Company

Imprint

Mentor

Imprint Privacy Policy Data protection information General Terms and Conditions Netiquette

MENTOR GmbH & Co. Präzisions-Bauteile KG

Otto-Hahn-Strasse 1
D-40699 Erkrath

Handelsregister Amtsgericht Wuppertal, HRA 18913
Ust.-IdNr. according to § 27 a Umsatzsteuergesetz Ust-IDNr. DE 121648770

Management of the company: Wido Weyer, Dennis Weyer

Copyright

The web pages and their content are part of © Copyright by MENTOR GmbH & Co. Präzisions-Bauteile KG, Otto-Hahn-Strasse 1, D-40699 Erkrath, +49 (0) 211 20 0 02-0, info@mentor-bauelemente.de.

Content of the Website

The respective author of the website is responsible for the content of the websites of MENTOR GmbH & Co Präzisions-Bauteile KG. Should contents violate applicable legal regulations, please inform us immediately. We will then remove the page or the respective content as soon as possible.

Links to external Websites

The websites of MENTOR GmbH & Co. Präzisions-Bauteile KG contain references (links) to information on servers that are not subject to the control and responsibility of MENTOR GmbH & Co. MENTOR GmbH & Co. Präzisions-Bauteile KG does not take any responsibility or guarantee for this information and does not approve or support it in terms of content. These regulations correspond to § 8 of the TMG (Telemediengesetz).

Disclaimer

MENTOR GmbH & Co. Präzisions-Bauteile KG does not assume any liability for damages arising in connection with any use of its web pages. The contents are regularly checked and updated as far as possible, but no guarantee for correctness can be given under any circumstances.

Privacy Policy

General

We are strongly committed to protecting your privacy and handling your data carefully. Our Privacy Notice provides information on how we use your personal data and what your rights are in this regard. It contains detailed information about the data we process, the purpose behind this data processing, the legal basis on which we process data and for how long we store the data.

In principle, we collect, store and use personal data only to keep you informed about our work, to provide the services we offer and to ensure the functionality and user-friendliness of our website. The data processed, and the processing method and scope, are determined according to the respective purpose and the underlying legal relationship. Specifically, we process your data in the cases listed in this Privacy Notice. We process personal data in agreement with the applicable statutory provisions and, in particular, the European General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter referred to as GDPR). We only share your personal data with third parties if there is a legal basis to do so.

“Personal data” (hereinafter in part also referred to simply as “data”) is all information that relates to a known or identifiable person; it therefore means all information that can be attributed to you as a person. This applies, for example, to your name, address, exact location or IP address.

“Processing” is any process associated with personal data; the main examples are the collection, storage and use of your data.

Notes on data transfer to the USA

We have tools from other companies integrated in our website, including companies based in the USA. When these tools are active, your personal data may be transferred to the U.S. servers of the respective company. Please note that the USA are not a secure third-party country as defined in EU data protection law. U.S. companies are required to disclose personal data to security authorities without you, as the data subject, being able to take legal action against this. It can therefore not be ruled out that your personal data located on U.S. servers may be processed, analysed, and stored permanently by certain U.S. authorities (e.g. secret services). We have no influence on these processing activities.

Responsible Provider

The provider of this website and the responsible body (“controller”) within the meaning of the GDPR and other statutory provisions is:

MENTOR GmbH & Co. Präzisions-Bauteile KG
Otto-Hahn-Strasse 1
D-40699 Erkrath
Phone: 0211- 20002-0
E-Mail: info@mentor.de.com

Data Protection Officer

Data Protection Officer required by law

We have appointed a data protection officer for our company.

Boris Nicolaj Willm
Resilien[i]T GmbH
Monschauer Straße 12
40549 Düsseldorf

Tel: +49 (0) 211 695289 92
E-Mail: dsb.mentor@resilienit.de

Scope and legal bases for processing personal data

We are only permitted to process the personal data of our users and customers if there is a legal basis to do so, and data processing therefore only occurs if this is the case. Below, we provide detailed information on why we are permitted to process your personal data, making reference to the following legal bases:

Provided that we obtain your consent to process your personal data, Article 6(1)(a) GDPR shall serve as the legal basis.

For processing of personal data which is required for fulfilment of an agreement to which you are a contracting party, Article 6(1)(b) GDPR shall serve as the legal basis. This also applies to the performance of pre-contractual measures.

To the extent that processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6(1)(c) GDPR shall serve as the legal basis.

If processing is required to protect a legitimate interest of our company or of a third party and if your interests, basic rights and basic freedoms do not outweigh the afore-mentioned interest, Article 6(1)(f) GDPR shall serve as the legal basis for processing.

The legal bases for collection and use of your personal data are discussed in detail below.

Your rights in connection with your personal data

At your request, you can obtain information at any time, free of charge and within a maximum of one month, regarding the personal data we store about you, its origin, recipients, storage period, the purpose of data processing and the existence of a right to lodge a complaint (Article 15 GDPR).

You have the right to have your personal data corrected if it is incorrect or incomplete (Article 16 GDPR).

Under certain circumstances, you can also demand erasure of your personal data (Article 17 GDPR) or restriction of processing (Article 18 GDPR). This is possible, amongst other things, if your personal data no longer needs to be processed for the purposes for which it was collected, or if you revoke your consent and there is no other legal basis for processing of the data.

These rights do not exist if we are required to process the data in order to fulfil a legal obligation or to assert, exercise or defend legal claims.

If you assert your right to correction, restriction or erasure, we will, where possible, notify all recipients of your personal data.

You have the right to receive the personal data we store about you in a current, machine-readable format and to send this data to another controller or have it sent by us, if processing is based on consent or is required for performance of a contract and processing is carried out using automated methods.

You have the right to revoke privacy consent that you have given at any time. However, this revocation will not affect the legality of processing up to this time or processing based on other legal principles.

In accordance with Article 21 GDPR, you can also object to the processing of your personal data if this is carried out based on Article 6(1)(f) GDPR, i.e. based on our legitimate interests or the legitimate interests of third parties. In this case, we will only continue to process your data to the extent that our compelling legitimate interests outweigh your interests.

You have the right to complain to a data protection supervisory authority. To do this, you can also contact the supervisory authority of your usual place of residence or place of work.

All rights listed here can be asserted by notifying us of this at the address specified at the beginning of this Privacy Notice.

Data erasure and storage period

The personal data relating to the person concerned will be deleted or blocked as soon as the storage purpose has expired. Data will only be stored beyond this time if the controller is legally obligated to do so. Data will also be blocked or deleted if a retention period prescribed by the specified standards elapses, unless there is a requirement for further storage of the data for the purpose of contractual completion or performance of a contract.

Passing on your data to third parties

We will pass on your personal data to companies affiliated with us or to partners and agents if required to establish, perform or terminate a contract or quasi-contractual relationship. Partners and agents are, in particular, independent sales representatives for distributing our goods and services in Germany and abroad. For example, if you contact us, we will share the information you give us with the regional MENTOR company responsible so that it can offer you our products and services in line with your needs and the region of your enquiry.

You can find the companies in the MENTOR Group and our agents here:
https://www.mentor.de.com/kontakt/vertrieb-international/

Data processing on our behalf
To process your data, we also use external service providers to whom we forward your personal data. These providers are contractually bound to process this data solely on our behalf. Data processors are also contractually obligated to either erase or return the data when their mandate ends, for example.

