet connections can never be entirely eliminated, and we are thus unable to guarantee absolute security. For that reason, you always have the ability to choose alternative methods to provide us with your personal data, for instance via a telephone conversation.

1. Definitions

Our privacy policy is based on the definitions that have been implemented within the framework of the European General Data Protection Regulation (GDPR). This privacy policy is supposed to be easily readable and understandable for the general public as well as our customers and business partners. To this end, we will first explain the terminology used in this privacy policy.

The following terms are used in this privacy policy:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject (or: ‘user’) is any identified or identifiable natural person whose personal data are processed by a controller or processor that obtained the corresponding personal data.

c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

f) Pseudonymization

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

The controller as defined by the General Data Protection Regulation (GDPR) or by other Union or Member State law or other data protection rules is:

FPM Holding GmbH
Hainichener Strasse 2 a
09599 Freiberg
Deutschland

Tel.: +49 (0)3731 271 435
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
Website: www.fpm.de

3. Cookies

We use cookies on our web pages. Cookies are text files sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing.

Many web sites and servers use cookies. A lot of cookies contain a so-called cookie ID. A cookie ID is a unique identification code for the respective cookie. It consists of a sequence of characters that relates web pages and servers to the specific web browser which stored the cookie. This enables visited web pages and servers to differentiate between the data subject’s web browser and other web browsers that contain different cookies.

By using cookies our company FPM Holding GmbH can provide features and helpful services to the visitors of our website. Some of these features might not be available without the use of cookies.

A specific web browser can be recognized and identified by means of a distinct cookie ID. It is not necessary, for instance, to enter access data again when re-visiting a website, because this is done automatically by the website and the cookie that had been created on the user’s computer. Another example is the cookie that is used for the basket of an online shop. The online shop can store information on items that a customer has put into the basket using a cookie.

The use of cookies by our website can always be prohibited by the user simply by going to the web browser settings and choosing never to accept cookies on a specific website. It is furthermore possible to delete existing cookies using the web browser itself or other software applications. This can be done in any available standard web browser. If the use of cookies has been deactivated by the user, it is possible that not all features on our website can be used.

4. Collection of general data and information

Our website collects general data and information each time a user or an automated system visits our website. Our server creates log files to store general data and information. The following pieces of information are stored in those files: (1) type and version of the web browser used, (2) the user’s operating system, (3) the website that is used by an accessing system to get to our website (so-called referrer), (4) sub web pages which are accessed by an accessing system on our website, (5) date and time of the access to our website, (6) the internet protocol address (IP address), (7) the internet provider of the accessing system and (8) other similar pieces of data and information that may be required to prevent any sort of threats or attacks on our information technology systems.

We do not use that general data and information to draw any conclusions regarding the user. The information is required to: (1) display the content on our website correctly, (2) optimize the content on our web pages and the advertisements that they contain, (3) the uninterrupted proper functioning of our information technology systems and the technical equipment which is needed for our website and (4) to provide information to legal authorities in case of a cyberattack. All pieces of data and information that have been collected anonymously are analyzed by us statistically on the one hand, and on the other hand we analyze the information to improve data protection and data security in our company in order to guarantee an optimal level of protection for all personal data that we process. All anonymously collected pieces of data of the server log files are stored separately from the user’s personal data.

5. Making contact via our website

In accordance with legal requirements our website contains details that allow for making contact with our company electronically. This includes the indication of a general E-Mail address. If the user makes contact with us by using our E-Mail address or the contact form on our website, all personal data that is transmitted to us will be stored automatically. Such personal data is provided voluntarily by the user and stored in our system so that we can process the information and get in contact with the user. Personal data is never forwarded to third parties.

6. Automatic deletion and blocking of personal data

The controller processes and stores personal data of the user only for the period of time until the aim/reason for storing the personal data has been achieved, or as long as the storing is required by European laws or any other laws and regulations that the controller is obligated to.

If the reason for storing the data is not applicable any longer, or if a certain period of time for data storage as defined by a European regulation or any other competent legislative body expires, all personal data will be blocked or deleted routinely in compliance with legal requirements.

