Privacy Policy

We are delighted by your interest in our company and theirs technologies. The date security is substantial for our management. There is no need for you to state any personal information to use the SMB GmbH website. But therefore using the sites services which exceeds casual browsing you may have to enter personal information. If the processing personal data is a necessity and moreover there is no compulsory law we question the user for an assent.

The processing of personal data for example name, address or phone number is always in coincidence to the data regulation and the SMB GmbH current data protection specifications in Baden-Württemberg. Due to this data protection we have the possibility to inform the public about the kind, extend and purpose of the taken, used plus processed personal data. Furthermore the affected persons are avowed their rights.

Since SMB GmbH is responsible for having a peripherally data security on their website in order to secure the users data there are a lot of differenced methods in usage to assure this. Therefore only minimal personal data is raised to fulfill the technical requirements. None of the received date is sold or handed over to third. The following explanation is an overview over the handling of your data.

Name and address of the responsible employee for data processing:

Responsible persons within the meaning of the basic data protection regulation or other data protection laws and provisions of a data protection law are applicable

ZMB Automation GmbH
Am Bahndamm 23
89168 Niederstotzingen

phone number: +49 (0) / 7325 96 08 - 10

e-mail address:

You can contact our data protection officer at:

ZMB Automation GmbH
Am Bahndamm 23
89168 Niederstotzingen

phone number: +49 (0) / 7325 96 08 - 10

e-mail address:

All data subjects may, at any time, contact our data protection officer directly if they have any questions or suggestions regarding the protection of data.

Personal data
Personal data refers to any information relating to an identified or identifiable natural person, hereinafter referred to as “data subject”. A natural person is considered identifiable if they can be identified directly or indirectly, in particular through the means of the allocation of an identifier such as a name, a code number, location data, an online code, or one or several special features that are the expression of the physical, physiological, mental, genetic, economic, cultural, or social identity of this natural person.

Disclaimer of Liability
Pursuant to Section 7, Paragraph 1 of the German Telemedia Act (tele media law), we are responsible in our capacity as a service provider for our own information that we store for use, under general legislation. However, we are not responsible in our capacity as a service provider for any external data transmitted by third parties within a communication network or to which third parties allow access for use, pursuant to Section 8, Paragraph 1 of the Telemedia Act. Furthermore, pursuant to Section 10 of the Telemedia Act, we are not responsible for any external data that we save on behalf of a user, in so far as we have no knowledge of any unlawful activity or of the data nor, in the event of any claims for damage, knowledge of any acts or circumstances as a result of which unlawful activity or information becomes apparent or we have taken action immediately to remove the information or block access to it as soon as we become aware of it. We assume no liability for any links on our website to third-party sites, since we have no control over their content. The operators of such sites bears exclusive responsibility for their content. All links were checked for unlawful content at the time of publication on our website and did not contain any legal infringements. It is not possible to permanently monitor these links without any specific indications of legal infringements.

Rights of the data subject

Rights to confirmation
All data subjects have the right to request confirmation from the controller responsible for processing as to whether their personal data is processed.

Right to access
All data subjects affected by the processing of personal data have the right to at any time receive information free of charge from the controller responsible for processing regarding the data stored about the data subject’s person. 

Right to rectification
All data subjects affected by the processing of personal data have the right to request the immediate rectification of incorrect personal data concerning the data subject. Furthermore, the data subject is entitled to the right to request the completion of incomplete personal data, taking into account the purposes of processing. 

Right to erasure (“right to be forgotten”)
All data subjects affected by the processing of personal data have the right to request from the controller that the data concerning the data subject is immediately erased, provided that one of the following grounds applies and provided that processing is not necessary:

  • The personal data has been collected for such purposes or processed in another way for which it is no longer required. 
  • The data subject withdraws their consent on which processing was based pursuant to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and there is no other legal basis for processing. 
  • The data subject submits an objection to processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for processing, or the data subject submits an objection pursuant to Article 21(2) GDPR.
  • The personal data have been processed unlawfully.
  • The erasure of the personal data is necessary in order to comply with a legal obligation in accordance with Union law, or the law of member states to which the controller is subject.
  • The personal data has been collected in respect of services offered by the information society pursuant to Article 8(1) GDPR. 

The right to restriction of processing
Any data subject affected by the processing of personal data is granted the right to request that the controller restricts processing if one of the following requirements are met: (1) The accuracy of the personal data is disputed by the data subject – in this instance, the restriction may be of a suitable duration for the controller to verify the accuracy of the personal data. (2) Processing is unlawful, but the data subject refuses the erasure of the personal data and instead requests the restriction of the use of the personal data. (3) The controller no longer requires the personal data for the purposes of processing; however, the data subject requires it for the establishment, exercise or defence of legal claims. (4) The data subject has submitted an objection to processing pursuant to Article 21(1) GDPR, and it has not yet been determined whether the controller’s legitimate interests override those of the data subject.

Right to data portability
Every data subject affected by processing has the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning them that has been provided to a controller by the data subject. 

Right to object
Every data subject affected by the processing of personal data has the right to at any time object, for grounds arising from a particular situation, to the processing of personal data concerning them based on points (e) or (f) of Article 6(1) GDPR. This also applies for profiling based on these provisions. The controller will no longer process the personal data in the event of an objection unless we are able to prove mandatory, legitimate grounds for processing which override the interests, rights and freedoms of the data subject, or unless processing serves the establishment, exercise or defence of legal claims. If the controller processes personal data in order to undertake direct marketing, the data subject has the right to at any time object to the processing of personal data for the purposes of marketing of this type. If the data subject objects to processing for the purposes of direct marketing, we will no longer process their personal data for this purpose.

