Privacy Policy

This Privacy Policy informs users about the nature, scope, and purpose of the collection and use of personal data by our company as the data controller on this website and on our company’s profiles on various social media platforms, as well as in email communications.
The legal basis for data protection can be found in the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications and Telemedia Data Protection Act (TTDSG).

1. Data Controller

The data controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union, and other provisions relating to data protection is: GENERICA GmbH, Sonnenberg 18, 97332 Volkach, Phone: 09381/55231-0, Fax: 09381/55231-80, Email: info@generica.net, registered in the Commercial Register of the Würzburg Local Court under number HRB 15099, authorized managing director: Michael Lang.

2. Data Protection Officer

The data protection officer for the data controller is:
Michael Lang
GENERICA GmbH
Sonnenberg 18
97332 Volkach

Phone: 09381/55231-0
info@generica.net

3. General Privacy Policy

By using the website and/or social media accounts of GENERICA GmbH (hereinafter also referred to as the “Provider”), you consent to the collection, processing, and use of data as described below.

Personal data is information that can be used to identify an individual—that is, information that can be traced back to a specific person. This includes, for example, a person’s name, email address, or phone number, as well as information about their preferences, hobbies, memberships, or the websites they have visited.

The following types of data are processed: Master data (e.g., names), contact data (e.g., email, phone number), content data (e.g., text entries, photos), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, software information, IP address). As a general rule, no special categories of data within the meaning of Art. 9(1) GDPR are processed, unless such data are provided through the use of the processing, for example by entering them into online forms.

Data is processed for the following purposes: to provide the online platform, its content, and features; to fulfill contractual obligations, provide services, and handle customer support; to respond to contact requests and communicate with users; for marketing, advertising, and market research; and to implement security measures.

As the provider, we collect, use, and disclose personal data only when permitted by law or when users consent to the collection of such data.

You are not required to provide us with your personal data. However, this may be necessary for certain features of our website and/or our social media profiles. If you do not provide us with your personal data, these features will not be available to you, or will be available only to a limited extent.

4. Option to contact us and communicate electronically

You can contact us electronically via the contact form on our website or the email addresses provided, among other methods. Please note that, for technical reasons, data transmitted through these channels could theoretically be read by our provider.

If you contact us through one of these channels, the personal data provided by the data subject will be automatically stored. This data is stored solely for the purpose of processing your request or contacting you. The data will not be disclosed to third parties.

If the data subject subsequently places an order, we will store and process the contact request, as well as any additional personal data collected for the purpose of fulfilling the contract, electronically.

If you contact us electronically, please let us know if you do not wish to receive electronic communications from us.

By default, we use “transport encryption” when sending emails, which is state-of-the-art and can be considered an adequate level of protection under the General Data Protection Regulation. This means that our system communicates with your email server in an encrypted manner. The messages are encrypted and decrypted on the servers involved in the email communication and are therefore secured by encryption during transmission between the servers. If the recipient’s server does not support transport encryption, the email will not be delivered.

However, absolute confidentiality cannot be guaranteed when communicating via transport-encrypted email between our company and you. With transport encryption alone, it cannot be ruled out that unauthorized third parties might gain knowledge of or access to information subject to data protection regulations despite the encryption. There is a technically unavoidable risk that third parties may access the data contained therein and thereby gain knowledge of its content; that emails may contain viruses; that, in theory, other internet users may modify the content of the emails; or that emails may not originate from the specified sender. Confidential information can only be optimally protected electronically through the use of so-called content encryption (e.g., password-protected PDF) or end-to-end encryption (S/MIME or PGP). Our company offers the option of using more secure encryption methods for electronic communication (e.g., sending password-protected documents).

By communicating via unencrypted email, you consent—subject to revocation at any time—to our communicating with you via transport-encrypted email without restriction. If you are willing to use signature and/or encryption methods that offer a higher level of security and wish to do so, please let us know.

You can still contact us via our social media profiles. Please also refer to the additional information provided in sections 7, 8, and 10.

5. Creation of log files

Every time our website is accessed, the provider collects data and information through an automated system. This data is stored in the server's log files.

