Privacy Policy
1. Foreword and selected terminology
This privacy policy informs visitors and users of our website about the online data processing procedures in which personal data is processed. On the other hand, you will receive information about our processing procedures that do not take place primarily online.
• DSGVO is an abbreviation for the European General Data Protection Regulation.
• BDSG stands for the Federal Data Protection Act in its current version.
• Personal data is any information that can be used to identify a natural person (definition in Article 4(1) of the GDPR). This includes names, email addresses, phone numbers, as well as data such as IP addresses or customer numbers.
• The processing of personal data includes all operations, such as collecting, storing, transmitting, archiving, or deleting personal data (definition in Article 4, paragraph 2 of the GDPR).
• Personal data is any information that can be used to identify a natural person (definition in Article 4(1) of the GDPR). This includes names, email addresses, phone numbers, as well as data such as IP addresses or customer numbers.
• The processing of personal data includes all operations, such as collecting, storing, transmitting, archiving, or deleting personal data (definition in Article 4, paragraph 2 of the GDPR).
2. Responsible body and data protection officer
Responsible Party
ELSÄSSER Filtertechnik GmbH
Carl-Zeiss-Str. 3
71154 Nufringen
Phone: 07032 / 96 04-0
Fax: 07032 / 96 04-22
info@filter-technik.de
Data Protection Officer
DSB Externer Datenschutzbeauftragter Stuttgart
Fabian Henkel
Diplom-Betriebswirt (FH)
Zertifizierter Datenschutzbeauftragter
Phone: +49(0)176 32744172
E-Mail: info@externer-datenschutzbeauftragter-stuttgart.de
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de
3. Concise Overview
The following content provides a brief overview of the processing of personal data; more detailed information can be found in the respective detailed sections.
Security on our website
Our website is equipped with a TLS certificate that encrypts data transfer processes. This happens, for example, when you send us a message via form. We would like to point out that it is not possible to achieve 100% security in electronic data processing and that there is always a residual risk.
Data you transmit to us
We process the data you enter yourself, for example in a form, on this page. The purpose of the processing is determined by the type of form and by this privacy policy. Even if you send us a message via email or contact us in another way, we process your data according to the purpose of the contact.
Automatic Server Log Files
On the other hand, our server automatically records all accesses and thus also IP addresses (log files), which serves to defend against attacks, analyze access numbers, and ensure smooth operation.
Use of Cookies
Cookies help us provide various services; more information can be found in this privacy policy.
Analysis and Tracking Tools
If we use analysis and tracking tools, this is done in accordance with the requirements of the GDPR and the TDDG, and we inform you about our Cookie Consent Manager and in this privacy policy. If required by law, we will ask for your consent before activating it. If granted, consent can be revoked at any time through the Cookie Consent Manager. Analysis tools are typically used for detailed insights into the content visited on our site, the flow of behavior, and the country from which access was made, for example. Tracking tools are typically used to measure advertising success or to collect data and information to optimize our advertising efforts. Tracking Tools are sometimes also referred to as marketing tools, but these terms are not always clearly distinct. Cookies, Skripte or comparable technologies are usually required for the use of such tools.
External plugins and content delivery networks
If we use external plugins and content delivery networks, this is done in accordance with the requirements of the GDPR and the TDDG, and we provide information in this privacy policy. If required by law, we will ask for your consent before activating it. If granted, consent can be revoked at any time through the Cookie Consent Manager. Plugins and content delivery networks are used to integrate content into our website or to support various additional functions. Notable examples of such services would be the video service YouTube or the map service Google Maps. When such services are integrated through a website, access data is transferred to the service providers. As a rule, this includes your IP address and other metadata, such as the time and date of access. The provision is sometimes done by setting cookies, scripts, or comparable technologies.
Newsletter / Direct marketing
Direct marketing to existing customers in the legitimate interest
We reserve the right to send our customers newsletters based on §7 Abs. 3 UWG in conjunction with Art. 6 Abs. 1 lit. f DSGVO. You can, of course, object to receiving direct marketing information at any time.
Additional data recipients
Use of processors
We use processors in accordance with the requirements of Article 28 GDPR, for example in the area of IT services, web hosting, email hosting or printing services. These process personal data on our behalf in a manner that is subject to our instructions.
Use of non-specialized services
If necessary (for example, for contract execution), we will pass on your data to banks, shipping service providers, our tax consultant or lawyer.
Statutory Obligations
We share purpose-specific data with authorities as required by law. For example, this could be tax authorities that receive data from us due to tax law.
Criminal Investigation
If necessary for the investigation of a crime, we will forward data to law enforcement agencies.
General information on deletion periods for personal data
We process the data for as long as it is necessary for the respective purpose. As necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract, and we are further obligated to comply with legal retention requirements. If data processing is based on your consent, we will delete your data after you withdraw it.
Transmission of personal data to a third country
We try to have all service providers and services from providers within the European Union. Transmission to a third country is possible if you have given us your consent and/or we have concluded a contract for order processing in accordance with Art. 28 GDPR, taking into account suitable guarantees. In individual cases, we may use plugins or tools that are hosted in third countries, but we use them based on our legitimate interests. We point out the circumstance in these cases, if applicable.
Mandatory provision of personal data
Whether you provide personal data on our website for specific purposes is up to you. The provision of personal data is contractually required for the initiation and execution of legal transactions.
4. Legal bases for processing personal data
The legal bases for processing personal data are exceptions that allow the processing of personal data. The essential legal bases are particularly reflected in Art. 6 GDPR. The legal bases for processing personal data are described in the individual processing operations in this privacy policy.
