General Data Protection Regulation

Data protection regulations

website and web shop (GDPR)

S.E.A. Data protection regulations for the website (according to the GDPR)
www.sea-gmbh.com and the sub-pages including the web shop

We take the protection and security of your (hereinafter the “user”) personal data (hereinafter “pd”) as defined by Art. 4 no. 1 General Data Protection Regulation (hereinafter “GDPR”) seriously. Consequently, we comply with the statutory provisions to ensure adequate protection of the pd of every single user. We would like to inform you hereinafter about the nature, scope and purpose of the processing of pd:

S.E.A. Science & Engineering Applications Datentechnik GmbH (hereinafter “S.E.A.” or “we”) processes pd exclusively within the limits of the applicable data protection regulations.

In this Privacy Policy (hereinafter “PP”), we provide you with information according to Art. 13 GDPR regarding the use of the website www.sea-gmbh.com including its sub-pages. First of all, we are going to explain to you who is the responsible body (hereinafter “controller”) and who is the data protection officer; after that, broken down by the different modes of access in the different areas of the website, we provide you with information on the types of pd, the purposes of the processing and the legal basis for the processing, the recipients, if any, and legitimate interests, if any, and the periods until erasure of the pd and with supplementary information, where required. Finally, at the end of this Privacy Policy, we explain to you the rights to which you are entitled.

1. Contact data of the controller (Art. 13 subs. 1 a) GDPR)

The controller responsible for the operation of the website and all sub-pages and thus for the handling of pd that is processed in this context is S.E.A. Science & Engineering Applications GmbH, Mülheimer Str. 7, 53840 Troisdorf, Germany, email address: info@sea-gmbh.com.

2. Contact data of the data protection officer (Art. 13 subs. 1 b) GDPR)

Our data protection officer is the lawyer Prof. Klaus Gennen, c/o LLR DSC GmbH, Mevissenstraße 15, 50668 Cologne, email address: gennen@llrdsc.de.

3. Website access, use of the search function on the website and download of documents in the freely accessible website area

a. Types of personal data: Every time a user accesses the website or uses the search function or downloads documents in the freely accessible area of the website, the following log files of the respective user are collected automatically: Information on the browser type and the browser version used, operating system of the user, address of the website visited before (referrer), IP address of the user, date and time of access.

b.  Purposes of the processing (Art. 13 subs. 1 c) GDPR): The log files are processed to ensure proper functioning of the website, enable download and/or answer your search request. Moreover, the data serves to ensure the security of information technology systems under which the website is operated. The data is not analysed for marketing purposes or any other purposes.

c.  Legal basis for the processing, legitimate interests (Art. 13 subs. 1 c) and d) GDPR): The legal basis for the processing of the log files data is Art. 6 subs. 1 f) GDPR, which means that the processing is based on legitimate interests of S.E.A. Our legitimate interests consist in the possibility to offer you our web services including the download of documents.

d.  Recipients/Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR). All data is processed on computers within the European Union. The website hoster only renders pd processing on behalf. The pd is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law.

e. Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased as soon as you have terminated your visit of our website at the latest, i.e. as soon as the browser on your computer is closed. For technical reasons, data on the server (log files) is erased regularly every 14 days.

4. Use of the contact form

The user, before he/she uses the contact form (transmission of the completed form available on the sub-page www.sea-gmbh.com/en/contact/contact/), must consent to the processing of the pd disclosed in connection with the use of the contact form by actively placing a check mark according to the following provisions, otherwise the completed form cannot be sent. As to your right to withdraw the consent at any time: see sec. 10.

a. Types of personal data: This data comprises first name/ last name, email, company/institution, content of the message, technical documentation of the consent given.

b.  Purposes of the processing (Art. 13 subs. 1 c) GDPR): The purpose of the processing is to answer the user’s request and, subsequently, perhaps the initiation (taking steps prior to entering into a business relationship), the establishment and performance of a business relationship, depending on the kind of request made from time to time.

c.  Legal basis for the processing (Art. 13 subs. 1 c) GDPR): The legal basis for the processing is Art. 6 subs. 1 a) GDPR, i.e. the consent given and, depending on the further course of communication, Art. 6 subs. 1 b) GDPR for the initiation (taking steps prior to entering into a business relationship) and performance of a business relationship;

d.  Recipients/ Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The user data is not transferred to third parties (Art. 4 no. 10 GDPR) unless the user has explicitly requested such transfer in his/her request and the consent specifically refers to such transfer. All data is processed on computers within the European Union. The pd is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law.

e. Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased upon expiry of twelve months from the time when the request was answered resp. settled (we know by experience and in consideration of the types of products we offer, that this is the typical request-answer cycle on the part of the user in the case of potential orders for work performance or other requests relating to our products) unless the specific nature of the request requires different handling (e.g. rendering of advice) or the consent is withdrawn at an earlier point in time. Where the request leads to a contractual relationship or prepares such a contractual relationship, the data will be erased in accordance with the statutory provisions, that is no later than after expiry of six months from the time when the desired contractual or precontractual relationship has ended unless Art. 17 subs. 3 GDPR applies, in particular where legal obligations to retain the data must be complied with and/or the data is necessary for the establishment, exercise or defence of or against legal claims.