7. User rights

a) Right of confirmation

Based on European regulations, each user has the right to demand a confirmation from the controller if any personal data is processed or not. If a user decides to make use of that right of confirmation, it is always possible to make contact with one of our employees.

b) Right of information

Based on European regulations, each user whose personal data is being processed by the controller has the right to obtain free of charge information about the personal data that has been collected and stored. The user also has the right to receive a copy of that information. Furthermore, the European legislative authority decided that the user may receive the following information:

  • the purpose of the data processing
  • the categories and types of personal data that are processed
  • the recipients or categories of recipients that the personal data have been or will be revealed to, especially if the recipients are located in third party countries or at international organizations
  • if possible, the intended period of time for which the personal data will be stored, or, if this is not possible, the criteria that determine this time period
  • that the user has the right of correction or deletion of personal data that relate to the user, as well as the right of limited processing of personal data by the controller, and the right to object the processing of personal data
  • that the user has the right to submit a complaint to a regulatory authority
  • if the personal data do not originate from the person that those pieces of data relate to: all available information regarding the origin of that data
  • the existence of an automated decision-making including profiling in accordance with article 22 par. 1 and 4 GDPR and – at least in such cases – significant information on the logic involved as well as the intended consequences of such processing for the user

Furthermore the user has the right to be informed if personal data have been transmitted to a third party country or an international organization or not. If this is the case, the user also has the right to be informed about adequate security measures with regard to the data transmission.

If a user decides to make use of that right of information, it is possible to make contact with an employee of the controller at any time.

c) Right to rectification

The European legislative authority granted each user who is affected by the processing of personal data the right to demand of the controller the immediate rectification of false or incorrect data that relate to the user. Furthermore, in consideration of the purpose of the data processing, the user has the right to demand the completion of incomplete personal data that relate to the user, also by submitting an additional statement.

If a user decides to make use of that right of rectification, it is possible to make contact with an employee of the controller at any time.

d) Right to erasure (‘right to be forgotten’)

The European legislative authority granted each user who is affected by the processing of personal data the right to demand of the controller the immediate erasure of personal data that relate to the user, provided that one of the following reasons is applicable and that a processing of data is not necessary:

  • the personal data have been collected for such purposes or are processed in such a manner that contradict the original reasons and purposes for collecting the data
  • the user withdraws his or her consent which the processing of personal data was based on, in accordance with article 6 par. 1 a GDPR or article 9 par. 2 a GDPR, and there is no other legal basis for the data processing
  • the user objects to the processing of personal data in accordance with article 21 par. 1 GDPR, and there are no legitimate reasons for the processing of data, or the user objects to the processing of data in accordance with art. 21 par. 2 GDPR
  • the personal data have been processed illegally
  • the erasure of personal data is required in order to comply with European law or member state law which the controller is subject to
  • the personal data have been collected with regard to services offered by the information society in compliance with art. 8 par. 1 GDPR

If one of the reasons indicated above is applicable and the user wishes to demand the erasure of personal data that are stored by FPM Holding GmbH, it is possible to make contact with one of our employees at any time. Our staff member will then take care of the immediate erasure of personal data.

If personal data have been made public by our company FPM Holding GmbH and we are obligated to erase personal data in accordance with art. 17 par. 1 GDPR, then our company FPM Holding GmbH will take any adequate action in consideration of available technologies and cost for implementation, and also with regard to technological aspects, to make sure that any other controllers will be made aware of the fact that the user has requested the erasure of all links to the personal data that relate to the user, as well as any copies or duplicates of that data, provided that the processing of that data is not necessary. Our staff member will then make sure that the appropriate measures will be carried out in each individual case.

e) Right to restriction of processing

The European legislative authority granted each user who is affected by the processing of personal data the right to demand of the controller to restrict the processing of personal data that relate to the user, provided that one of the following reasons is applicable:

  • the correctness of the personal data is disputed by the user, and this is relevant for such period of time that the controller requires to verify the correctness of the data that relate to the user
  • the data processing is illegal, the user refuses the erasure of personal data and instead demands a restriction of processing
  • the controller does not require the personal data any longer for the purpose of data processing, but this is still required by the user in order to assert, make use of or defend any legal claims
  • the user filed an objection to the processing of data in accordance with art. 21 par. 1 GDPR and it has not been determined yet if the legitimate reasons of the controller outbalance those of the user

If one of the conditions indicated above is applicable and the user wishes to demand the restriction regarding the use of personal data that are stored by FPM Holding GmbH, it is possible to make contact with one of our employees at any time. Our staff member will then take care of the limitation regarding the processing of personal data.

f) Right to data portability

The European legislative authority granted each user who is affected by the processing of personal data the right to receive a copy of that data that have been made available to a controller by the user in a structured, commonly used and machine-readable format. Furthermore the user has the right to transmit the data to another controller without being impeded by the controller who had been made available of that personal data previously, as long as the data processing is based on a consent in accordance with art. 6 par. 1 a GDPR or art. 9 par. 2 a GDPR, or on an agreement in accordance with art. 6 par. 1 b GDPR and the data processing is realized by means of automated processes, as long as the processing is not required for carrying out a tasks that is subject to public interest or a task that has been assigned to the controller and is exercised of official authority.