Provision of the website/log files

1. a) Provider/web host:
  We use the services of a Provider for the provision of our website. In particular, the Provider provides us with the necessary storage space and technical infrastructure for the secure operation of this website. On our behalf, the Provider stores most of the data specified in this Privacy Notice, in order to make this data available to us for the respective specified purposes. The Provider’s compliance with the statutory data protection regulations is also contractually guaranteed.
2. b) Server log files:
  When you visit our website, your browser automatically sends information to our system. Our web host, who processes data on our behalf (“data processor”), collects and stores the following data as server log files:
- The user’s IP address
- Browser ID (see also browser type and version, plug-ins used),
- The user’s operating system,
- Internet service provider,
- Date and time of access,
- The Internet address of the website from which the user arrived at the current page by clicking on a link (“Referrer URL”),
- Websites, which are called up by the system from our website.
Log files are usually saved without any assignment to the individual user. However, some of the data contained in the log file, in particular the IP address, can enable assignment to the user. However, such assignment is only carried out if there is a legal obligation or basis to do so. In particular, we reserve the right to review log data retrospectively if there are specific indications of a legitimate suspicion of illegal use of our website.

We collect and process the data contained in the log files solely for the purpose of guaranteeing the functionality of our website, protecting ourselves against attacks and enabling communication between our servers and your device. This is a legitimate interest in the meaning of the legal basis set out in Article 6(1)(f) GDPR: We have an interest in presenting our offering on the Internet in a secure and efficient manner and use a specialist provider for this purpose.

The access data is stored only for as long as is necessary for the specified purpose or for as long as is prescribed by law. As a general rule, the log files are deleted after 7 days. If log files are required to track a breach of legal regulations or misuse of our homepage, they will be stored for as long as is required for the purposes of tracking.
It is not possible to object to the collection of server log files if you wish to use our website.
1. c) Log data with other providers
  In addition, log data is also stored by other providers, in particular Google. See details under Points 12 and 13 of this Privacy Notice.
2. d) SSL encryption and data security:
  We use the widely used SSL method (Secure Socket Layer) on our website, with the respective highest level of encryption. Therefore, data transmission between our server and your browser is encrypted. The encryption level is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will instead use 128-bit v3 technology.
You can identify an encrypted connection by the fact that the address line in the browser changes from http to https and a padlock icon appears in your browser bar. If SSL encryption is activated, any data you send to us cannot be intercepted by third parties.

We also use technical and organisational security measures to protect your data against accidental or intentional manipulations, partial or complete destruction or against authorised access by third parties. Our security measures are continuously improved in line with technological development.

Cookies

a) General:
Our website uses cookies. These are small files that are stored on your computer or mobile device. Cookies contain a characteristic character string (cookie ID), which makes it possible to identify the visitor. In particular, they can store settings and other information. Specifically, it is usage data (e.g. web pages visited, content accessed) and communication data (e.g. device information, IP addresses) that are processed in particular. A distinction is made between cookies that are technically required and cookies that are not technically required. This applies in particular to cookies from third party providers.

The legal basis on which we process your personal data using cookies depends on the respective cookie. Data processed using technically required cookies is processed on the basis of our legitimate interests or to comply with our contractual obligations. In all other cases, your consent is the legal basis for processing. The storage period for cookies can be up to two years unless another storage period for cookies is explicitly stated by us.

b) Technically required cookies:
Our website uses technically required cookies. These cookies are used to store certain user settings, in order to guarantee the display on the website, and also for filling in the contact form and the memo-list. The cookie we use is therefore required to ensure the full functionality of this website. The legal basis for using the cookies is Article 6(1)(f) GDPR: there is a legitimate interest in presenting our offering on the Internet and in enabling you to contact us; this is only possible by using technically required cookies.

You may object to your personal data being processed if our legitimate interest is the basis for processing your data. To do so, you can select the corresponding settings in your browser. If you do not wish data to be recorded, you can go to your Privacy settings and specify that all or certain cookies should be rejected or that the cookies should be deleted when the browser session ends. However, to obtain the full functionality of our website, it is necessary to allow technically required cookies. If you do not allow these cookies, complete use of our website, in particular using the contact form and memo-list, is no longer possible. In that case, the cookies are deleted as soon as the browser is closed.

You can object to the use of cookies that are used for reach measurement and advertising purposes via the websites of the network advertising initiative (http://optout.networkadvertising.org) and via the websites http://www.aboutads.info/choices (USA) or http://www.youronlinechoices.com (EU).

c) Technically not required cookies:
Other services used by us, in particular services provided by Google, also use cookies to enable them to offer these services. A separate, additional note regarding the use of cookies for these individual services is provided; see Point 12 of this Privacy Notice. In this case, the legal basis for processing data is your consent.

Cookies that are technically not required, in particular cookies from third-party providers, will only be placed if you have given your consent. We use the cookie plug-in service provided by Borlabs Cookie to obtain this consent. A technically required cookie (borlabs-cookie) is placed for the consent, which enables us to store the declarations of consent to the use of cookies. No personal data is processed by the Borlabs cookie. The Borlabs cookie only stores the consent you have given when you accessed the website. If you wish to revoke these declarations of consent, you can delete the cookie in your browser. If you then revisit/reload the website, you will be asked again for your cookie consent.

Contact

You can contact us by post, telephone, fax, e-mail or using the contact form on our website.

If you contact us by post, we can collect and process all data that you provide us with in your correspondence, including in particular your name and address.

If you contact us by telephone, we can collect and process your telephone number, any personal data provided to us during the call, such as name and e-mail address, time of call and other details regarding your concern.
If you contact us by fax, the fax number, sender ID and the data resulting from the fax will be processed.

If you contact us by e-mail, we will process the e-mail address and the data sent by you in the e-mail.

On our website, you can also find a contact form, which you can use to contact us. If you complete and submit this form, any data that you enter in the corresponding fields on our website will be sent to us. Your name, e-mail address and message are required fields. In addition, your computer’s IP address as well as the date and time of submission will be stored.

In all cases, the processing purpose is correspondence with you in the context of fulfilling the order placed with us or of responding to your request. The data in your contact form will only be processed in order to get in contact with you and to handle your request. If your message is connected to an order that you have placed with us or wish to place with us, Article 6(1)(b) GDPR is the legal basis for processing your data: The use of your data for correspondence is required and therefore permissible as a pre-contractual measure before completion of an agreement or for fulfilment of obligations in connection with the contractual relationship. In all other cases, the legal basis is the one set out in Article 6(1)(f) GDPR: We have an interest in answering the queries that we receive by post, fax, telephone or by visitors to our website, and in making and remaining in contact with said visitors, also due to the fact that the data is transmitted voluntarily and at the visitor’s own initiative. In addition, we assume that, by making contact, the users consent to the processing of their data, and hence Article 6(1)(a) GDPR is the legal basis. This also applies to any data that you send to us and that is not required for correspondence with you.

We will store your data for as long as is necessary to achieve the respective purpose or for as long as there is a requirement by law to retain the data. The purpose of making contact is achieved when the matter about which you first contacted us has been resolved.

The data will only be shared with third parties to the extent that this is technically required or is required for processing of your request. We will not share it with third parties for any other purpose, in particular for advertising purposes.
Please note that transferring data on the Internet, such as when communicating by e-mail, can involve security gaps.

You have a right to object if your data is collected on the legal basis of Article 6(1)(f) GDPR. You can submit your objection to us at any time, e.g. by e-mail to datenschutz@mentor.de.com. If data processing is based on your consent, you can revoke your consent at any time.