The following data may be collected: information about the browser type and version used, the user’s operating system, the user’s Internet service provider, the user’s IP address, the date and time of access, websites from which the user’s system accessed our website (referrer), and websites accessed by the user’s system via our website.

The processing of this data is used to deliver the content of our website, to ensure the proper functioning of our IT systems, and to optimize our website. The data from the log files is always stored separately from other personal data of the users. The legal basis for this is Article 6(1)(f) of the GDPR.

6. Cookie Policy

We use cookies on our website. These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device and do not contain viruses, Trojans, or other malware.

The cookie stores information related to the specific device being used. However, this does not mean that we thereby gain direct knowledge of your identity.

We use cookies to make your experience on our website more enjoyable. For example, we use so-called session cookies to recognize that you have already visited certain pages on our website. These are automatically deleted when you leave our site.

The data processed by cookies is necessary for the purposes stated to safeguard our legitimate interests and those of third parties in accordance with Article 6(1)(f) of the GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that cookies are not stored on your computer, are deleted after being stored, or a notification always appears before a new cookie is created. Please note, however, that completely disabling cookies may prevent you from using all the features of our website.

7. Analysis Tool

We use the analytics and tracking tools listed below on our website. These tools help us continuously optimize our website and tailor it to your needs.
We use these tools based on the consent you have provided in accordance with Art. 6(1)(a) of the GDPR. You may revoke your consent at any time by changing your cookie settings. Processing prior to revocation remains lawful.

The specific purposes of data processing and categories of data can be found in the respective tools. Please note that we have no control over whether and to what extent service providers carry out further data processing.

8. Use of Our Online Store

If you wish to place an order in our online store, you must provide your personal information in order to conclude the contract; we require this information to process your order. Mandatory information required for the execution of the contracts is marked separately; additional information is voluntary. For payment, you can provide your payment details to our payment service provider, or we will forward your payment details to our bank, with these third parties each being independently responsible for payment processing. The legal basis for this is Article 6(1)(b) of the GDPR.

If you wish, you can create a customer account, which will allow us to save your information for future purchases. When you create an account under “Login,” the information you provide will be stored on a revocable basis. You can delete all other data, including your user account, at any time in the customer area.

We may also use the information you provide to inform you about other interesting products in our portfolio or to send you emails containing technical information.

Due to commercial and tax law requirements, we are obligated to store your address, payment, and order information for a period of ten years. However, after three years, we restrict the processing of your data, meaning that from that point on, your data will be used solely to comply with legal obligations.

To prevent unauthorized access to your personal data by third parties, the ordering process is encrypted using TLS technology.

9. Transfer of data to third countries

If we process data in a third country (i.e., outside the EU/EEA) or if this occurs in connection with the use of third-party services or the disclosure or transfer of data to third parties, this will only take place if it is necessary to fulfill our contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to statutory or contractual permissions, data will only be processed in a third country if the specific requirements of Articles 44 et seq. of the GDPR, in conjunction with Article 6(1)(b) or (f) of the GDPR, are met.

Data processing is carried out on the basis of so-called adequacy decisions by the European Commission and specific safeguards, such as the officially recognized determination that a level of data protection equivalent to that of the EU has been achieved through such adequacy decisions, or compliance with officially recognized specific contractual obligations (so-called standard contractual clauses).

Through adequacy decisions, the European Commission certifies that data protection in these countries is comparable to EEA standards. A list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.  In addition, we ensure adequate data protection through binding corporate rules, the European Commission’s standard contractual clauses for the protection of personal data pursuant to Art. 46(1)(c) of the GDPR, certificates, or recognized codes of conduct.

The U.S. provider Google / Alphabet may process your personal data in the United States. The transfer of data to the United States is based on the European Commission’s adequacy decision regarding the EU-U.S. Data Privacy Framework and the European Commission’s standard contractual clauses.

10. Routine Deletion and Blocking of Personal Data

We process and store the data subject’s personal data only for as long as is necessary to achieve the purpose of storage. Data may also be stored beyond this period to the extent that this is provided for by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject.