Given consent (Art. 6 (1) a GDPR)
Consent is one of these legal bases and requires that the consenting person gives it in an informed and voluntary manner. Consent based on Article 6 (1) a GDPR can be revoked at any time without giving reasons.
Contract-related data processing (Art. 6 (1) (b) GDPR)
The processing of personal data for the initiation or execution of contracts is also a legal basis and is defined in Article 6(1)(b) of the GDPR.
Legal obligation (Art. 6 (1) c GDPR)
The exception to data processing due to a legal obligation is found in Art. 6 (1) c GDPR, for example, we are obligated to comply with certain retention periods according to commercial and tax law.
Legitimate interests (Art. 6 (1) (f) GDPR)
Processing personal data based on a balancing of interests under Article 6(1)(f) of the GDPR permits processing after careful consideration of financial or legal interests against the protected interests of the data subject.
5. Your rights under the General Data Protection
Regulation Every natural person is entitled to certain rights, which are defined in Articles 15 to 21 and 77 of the GDPR. You have the following rights in principle, which you can assert against us.
Right to revoke a given consent according to Art. 7 GDPR
You can revoke your consent at any time without giving reasons with effect for the future.
Right to information under Article 15 GDPR (restrictions under § 34 BDSG possible)
You have the right to request information about the data processed by you and the purposes of processing at any time.
Right to rectification under Article 16 GDPR
If you find that we are processing incorrect or incomplete data about you, you have the right to correction.
Right to erasure under Article 17 GDPR (restrictions under § 35 BDSG possible)
You have the right to request the deletion of your personal data that we process about you at any time. If a complete deletion is not possible, for example because we must fulfill statutory retention obligations or we can assert legitimate interests for another reason, we will restrict your data until the reasons no longer apply.
Right to restriction of processing according to Art. 18 GDPR
You have the right to request the restriction of processing your personal data. You can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases:
• If you dispute the accuracy of your personal data stored with us, we will usually need time to verify this. During the review period, you have the right to request that the processing of your personal data be restricted.
• If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
• If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
• If you have filed an objection under Article 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it is not clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.
• If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.
Right to data portability under Article 20 GDPR
You have the right to receive data that we process automatically based on your consent or in fulfilment of a contract in a commonly used, machine-readable format, either to yourself or to a third party. If you request the direct transfer of data to another controller, this will only be done if it is technically feasible.
Right to object to certain processing operations and direct marketing under Article 21 GDPR
If data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms or the processing serves the assertion, exercise, or defense of legal claims (objection under Art. 21 (1) GDPR).
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21 (2) GDPR).
Right to lodge a complaint with a supervisory authority under Article 77 GDPR in conjunction with Section 19 BDSG
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
6. External Hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the host's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access, and other data generated through a website. The hosting provider is used to fulfill our contract with our potential and existing customers (Article 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Article 6 (1) (f) GDPR). Our host will process your data only to the extent necessary to fulfill its performance obligations and follow our instructions regarding this data.
We have contracted the following host for hosting:
Timme Hosting GmbH & Co. KG
Marie-Curie-Straße 5
21337 Lüneburg,
German
We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a data protection contract that ensures that the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.
7. Automatic Server Log Files
Our web server automatically logs all accesses and thus also the IP addresses of visitors. This is for the purpose of defending against attacks, analyzing access numbers, and ensuring smooth operation. We have a legitimate interest in this (Art. 6 lit. f DSGVO). The server log typically records the IP address and other metadata about the session; these data are provided below.
• Date and time of retrieval
• Information about the browser type and the browser version used
• Information about the operating system used
• Device (Client)
• Referrer URL (the page that led you to us)
• Called hyperlinks We process this data only for the purposes mentioned above.
We delete server log files after three months at the latest.
8. Use of Cookies
Our website uses cookies to provide services and ensure full functionality. Cookies – these are small text files that are automatically stored in your browser or Devices can be stored – can have different functions and contain a characteristic string that allows for a unique identification of the browser when the website is visited again. Cookies are stored on your device and sent to our site from there. As a user, you have full control over the use of cookies. Whether and which cookies you allow in general can be set in your browser settings. We recommend that you set your browser to notify you when a website wants to set cookies. So you have control over which cookies you want to allow. However, if you do not allow cookies, the functionality of websites may be limited. Cookies are generally differentiated into non-persistent and persistent cookies. Furthermore, a distinction is made between first-party cookies (which come directly from our web server) and third-party cookies (which are set on your computer by third-party providers).
Cookie-Types by duration
Session Cookies
Session cookies are deleted at the latest when you leave our website and close your browser.
Persistent Cookies
These cookies remain stored even after you leave our website and close your browser. Persistent cookies can have different lifetimes, ranging from one day to several years. These cookies can perform various functions, for example, your login data can be saved so that you are automatically logged in when you visit our website again. Other persistent cookies are used for analysis, tracking, and marketing purposes.
Cookie-Types by origin
We use both first-party and third-party cookies. First-Party-Cookies are cookies that come directly from us. Third-party cookies are cookies that are placed by a third-party provider. We use various third-party cookies for analysis, tracking, and marketing purposes.
Cookie-Types by function
Technically required or necessary cookies
These cookies enable the operation of our website; without technically necessary cookies, our site would not be usable or would only be usable to a very limited extent. For example, such cookies are used when you log in to our site or add a product to your shopping cart. Required cookies also serve security purposes in some cases.
Analysis or statistics cookies
Analysis cookies collect information about the behavior of site visitors, provide insight into the length of time spent on the site and which information was accessed. We also collect information about which website visitors come from, how many visitors the websites have, and how long the user stays on the websites. The purpose of these cookies is to optimize our website based on the collected information.