In addition, when making use of the right to data portability in accordance with art. 20 par. 1 GDPR, the user has the right to demand that the personal data be transmitted directly from one controller to another controller, provided that this is technologically possible and provided that the rights and freedoms of other persons are not interfered with.

In order to make use of the right to data portability, the user may contact one of our staff members at any time.

g) Right to object

The European legislative authority granted each user who is affected by the processing of personal data the right to object at any time to the processing of data that relate to the user and which is carried out in accordance with art. 6 par. 1 e or f GDPR, due to reasons that are the consequence of the user’s specific situation. The same is valid for a profiling process which is based on these terms.

In case of objection by the user, our company FPM Holding GmbH will not process personal data any longer, unless we can present legitimate reasons for the processing which outbalance the interests, rights and freedoms of the user, or the processing is required due to the assertion, exercise or defense of a legal claim.

If our company FPM Holding GmbH processes personal data for the purpose of advertising, the user that those personal data relate to has the right to object at any time to the processing of personal data for the purpose of such advertising. The same is valid for profiling processes, provided that such processes are associated with advertising. If a user files an objection to the processing of personal data for the purpose of advertising to our company FPM Holding GmbH, then we will no longer use the personal data for such purposes.

In addition, the user who is affected by the processing of personal data has the right to object at any time to the processing of data carried out by our company FPM Holding GmbH for scientific, historic or statistical purposes, due to reasons that are the consequence of the user’s specific situation, in accordance with art. 89 par. 1 GDPR, unless such processing is necessary in order to fulfill a task in the public interest.

In order to make use of the right of objection, the user may contact one of our staff members at any time. When using services of the information society, notwithstanding directive 2002/58/EG, the user has furthermore the right to file an objection using automated procedures which use technical specifications.

h) Automated individual decision-making, including profiling

The European legislative authority granted each user who is affected by the processing of personal data the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the user or similarly significantly affects the user. This shall not apply if the decision (1) is necessary for entering into, or performance of, a contract between the user and the controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the user’s rights and freedoms and legitimate interests, or (3) is based on the user’s explicit consent.

If the decision (1) is necessary for entering into, or performance of, a contract between the user and the controller, or (2) is based on the user’s explicit consent, our company FPM Holding GmbH will implement suitable measures to safeguard the user’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

If the user wishes to make use of the rights related to automated decision-making, he or she may contact one of our staff members at any time.

i) Right to withdraw

The European legislative authority granted each user who is affected by the processing of personal data the right to withdraw at any time his or her consent to process personal data.

If the user wishes to make use of the right to withdraw his or her consent, he or she may contact one of our staff members at any time.

8. Data protection rules regarding the use of Google AdWords

The controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service which enables the advertiser to place advertisements in the results of Google’s search engine as well as in Google’s advertising network. Google AdWords enables the advertiser to determine in advance certain key words which lead to such a result that an ad is only displayed in Google’s search engine results whenever the user’s search is related to the key words. The advertisements in Google’s ad network are distributed and displayed on thematically relevant websites, based on automated algorithms and in consideration of the predetermined key words.

Operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to promote our website on the web pages of third party companies by displaying relevant advertising content on those web pages, in the search results of Google’s search engine and a display of third-party advertisement on our website.

If a user is forwarded to our website after clicking on a Google advertisement, then Google will create a so-called conversion cookie on the user’s IT system. What cookies are has already been explained above. A conversion cookie expires after thirty days and is not used to identify the user. Provided that the conversion cookie has not expired yet, it is used to retrace which subpages had been visited on our website, for instance the basket of an online shop. By means of the conversion cookie our company as well as Google can retrace if a user who has been forwarded to our website by clicking on an AdWords advertisement, has generated a turnover, i.e. either realized a purchase or canceled it.

Any data and information that have been collected by the use of conversion cookies will be analyzed by Google to create usage statistics for our website. Our company then uses these statistics to determine the total number of visitors who have been forwarded to our website via an AdWords advertisement, so that the success rate of a specific AdWords ad can be evaluated and to optimize those ads in the future. Neither our company nor other advertising clients who use Google AdWords receive any information from Google that could be used to identify the user.

Conversion cookies are used to store personal data and information, for instance which websites have been visited by the user. That is, each time a user visits our website, personal data including the user’s IP address are transmitted to Google in the United States of America. That personal data is stored by Google in the United States of America. Google possibly passes on those personal data that have been collected using this technical method to third parties.

As stated above, the user can always restrain the use of cookies by adjusting the settings in his or her web browser accordingly and that way object to the use of cookies permanently. By adjusting the web browser settings in this manner the user would also prevent Google from placing a conversion cookie on his or her IT system. Furthermore, it is possible to delete any cookie that had been placed by Google AdWords simply by going to the web browser settings or using other software applications for that purpose.