We offer customers and prospective customers the option of subscribing to a newsletter in which we regularly provide information by e-mail about our company and the products and services we offer. If you wish to receive the newsletter, we will require your e-mail address. In the course of sending the newsletter, we will definitely process your e-mail address and will potentially process other information that you provide us with during registration (in particular name, company).
We send the newsletter using the services of the shipping provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany, who works on our behalf in this respect. Compliance with the data protection regulations is also contractually guaranteed. Sendinblue is forbidden to sell your data and to use it for any purpose other than sending newsletters. Sendinblue is a German certified provider, which was selected in accordance with the requirements of GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz). For more information on this, see here: https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go.

We only send the newsletters if you have consented to the corresponding use of your personal data for advertising purposes. We use the so-called double opt-in method to guarantee that newsletters are sent by agreement. For this, the potential recipient allows himself to be included in a distribution list. The user is then given the opportunity, by means of a confirmation e-mail, to confirm the registration legally. The address is only actively included in the distribution list if this confirmation is received. The newsletter registrations are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and time of confirmation, as well as the IP address. Likewise, changes to your data stored by the shipping provider are also logged.

The legal basis for processing your data for the purpose of sending the newsletter is your consent and thus Article 6(1)(a) GDPR. At any time, you can revoke your consent to store the data, the e-mail address and their use for shipping of the newsletter by using the “Unsubscribe” link in the newsletter. The legal basis for logging the registration procedure is our legitimate interest and thus Article 6(1)(f) GDPR: We have an interest in the efficient sending of information about our company and our products, protected against misuse.

We store your data in connection with the newsletter registration for up to three years, in order to be able to prove consent and defend any legal claims asserted against us. The legal basis for storage in this connection is, in particular, Article 6(1)(c) GDPR. After revocation of your consent, the data will no longer be processed for other purposes.

Social networks

We present our company on the following social networks:

Facebook (https://www.facebook.com/mentorerkrath/)

Xing (https://www.xing.com/pages/mentorgmbh-co-prazisions-bauteilekg) and

LinkedIn (https://de.linkedin.com/company/mentor-gmbh-&-co-pr%C3%A4zisions-bauteile-kg),

in order to make ourselves known to registered users there and make contact with them.

Facebook is a service offered by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected will also be transferred to the USA and other third countries.

You can change your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

The basis for data transfer to the USA are the EU Commission’s standard contractual clauses. For more details, please go to: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

LinkedIn is a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

LinkedIn uses marketing cookies. If you want to deactivate the LinkedIn marketing cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The basis for data transfer to the USA are the EU Commission’s standard contractual clauses. For more details, please go to: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Xing is a service provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

If you are a member of these social networks, Facebook, Xing or LinkedIn can assign your visit to our website to your user profile. Your personal data may potentially also be collected when you are not logged in or even if you have no account with the respective social media portal. In that case the data is collected for example with the help of cookies stored on your device or through recording your IP address.

The collected data allows the operators of the social media portals to create user profiles where your preferences and interests are recorded. This information can then be used to show you interest-based advertisements inside or outside the respective social media presence. If you have an account with the social network in question, the interest-based advertisements can be displayed on all devices where you are, or were previously, logged in.

The social networks process your data in agreement with their respective Privacy Notices, which you can view here:

https://privacy.xing.com/de/datenschutzerklaerung,

https://www.linkedin.com/legal/privacy-policy?_l=de_DE

https://www.facebook.com/about/privacy/.

The data that you share on Facebook, Xing or LinkedIn is only processed by ourselves for the purpose of communicating with you and informing you about our services and products. We only process the data that you yourself have published on those platforms.

By using Facebook, Xing and/or LinkedIn, you have consented to the processing of your personal data by the respective operator of the social network and the legal basis for data processing is therefore your consent in accordance with Article 6(1)(a) GDPR. From our perspective, there is a further interest in efficiently informing our existing and potential customers about our product offering; this interest outweighs your interest in not having your data processed not least of all because your use of the social networks is voluntary. To the extent that you have not consented to data processing, and in relation to our processing of your data, the legal basis for data processing is therefore Article 6(1)(f) GDPR.

You can object to the processing of your data by the operator of the respective social network. You can make the corresponding settings on the following websites:

https://www.xing.com/settings/privacy,

https://www.linkedin.com/psettings/privacy,

https://www.facebook.com/settings?tab=ads.

Please note that while we share responsibility with the social media portal operators, our influence on the social media portals’ data processing activities is limited. Whether and how we can exert influence depends largely on the respective provider’s corporate policy.

The easiest way to assert your rights in connection with the processing of your personal data is directly to the operator of the respective social network, as the operator has all information about the processing of your data. If you wish to do this, we would be pleased to assist you.

White papers

On our website, we offer the option of using free services such as accessing white papers or data sheets.
The following data is collected and stored when these services are used:
– Email address
– Title, first name and surname, position
– Company name, postcode and town/city,
– Phone number (optional)

Your consent to MENTOR GmbH & Co. Präzisions-Bauteile KG contacting you by email and/or phone to update you on products and services is a prerequisite for receiving this free service, i.e. we will provide white papers in return for this consent.
You can withdraw your consent at any time. To withdraw your consent, please write to MENTOR GmbH & Co. Präzisions-Bauteile KG, Otto-Hahn-Strasse 1, D-40699 Erkrath, Germany or email datenschutz@mentor.de.com with “Withdrawal of consent for white papers/information notifications” in the subject line.

3D data service (TRACEPARTS)

Our website contains links to the CAD design library TraceParts operated by TraceParts S.A., Parc Eco Normandie, 76430 Saint Romain, France (“TraceParts”). The links are in the relevant product sections and are labelled “Download CAD data”.
When you visit a page on our website, a connection is not established to TraceParts’ servers. When you click on a corresponding link, you are giving your consent in accordance with Article 6(1)(a) GDPR and will be forwarded to the TraceParts website. We have no control over personal data processing by third-party websites. TraceParts states that it meets the requirements of the EU General Data Protection Regulation.

As a visitor to the traceparts.com website, you must register if you wish to use the website and download free CAD models in a variety of formats. This registration process is based on TraceParts’ extensive General Terms and Conditions of Use. The terms and conditions clearly explain what data is recorded for what purpose and how. The privacy policy also clearly sets out the users’ right to access, change and erase their personal data stored by TraceParts.
Access to user data is restricted both physically and electronically, and user passwords are encrypted. All access to user data is logged and archived with full details. These logs are checked regularly by the TraceParts security team and monitored for unusual activity. TraceParts uses security notification procedures to ensure extended reports can be created promptly in the event of a data breach.
User data is stored exclusively on TraceParts’ proprietary servers. These are located in the data centre of a professional third-party provider in France. TraceParts alone directly undertakes the hosting, processing and storage of this data. When you visit the TraceParts website, your browser establishes a direct connection to these TraceParts servers.

Further details on data collection and your legal rights and setting options are available from TraceParts at: https://info.traceparts.com/legal/general-gtu/ and https://info.traceparts.com/legal/gdpr-compliance/.

360 Showroom (Matterport)

Our website contains a 360 showroom, which is integrated via the portal my.matterport.com. The operator of this portal is Matterport, Inc., 352 E. Java Dr. Sunnyvale, CA 94089, USA.
When you visit our virtual showroom, a connection is established to Matterport’s servers. This notifies the Matterport server which of our pages you have visited. Matterport is also given your IP address. This happens even if you are not logged into Matterport or do not have a Matterport account. The information recorded by Matterport is transmitted to the Matterport servers in the USA.