Tracking- and Marketing-Cookies
Tracking, or marketing cookies (also remarketing and retargeting cookies) enable an analysis of browser behavior, they store which content was visited or which products the user searched for (tracking means tracking in this sense). Based on these cookies, a user can also be identified across pages, with the goal of displaying advertisements tailored to their interests.
Legal bases and information on how to set your preferences
We use technically required cookies in the interest of a functional and stable website (Art. 6 (1) lit. f GDPR), and we use other cookies only with your consent (Art. 6 (1) lit. a GDPR). You can set your preferences for selecting non-essential cookies at the beginning of your visit, and you can also adjust your preferences at any time.
The individual legal bases for the use of various tools that use cookies can be found in the respective sections of our privacy policy.
9. Consent Management with Usercentrics
Our website uses ConsentManager's consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in a manner compliant with data protection regulations. The provider of this technology is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de (hereinafter "ConsentManager"). When you enter our website, a connection is established to ConsentManager's servers to obtain your consents and other declarations for the use of cookies. ConsentManager then stores a cookie in your browser to be able to assign the given consents or their revocation. The data collected in this way is stored until you ask us to delete it, delete the Consent-Manager-Provider cookie yourself, or the purpose for data storage no longer exists. Mandatory legal retention obligations remain unaffected. ConsentManager is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) c GDPR. We also have a legitimate interest in obtaining consent for technologies that are not required for technical reasons in a manner that complies with the law. The legal basis is Art. 6 (1) lit. f GDPR.
Processing of orders
We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a data protection contract that ensures that the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.
10. Data processing in the context of communication and contacting
Email Communication
If you send us an email, we process your data according to the content and purpose of the message. In general, processing is based on pre-contractual measures or in the context of the execution of a contractual relationship based on Art. 6 (1) b GDPR and Art. 6 (1) f GDPR. It is a legitimate interest to process your request quickly and efficiently.
To the extent that the message is product- or performance-related, we process your data on the basis of our legitimate interests under Article 6 (1) (b) GDPR.
Please note that we store all incoming emails in accordance with the principles of proper bookkeeping for a period of ten years, starting from the first day of the following year in which the message was received. Therefore, if you ask us to delete the data, we will restrict your data for processing going forward and only store it for the purpose of complying with retention periods in our legitimate interest.
Communication via telephone or fax
Even if you contact us by phone or fax, we process your data either to initiate and execute contractual relationships (if the content is product or service-related) and/or in our legitimate interest, similar to contacting us by email. We do not record the content of conversations, but we may take notes to help us process your request. These will be stored until the purpose of data processing is achieved.
Communication via WhatsApp Business
We use the instant messaging service WhatsApp, among others, to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The parent company is Meta Platforms Inc., USA.
Communication is done via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from accessing the communication content. However, WhatsApp gains access to metadata that is generated during the communication process (e.g., sender, recipient, and time). We also note that WhatsApp shares personal data of its users with its parent company Meta, which is based in the United States. For more details on data processing, see the WhatsApp Privacy Policy at: https://www.whatsapp.com/legal/#privacy-policy.
The use of WhatsApp is based on our legitimate interest in communicating with customers, prospects, and other business and contractual partners as quickly and effectively as possible (Art. 6 (1) f GDPR). If consent has been requested, data processing is carried out exclusively on the basis of consent; this can be revoked at any time with effect for the future.
The communication content exchanged between you and us on WhatsApp will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Compelling statutory provisions – in particular retention periods – remain unaffected.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPAs are an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards in data processing in the United States. Every company certified after the DPF is committed to adhering to these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/7735.
We use WhatsApp in the "WhatsApp Business" version.
Personal data can be transferred to Meta's headquarters in the USA. Meta supports data transfers using standard contractual clauses in accordance with Article 46 of the GDPR.
We have set our WhatsApp accounts to not automatically sync data with the address book on the smartphones in use.
We have entered into a contract for processing with the above-mentioned provider.
11. Orders and User
Account
Registration of a User Account
You have the option of creating a user account. This enables extended functionality but is not mandatory. If you apply for a user account with us, we will send you your access data by email and request that you change the initial password immediately. For registration, it is necessary that you provide various data. For this purpose, we require your company name and legal form, the company address, an email address, and a contact person; where applicable, we may also ask you for your telecommunications data. With a user account, you can log in to the site with a username and a password; passwords are generally stored in encrypted form. Whether you create a user account is at your discretion; the processing of your data for this purpose is therefore based on your consent (Art. 6 para. 1 lit. a GDPR). You may revoke your consent at any time with effect for the future. Your data will be stored until we receive your revocation. Please address your revocation to the contact details provided above. Insofar as statutory retention periods exist for all or part of your data, we must comply with these and will restrict your data after revocation.
Order with Guest Account
If you do not wish to create a user account, you have the option to place an order as a guest; the processing of the information you provide for handling the order is carried out for the performance of the contractual relationship (Art. 6 para. 1 lit. b GDPR). If you request the deletion of your data but statutory or contractual retention periods prevent immediate deletion, we will continue to process your data in a restricted manner in order to safeguard our legitimate interests and fulfill legal obligations.
Placing Orders in Our Shop
If you order goods in our shop, the processing of your data is carried out on the basis of the performance of contractual relationships (purchase contract) pursuant to Art. 6 para. 1 lit. b GDPR. As a rule, in the context of orders we process your billing address, if applicable a different delivery address, as well as your email address and, if applicable, your telephone and fax number. We store the data related to the transaction until the expiry of the statutory retention periods. If you request the deletion of your data, we will restrict the processing of your data exclusively for this purpose.
