Privacy policy

A

This privacy policy explains the nature, scope and purpose of the processing of personal data within our online offering and the websites, features and content associated with it (together referred to as the “online offering” or “website”). The privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) used to access the online offering.

B

Terms such as “personal data” or “processing” refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

C

Personal data of users processed in connection with this online offering may include: master data (names, addresses), contact data (email, phone numbers, fax), usage data (interests, pages visited, access times), and meta/communication data (device IDs, IP addresses).

D

The term “user” covers all categories of data subjects affected by the processing. This includes: customers, prospects, users, website visitors, and recipients of marketing measures. Terms such as “user” are used in a gender-neutral sense.

E

We process users’ personal data only in compliance with applicable data protection law. This means user data is processed only where a legal basis exists—in particular where processing is necessary for the performance of our contractual services (e.g. processing orders) and online services or is required by law, where users have given consent, or on the basis of our legitimate interests (i.e. interest in analysing, optimising and operating our online offering securely within the meaning of Article 6(1)(f) GDPR), in particular for reach measurement, creating profiles for advertising and marketing purposes, collecting access data, and using third-party services. If a user has not yet reached the age of sixteen, consent to data processing must be given by the holder of parental responsibility or with their consent.

F

We note that the legal basis for consent is Article 6(1)(a) and Article 7 GDPR, and for minors Article 8 GDPR; the legal basis for processing for the performance of our services and contractual measures is Article 6(1)(b) GDPR; for processing to comply with legal obligations Article 6(1)(c) GDPR; and for processing based on our legitimate interests Article 6(1)(f) GDPR.

A

Under Article 15 GDPR, to obtain confirmation as to whether we process your personal data and, where that is the case, access to that data. In particular, you may obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the envisaged retention period, the existence of the right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the source of your data where not collected from us, and the existence of automated decision-making including profiling and meaningful information about the logic involved.

B

Under Article 16 GDPR, to obtain without undue delay the rectification of inaccurate personal data or completion of incomplete personal data stored by us.

C

Under Article 17 GDPR, to obtain the erasure of personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.

D

Under Article 18 GDPR, to obtain restriction of processing where you contest the accuracy of the data, processing is unlawful but you oppose erasure and we no longer need the data but you require them for legal claims, or you have objected to processing under Article 21 GDPR.

E

Under Article 20 GDPR, to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format or to have it transmitted to another controller.

F

Under Article 7(3) GDPR, to withdraw your consent at any time. This means we may no longer continue processing based on that consent in the future.

G

Under Article 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority of your habitual residence, place of work or our registered office.

Where your personal data are processed on the basis of legitimate interests under Article 6(1)(f) GDPR, you have the right to object to processing under Article 21 GDPR on grounds relating to your particular situation or where the objection relates to direct marketing. In the latter case you have a general right to object which we will honour without you having to specify a particular situation.

A

We implement organisational, contractual and technical security measures in line with the state of the art to ensure compliance with data protection laws and to protect the data we process against accidental or unlawful manipulation, loss, destruction or access by unauthorised persons.

B

Security measures include in particular encrypted transmission of data between your browser and our server.

A

Data are disclosed to third parties only within the limits of the law. We pass users’ data to third parties only where this is required for contractual purposes under Article 6(1)(b) GDPR, for example, or on the basis of legitimate interests under Article 6(1)(f) GDPR for the economic and efficient operation of our business.

B

Where we use subprocessors to provide our services, we take appropriate legal precautions and technical and organisational measures to ensure the protection of personal data in accordance with applicable law.

C

Where this privacy policy refers to content, tools or other means provided by other providers (together “third-party providers”) whose registered office is in a third country, data may be transferred to the country in which those providers are established. Third countries are countries in which the GDPR does not apply directly—generally countries outside the EU or European Economic Area. Data are transferred to third countries only where an adequate level of data protection, user consent or another legal permission exists.

A

We process inventory data (e.g. names, addresses and contact details of users), contract data (e.g. services used, contact persons, payment information) for the performance of our contractual obligations and services under Article 6(1)(b) GDPR.

B

When users register, log in again or use our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests and those of users in protection against misuse and other unauthorised use. These data are not generally disclosed to third parties unless required to pursue our claims or where we are legally obliged to do so under Article 6(1)(c) GDPR.

A

When you contact us (via contact form or email), your details are processed to handle and complete your request under Article 6(1)(b) GDPR or, where you have given voluntary consent, under Article 6(1)(a) GDPR. Personal data collected via our contact form and data you send by email are erased once they are no longer needed for the purpose for which they were collected.