As soon as the purpose for which the data was collected no longer applies or a retention period prescribed by the aforementioned regulations expires, the personal data will be routinely blocked or deleted in accordance with Articles 17 and 18 of the GDPR.

11. Legal basis for processing

To the extent that we obtain the data subject’s consent for the processing of personal data, Article 6(1)(a) of the GDPR serves as the legal basis.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
To the extent that the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override that interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing. Our company’s legitimate interest lies in the conduct of our business activities.

12. Disclosure of Your Personal Information to Third Parties

If we share data with other individuals or companies (data processors or third parties), we do so only on the basis of legal authorization, your consent, a legal obligation, or a legitimate interest. For the technical handling of our electronic communications and the provision of this website, we engage our provider and our system consultant as service providers on the basis of a data processing agreement.

We will inform you of any involvement of third-party service providers in connection with the performance of the contract when the contractual relationship is established or when the third party is engaged, and will request your consent where necessary.

If we engage third parties to process data under a data processing agreement, this is done in accordance with Article 28 of the GDPR.

13. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

  • Right to obtain information about your personal data free of charge under Article 15 of the GDPR.
  • Right to rectification of inaccurate data under Article 16 of the GDPR.
  • Right to restriction of processing and erasure under Article 17 of the GDPR.
  • Right to restriction of processing under Article 18 of the GDPR.
  • Right to receive your data in a structured, commonly used, and machine-readable format pursuant to Article 20 of the GDPR.
  • Right to object under Article 21 of the GDPR if we process your personal data to safeguard legitimate interests within the meaning of Article 6(1)(f) of the GDPR, for reasons arising from your particular situation. You may object to processing for direct marketing purposes at any time without providing a reason. To exercise your right to object, simply send us an informal notice specifying which data processing you are objecting to.
  • Right to withdraw your consent under Article 7(3) of the GDPR, to the extent that we process your personal data for specific purposes based on your consent. Upon receipt of your withdrawal, we will cease processing your data for the purposes for which you have given us consent. The lawfulness of the processing prior to receipt of your withdrawal remains unaffected.
  • Right to lodge a complaint under Article 77(1) of the GDPR with a data protection supervisory authority (typically the State Commissioner for Data Protection and Freedom of Information) if you believe that the processing of your personal data is unlawful. In particular, the complaint may be lodged with the supervisory authority responsible for the location of our company’s headquarters or for the place of your habitual residence, your workplace, or the alleged infringement.

14. Data Security

In accordance with Article 32 of the GDPR, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access to, input of, and disclosure of the data, and ensuring availability through segregation. Furthermore, we have established procedures that ensure the exercise of data subjects’ rights, the erasure of data, and a response to data breaches. Furthermore, we take the protection of personal data into account from the very beginning when selecting hardware, software, and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

For example, when you visit our website, we use the widely adopted SSL (Secure Sockets Layer) protocol in conjunction with the highest encryption level supported by your browser. You can tell whether a particular page on our website is being transmitted securely by the closed key or padlock icon displayed in the status bar at the bottom of your browser.

16. Changes to this Privacy Policy

Due to ongoing improvements to our website and the services offered through it, or due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy. The most current version of the Privacy Policy is available at any time on our website at https://www.generica.net/datenschutz/ . The privacy policy is also available for your review at our business premises (waiting area and reception) and can be sent to you upon request.

17. Complaints

Please report any data protection violations or legal infringements directly to us immediately. We will promptly remedy any identified legal infringements and, of course, fulfill any justified claims. Please note that potential claimants are subject to a duty to mitigate damages. Without prior contact, we generally will not cover any costs for an attorney retained by the claimant. We expressly do not wish for claimants to retain an attorney to issue a cease-and-desist letter.

generic_logo

Through streamlined processes, intelligent engineering, and practical industry expertise, we deliver precise, reliable solutions—across all systems, regardless of brand, and for every challenge. This is how we create real value.

With GENERICA as your partner, you benefit from decades of industry experience, long-term availability of all wear parts, and fast, manufacturer-independent spare parts supply.

Become a customer now
About Generica

Everything we do is
focused on one goal:

your productivity.