Transmission of Payment Details
In addition, the processing of payment details for billing is carried out via a credit institution. This also takes place within the framework of the performance of the contractual relationship. As a rule, we only offer payment in advance or payment by invoice.
Transmission of Your Data to a Shipping Service Provider
For the shipment of the ordered goods, we use shipping service providers or freight forwarders; we transfer your data to the commissioned shipping service provider for the purpose of handling the shipping process. We only transfer the data necessary for the transaction unless you explicitly consent to the transfer of further data.
As a rule, we use the following shipping service providers:
• DHL Freight for pallet shipments
• GLS for parcel shipments
Credit Check
If we provide advance performance, we reserve the right to carry out an identity and credit check. This may be necessary for the conclusion of the contract pursuant to Art. 22 para. 2 lit. a GDPR; a specialized service provider will be commissioned to carry this out.
Name of the commissioned service provider
Compagnie Française d'Assurance pour le Commerce Extérieur SA (Coface)
Branch in Germany
Isaac-Fulda-Allee 1
55124 Mainz
Appropriate measures to safeguard your rights, freedoms, and legitimate interests are taken into account. You have the option, by contacting us using the contact details described below, to present your point of view and contest the decision. After full performance of the contract, your data processed for this purpose will be deleted unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we inform you in this declaration.
Disclosure of Data to Debt Collection Agencies
For the performance of the contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, we pass on your data to a commissioned debt collection agency if our payment claim has not been settled despite a prior reminder. In this case, the claim will be collected directly by the debt collection agency. Furthermore, the disclosure serves to safeguard our overriding legitimate interests in the effective assertion or enforcement of our payment claim pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
12. Direct marketing
Direct Marketing to Existing Customers Based on Legitimate Interest
We reserve the right to use the data collected in connection with a purchase contract or service contract, where applicable, for direct advertising by email or post in accordance with Section 7 para. 3 of the German Act Against Unfair Competition (UWG), provided that the customer has not objected or does not object to such use. Direct advertising includes exclusively offers for similar products or services to those already purchased by the user from us. We have a legitimate economic interest (Art. 6 para. 1 lit. f GDPR) in informing our customers about new products and improving our service offerings.
We use rapidmail for sending newsletters. The provider is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany. rapidmail is a service with which, among other things, the sending of newsletters can be organized and analyzed. The data you enter for the purpose of receiving the newsletter is stored on rapidmail’s servers in Germany. The data protection notices and data security information of rapidmail can be found at https://www.rapidmail.de/datenschutz and https://www.rapidmail.de/datensicherheit.
For the purpose of analysis, the emails sent with rapidmail contain a so-called “tracking pixel” which connects to rapidmail’s servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail, we can determine whether and which links in the newsletter message are clicked. All links in the email are so-called tracking links, with which your clicks can be counted. If you do not wish analysis by rapidmail, you may object by unsubscribing from the newsletter. For this purpose, we provide a corresponding link in every newsletter. Further details on rapidmail’s analysis functions can be found at the following link: https://de.rapidmail.wiki/kategorien/statistiken/.
We have concluded a contract with the service provider for the processing of personal data on our behalf. Personal data is processed strictly in accordance with our instructions. Naturally, you may object to receiving direct advertising at any time. Please address your objection to the controller named above. Alternatively, you will find an unsubscribe link in every newsletter.
13. Information for Applicants
If you apply to us, whether for a posted position or on your own initiative, we process your data for the purpose of carrying out the selection process. It is irrelevant to us whether you apply by post, by email, or—if available for the respective position—via an online form.
Use of the Software Personio
For applicant management, we use the software Personio, Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany. Personio processes the data exclusively on our behalf and on the basis of a concluded data processing agreement pursuant to Art. 28 GDPR.
Scope and Legal Bases of Processing
As a rule, within the framework of an application procedure, we only process the data that you have transmitted to us yourself. The use of additional sources will only be considered after informing you and consulting with you. For example, whether we may contact a former employer. The legal basis for carrying out an application procedure is Section 26 BDSG in conjunction with Art. 6 para. 1 lit. b GDPR (initiation of an employment contract). If you grant us your consent for the longer-term storage of your data, this is based on Art. 6 para. 1 lit. a GDPR.
Deletion Periods for Applicant
Data
We delete applicant data no later than 4 months after completion of the application procedure (when a candidate has been selected and all applicants have been informed of the outcome). The purpose of data processing generally no longer exists at the end of the selection procedure; however, we have a legitimate interest (Art. 6 para. 1 lit. f GDPR) in being able to defend ourselves against possible claims by rejected applicants. If you are of the opinion that your interests in immediate deletion prevail, you have the option to request this from us. We will then review your request and provide you with feedback.
After expiry of the above-mentioned period, your data will be deleted unless, for example, we must defend ourselves in ongoing proceedings, for instance due to a claim under the General Equal Treatment Act. In this case, we will delete your data after completion of the proceedings, provided that no statutory retention periods apply.
If we are permitted to store your data for a longer period on the basis of your consent, we will delete your data if you request this and revoke your consent. Where applicable, we will also delete your data prior to revocation of your consent if it becomes apparent that no position will be available.
Inclusion in Our Applicant Pool
If we are unable to offer you a position at the present time, we may ask for your consent to further store your data. This serves the purpose of offering you a suitable position at a later date. The legal basis for processing your data in our applicant pool is your consent (Art. 6 para. 1 lit. a GDPR). Naturally, you may revoke your consent at any time with effect for the future. If you do not revoke your consent yourself within a period of two years, we will delete your data from our applicant pool at the latest at that time.