If you have a Matterport account and are logged in, Matterport can assign your browsing behaviour directly to your personal profile. You can prevent this from happening by logging out of your Matterport account.
We use Matterport in the interest of presenting our online content in an appealing manner. This is a legitimate interest in the meaning of Article 6(1)(f) GDPR. If corresponding consent has been requested and given, processing will be exclusively based on Article 6(1)(a) GDPR; you may withdraw your consent at any time.
Please consult Matterport’s privacy policy at https://matterport.com/legal/privacy-policy/ for further information on how Matterport applies the GDPR and handles user data.

Google services

General

On our website, we use various services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”. Google is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In the context of its involvement in these services, Google collects and processes personal data. It cannot be ruled out that Google may also transfer the information to servers located in the USA.

Google Tag Manager

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager does not create any user profiles, nor does the tool store any cookies or analyse data independently. Its only purpose is to manage and run the tools integrated with its help. However, Google Tag Manager records your IP address and this may then also be transmitted to Google’s parent company in the United States.

The legal basis on which Google Tag Manager is used is Article 6(1)(f) GDPR. The website operator has a legitimate interest in being able to quickly and easily integrate and manage various tools on its website. If corresponding consent has been requested and given, processing will be exclusively based on Article 6(1)(a) GDPR; you may withdraw your consent at any time.

Google Analytics

This website uses functions of the web analytics service Google Analytics. Google Analytics enables the website operator to analyse the behaviour of website visitors. This involves providing the website operator with various user data, such as page views, session duration, operating systems used and user origin. This data may be aggregated by Google in a profile assigned to the respective user or the user’s device.

Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally sent to a Google server in the USA and stored there.

The legal basis for using this analytics tool is Article 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour to optimise both its web offering and its advertising. If corresponding consent has been requested and given (e.g. consent to the storage of cookies), processing will be exclusively based on Article 6(1)(a) GDPR; you may withdraw your consent at any time.

The basis for data transfer to the USA are the EU Commission’s standard contractual clauses. For more details, please go to: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

The IP anonymisation function is activated on this website. This means that your IP address will be truncated by Google in the member states of the European Union or in another state party to the Agreement on the European Economic Area before it is transferred to the USA. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, to produce reports about website activities and to provide other services to the website operator with regard to website use and Internet use. The IP address sent from your browser for Google Analytics is not merged with other data from Google.

Browser plug-in

You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information about how user data is handled by Google Analytics, please refer to Google’s privacy policy at: https://support.google.com/analytics/answer/6004245?hl=de.

Data processing on our behalf

We have entered into a data processor agreement with Google concerning its processing of data on our behalf and the strict requirements specified by the German data protection authorities regarding the use of Google Analytics are fully implemented.

Data retention period

User-level and event-level data stored at Google which is linked to cookies, user identifications (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months. For more details, please use the following link: https://support.google.com/analytics/answer/7667196?hl=de

Google Ads

Google Ads is an online advertising platform that allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). It also allows us to display targeted advertisements based on the user data held by Google (e.g. location data and interests) (audience targeting). As the website operator, we can perform quantitative evaluations of this data by analysing, for example, what search terms resulted in our advertisements being displayed and how many advertisements received corresponding clicks.

The legal basis for using Google Ads is Article 6(1)(f) GDPR. The website operator has a legitimate interest in marketing its services and products as effectively as possible.

The basis for data transfer to the USA are the EU Commission’s standard contractual clauses. For more details, please go to: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google Remarketing

This website uses the Google Analytics Remarketing functions. Google Remarketing analyses your user behaviour on our website (e.g. clicking on certain products) in order to include you in specific advertising audiences and then display suitable advertisements to you when you visit other online offerings (remarketing or retargeting).

The advertising audiences created by Google Remarketing can also be linked to Google’s cross-device functions. This means that interest-based, personalised advertisements tailored to you on the basis of your previous user and browsing behaviour on one device (e.g. mobile phone) will then also be displayed to you on another of your devices (e.g. tablet or PC).

If you have a Google account you may use the following link to object to personalised advertising: https://www.google.com/settings/ads/onweb/.

The legal basis for using Google Remarketing is Article 6(1)(f) GDPR. The website operator has a legitimate interest in marketing its products as effectively as possible. If corresponding consent has been requested and given, processing will be exclusively based on Article 6(1)(a) GDPR; you may withdraw your consent at any time.

For further information and to view the privacy provisions, please refer to Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.

Google DoubleClick

This website uses the Google DoubleClick functions. DoubleClick is used to display interest-based advertisements to you across the entire Google advertising network. DoubleClick is used to tailor advertisements specifically to the interests of the respective viewer. This allows us to display our advertisements, for example, in Google search results or advertising banners that are linked to DoubleClick.

To display interest-based advertisements to website users, DoubleClick must be able to recognise the respective user and associate them with the websites visited, clicks performed and other information related to the user’s behaviour. For this purpose DoubleClick sets cookies or uses similar recognition technologies (e.g. device fingerprinting). The information collected is aggregated in a pseudonymised user profile to enable the display of interest-based advertising content to the respective user.

We use Google DoubleClick in the interest of targeted advertising activities. This is a legitimate interest in the meaning of Article 6(1)(f) GDPR. If corresponding consent has been requested and given (e.g. consent to the storage of cookies), processing will be exclusively based on Article 6(1)(a) GDPR; you may withdraw your consent at any time.

For further information regarding your options of objecting to the advertisements shown by Google, please follow these links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

YouTube

Videos from the YouTube website are embedded in this website. The operator of the YouTube website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use the YouTube website in a way that allows us to embed YouTube videos in our website. When you access the videos, a direct contact is established between you and the servers of Google. This connection is required to be able to display the respective video on our website via your Internet browser. In the course of this, YouTube collects and processes at least your IP address, the date and time as well as the website visited by you. In addition, a connection to the “DoubleClick” advertising network by Google is established.

Google processes usage and communication data of visitors to the website while they are using the website. The purpose of processing your personal data is to enable us to present our offering in an appropriate and contemporary manner on our website. The legal basis is your consent, which is given via the Borlabs service (see Point 8: Cookies). Our legitimate interest lies in improving the quality of our Internet presence.

We use YouTube in connection with the “Privacy-Enhanced Mode”, in order to be able to show you videos. According to YouTube, its “Privacy-Enhanced Mode” means that the data described in greater detail below is only sent to the YouTube servers if you actually start a video. Without this “Privacy Enhanced Mode”, a connection is established to the YouTube server in the USA as soon as you visit one of our websites in which a YouTube video is embedded.

If you are also logged into YouTube at the same time, YouTube assigns the connection information to your YouTube account. To prevent this, you must either log out of YouTube before visiting our website or make the corresponding settings in your YouTube user account.

For the purposes of functionality and for analysis of user behaviour, YouTube stores cookies on your device via your Internet browser. If you do not agree to this processing, you can prevent the storage of cookies via the settings in your Internet browser. More detailed information about this is available above under “Cookies”. For further information on how user data is handled, please refer to YouTube’s privacy policy at: https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use Google reCAPTCHA on our website to prevent the misuse of our contact form. This enables us to distinguish whether forms are being used by natural persons or whether they are being misused by machine or automated processing. reCAPTCHA analyses the behaviour of the website visitor based on various attributes. The analysis begins automatically as soon as the website visitor lands on the website. reCAPTCHA evaluates various pieces of information for its analysis (e.g. IP address, duration of the user’s visit to the website or mouse movements performed by the user). The data collected in this analysis will be transferred to Google. In addition, reCAPTCHA sets cookies in order to identify you again the next time you visit. The reCAPTCHA analyses are performed entirely in the background. Website visitors are not made aware that an analysis is taking place.