Right to withdraw consent
All data subjects affected by the processing of personal data have the right to at any time withdraw their consent (GDPR) to the processing of personal data.

If you use this website, our web pages use cookies at several points. They serve to make our service more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are called session cookies. These are deleted automatically at the end of your visit. Cookies do not cause any damage to your computer and do not contain viruses.

You can block cookies in most internet browsers. If you do not agree to use of these cookies, please deactivate them or use the automatic deactivation tool.

Secure Sockets Layer (SSL/TLS) encryption

To protect the security of your data during transmission, we use state of the art encryption techniques (such as SSL) over HTTPS.

Google Maps
This website uses Google Maps, a web analysis to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of map features by visitors.

Google will use this information to analyse your use of the website, compile reports on your website activities for the website operator, and provide additional services associated with the use of the website and use of the Internet.

For more information about Google's data processing, please refer to the “Google Privacy Policy”. There you can change your personal privacy settings in the Google Maps Terms of Use Privacy Center.

Customers and business partners
We process personal data that we have received from you in the context of our business relationship. In addition, to the extent necessary for the provision of our services, we process personal data that we have permissibly received from other companies within SMB or business partners performing external work, or service providers, or other third parties. In addition we process personal data that we have permissibly obtained from publicly accessible sources, and are permitted to process. Personal data that we process in the context of the business relationship is as follows: Your name, address, contact details, tax classification, order data, payment data, bank details, contract data, credit data, sales data, communication data and documentation data, for usage of our website.

Data protection in the case of applications and in the application procedure
The controller responsible for processing collects and processes personal data concerning applicants for the purposes of handling the application procedure. Processing may also take place by electronic means. This is the case in particular if corresponding application documents are transferred by an applicant, via electronic means, to the controller responsible for processing, for example by email or using a web form located on the website. If the controller responsible for processing concludes an employment contract with an applicant, the transferred data will be stored for the purposes of executing the employment relationship, subject to the statutory specifications. If the controller responsible for processing does not conclude an employment contract with the applicant, the application documents shall be erased six months after the refusal decision has been communicated, unless other justified interests held by the controller responsible for processing contradict erasure. Another justified interest in this sense may be for example a duty to provide proof in proceedings in accordance with the General Act on Equal Treatment of 14th August 2006 (AGG).

Relevant legal bases
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) lit. b GDPR, and the legal basis for processing in order to fulfill our legitimate obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as legal basis.

Safety measures
We take appropriate technical measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probability and severity of the risk to the rights and freedoms of natural persons and organizational measures to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. We have also set up procedures to ensure the enjoyment of data subject rights, data deletion and data vulnerability. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection through technology design and privacy-friendly default settings (Article 25 GDPR).

Collaboration with processors and third parties
If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, as required by payment service providers, pursuant to Art. 6 (1) (b) GDPR to fulfill the contract), you have consented to a legal obligation or based on our legitimate interests (e.g. the use of agents, webhosters, etc.).

The purpose and legal basis of processing
We process personal data in compliance with the provisions of data protection laws:

Based on your consent (Art. 6 para. 1 letter a GDPR). In as far as you have issued us consent to process personal data for certain purposes, this processing is legally valid based on your consent. Once consent has been issued, it may be withdrawn at any time. To comply with contractual obligations (Art. 6 para. 1 letter b GDPR). If the processing of personal data is necessary for fulfilment of a contract to which the data subject is party, as for example in the event of processing procedures which are necessary for the delivery of goods or provision of another service or return service, processing is based on point(b) of Article 6(1) b GDPR. The same applies for such processing procedures as are necessary for the undertaking of pre-contractual measures, such as in cases of requests regarding our products and services. 

Based on legal requirements or in the public interest (Art. 6 para. 1 letter c, Art. 6 para. 1 letter e GDPR). In addition, we process your personal data to the extent required under legal specifications, or for reasons of public interest such as for the fulfilment of tax obligations. For the protection of the vital interests of the data subject or of another natural person (Art. 6 para. 1 letter d GDPR). In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor to our company is injured and as a result their name, age, health insurance data, or other vital information needs to be transferred to a doctor, hospital, or other third party. In the context of the balancing of interests (Art. 6 para. 1 letter f GDPR). When necessary, we process your data beyond the actual fulfilment of the contract in order to safeguard justified interests held by us or third parties, unless the interest, basic rights and basic freedoms of the data subject are overriding (e.g. credit information, marketing or market and opinion research, the establishment of legal claims and defence in the event of legal disputes, guaranteeing IT security, business management measures, and the further development of products and services).

The duration of storage, erasure and blocking of personal data
The criteria for the duration of personal data storage are the purpose of processing and the respective statutory retention period. After the purpose of processing has been fulfilled, and taking into account the statutory retention period, the corresponding data is deleted or blocked unless it is still required for contract fulfilment or entering into a contract.

The existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

Responsible supervisory authority for data protection

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Königstraße 10a, 70173 Stuttgart, Tel.: 0711/61 55 41-0


Valid as of: 25 May 2018