14. Conferences with Microsoft Teams
For the conduct of conferences, video meetings, webinars, and internal communication, we use Microsoft Teams, a service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The parent company is Microsoft Corporation, One Microsoft Way, Redmond, Washington, USA. We have concluded a data processing agreement with the provider of Microsoft Teams and fully implement the strict requirements of the German data protection authorities when using Microsoft Teams. Microsoft Teams enables the conduct of audio and video conferences as well as the joint use of content (e.g., screen sharing, presentations, chat functions). In particular, the following personal data are processed:
• First and last name
• Email address
• Username
• Profile picture (if provided)
• IP address
• Device information
• Operating system
• Browser type and browser version
• Date and time of participation
• Meeting ID
• Chat content
• Audio and video data
• Shared files and documents
• Metadata relating to usage (e.g., duration of participation, interactions)
If a recording is activated, the following are additionally processed:
• Complete audio and video content
• Screen shares
• Chat logs
• Transcription data (if activated)
Processing is carried out for the following purposes:
• Conducting online conferences and meetings
• Internal and external communication
• Documentation of meeting results (if recording takes place)
• Technical provision and security of the conference environment
The legal basis is Art. 6 para. 1 lit. b GDPR (performance of a contract or pre-contractual measures), Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient communication), and—in the case of recordings—Art. 6 para. 1 lit. a GDPR (consent of the participants). In the context of the initiation and implementation of employment relationships, use is additionally based on Section 26 BDSG in conjunction with Art. 6 para. 1 lit. b GDPR. The storage period depends on the respective purpose. Meeting metadata are regularly deleted no later than 30 days. Chat content and shared files are stored in accordance with internal company deletion concepts. Recordings are stored only insofar as this is necessary and are regularly deleted no later than 90 days, unless statutory retention obligations prevent this. A transfer of personal data to the USA to Microsoft’s headquarters cannot be excluded. Microsoft bases data transfers on standard contractual clauses pursuant to Art. 46 GDPR. Microsoft processes data in the context of providing Microsoft Teams as a processor. A corresponding data processing agreement forms part of the Microsoft Online Services Terms.
15. Tools for Analysis, Tracking and Marketing
Google Analytics
We use Google Analytics on our website, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA.
Google Analytics allows us to analyze user behavior on our website. In this process, we receive various usage data, such as page views, time spent on the website, operating systems used, and the user’s origin. This data is assigned to the respective user device. No assignment to a user ID takes place.
Furthermore, we can record, among other things, your mouse and scroll movements and clicks using Google Analytics. Google Analytics also uses various modeling approaches to supplement the collected datasets and applies machine learning technologies in data analysis.
Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
The transfer of personal data to the USA to Google’s headquarters cannot be excluded. Google relies on standard contractual clauses pursuant to Art. 46 GDPR for data transfers.
A data processing agreement has been concluded with Google.
IP Anonymization
Google Analytics IP anonymization is activated. As a result, your IP address is shortened by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.
Google Signals
We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, and YouTube history as well as demographic data (visitor data). This data can be used via Google Signals for personalized advertising.
If you have a Google account, the visitor data collected via Google Signals will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics about the user behavior of our users.
Google Analytics E-Commerce Measurement
This website uses the “E-Commerce Measurement” function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors to improve online marketing campaigns.
Information such as orders placed, average order values, shipping costs, and the time between viewing and purchasing a product is collected. This data can be aggregated by Google under a transaction ID assigned to the respective user or their device.
Google Ads
We use Google Ads on our website, an online advertising program provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA.
Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter certain search terms on Google (keyword targeting). In addition, targeted advertisements can be displayed based on user data available at Google (e.g., location data and interests) (audience targeting).
As website operators, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.
The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
The transfer of personal data to the USA to Google’s headquarters cannot be excluded. Google relies on standard contractual clauses pursuant to Art. 46 GDPR for data transfers.
Google Conversion-Tracking
We use Google Conversion Tracking on our website, a service provided by Google Ireland Limited. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA.
With the help of Google Conversion Tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked most frequently and which products were viewed or purchased most often. This information is used to create conversion statistics.
We receive the total number of users who clicked on our ads and which actions they performed. We do not receive information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.
The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
More information about Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en.
A transfer of personal data to the USA to Google’s headquarters may occur. Google bases the transfer on standard contractual clauses pursuant to Art. 46 GDPR.
Google Ads Remarketing
We use Google Ads Remarketing on our website, a service provided by Google Ireland Limited. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA.
With Google Ads Remarketing, we can assign people who interact with our online services to certain target groups in order to subsequently display interest-based advertising within the Google advertising network (remarketing or retargeting).
Furthermore, the advertising audiences created with Google Ads Remarketing can be linked with Google’s cross-device functions. In this way, interest-based, personalized advertising messages that were adapted to you based on your previous usage and browsing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).
If you have a Google account, you can object to personalized advertising via the following link: https://adssettings.google.com/anonymous?hl=en.
The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
Further information and Google’s privacy policy can be found here: https://policies.google.com/technologies/ads?hl=en.
The transfer of personal data to the USA to Google’s headquarters cannot be excluded. Google relies on standard contractual clauses pursuant to Art. 46 GDPR for data transfers.
Microsoft Advertising
The website operator uses Microsoft Advertising. Microsoft Advertising is an online advertising program provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft Advertising allows us to display advertisements in the Bing search engine or on third-party websites when users enter certain search terms in Bing (keyword targeting). In addition, targeted advertisements can be displayed based on user data available to Microsoft (e.g. location data and interests) (audience targeting).
As website operators, we can evaluate this data quantitatively by analyzing, for example, which search terms triggered the display of our advertisements and how many ads resulted in corresponding clicks.