The user also has the possibility to object to interest-based ads shown by Google. To do that, the user needs to go to the link www.google.com/settings/ads using each web browser individually and then adjust the settings accordingly.

More information and Google’s data protection regulation can be found on https://www.google.de/intl/en/policies/privacy/

9. Legal basis for data processing

Whenever we need to get a declaration of consent for an intended purpose of the processing, our company uses art. 6 I lit. a GDPR as legal basis for processing operations. If the processing of personal data is necessary to perform a contract which the user is part of - this is the case for instance whenever personal data need to be processed in order to realize a delivery of goods or any other service or return service – then the processing of data is based on art. 6 I lit. b GDPR. The same applies for such processing of data that is necessary to perform pre-contractual measures, for instance after receipt of an enquiry for our products or services. If our company is subject to a legal obligation that requires the processing of personal data, for instance for the performance of fiscal obligations, then the processing is based on art. 6 I lit. c GDPR. In rare cases the processing of personal data could be necessary in order to protect essential interests of the user or that of another natural person. This would be the case, for instance, when a visitor is injured in our company and his or her name, age, health insurance details or other essential information that need to be passed on to a doctor, hospital or other third parties. Then the processing of data would be based on art. 6 I lit. d GDPR. Finally, the processing of data could be based on art. 6 I lit. f GDPR. Any processing of data that is not covered by any of the aforementioned legal bases, is based on this last-mentioned legal basis, provided that the processing of data is necessary for a legitimate interest of our company or a third person, and provided that those interests are not outweighed by the interests, fundamental rights and fundamental freedoms of the user. We are allowed to carry out such data processing, because the European legislative authority emphasized this aspect in particular. The authority argued that a legitimate interest can be assumed if the user is a customer of the controller (recital 47 sentence 2 GDPR).

10. Legitimate interest of the controller and third parties in the processing of data

If the processing of data is based on art. 6 I lit. f GDPR, then our legitimate interest is the ability to perform our business activities for the benefit of all our employees and shareholders.

11. Duration of storage of personal data

The main criteria for determining the duration of storage of personal data is the respective legal retention period. Once that period has expired the data are erased routinely, provided that the data is no longer required for entering into or performance of a contract.

12. Legal or contractual regulations for the provision of personal data; necessity for the conclusion of a contract; obligation of the user to provide personal data; possible consequences of the non-provision of data

This is to inform you that the provision of personal data is to some extent statutory (e.g. tax regulations) or results from contractual arrangements (e.g. information about the contract partner). In order to conclude a contract, it is possible that a user has to provide us with personal data which then have to be processed by us. For instance, the user is obligated to provide us with personal data if he or she wants to enter into a contract with our company. The consequence of not providing personal data would be, that a contract with the user might not be concluded. Prior to the provision of personal data by the user, he or she has to make contact to one of our staff members. Our staff member explains to the user in each individual case, if the provision of personal data is required by law or by contract, or if the provision of data is required to conclude a contract, if there is any obligation to provide personal data, and what the consequences of not providing personal data would be.

13. Existence of an automated decision-making

As a responsible company we do not use technologies for automated decision-making or profiling.

This data protection regulation was created by the data protection regulation generator provided by DGD (‘Deutsche Gesellschaft für Datenschutz GmbH’), acting as external data security officer in Stuttgart, in cooperation with RC GmbH (sale of used computers) and the law firm ‘WILDE BEUGER SOLMECKE | Rechtsanwälte'.

14. Article 14 GDPR

According to article 14 of the General Data Protection Regulation, this is to inform you that in case of a breach of contractual obligations or fraudulent actions, personal data that we collected from customers or business partners will be transmitted to the company CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 München. Legal basis for those transmissions are art. 6 par. 1 b and art. 6 par. 1 f GDPR. Transmissions that are based on art. 6 par. 1 f GDPR may only be carried out if such transmission is in the legitimate interest of our company or third parties and if those interests are not outweighed by the user’s interests or fundamental rights and fundamental freedoms which require the protection of personal data.

The exchange of data with the company CRIFBÜRGEL is also required to comply with the legal obligation to assess the credit worthiness of a customer (Par. 505a and 506 German Civil Code).

The company CRIFBÜRGEL processes the data that they receive from us and also uses the data for the purpose of profiling (scoring) in order to provide information to their contractual partners in the European Economic Area, in Switzerland and if necessary other third countries (provided that there is a corresponding resolution of appropriateness by the European Commission) for the purpose, among other things, of assessing the credit worthiness of natural persons. More information on the activities performed by the company CRIFBÜRGEL can be found in the CRIFBÜRGEL information sheet, or online by using the following link: www.crifbuergel.de/en/privacy