5. Newsletter

Users can subscribe to a free newsletter via our website.
a. Types of personal data: Name, function, e-mail address
b. Purposes of the processing (Art. 13 para. 1 lit. c) DPA): The registration for the newsletter dispatch is carried out within the scope of a so-called double opt-in procedure. After registration for the newsletter via the input mask on our website, users receive a confirmation e-mail to the e-mail address entered in the registration process. This confirmation e-mail contains a link that confirms the e-mail address as the receiving address for the newsletter. Only after activating this link the final registration for the newsletter will take place. This way we want to make sure that only authorized persons of the entered e-mail address receive the newsletter and that the e-mail address is not misused. The relevant confirmation must be sent promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database.

c. Legal basis for the processing (Art. 13 para. 1 lit. c) DSGVO): The processing of your e-mail address for the purpose of sending the newsletter is based on your voluntarily given consent in accordance with Art. 6 Para. 1 lit. a) DSGVO:

Declaration of consent:

By entering my personal data and pressing the button “Order newsletter”, I agree that this data may be used for the purpose of regular newsletter dispatch. I can unsubscribe from the newsletter service at any time by clicking on the corresponding “Unsubscribe” link at the end of the newsletter. Using this function I can revoke this consent to the collection and processing of personal data collected during the registration process at any time.

d. Recipient/third/third country transmission (Art. 13 para. 1 lit. e) and f) DSGVO): Your data will not be passed on to third parties in connection with the sending of the newsletter

e. Deletion periods (Art. 13 para. 2 lit. a) DSGVO): The above-mentioned personal data will be stored for as long as they are required for sending the newsletter or for as long as the newsletter is subscribed to. After a cancellation of the newsletter service, the data will be deleted.

6. Contact by email via the email addresses of S.E.A. stated on the website
(other than for application purposes, for this see sec. 7)

We offer you the possibility at different points on our website where the applicable email addresses are stated, to contact us directly by email.

a. Types of personal data: These types are email address, log files containing information on the quality and attributes of the email and the time of receipt as well as all pd that, for instance, has been disclosed by the sender in his/her email.

b. Purposes of the processing (Art. 13 subs. 1 c) GDPR): The purpose of the processing is to answer the user’s request, and, subsequently, perhaps the initiation (taking steps prior to entering into a business relationship), the establishment and performance of a business relationship, depending of the kind of request made from time to time.

c.  Legal basis for the processing (Art. 13 subs. 1 c) GDPR): The legal basis for the processing of the data which the user transfers to us in the context of an email transmission is Art. 6 subs. 1 f) GDPR when the sender is not our customer yet or does not otherwise maintain a business relationship with us or is involved in the initiation of such a business relationship. If there is already a contractual relationship with the user or such a relationship is intended to be established on the sender’s initiative, the legal basis for the processing is Art. 6 subs. 1 b) GDPR.

d. Legitimate interests in the case of processing based on Art. 6 subs. 1 f) GDPR (Art. 13 subs. 1 d) GDPR): Our legitimate interests consist in informing you and answering your request, or, as the case may be, in entering into a business relationship with you where this is part of your request.

e. Recipients/ Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR) unless the user has explicitly consented to the transfer. All emails are processed on computers within the European Union, and we have concluded with the email hoster a contract for data processing on behalf according to Art. 28 GDPR. The data is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law.

f. Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased upon expiry of twelve months from the time when the request was settled in technical respect (we know by experience and in consideration of the types of products we offer, that this is the typical request-answer cycle on the part of the user in the case of potential orders for work performance or other requests relating to our products) unless the specific nature of the request requires different handling (e.g. rendering of advice). Where the request leads to a contractual relationship or prepares such a contractual relationship, the data will be erased in accordance with the statutory provisions when the desired contractual or precontractual relationship has ended, that is after expiry of six months from the end of the said relationship unless Art. 17 subs. 3 GDPR applies, in particular where legal obligations to retain the data must be complied with and/or the data is necessary for the establishment, exercise or defence of or against legal claims.