We use universal event tracking (UET) from Microsoft Advertising on this website. This collects pseudonymized data to track which actions you perform on our websites after clicking on an advertisement in Microsoft Advertising. UET collects your anonymized IP address, device identifiers, device and browser settings, Microsoft Click ID (stored in a cookie), time spent on the website, which areas of the website were accessed, through which ad you accessed the website, and clicked keywords.
The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
We have concluded a data processing agreement for the use of the above-mentioned service.
A transfer of personal data to the USA to Microsoft’s headquarters may occur. Microsoft relies on standard contractual clauses pursuant to Art. 46 GDPR for data transfers.
Hotjar
We use Hotjar on our website, a web analytics service provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta.
Hotjar is a tool for analyzing your user behavior on this website. With Hotjar, we can record, among other things, your mouse and scroll movements and clicks. Hotjar can also determine how long you stayed with the mouse pointer at a specific position. From this information, Hotjar creates so-called heatmaps that show which website areas are most frequently viewed by visitors.
Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned entries in a contact form (so-called conversion funnels).
In addition, Hotjar can be used to collect direct feedback from website visitors. This function serves to improve the website operator’s online services.
Hotjar uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting).
The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG.
A data processing agreement has been concluded with Hotjar.
A third-country transfer cannot be excluded. Hotjar relies on appropriate safeguards pursuant to Art. 46 GDPR.
Disabling Hotjar
If you wish to disable data collection by Hotjar, click the following link and follow the instructions:
https://www.hotjar.com/policies/do-not-track/
Please note that Hotjar must be deactivated separately for each browser or device.
Further information about Hotjar and the collected data can be found in Hotjar’s privacy policy:
https://www.hotjar.com/privacy
Leadinfo
We use Leadinfo, a service provided by Leadinfo B.V., Rotterdam, Netherlands.
Leadinfo processes the following personal data:
• Shortened IP address
• Date and time of visit
• Pages visited (URL)
• Referrer URL
• Domain information from form entries
• Cookie ID
• Publicly available company data
Processing is carried out for the following purposes:
• Identification of business visitors (B2B)
• Analysis of website usage in a business context
• Sales support
The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in B2B analysis). If cookies are used, additionally Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG. IP addresses are not stored permanently. Cookies may be stored for up to 24 months. A data processing agreement has been concluded with Leadinfo.
New Relic
We use New Relic, a performance and monitoring service provided by New Relic Inc., 188 Spear Street, San Francisco, USA.
The following personal data may be processed:
• IP address
• Date and time of access
• Browser type and browser version
• Operating system
• Device type
• Approximate location data
• Automatically assigned ID
• Loading times
• Server response times
• Error codes
• Technical performance data
Processing is carried out for:
• Technical monitoring of the website
• Error analysis
• Performance optimization
The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG. Performance data is typically stored for up to 13 months. Error logs are deleted after a maximum of 30 days. Transfer to the USA takes place on the basis of standard contractual clauses pursuant to Art. 46 GDPR. A data processing agreement has been concluded with New Relic.
LinkedIn Insight Tag
We use the LinkedIn Insight Tag on our website. Provider is LinkedIn Ireland Unlimited Company. Parent company is LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.
The LinkedIn Insight Tag provides us with information about website visitors. If a visitor is registered with LinkedIn, we can analyze professional data (e.g., career level, company size, country, location, industry, and job title) to better align our website to target audiences.
We can also measure whether visitors perform a purchase or other action (conversion tracking). Conversion measurement can also be performed across devices (e.g., PC to tablet).
LinkedIn Insight Tag also offers retargeting functions to display targeted ads to visitors outside the website. According to LinkedIn, no direct identification of the advertising recipient takes place.
LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties, and access time). IP addresses are shortened or hashed (pseudonymized). Direct identifiers of LinkedIn members are deleted after seven days. Remaining pseudonymized data is deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as website operators. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it for its own advertising purposes.
The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG.
We have concluded a data processing agreement with the provider.
A transfer to the USA to LinkedIn’s headquarters takes place on the basis of standard contractual clauses pursuant to Art. 46 GDPR.
Objection to LinkedIn Insight Tag
You can object to analysis of usage behavior and targeted advertising by LinkedIn here:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
LinkedIn members can also control advertising data usage in their account settings. To avoid linking data collected on our website with your LinkedIn account, please log out of LinkedIn before visiting our website.
Meta Pixel
We use the Meta Pixel of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Parent company is Meta Platforms Inc., 1 Meta Way, Menlo Park, California 94025, USA.
This allows tracking of visitor behavior after users are redirected to the provider’s website by clicking on a Meta advertisement. This allows evaluation of the effectiveness of Meta ads for statistical and market research purposes and optimization of future advertising measures.
The collected data is anonymous for us as website operators; we cannot draw conclusions about user identities. However, the data is stored and processed by Meta so that it can be linked to respective Facebook or Instagram user profiles. Meta may use the data for its own advertising purposes according to its data usage policy (https://de-de.facebook.com/about/privacy/).
The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
We use the advanced matching function within Meta Pixel. This allows us to transmit various types of data (e.g. city, state, postal code, hashed email addresses, names, gender, date of birth, or phone number) collected from customers and prospects to Meta. This helps improve advertising campaign targeting and conversion attribution.
To the extent that personal data is collected and transferred to Meta, both we and Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Ireland are joint controllers pursuant to Art. 26 GDPR. The joint responsibility only applies to data collection and transfer to Meta. Processing after transfer is not covered by joint responsibility.
The agreement on joint processing can be found here: https://www.facebook.com/legal/controller_addendum.
