Data privacy – WEINIG

Privacy Policy

1. Data protection at a glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to our privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the ‘Information on the responsible body’ section of this privacy policy.

How do we collect your data?

Your data is collected, on the one hand, when you provide it to us. This may include, for example, data that you enter into a contact form. Other data is collected automatically or with your consent when you visit the website via our IT systems. This consists primarily of technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the website functions correctly. Other data may be used to analyse your user behaviour. Where contracts can be concluded or initiated via the website, the data transmitted is also processed for contractual offers, orders or other enquiry requests.

What rights do you have regarding your data?

You have the right at any time to obtain information, free of charge, regarding the origin, recipients and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given your consent to data processing, you may withdraw this consent at any time with effect for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority. You may contact us at any time regarding this or any other questions on the subject of data protection.

Analytics tools and third-party tools

When you visit this website, your browsing behaviour may be statistically analysed. This is primarily done using so-called analytics programmes. You can find detailed information on these analytics programmes in the following privacy policy.

2. General information and mandatory details

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy. When you use this website, various types of personal data are collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.

Information on the data controller

The controller for these websites is Michael Weinig AG, Weinigstraße 2/4, 97941 Tauberbischofsheim, Germany, if you are visiting www.weinig.com, or HOLZ-HER GmbH, Großer Forst 4, 72622 Nürtingen, Germany, if you are visiting www.holzher.de.

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

Retention period

Unless a more specific retention period is stated in this privacy policy, we will retain your personal data until the purpose for which it is processed no longer applies. If you submit a valid request for erasure or withdraw your consent to data processing, your data will be erased unless we have other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, erasure will take place once these grounds no longer apply.

General information on the legal basis for data processing on this

website

Where you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, provided that special categories of data are processed in accordance with Article 9(1) of the GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49(1)(a) of the GDPR. Where you have consented to the storage of cookies or to access to information on your device (e.g. via device fingerprinting), data processing is additionally carried out on the basis of Section 25(1) of the TDDDG. Consent may be withdrawn at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) of the GDPR. Furthermore, we process your data where this is necessary to comply with a legal obligation on the basis of Article 6(1)(c) of the GDPR. Data processing may also take place on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR. Information regarding the relevant legal bases in each individual case is provided in the following sections of this privacy policy.

Data Protection Officer

For any questions, requests for information, applications, complaints or feedback regarding our data protection practices, please contact the following department. You may also contact the Weinig Group’s data protection team directly regarding any concerns about the processing of your personal data .

Data Protection Team

Michael Weinig AG

Weinigstraße 2/4

97941 Tauberbischofsheim

Germany

datenschutznoSpamPlease@weinig.com

Data Protection Officer

HOLZ-HER GmbH

Großer Forst 4

72622 Nürtingen

Germany

datenschutzbeauftragternoSpamPlease@holzher.com

Please note that, in order to validate your enquiry, we may contact you by other means and process your personal data for this purpose. In doing so, we aim to ensure that no information is disclosed to unauthorised third parties.

Note on data transfer to third countries that do not offer adequate data protection

and the transfer to US companies that are not DPF-certified

Among other things, we use tools from companies based in third countries that do not offer adequate data protection, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. We would like to point out that in third countries that do not offer adequate data protection, a level of data protection comparable to that of the EU cannot be guaranteed. We would like to point out that, as a safe third country, the USA generally offers a level of data protection comparable to that of the EU. Data transfers to the USA are therefore permitted if the recipient holds certification under the ‘EU-US Data Privacy Framework’ (DPF) or has appropriate additional safeguards in place. Information on transfers to third countries, including the recipients of the data, can be found in this privacy policy.

Recipients of personal data

As part of our business operations, we work with various external parties. In some cases, this requires us to transfer personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Article 6(1)(f) of the GDPR, or if another legal basis permits the disclosure of data. When using data processors, we only disclose our customers’ personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.

Right to object to data collection in specific cases and to

direct marketing (Art. 21 GDPR)

Where data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right at any time to object to the processing of your personal data on grounds relating to your particular situation; this also applies to profiling based on these provisions. The specific legal basis on which processing is based can be found in this privacy policy.