The legal basis for storing and analysing the data is Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings against fraudulent automated spying and SPAM.

For more information on Google reCAPTCHA, please refer to Google’s privacy provisions and Google’s terms of use by following these links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

Applicants

On our website, we publish job vacancies, for which you can apply. The application can also be completed by submitting your application documents by e-mail. To this extent, the information under Point 9 of this Privacy Notice applies. When selecting applicants, we process any data that you send to us in your application solely for the purpose of filling job vacancies within our company.

Data processing in the context of the application procedure is based on the fact that you voluntarily provide us with your data for the purpose of applying for a position and we therefore assume that you consent to data processing. The legal basis for data processing is therefore primarily your consent and thus Article 6(1)(a) GDPR. Your data is also processed in view of employment within our company; it is therefore to be considered as a pre-contractual measure, so that Article 6(1)(b) GDPR also serves as a legal basis for processing. When selecting applicants, we do not use any automated decision-making method in accordance with Article 22 GDPR.

Your data will be deleted immediately upon completion of the application procedure, unless you have explicitly given consent for us to save your data in our pool of applicants and store it for this purpose.

Even if you revoke your consent, complete erasure of the data is only possible if you withdraw your application, as we cannot process your application without processing your data.

Customers and contractual partners

In the context of business relationships with us, we collect and process the following personal data regarding natural persons: Name, address, telephone number, e-mail address (if relevant) and account number (in the context of bank transfers). As a general rule, we process this data to fulfil the contract between us or between us and the company by which the person concerned is employed, to provide our work according to agreement and to be able to assess and, if relevant, fulfil claims which may result from the contract. In addition, we are legally obligated to retain certain contractual documents, including the data contained within it, even after processing of the contract. In principle, we only share your data with third parties if this is required for the specified purposes or if we have a duty to disclose the information. In any case, data will only be transferred to the required extent.

To the extent that we have received your data from third parties, in particular from your landlord or a property management company, we will assume that the transfer of the data to us is covered by the corresponding legal relationship or your consent. In this case, processing of your data is required to be able to fulfil the contract with the respective third party.

The legal basis for processing your data is generally Article 6(1)(b) GDPR: processing is required in order to fulfil the contract between us. In addition, we are subject to the legal obligation to retain invoices and other documents and hence Article 6(1)(c) GDPR is also a legal basis for storage.

In principle, we retain data connected to a contract for a period of 3 years following fulfilment of all mutual obligations from the contract, in case of possible claims arising from the contract. For commercial reasons, we must retain our correspondence for 6 years, and for tax purposes, we must retain invoices for 10 years. This also concerns the respective data contained therein.

Links

To the extent that we offer links to other sites on our website, we have first carefully checked the corresponding websites. However, this notwithstanding, we are not responsible for compliance with the privacy regulations and other legal provisions by the providers of the websites to which we provide links. Therefore, please make your own check of the Privacy Notices of these websites.

Changes to this Privacy Notice

This Privacy Notice is currently valid and was last changed in September 2022.

Through the further development of our website or due to changed legal or official requirements, it may be necessary to amend this Privacy Notice. The respective current Privacy Notice can be viewed at any time on this website.

Data protection information

Data protection information for customers, prospective customers and business partners

This privacy policy provides you with an overview of how your personal data is handled and processed within our group of companies.

We undertake to process your personal data at all times in accordance with applicable law. The data collected, used, stored or transferred is kept transparent for our customers, prospective customers and business partners.

The responsibilities are listed below and the regular data processing procedures are described. For specific processing procedures, we may provide you with further privacy notices where necessary.

1. Responsibilities

1.1. Data controller

The entity responsible for the processing of your personal data is:

MENTOR GmbH & Co. Präzisions-Bauteile KG

Otto-Hahn-Straße 1

40699 Erkrath

Tel. +49-211-20002-0

Email: info@mentor.de com

1.2. Our Data Protection Officer

We have appointed an external Data Protection Officer for our organisation, who can be contacted using the following details:

Boris Nicolaj Willm, Resilien[i]T GmbH, Monschauer Straße 12, D-40549 Düsseldorf

Telephone: +49 (0) 211 695289 92, Email: dsb.mentor@resilienit.de

1.3. Competent supervisory authority

You can contact the supervisory authority responsible for us at:

LDI.NRW, Kavalleriestr. 2-4, 40213 Düsseldorf

Telephone: 0211/38424-0, Email: poststelle@ldi.nrw.de

2. General information on data protection

Insofar as we process your data for the purpose of establishing, carrying out and terminating a business relationship, you may be contractually obliged to provide us with this data. The same applies to the processing of your data in order to fulfil our legal obligations, particularly under tax and financial law. Without this data, we cannot establish, implement or terminate the business relationship.

2.1 What data do we process about you?

We process your personal data that you have provided yourself or that we receive from the relevant contractual partners, e.g. in the context of processing enquiries or orders. This concerns the following categories of data:

Master data: first name, surname, title, position, address, (where applicable, date of birth, nationality), etc.;
Communication data: telephone number, mobile number, email address, fax number, etc.;
Order and contract data (billing address, tax number/VAT number);
Bank details, billing and payment details (e.g. IBAN, BIC, SEPA mandate, name of the bank);
Video recordings in connection with video surveillance on the premises;
Publicly accessible debtor registers, land registers, commercial and association registers;
Results of creditworthiness and sanctions checks.

This list provides an overview of the various types of data that may be processed within the context of a business relationship. Please note that not all of the data listed is collected. Sensitive personal data is only stored if this is strictly necessary to comply with our legal obligations or if you have provided this data voluntarily for this purpose.

2.2 For what purposes do we process your data?

We process and use your personal data exclusively for the purposes of establishing a business relationship and managing your business relationship with our organisation. These are listed below:

Fulfilment of the business purpose / initiation, establishment, performance and termination of the contractual relationship: The processing of personal data takes place to implement all necessary measures associated with the initiation, establishment, performance and termination of the business relationship. Implementation of pre-contractual measures (e.g. credit checks, preparation of quotations and processing of enquiries), fulfilment of contractual obligations (e.g. provision of the helpdesk, order processing, contract processing, payment processing, invoicing, receivables management), management of sales and dispatch, and complaints management.
Support for existing customers and prospective clients: to communicate with you, for marketing purposes (where we have received your name, email address or postal address from you in connection with the provision of our services and/or the sale of our products), to provide a helpdesk, for customer surveys, and to maintain a customer database within our group of companies to improve customer service.
Compliance with legal obligations: The company processes personal data to comply with data protection, tax, financial and commercial law requirements (e.g. checking sanctions lists and maintaining a block list to implement the right to object to processing pursuant to Article 21 of the GDPR).
Security and protection of company assets: Personal data is also processed as part of visitor management to protect the company’s facilities, premises and assets from theft, unauthorised access and other damage; for example, as part of video surveillance for access control to office buildings and company premises.
IT security: Logs are created regarding the use of IT systems to identify threats such as computer viruses, access to potentially dangerous external websites, unauthorised access attempts and internal misuse (e.g. breaches of information security policies), in order to ensure the security of the company’s systems and to prevent or manage cyber attacks. In the event of a security incident affecting your data, we are obliged under Article 33 of the GDPR to report this immediately to the competent data protection supervisory authority. In our legitimate interest to comply with this legal obligation as quickly as possible, it may be necessary to process your personal data as part of the investigation into the incident. However, no personal data relating to you will be included in the reports submitted to the data protection supervisory authority.
Data security: Personal data is processed to ensure the security, confidentiality and integrity of our IT systems (e.g. through security and performance tests), to test IT systems and software products and carry out migrations, and to ensure the functionality of new products and the correctness and completeness of migrations.
Corporate governance, process management: Personal data is processed during audits and investigations to review and optimise operational processes within the company (quality and regulatory management, risk and loss management).
Assertion, exercise and defence of legal claims: The company processes personal data for the purpose of asserting, exercising or defending legal claims. This includes the evaluation of documents, the collection of evidence and the use of information in legal proceedings and processes.
Whistleblowing system: The company also operates a reporting system (e.g. a whistleblowing system) to identify irregularities and take appropriate action.