A transfer of personal data to the USA to Meta’s headquarters occurs on the basis of standard contractual clauses pursuant to Art. 46 GDPR.
Further information can be found in Meta’s privacy policy:
https://de-de.facebook.com/about/privacy/
You can also disable the remarketing function “Custom Audiences” in ad settings:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
16. Used Plugins and Tools
Google Tag Manager
We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA. Google Tag Manager is used to manage and deploy tracking and marketing tags via a central interface. Google Tag Manager itself does not set cookies or store any independent personal data. However, when the website is accessed, the following technical data is transmitted to Google:
• IP address
• Date and time of page access
• Browser type and browser version
• Operating system
• Referrer URL
• Device information
Processing is carried out for the following purposes:
• Technical delivery and management of website tags
• Integration and control of analysis and marketing services
• Ensuring the proper functioning of integrated services
The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in technically efficient management of our website services). If services that set cookies are loaded via the Tag Manager, their use is based exclusively on your consent pursuant to Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG. The Google Tag Manager does not independently store personal data. Server log data is regularly deleted or anonymized after no longer than 9 months. A transfer of personal data to the USA to Google’s headquarters cannot be excluded. Google relies on standard contractual clauses pursuant to Art. 46 GDPR for data transfers.
Google Maps
We use Google Maps on our website, a mapping service provided by Google Ireland Limited. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA.
To use the functions of Google Maps, the following personal data may be processed:
• IP address
• Date and time of page access
• Subpages visited
• Location data (if permitted by the user)
• Device information
• Browser information
• Cookie ID
• Google account data (if logged in)
Processing is carried out for:
• Display of interactive maps
• Display of locations
• Improvement of usability
The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG. The storage period depends on Google’s internal storage policies. Cookies may generally be stored for up to 6 months. A transfer of personal data to the USA to Google’s headquarters may occur. Google relies on standard contractual clauses pursuant to Art. 46 GDPR. Google acts as an independent data controller.
YouTube
We use YouTube on our website, a video service provided by Google Ireland Limited. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA.
When a page containing an embedded YouTube video is accessed, the following personal data may be processed:
• IP address
• Date and time of access
• Pages visited
• Referrer URL
• Device information
• Browser type and browser version
• Operating system
• Cookie ID
• Google account information (for logged-in users)
• Interaction data (e.g. starting or pausing a video)
Processing is carried out for:
• Provision of video content
• Analysis of video views
• Improvement of usability
The legal basis is your consent pursuant to Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG. The storage period depends on Google’s internal storage policies. YouTube cookies may generally be stored for up to 6 months. A transfer of personal data to the USA to Google’s headquarters may occur. Google relies on standard contractual clauses pursuant to Art. 46 GDPR for data transfers. YouTube acts as an independent data controller.
17. Our Social Media Presences
Data Processing through Social Networks
We operate publicly accessible profiles on social networks. The individual social networks we use are listed below.
Social networks such as Facebook, X, etc., can generally analyze your user behavior extensively when you visit their websites or websites with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media profiles triggers numerous data processing operations relevant to data protection.
If you are logged into your social media account and visit our social media profile, the operator of the social media portal may assign this visit to your user account. Your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, data collection may occur, for example, through cookies stored on your device or through the collection of your IP address.
Using the data collected in this way, the operators of social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both within and outside the respective social media platform. If you have an account with the respective social network, interest-based advertising may be displayed on all devices on which you are or have been logged in.
Please also note that we cannot fully track all processing activities on social media platforms. Depending on the provider, additional processing operations may be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies of the respective social media platforms.
Legal Basis
Our social media presence serves to ensure the broadest possible online visibility. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by the social networks themselves may be based on different legal grounds, which must be specified by the operators of the social networks (e.g. consent pursuant to Art. 6 (1) (a) GDPR).
Controller and Enforcement of Rights
If you visit one of our social media profiles (e.g. Facebook), we are jointly responsible together with the operator of the social media platform for the data processing operations triggered by this visit. You can generally exercise your rights (access, rectification, deletion, restriction of processing, data portability, and complaint to the supervisory authority) both against us and against the operator of the respective social media portal (e.g. Facebook).
Please note that despite joint responsibility with the social media portal operators, we do not have full control over the data processing activities of the social media platforms. Our influence is primarily determined by the company policies of the respective provider.
Storage Period
Data collected directly by us via our social media presence will be deleted from our systems as soon as you request deletion, withdraw your consent to storage, or the purpose of data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal regulations, especially retention periods, remain unaffected.
We have no influence on the storage duration of your data that is stored by the operators of social networks for their own purposes. For details, please consult the privacy policies of the respective social network providers.
Your Rights
You have the right to receive free information about the origin, recipients, and purpose of your stored personal data at any time. You also have the right to object, the right to data portability, and the right to lodge a complaint with the competent supervisory authority. Furthermore, you can request correction, blocking, deletion, and under certain circumstances restriction of processing of your personal data.
Individual Social Networks
Facebook
We maintain a profile on Facebook. Provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Meta, the collected data may also be transferred to the USA and other third countries.
We have concluded a joint processing agreement (Controller Addendum) with Meta. This agreement defines which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement here: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising preferences in your user account: https://www.facebook.com/settings?tab=ads.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. Further details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
Instagram
We maintain a profile on Instagram. Provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875, and https://de-de.facebook.com/help/566994660333381. Details about how Instagram handles your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.
XING
We maintain a profile on XING. Provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details about data processing can be found in XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
LinkedIn
We maintain a profile on LinkedIn. Provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. Further information can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
YouTube
We maintain a profile on YouTube. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details about data processing can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.