If you object, we will no longer process your personal data in question, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims (objection under Article 21(1) of the GDPR).

If your personal data is processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object, your personal data will no longer be used for the purposes of direct marketing (objection under Article 21(2) of the GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to have data which we process automatically on the basis of your consent or in performance of a contract provided to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place to the extent that it is technically feasible.

Access, rectification and erasure

Within the framework of the applicable legal provisions, you have the right at any time to obtain, free of charge, information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, where applicable, a right to rectification or erasure of this data. You may contact us at any time regarding this matter or any further questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You may contact us at any time regarding this. The right to restriction of processing applies in the following cases:

• If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

• If the processing of your personal data has been or is being carried out unlawfully, you may request the restriction of data processing instead of erasure.

• If we no longer require your personal data, but you require it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of it being erased.

• If you have lodged an objection under Article 21(1) of the GDPR, a balancing of interests between yours and ours must be carried out. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to promotional emails

We hereby object to the use of contact details published in accordance with the legal notice requirement for the purpose of sending unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example via spam emails.

3. Data collection on this website

Cookies

Our website uses so-called ‘cookies’. Cookies are small data packets that do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser. Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g. cookies for processing payment services). Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies may be used to analyse user behaviour or for advertising purposes. Cookies that are required to carry out the electronic communication process, to provide certain functions you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies for measuring web traffic) (necessary cookies) are stored on the basis of Article 6(1)(f) of the GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically flawless and optimised provision of its services. Where consent has been sought for the storage of cookies and similar recognition technologies, processing takes place exclusively on the basis of this consent (Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG); consent may be withdrawn at any time. You can configure your browser so that you are informed when cookies are set and only allow cookies on a case-by-case basis, exclude the acceptance of cookies for specific cases or generally, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. You can find out which cookies and services are used on this website in this privacy policy.

Consent with Usercentrics

This website uses Usercentrics’ consent technology to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies, and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/ (hereinafter “Usercentrics”). When you visit our website, the following personal data is transmitted to Usercentrics:

• Your consent(s) or the withdrawal of your consent(s)

• Your IP address

• Information about your browser

• Information about your device

• The time of your visit to the website

• Geolocation

Furthermore, Usercentrics stores a cookie in your browser to enable it to associate the consents you have given – or their withdrawal – with your account. The data collected in this way is stored until you request its deletion, delete the Usercentrics cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected. Usercentrics is used to obtain the legally required consents for the use of certain technologies. The legal basis for this is Article 6(1)(c) of the GDPR.

Data processing

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Data we receive through your use of our services

Some personal data is automatically collected for technical reasons as soon as you visit our website. This data is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:

The IP address of the requesting computer
Date and time of access
Name and URL of the file accessed
The amount of data transferred and the access status (file transferred, file not found, etc.)
The website from which the access originated (referrer URL)
Browser used, browser settings where applicable, and your computer’s operating system where applicable
as well as the name of your internet service provider
We process the aforementioned data for the following purposes:

To ensure a smooth connection to the website
To ensure a user-friendly experience on our website
To evaluate system security and stability
Other administrative purposes

The legal basis for data processing is Article 6(1)(f) of the GDPR. Our legitimate interest arises from the purposes listed above for data collection. Under no circumstances do we use the data collected in this way for the purpose of drawing conclusions about your identity.

Sharing of data within the group

To process your enquiry, the necessary data collected may be transferred to companies within the Weinig Group.

Provided you give your consent as part of your enquiry, the data will also be transferred to companies within the Weinig Group (e.g. to sales partners) for further support within the legal framework.

Contracts are in place with all companies within the Weinig Group to ensure an appropriate level of data protection.

Salesforce Sales Cloud

We use Salesforce Sales Cloud to manage customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter “Salesforce”). Salesforce Sales Cloud is a CRM system and enables us, amongst other things, to manage existing and potential customers as well as customer contacts, and to organise sales and communication processes. The use of the CRM system also enables us to analyse our customer-related processes. Customer data is stored on Salesforce’s servers. In this context, personal data may also be transferred to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA. Details on the functions of Salesforce Sales Cloud can be found here: https://www.salesforce.com/eu/sales/. The use of Salesforce Sales Cloud is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring customer management and customer communication are as efficient as possible. Where consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time. Salesforce has Binding Corporate Rules (BCR) that have been approved by the French data protection authority. These are binding internal company regulations that legitimise the internal transfer of data to third countries outside the EU and the EEA. For further details, please refer to Salesforce’s privacy policy:https://www.salesforce.com/company/legal/privacy/. The company is certified under the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5959.