Your data will only be processed for purposes other than those mentioned above insofar as such processing is compatible with the purposes of the business relationship. We will inform you of any such further processing of your data and, where necessary, obtain your consent for this.

2.3 On what legal basis do we process your data?

We process your personal data only where this is required by law or necessary for the performance of a contract, and only on the basis of the legal grounds listed below:

6(1)(a) GDPR – Consent: Processing is carried out on the basis of consent, e.g. for the publication of photos from a company event on the company website.
6(1)(b) GDPR – Performance of a contract: Processing is necessary for the establishment, performance and termination of the business relationship, e.g. for the processing of an order.
6(1)(c) GDPR – Legal obligation: Necessary to comply with legal obligations, e.g. under tax, financial and foreign trade law.
6(1)(f) GDPR – Legitimate interests: Processing to protect legitimate interests, e.g. IT and data security, corporate governance, defence of our legitimate interests in legal proceedings or video surveillance. In cases where we rely on the legal basis of legitimate interest for processing, we generally assume that our legitimate interests prevail within the context of the business relationship, subject to a balancing test to be carried out on a case-by-case basis.
9(2)(f) GDPR – Legal claims: Processing of special categories of data for the establishment, exercise or defence of legal claims, e.g. in legal proceedings.

2.4 From whom do we receive your data?

As a matter of principle, we process your personal data that has been collected from you or provided by you or your organisation, e.g. in the context of an enquiry, an order or a business relationship. Where applicable, we may collect personal data about you from external sources (see section 2.5). In certain circumstances, we may also collect personal data about you that has been made publicly available. Processing takes place only on the basis of a valid legal basis.

2.5 Who do we share your data with?

Within the scope of the business relationship or its initiation, it may be necessary to disclose personal data. Such disclosure is always carried out in accordance with the provisions of the GDPR and only to the extent necessary to fulfil the respective purposes.

Your data may be disclosed for the following purposes and to the following recipients:

Within the company itself: Within the company, your personal data may be disclosed to the relevant departments and employees, provided this is necessary to fulfil the contract or the enquiry. Disclosure always takes place in accordance with the principle of data minimisation and only to those persons responsible for the respective tasks.
Within the group of companies: Within the group of companies, personal data may be disclosed where this is necessary for the performance of the contract, for group-wide compliance, or for internal administrative and organisational purposes. The group of companies includes:
- Albert Weidmann Licht-Elektronik GmbH,
- Mentor Tunisie S.C.S.,
- Mentor Poland SP.Z.O.O.,
- Munda Textile Lichtsysteme GmbH (JV)

Here too, data is only disclosed in accordance with the applicable data protection regulations and with strict observance of data protection principles.

Authorities, public bodies, law enforcement agencies: For example, to tax authorities, supervisory authorities, courts and customs authorities in order to fulfil legal obligations (e.g. tax requirements).
External service providers and data processors: These include IT service providers (e.g. for IT maintenance, cloud services, applications, website support), software manufacturers, and other service providers (e.g. for credit checks, sanctions list checks, tax advisors, auditors, legal advisors, for customer surveys, advertising agencies, for the destruction of files and data carriers, call centres, printing and logistics companies, telecommunications service providers, delivery services, the recipient’s email provider, as well as data protection officers, information security officers, health and safety officers, fire safety officers and other designated representatives of the organisation.
Credit institutions: Data is disclosed to credit institutions in the context of contract fulfilment and debt management.
Solicitors and courts: In the event of legal disputes, it may be necessary to disclose your data to solicitors or courts in order to assert or defend legal claims. In the event of a legal dispute or suspicion of a criminal offence (e.g. courts, opposing lawyers, authorities, contractual partners, consultants, business partners, opposing parties, insofar as necessary to protect our rights).
External auditors: In the context of audits, inspections or certifications, it may be necessary to disclose data to external auditors. This disclosure is carried out in compliance with strict data protection controls and only to the extent that the disclosure of your data is necessary.
Insurance companies: Data may be disclosed to insurance companies, for example to process insurance claims and benefits.
Caterers or canteen operators: Personal data may be collected in connection with the billing of services used, health and safety, and food quality assurance.
Security and protection services: It is necessary to process personal data to ensure access control and the administration of visitor management.

2.6 Why do we transfer data to third countries?

Within the framework of the business relationship or its initiation, personal data may be transferred to countries outside the European Union (EU) or the European Economic Area (EEA), known as third countries. However, such transfers take place only in strict compliance with the provisions of the General Data Protection Regulation (GDPR).

The transfer of personal data to third countries takes place either on the basis of an adequacy decision by the European Commission, through EU-approved standard data protection clauses, in exceptional cases on the basis of your explicit consent, or through the use of additional safeguards such as pseudonymisation or encryption.

A transfer to a third country may take place in the following cases:

In the context of the use of IT applications and cloud services (e.g. Microsoft 365, HR software, ERP systems), data may be transferred to service providers in third countries. These providers are contractually obliged to guarantee a level of protection equivalent to European data protection standards.
In the context of processing international orders and projects.
As our company is part of an international group of companies, it may be necessary to transfer personal data to group companies in third countries, for example for group-wide accounting or compliance purposes. The aforementioned safeguards are also applied in these cases.

The transfer of personal data to third countries is always carried out with the utmost care and in compliance with applicable data protection regulations. If you have any questions regarding the specific safeguards in place or the recipients of your data in third countries, please contact our data protection officer.

2.7 Is automated decision-making or profiling used?

We do not use automated decision-making processes or profiling that have legal effects on you or similarly significantly affect you. All important decisions, in particular regarding contractual and payment terms, are made by our employees and are based on a careful assessment of each individual case.

2.8 How long do we store your personal data?

Unless an explicit or statutory retention period is specified at the time of collection, your personal data will be deleted as soon as it is no longer required to fulfil the aforementioned purposes and there are no statutory retention obligations or legal grounds justifying its storage.