7. Opening of a user account, activities performed under the user accounts

(https://www.sea-gmbh.com/jdownload/ and www.sea-gmbh.com/jdownloadsec)

For customers from certain trades, user accounts can only be opened for persons who are employed with institutions with which S.E.A. maintains or prepares a contractual relationship. For all other trades, it is possible to open a user account without an underlying business relationship. User accounts can also be assigned a functional name or role such that no pd are concerned, or they can be assigned the name of a natural person. A user account serves in particular to facilitate the provision of information, e.g. the download of product manuals.

a. Types of personal data: These types are: last name, first name (user name), email address and, where required, password. S.E.A. cannot access the password.

b. Purposes of the processing (Art. 13 subs. 1 c) GDPR): The purpose of the processing is to facilitate the provision of software and information on the purchased products in the context of an existing business relationship, e.g. manuals, installation instructions and the like.

c. Legal basis for the processing (Art. 13 subs. 1 c) GDPR): The legal basis for the processing is Art. 6 subs. 1 b) GDPR where such an account is opened for existing customers and serves exclusively to perform the existing business relationship. In all other cases, the legal basis is Art. 6 subs. 1 f) GDPR because the facilitation of provision of information constitutes a legitimate interest of S.E.A.

d. Recipients/ Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR). All data is processed on computers within the European Union, and we have concluded with the hoster a contract for data processing on behalf according to Art. 28 GDPR. The data is not transferred to a third country. Transfer of pd to government bodies or authorities is made only within the limits of the law.

e. Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased automatically when the user has not logged in to the account for twelve months; otherwise the data is erased according to the statutory provisions, i.e. when the contractual relationship which was the basis authorising the opening of the user account has ended, that is three months after the end of the contractual relationship unless Art. 17 subs. 3 GDPR applies, in particular where legal obligations to retain the data must be complied with and/or the data is necessary for the establishment, exercise or defence of or against legal claims.

8. Transfer of application documents

We offer you the possibility under www.sea-gmbh.com/en/nc/career/vacancies/ to file an application for our vacancies by email.

a. Types of personal data: These types are email address including the logging of the email on our computers as well as all pd contained in your email that pertain to your application, e.g. title, last name, first name, details from the curriculum vitae, references/ certificates or the like.

b. Purposes of the processing (Art. 13 subs. 1 c) GDPR): The purpose of the processing is to select applicants and possibly establish an employment relationship with them.

c. Legal basis for the processing (Art. 13 subs. 1 c) GDPR): The legal basis for the processing is § 26 BDSG (German Federal Data Protection Act) (new version), and, as the case may be, Art. 6 subs. 1 b) GDPR (e.g. in the case of an application for freelance work).

d. Recipients/ Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR). All emails are processed on computers within the European Union, and we have concluded with the emails hoster a contract for data processing on behalf according to Art. 28 GDPR. The data is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law.

e. Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is erased within three months from termination of the application procedure (decision on whether or not your application is accepted) unless (i) the application was successful and the entire application documents are added to the personnel file (§ 26 BDSG – German Federal Data Protection Act), (ii) you as the applicant have explicitly consented that your data is entered in a talents pool for a certain period of time (after expiry of which the data will be erased) and/or (iii) Art. 17 subs. 3 GDPR applies, in particular where legal obligations to retain the data must be complied with and/or the data is necessary for the establishment, exercise or defence of or against legal claims.

9. Web shop

This part of the Privacy Policy applies to the web shop of the controller operated under the address shop.sea-gmbh.com. You can only use the web shop after a user account has been established according to sec. 6. In addition, the provisions in sec. 3 apply to the general use of the website.

a. Types of personal data: When a customer account is opened, the data specified in sec. 6 is processed. When you order goods, your last name/ first name, postal address (invoice address and delivery address), email address, bank details or credit card number are processed for the purpose of conclusion and performance of the contract

b. Purposes of the processing (Art. 13 subs. 1 c) GDPR): The purpose of the processing is to bring about and perform the contract for purchase of goods and the provision of services including after-sales service after the contract has been executed (advice, liability for defects etc.).

c.  Legal basis for the processing (Art. 13 subs. 1 c) GDPR): The legal basis for the processing is Art. 6 subs. 1 b) GDPR, namely an existing contractual relationship or the initiation of a contractual relationship (taking steps prior to entering into a business relationship).

d.  Recipients/ Third parties/Transfer to third countries (Art. 13 subs. 1 e) and f) GDPR): The data is not transferred to third parties (Art. 4 no. 10 GDPR) unless the user has explicitly consented to the transfer. When the purchase contract is concluded, the user declares his/her consent that the data necessary for contract performance is transferred to a payment services provider and, where applicable, to SCHUFA, Creditreform or Hermes Kreditversicherung (credit enquiry agencies) for the purpose of credit checks. The data necessary for delivery including but not limited to the postal address and telephone numbers may be transferred to a carrier which might be engaged or any other recipient that is necessary for the delivery of the goods. All data is processed on computers within the European Union. We have concluded with the web shop hoster a contract for data processing on behalf according to Art. 28 GDPR. The data is not transferred to a third country and there is no intention to do so either. Transfer of pd to government bodies or authorities is made only within the limits of the law.