Data processing

Facebook

This website incorporates elements of the Facebook social network. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=EN. When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives the information that you have visited this website using your IP address. If you click the Facebook ‘Like’ button whilst logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it is used by Facebook. Further information on this can be found in Facebook’s privacy policy at: https://facebook.com/privacy/explanation. Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time. Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 of the GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. Under this agreement, we are responsible for providing data protection information when using the Facebook tool and for ensuring the tool is implemented on our website in a manner that complies with data protection law. Facebook is responsible for the data security of Facebook products. You may exercise your data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you exercise your data subject rights with us, we are obliged to forward these to Facebook. The transfer of data to the USA is based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://facebook.com/help/566994660333381%20 and https://www.facebook.com/policy.php. The company is certified under the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/4452.

Instagram

This website incorporates features from the Instagram service. These features are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information that you have visited this website. If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the data transmitted or its use by Instagram. The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time. Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 of the GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. Under this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tools and for ensuring the data protection-compliant implementation of the tools on our website. Facebook ( ) is responsible for the data security of the Facebook or Instagram products. You may exercise your data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you exercise your data subject rights with us, we are obliged to forward these to Facebook. Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses . Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://facebook.com/help/566994660333381. Further information on this can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/. The company is certified under the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/4452.

LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Each time a page on this website containing LinkedIn elements is accessed, a connection is established with LinkedIn’s servers. LinkedIn is informed that you have visited this website using your IP address. If you click the LinkedIn ‘Recommend’ button whilst logged into your LinkedIn account, LinkedIn is able to associate your visit to this website with you and your user account. Please note that, as the provider of these pages, we have no knowledge of the content of the data transmitted or its use by LinkedIn. Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time. Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:https://www.linkedin.com/help/linkedin/answer/a1343190/ Further information on this can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy. The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US designed to ensure compliance with European data protection standards when data is processed in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5448.

XING

This website uses elements of the XING network. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Each time one of our pages containing XING elements is accessed, a connection is established with XING’s servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored and no usage behaviour is analysed. Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time. Further information on data protection and the XING Share button can be found in XING’s privacy policy at: https://privacy.xing.com/en/privacy-policy.

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that enables us to integrate tracking or analytics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or carry out independent analyses. It serves solely to manage and deploy the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States. The use of Google Tag Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time. The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent on the site, operating systems used and the user’s origin. This data is aggregated into a user ID and assigned to the website visitor’s respective device. Furthermore, Google Analytics enables us, amongst other things, to record your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to supplement the collected data sets and employs machine learning technologies in data analysis. Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google regarding the use of this website is generally transmitted to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time. Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/. The company is certified under the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.

IP anonymisation

Google Analytics IP anonymisation is enabled. This means that your IP address is truncated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Further information on how Google Analytics handles user data can be found in Google’s privacy policy:https://support.google.com/analytics/answer/6004245?hl=en.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects data including your location, search history, YouTube history and demographic information (visitor data). This data may be used for personalised advertising via Google Signals. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalised advertising. The data is also used to compile anonymised statistics on our users’ behaviour.

Data processing

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads Remarketing enables us to assign people who interact with our online offering to specific target groups, so that we can subsequently display interest-based advertising to them within the Google advertising network (remarketing or retargeting). Furthermore, the advertising target groups created using Google Ads Remarketing can be linked to Google’s cross-device functions. In this way, interest-based, personalised advertising messages, which have been tailored to you based on your previous usage and browsing behaviour on one device (e.g. mobile phone), can also be displayed on another of your devices (e.g. tablet or PC). If you have a Google account, you can opt out of personalised advertising via the following link: https://adssettings.google.com/anonymous?hl=en. The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time. Further information and the privacy policy can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=en. The company is certified under the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.