3 What rights do you have with regard to your data?

As a data subject, you have the following rights vis-à-vis us with regard to your personal data :

Right of access to your stored personal data, in accordance with Article 15 of the GDPR.
Right to rectification and updating if the stored data concerning you is inaccurate, out of date or otherwise incorrect, in accordance with Article 16 of the GDPR.
Right to erasure if the storage is unlawful, the purpose of the processing has been fulfilled and the storage is no longer necessary, or if you withdraw your consent to the processing, in accordance with Article 17 of the GDPR.
Right to restriction of processing if one of the conditions set out in Article 18(1)(a) to (d) of the GDPR applies, in accordance with Article 18 of the GDPR.
Right to data portability of the personal data you have provided and which relates to you, in accordance with Article 20 of the GDPR.
Right to object to the processing of data, in accordance with Article 21 of the GDPR.
Right to lodge a complaint with a supervisory authority, in accordance with Article 77 of the GDPR.
Right to withdraw consent, whereby the withdrawal does not affect the lawfulness of processing carried out on the basis of consent prior to the withdrawal, in accordance with Article 7(3) of the GDPR.

Detailed information on data subject rights can be found on our website www.mentor.de.com in the privacy policy provided there. If you have any questions regarding data protection at our company, you can contact our data protection officer, who will be happy to provide you with detailed information about your rights.

Exercising your rights as a data subject: You may exercise your rights and, where applicable, lodge an objection informally by post or email, addressed to: datenschutz@mentor-bauelemente.de.

In order to ensure that your request is processed and answered efficiently, we ask you to provide proof of your identity when exercising your rights, for example by sending us an electronic (blacked-out) copy of your ID or by making a personal request.

4 Changes to this privacy policy information

This privacy policy is updated from time to time and adapted to current legal requirements. We will notify you separately of any significant changes to its content.

Data protection information for suppliers and service providers

This privacy policy provides you with an overview of how your personal data is handled and processed within our group of companies.

We undertake to process your personal data at all times in accordance with applicable law. The data collected, used, stored or transferred is kept transparent vis-à-vis our service providers and suppliers.

The responsibilities are listed below and the regular data processing procedures are described. For specific processing procedures, we may provide you with further privacy notices where necessary.

1. Responsibilities

1.1. Data controller

The entity responsible for the processing of your personal data is:

MENTOR GmbH & Co. Präzisions-Bauteile KG

Otto-Hahn-Straße 1

40699 Erkrath

Tel. +49-211-20002-0

Email: info@mentor.de.com

1.2. Our Data Protection Officer

We have appointed an external Data Protection Officer for our organisation, who can be contacted using the following details:

Boris Nicolaj Willm, Resilien[i]T GmbH, Monschauer Straße 12, D-40549 Düsseldorf

Telephone: +49 (0) 211 695289 92, Email: dsb.mentor@resilienit.de

1.3. Competent supervisory authority

You can contact the supervisory authority responsible for us at:

LDI.NRW, Kavalleriestr. 2-4, 40213 Düsseldorf

Telephone: 0211/38424-0, Email: poststelle@ldi.nrw.de

2. General information on data protection

2.1 What data do we process about you?

Master data: such as names (e.g. contact person within the company), first name, surname, title, position, address, (where applicable, nationality), etc.;
Communication data: (telephone number, mobile number, email address, fax number, etc.);
Order and contract data, (billing address, tax number/VAT ID);
Bank details, billing and payment details (e.g. IBAN, BIC, name of the bank);
Supplier number;
Video recordings in connection with video surveillance on the premises;
Publicly accessible debtor registers, land registers, commercial and association registers;
Results of creditworthiness and sanctions checks.

2.2 For what purposes do we process your data?

We process and use your personal data exclusively for the purposes of your business relationship with our organisation. These are listed below:

Fulfilment of the business purpose / establishment, performance and termination of the contractual relationship: The processing of personal data is carried out to implement all necessary measures relating to the establishment, performance and termination of the supplier/service provider relationship: implementation of pre-contractual measures (e.g. credit checks, preparation of quotations and processing of enquiries ), fulfilment of contractual obligations (order processing, contract management, payment processing, invoicing), management of the delivery or receipt of goods and services.
Supplier and service provider management: For communication purposes (where we have received your name, email address or postal address from you in connection with the provision of services and/or the sale of products), to provide a helpdesk and for supplier and service provider management. To maintain a group-wide supplier database to improve supplier quality.
Supplier/service provider evaluation: Personal data is processed to optimise supplier and service quality.
Compliance with legal obligations: The company processes personal data to comply with data protection, tax, financial and commercial law requirements (e.g. sanctions list checks and to maintain a block list in order to implement the right to object to processing pursuant to Article 21 of the GDPR).
Security and protection of company assets: Personal data is also processed as part of visitor management to protect the company’s premises, facilities and assets from theft, unauthorised access and other damage; for example, as part of video surveillance for access control of office buildings and company premises.
IT security: Logs are created regarding the use of IT systems to identify threats such as computer viruses, access to potentially dangerous external websites, unauthorised access attempts and internal misuse (e.g. breaches of information security policies); to ensure the security of the company’s systems and to prevent or manage cyber attacks. In the event of a security incident affecting your data, we are obliged under Article 33 of the GDPR to report this immediately to the competent data protection supervisory authority. In our legitimate interest to comply with this legal obligation as quickly as possible, it may be necessary to process your personal data as part of the investigation into the incident. However, no personal data relating to you will be disclosed in the reports to the data protection supervisory authority.
Data security: Personal data is processed to ensure the security, confidentiality and integrity of our IT systems (e.g. through security and performance tests), to test IT systems and software products and carry out migrations, and to ensure the functionality of new products and the correctness and completeness of migrations.
Corporate governance, process management: Personal data is processed during audits and investigations to review and optimise operational processes within the company (quality and regulatory management, risk and claims management).
Assertion, exercise and defence of legal claims: The company processes personal data for the purpose of asserting, exercising or defending legal claims. This includes the evaluation of documents, the collection of evidence and the use of information in legal proceedings and processes.
Whistleblowing system: The company also operates a reporting system (e.g. a whistleblowing system) to identify irregularities and take appropriate action.

2.3 On what legal basis do we process your data?

We process your personal data only where this is required by law or necessary for the performance of a contract, and only on the basis of the legal grounds listed below:

6(1)(a) GDPR – Consent: Processing is carried out on the basis of consent, e.g. for the publication of photos from a company event on the company website.
6(1)(b) GDPR – Performance of a contract: Processing is necessary for the establishment, performance and termination of the business relationship, e.g. for the processing of an order.
6(1)(c) GDPR – Legal obligation: Necessary to comply with legal obligations, e.g. under tax, financial and foreign trade law.
6(1)(f) GDPR – Legitimate interests: Processing to protect legitimate interests, e.g. IT and data security, corporate governance, defence of our legitimate interests in legal proceedings or video surveillance. In cases where we rely on the legal basis of legitimate interest for processing, we generally assume that our legitimate interests prevail within the context of the business relationship, subject to a balancing test to be carried out on a case-by-case basis.
9(2)(f) GDPR – Legal claims: Processing of special categories of data for the establishment, exercise or defence of legal claims, e.g. in legal proceedings.

2.4 From whom do we receive your data?

2.5 Who do we share your data with?

Your data may be disclosed for the following purposes and to the following recipients:

Within the company itself: Within the company, your personal data may be disclosed to the relevant departments and employees, provided this is necessary to fulfil the contract or the enquiry. This includes, for example, the purchasing department, the IT department and the management in the context of business decisions. Disclosure always takes place in accordance with the principle of data minimisation and only to those persons responsible for the respective tasks.
Within the group of companies: Personal data may be shared within the group of companies where this is necessary for the performance of a contract, for group-wide compliance, or for internal administrative and organisational purposes. The group of companies includes:
- Albert Weidmann Licht-Elektronik GmbH,
- Mentor Tunisie S.C.S.,
- Mentor Poland SP.Z.O.O.,
- Munda Textile Lichtsysteme GmbH (JV)

Here too, data is only passed in accordance with the applicable data protection regulations and with strict observance of data protection principles.