B

Users’ details may be stored in our customer relationship management (“CRM”) system or comparable enquiry management.

A

On the basis of our legitimate interests within the meaning of Article 6(1)(f) GDPR, we collect data about each access to the server on which this service is hosted (so-called server log files). Access data include the name of the retrieved page, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

B

Log file information is stored for security reasons (e.g. to clarify misuse or fraud) for a maximum of 14 days and then deleted. Data that must be retained longer for evidentiary purposes are exempt from deletion until the respective incident has been finally resolved.

A

Cookies are information transmitted from our web server or third-party servers to users’ web browsers and stored there for later retrieval. Cookies may be small files or other types of information storage.

B

We use “session cookies”, which are stored only for the duration of the current visit to our online presence (e.g. to enable login state or shopping cart functionality). A session cookie stores a randomly generated unique identifier, a session ID. The cookie also indicates its origin and retention period. These cookies cannot store other data. Session cookies are deleted when you end use of our online offering, e.g. by logging out or closing the browser.

C

Use of cookies for pseudonymous reach measurement is explained in this privacy policy.

D

If you do not wish cookies to be stored on your device, please disable the relevant option in your browser settings. Stored cookies can be deleted in the browser settings. Disabling cookies may limit the functionality of this online offering.

E

You may opt out of cookies used for reach measurement and advertising via the Network Advertising Initiative opt-out page and the US or European sites listed below.

A

On the basis of our legitimate interests (i.e. interest in analysing, optimising and operating our online offering within the meaning of Article 6(1)(f) GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. Information generated by the cookie about use of the online offering by users is usually transmitted to a Google server in the USA and stored there.

B

Google was certified under the EU–US Privacy Shield framework and thereby offered a guarantee of compliance with European data protection standards (historical programme; relevance may vary).

C

Google will use this information on our behalf to evaluate use of our online offering by users, to compile reports on activity within this offering and to provide us with further services relating to use of this offering and the internet. Pseudonymous usage profiles of users may be created from the processed data.

D

We use Google Analytics only with IP anonymisation enabled. This means users’ IP addresses are shortened by Google within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and shortened there.

E

The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software; users can also prevent the collection of data generated by the cookie and related to use of the online offering by Google and the processing of these data by Google by downloading and installing the browser plugin available at the following link:

Alternatively to the browser add-on, or within browsers on mobile devices, please use the following link to opt out of collection by Google Analytics on this website in future: Google Analytics opt-out (the opt-out applies only in that browser and only for this domain).

F

Further information on Google’s use of data, settings and opt-out options is available on Google’s websites:

A

Within our online offering, on the basis of our legitimate interests (i.e. interest in analysing, optimising and operating our online offering within the meaning of Article 6(1)(f) GDPR), we use content or service offerings from third-party providers to embed their content and services, such as videos or fonts (together “content”). This always requires that the third-party providers of this content can see users’ IP addresses, because they could not send the content to the user’s browser without the IP address. The IP address is therefore required to display this content.

We endeavour to use only content whose providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on this website. Pseudonymous information may also be stored in cookies on users’ devices and may include technical information about the browser and operating system, referring websites, visit time and further information on use of our online offering, and may be combined with such information from other sources.

B

The overview below lists third-party providers and their content with links to their privacy policies, which contain further information on data processing and, in part, opt-out options already mentioned here:

External fonts from Google Inc., Google Fonts. Google Fonts are loaded by a server request to Google (usually in the USA). Privacy policy and opt-out are available at the following links.

Maps from Google Maps, provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy and opt-out are available at the following links.

Videos from the YouTube platform of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy and opt-out are available at the following links.

A

Data stored by us are deleted as soon as they are no longer required for their purpose and no statutory retention obligations prevent deletion. If data are not deleted because they are required for other lawful purposes, processing is restricted—the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

B

By law, retention is for six years under Section 257(1) of the German Commercial Code (HGB) (commercial books, inventories, opening balances, annual accounts, commercial correspondence, accounting records, etc.) and for ten years under Section 147(1) of the German Fiscal Code (AO) (books, records, management reports, accounting records, commercial and business letters, tax-relevant documents, etc.).

A

We may amend this privacy policy to reflect changes in the legal situation or to the service and data processing. This applies only to statements on data processing. Where user consent is required or provisions of the privacy policy form part of the contractual relationship with users, changes will be made only with users’ consent.

B

Users are asked to inform themselves regularly about the content of this privacy policy.