e.  Periods until erasure (Art. 13 subs. 2 a) GDPR): The data is processed during the term of the business relationship including the warranty period if and to the extent the data is necessary for such purpose. Otherwise the data is erased. Where the business relationship has ended, the data will be erased after expiry of six months from the time when the business relationship has ended. This does not apply where Art. 17 subs. 3 GDPR applies, in particular where legal obligations to retain the data must be complied with (documents in terms of the “Abgabenordnung” (German General Tax Code) must be retained for 10 years and business documents in terms of the “Handelsgesetzbuch” (German Commercial Code – “HGB”) for six years) and/or the data is necessary for the establishment, exercise or defence of or against legal claims (e.g. warranty claims for defects or defence against such claims).

10. Use of cookies and analysis tools

a. Cookies

S.E.A. uses so-called “cookies“. Cookies are small text files which store website settings when the website is used, e.g. in the web browser of the user. The cookies serve to render the use of the website easier. S.E.A. only uses so-called session ID cookies. They are only stored in the user’s web browser for the duration of the relevant session and are deleted automatically when the browser is closed. Every user is free to set his/her browser to prevent the installation of such cookies. However, in this case, the user might be prevented from using all features and functions of the website without restrictions.

b. YouTube/Facebook and other social networks

The references on our websites to YouTube and social networks are mere links, no plug-ins. We do not use plug-ins from social networks or the like. When the user clicks the links, he/she is redirected to the website of the respective other website provider. The websites of such other providers are subject to the data protection regulations applicable to these websites.

c. Web analysis by Matomo (formerly PIWIK)

We use the open source software tool Matomo (formerly PIWIK) on our website to analyze user behavior. The software sets a cookie on the user’s computer (for cookies, see already above).
The IP address of the user is shortened before storage, so that conclusions about the natural person are not possible. For users who have activated a “Do Not Track” function in their browser, no web tracking is performed using Matomo.
i. Types of personal data: If individual pages of our website are accessed, the following data is stored:
1. two bytes of the IP address of the user’s calling system.
2. the web page called up
3. the website from which the user reached the accessed website (referrer)
4. the subpages accessed from the accessed website
5. the time spent on the website
6. the frequency with which the web page is accessed
ii. Purposes of the processing (Art. 13 (1) c GDPR): The use of Matomo serves to analyze user behavior for purely internal purposes and to improve our online offering according to user preferences.
iii. Legal basis for processing (Art. 13 (1) c GDPR): The legal basis for the processing is the user’s consent via our cookie consent tool, Art. 6 (1) a GDPR.
iv. Recipients/third parties/third country transfer (Art. 13 (1) e and f DSGVO): There is no transfer of data to third parties (Art. 4 No. 10 GDPR). The software runs exclusively on the servers of our website. A storage of the users’ personal data only takes place there.
v. Deletion periods (Art. 13 (2) a GDPR): The cookie is set or stored in the user’s cache memory for a period of 14 days.

11. Rights of the user (Art. 13 subs. 2 b) – e), Art. 7 subs. 3 GDPR)

The user, subject to the statutory conditions being fulfilled, has the right at any time to request information which data relating to him or her we have stored, Art. 15 GDPR, as well as the right to rectification of this data, Art. 16 GDPR, the right to restriction of the processing, Art. 18 GDPR, and the right to erasure of his or her data, Art. 17 GDPR.

Where the user has asserted a right to rectification, erasure or restriction of the pro-cessing against S.E.A., S.E.A. will communicate any such rectification or erasure of data or restriction of processing to each recipient to whom the relevant pd has been disclosed, unless this proves impossible or involves disproportionate effort.

Moreover, the user has the right to withdraw any consent he/ she has given (Art. 7, Art. 6 subs. 1 a) GDPR), see Art. 7 subs. 3 GDPR. The withdrawal of consent does however not affect the lawfulness of processing based on consent before its withdrawal.

In addition, the user has the right to object, on grounds relating to his or her particular situation, at any time to processing of pd concerning him or her which is based on Art. 6 subs. 1 e) or f) GDPR, see Art. 21 GDPR.

Moreover, the user has the right to receive the pd concerning him or her, which he or she has provided to S.E.A., in a structured, commonly used and machine-readable format provided that the statutory conditions are fulfilled (right to data portability, Art. 20 GDPR)

When the user wants to exercise any of the aforesaid rights, he/she must address to the bodies/ persons designated in sec. 1 or 2.

In all other respects, the user has the right to lodge a complaint with a supervisory authority provided that the statutory conditions are fulfilled, see Art. 77 GDPR.