Authorities, public bodies, law enforcement agencies: For example, to tax authorities, supervisory authorities, courts and customs authorities in order to fulfil legal obligations (e.g. tax requirements).
External service providers and data processors: These include IT service providers (e.g. for IT maintenance, cloud services, applications, website support), software manufacturers, and other service providers (e.g. for credit checks, sanctions list checks, tax advisors, auditors, legal advisors, advertising agencies, for the destruction of files and data carriers, call centres, printing and logistics companies, telecommunications service providers, delivery services, the recipient’s email provider, as well as data protection officers, information security officers, health and safety officers, fire safety officers and other officers within the organisation.
Credit institutions: Data is disclosed to credit institutions in the context of contract fulfilment and debt management.
Solicitors and courts: In the event of legal disputes, it may be necessary to disclose your data to solicitors or courts in order to assert or defend legal claims. In the event of a legal dispute or suspicion of a criminal offence (e.g. courts, opposing lawyers, authorities, contractual partners, consultants, business partners, opposing parties, insofar as necessary to protect our rights).
External auditors: In the context of audits, inspections or certifications, it may be necessary to disclose data to external auditors. This disclosure is carried out in compliance with strict data protection controls and only to the extent that the disclosure of your data is necessary.
Insurance companies: Data may be disclosed to insurance companies, for example to process insurance claims and benefits.
Caterers or canteen operators: Personal data may be collected in connection with the billing of services used, health and safety, and food quality assurance.
Security and protection services: It is necessary to process personal data to ensure access control and the administration of visitor management.

2.6 Why do we transfer data to third countries?

The transfer of personal data to third countries is carried out either on the basis of an adequacy decision by the European Commission, through EU-approved standard data protection clauses, in exceptional cases on the basis of your explicit consent, or through the use of additional safeguards such as pseudonymisation or encryption.

A transfer to a third country may take place in the following cases:

In the context of the use of IT applications and cloud services (e.g. Microsoft 365, HR software, ERP systems), data may be transferred to service providers in third countries. These providers are contractually obliged to guarantee a level of protection equivalent to European data protection standards.
In the context of processing international orders and projects.
As our company is part of an international group of companies, it may be necessary to transfer personal data to group companies in third countries, for example for group-wide accounting or compliance purposes. The aforementioned safeguards are also applied in these cases.

2.7 Is automated decision-making or profiling used?

2.8 How long do we store your personal data?

3 What rights do you have with regard to your data?

As a data subject, you have the following rights vis-à-vis us with regard to your personal data:

Right of access to your stored personal data, in accordance with Article 15 of the GDPR.
Right to rectification and updating if the stored data concerning you is inaccurate, out of date or otherwise incorrect, in accordance with Article 16 of the GDPR.
Right to erasure if the storage is unlawful, the purpose of the processing has been fulfilled and the storage is no longer necessary, or if you withdraw your consent to the processing, in accordance with Article 17 of the GDPR.
Right to restriction of processing if one of the conditions set out in Article 18(1)(a) to (d) of the GDPR applies, in accordance with Article 18 of the GDPR.
Right to data portability of the personal data you have provided and which relates to you, in accordance with Article 20 of the GDPR.
Right to object to the processing of data, in accordance with Article 21 of the GDPR.
Right to lodge a complaint with a supervisory authority, in accordance with Article 77 of the GDPR.
Right to withdraw consent, whereby the withdrawal does not affect the lawfulness of processing carried out on the basis of consent prior to the withdrawal, in accordance with Article 7(3) of the GDPR.

Exercising your rights as a data subject: You may exercise your rights and, where applicable, lodge an objection informally by post or email, addressed to: datenschutz@mentor-bauelemente.de.

4 Changes to this privacy policy information

This privacy policy is updated from time to time and adapted to current legal requirements. We will notify you separately of any significant changes to its content.

General Terms and Conditions

Please click here for our general terms and conditions.

MENTOR Netiquette

Of course, every user of our social media channels has the right to freely express his or her opinion – within the limits permitted by law.

Therefore, not tolerated are:

Insults, threats, and slurs of any kind
Incitement to violence or discrimination against persons, institutions, or companies
Election and party advertising
Radical, especially right-wing extremist ideas, racism and hate propaganda
Pornography, obscenity, and other content harmful to minors
Infringements of third-party rights
Calls for campaigns, demonstrations, or donations
Comments that do not deal with the topic of the respective post
Links to external websites and comments unrelated to the original post
The publication of forum/blog posts, private correspondence, and private data (addresses, e-mail addresses or telephone numbers)
Misuse of the commentary function for advertising purposes

In the event of violations of the above-mentioned points, the MENTOR social media team reserves the right to hide or delete corresponding posts, to block users who repeatedly or particularly violate the rules of our netiquette, and to report criminally relevant comments. Content and comments that are critical of MENTOR will not be deleted. Every user is responsible for the contributions he or she publishes. MENTOR accepts no liability for this. We reserve the right to update the netiquette.

Social media opening hours

We ask for your understanding that not every request, not every comment can be answered immediately and in real time. We always try to answer all requests, questions, and comments as quickly as possible – however, we ask you to observe the official processing time of our social media channels:

Monday to Friday: 08:00 to 18:00 CET

Saturday & Sunday: Processing takes place on the next working day

Contact

If you have any questions that you would like to address to us outside of our social media channels or would like to report posts that violate the above points, please email us at socialmedia@mentor.de.com.

Thank you for your understanding – and enjoy visiting our social media channels!

Imprint

Copyright

Content of the Website

Links to external Websites

Disclaimer

Privacy Policy

General

Responsible Provider

Data Protection Officer

Scope and legal bases for processing personal data

Your rights in connection with your personal data

Data erasure and storage period

Passing on your data to third parties

Provision of the website/log files

Cookies

Contact

Newsletter

Social networks

White papers

3D data service (TRACEPARTS)

360 Showroom (Matterport)

Google services

Applicants

Customers and contractual partners

Links

Changes to this Privacy Notice

Data protection information

Data protection information for customers, prospective customers and business partners

Data protection information for customers, prospective customers and business partners

1. Responsibilities

1.1. Data controller

1.2. Our Data Protection Officer

1.3. Competent supervisory authority

2. General information on data protection

2.1 What data do we process about you?

2.2 For what purposes do we process your data?

2.3 On what legal basis do we process your data?

2.4 From whom do we receive your data?

2.5 Who do we share your data with?

2.6 Why do we transfer data to third countries?

2.7 Is automated decision-making or profiling used?

2.8 How long do we store your personal data?

3 What rights do you have with regard to your data?

4 Changes to this privacy policy information

Data protection information for suppliers and service providers

Data protection information for suppliers and service providers

1. Responsibilities

1.1. Data controller

1.2. Our Data Protection Officer

1.3. Competent supervisory authority

2. General information on data protection

2.1 What data do we process about you?

2.2 For what purposes do we process your data?

2.3 On what legal basis do we process your data?

2.4 From whom do we receive your data?

2.5 Who do we share your data with?

2.6 Why do we transfer data to third countries?

2.7 Is automated decision-making or profiling used?

2.8 How long do we store your personal data?

3 What rights do you have with regard to your data?

4 Changes to this privacy policy information

General Terms and Conditions

MENTOR Netiquette