TikTok
We maintain a profile on TikTok. Provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Details about data processing can be found in TikTok’s privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=de. Data transfers to non-secure third countries are based on standard contractual clauses of the EU Commission. Further details can be found here: https://www.tiktok.com/legal/privacy-policy?lang=de.
18. Additional Data Protection Information for Our Business Partners
Categories of Data and Purposes of Processing
We process personal data of our service providers and partners that we receive directly within the scope of our business relationship. If we have received data from you, we generally process it only for the purposes for which we received or collected it.
We usually process the following categories of data:
• First name, last name
• Address and/or company address
• Telecommunications data
• Email address
• Company name
• Professional function and/or position
• Bank details / other payment information
• Data on the history of the business relationship
During the business initiation phase and during the business relationship, further personal data may be generated, particularly through personal, telephone, or written contact initiated by you or by one of our employees, such as information about communication channels, date, reason, and outcome; (electronic) copies of correspondence; and information about participation in direct marketing activities. We may also process personal data obtained from publicly accessible sources (e.g. commercial registers, association registers, press, media, and the internet) where legally permitted. Data processing for other purposes will only take place if the legal requirements pursuant to Art. 6 (4) GDPR are met. Any information obligations under Art. 13 (3) GDPR and Art. 14 (4) GDPR will of course be observed.
Legal Bases for Data Processing
Based on Your Consent (Art. 6 (1) (a) GDPR)
We process personal data for one or more specific purposes if you have given us your consent. If personal data is processed based on your consent, you have the right to withdraw your consent at any time with effect for the future.
Data Processing for Contract Fulfillment (Art. 6 (1) (b) GDPR)
We process personal data to fulfill contracts. This includes the conclusion, execution, and termination of a contract. We also process personal data required for pre-contractual measures, such as contract initiation based on your request.
Data Processing Based on Legal Obligations (Art. 6 (1) (c) GDPR)
Like every company, we must comply with retention and documentation obligations, which may also concern documents containing personal data. If we process data for these purposes, processing is carried out based on a legal obligation.
Data Processing Based on Legitimate Interests (Art. 6 (1) (f) GDPR)
If we process data based on a balancing of interests, you have the right to object to the processing of personal data pursuant to Art. 21 GDPR, taking into account the relevant provisions. Where possible, we process your data in pseudonymized or anonymized form.
Recipients of Your
Data
Transfer to Processors (Art. 28 GDPR)
We use processors, particularly in the area of IT services and printing services, who process your data on our instructions. When engaging service providers, we always comply with data protection regulations, and data is only shared after concluding data processing agreements. We will gladly inform you which processors we use.
For Contract Execution
If necessary for contract execution, we may share your data with our bank for payment processing or with shipping service providers such as Deutsche Post, DHL, UPS, GSL, DPD, or other service providers as required.
Due to Legal Obligations
In the event of legal or regulatory obligations, we may share your data with public authorities or institutions (e.g. law enforcement authorities).
Other Recipients Based on Consent
If you have given explicit consent, we may share your data with other parties within the limits of verifiable consent.
Data Retention Periods
Principle of Purpose Limitation and Legal Retention Periods
We process data as long as necessary for the respective purpose. Where required, we process your personal data for the duration of our business relationship, including contract initiation and execution.
In addition, we are obliged to comply with statutory retention periods, for example under commercial and tax law. Where legal retention obligations exist, the relevant personal data will be stored for the duration of the retention obligation.
The storage period is also based on statutory limitation periods, which under §§ 195 et seq. of the German Civil Code (BGB) are generally three years but may extend up to thirty years in certain cases. After expiry of the retention obligation, we review whether further processing is necessary. If no necessity exists, the data will be deleted.
In general, such retention periods for business transactions (according to § 147 AO / § 257 HGB / § 14b UStG) are 10 years, starting with the year following the business transaction.
Example
If you provide us with your contact details, for example by email, telephone, or by handing over your business card, we store this data based on Art. 6 (1) (b) GDPR for pre-contractual measures and based on our legitimate interest (Art. 6 (1) (f) GDPR) in ensuring smooth and targeted communication.
If no business transaction is concluded, we delete your data if you request deletion or if no further contact occurs within a period of three years. If we enter into a business transaction with you (Art. 6 (1) (b) GDPR), we store your data for ten years in accordance with commercial and tax law requirements.
Emails and Business Correspondence
We archive all our email correspondence for ten years. If you send us an email, your data and the entire email content will be stored for 10 years accordingly. Most emails are considered business correspondence and may also contain tax-relevant information.
You may request deletion at any time, and we will review the request on a case-by-case basis. The result may lead to deletion or restriction of processing, depending on the content of the correspondence.
Withdrawal of Consent
If we process your data based on your consent (Art. 6 (1) (a) GDPR), we will delete it after you withdraw your consent, unless legitimate interests oppose complete deletion. For example, we generally retain consent declarations for up to three years after receipt of withdrawal for defense purposes (Art. 6 (1) (f) GDPR).
Legal or Contractual Obligation to Provide Data
Providing personal data is generally necessary for initiating, concluding, executing, and terminating a contract. If you do not provide the required personal data, we may not be able to conclude or fulfill a contract with you.
Transfer to Third Countries
Your personal data is generally processed in data centers located in the Federal Republic of Germany or the European Union. Transfer to third countries only occurs if you have given your consent or if we have concluded a data processing agreement pursuant to Art. 28 GDPR with appropriate or other suitable safeguards.
Rights of use for product images
Some of the product images used on this website and in print media are provided by Deltrian GmbH – www.deltrian.com – and are used with kind permission. All rights reserved.