Meta Pixel (formerly Facebook Pixel)

This website uses Meta’s visitor action pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Meta, the data collected is also transferred to the USA and other third countries. This allows the behaviour of website visitors to be tracked after they have been redirected to the provider’s website by clicking on a Meta advertisement. This enables the effectiveness of Meta advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimised. The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions regarding the identity of users. However, the data is stored and processed by Meta, enabling a link to the respective user profile on Facebook or Instagram, and allowing Meta to use the data for its own advertising purposes in accordance with the Meta Data Use Policy (https://facebook.com/about/privacy/). This enables Meta to display advertisements on Facebook or Instagram pages and other advertising channels. As the website operator, we have no influence over this use of the data. The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. You may withdraw your consent at any time. We use the extended matching function within the Meta Pixel. Extended matching enables us to transmit various types of data (e.g. place of residence, county, postcode, hashed email addresses, names, gender, date of birth or telephone number) relating to our customers and prospective customers, which we collect via our website, to Meta. This allows us to tailor our advertising campaigns on Facebook and Instagram even more precisely to people who are interested in our offers. Furthermore, the enhanced matching improves the attribution of website conversions and expands Custom Audiences. Insofar as personal data is collected on our website and forwarded to Meta using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing carried out by Meta following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. Under this agreement, we are responsible for providing data protection information when using the Meta tool and for ensuring the tool is implemented on our website in a manner that complies with data protection law. Meta is responsible for the data security of Meta products. You can exercise your data subject rights (e.g. requests for information) regarding data processed by Facebook or Instagram directly with Meta. If you exercise your data subject rights with us, we are obliged to forward these to Meta. The transfer of data to the USA is based on the EU Commission’s Standard Contractual Clauses. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://facebook.com/help/566994660333381. You can find further information on the protection of your privacy in Meta’s privacy policy: https://facebook.com/about/privacy/. You can also deactivate the ‘Custom Audiences’ remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook. If you do not have a Facebook or Instagram account , you can disable usage-based advertising from Meta on the European Interactive Digital Advertising Alliance website:https://www.youronlinechoices.com/uk/your-ad-choices. The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/4452.

LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Data processing via the LinkedIn Insight Tag The LinkedIn Insight Tag enables us to obtain information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyse, amongst other things, their key professional details (e.g. career level, company size, country, location, industry and job title) and thus better tailor our site to the respective target groups. Furthermore, with the help of LinkedIn Insight Tags, we can measure whether visitors to our websites make a purchase or take any other action (conversion tracking). Conversion tracking can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function, which enables us to display targeted advertising to our website visitors outside the website; however, according to LinkedIn, the recipient of the advertising is not identified. LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties, and time of access). IP addresses are truncated or (if used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days. As the website operator, we cannot link the data collected by LinkedIn to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. For further details, please refer to LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.

Legal basis

Where consent has been obtained, the use of the aforementioned service is based exclusively on Article 6(1)(a) of the GDPR and Section 25 of the TDDDG. Consent may be withdrawn at any time. Where no consent has been obtained, the use of this service is based on Article 6(1)(f) of the GDPR; the website operator has a legitimate interest in effective advertising measures, including on social media. Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eusccs. The company is certified under the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5448.

Objection to the use of the LinkedIn Insight Tag

You can opt out of LinkedIn’s analysis of your usage behaviour and targeted advertising via the following link: https://www.linkedin.com/psettings/guestcontrols/retargeting-opt-out. Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

Data processing

Newsletter

When you subscribe to our newsletter, we use the data required for this purpose or provided separately by you to send you our email newsletter on a regular basis in accordance with your consent. Registration takes place via a secure and established double opt-in procedure. You can unsubscribe from the newsletter at any time, either by sending a message to the contact details provided below or via a link provided for this purpose in the newsletter.

The newsletter is managed and sent via the systems of a carefully selected service provider committed to data protection.

Plugins and tools

YouTube with enhanced data protection

This website embeds videos from YouTube. The website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of the pages on this website that embeds YouTube, a connection is established with YouTube’s servers. In doing so, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to link your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. We use YouTube in enhanced privacy mode. According to YouTube, videos played in enhanced privacy mode are not used to personalise your browsing experience on YouTube. Advertisements displayed in enhanced privacy mode are also not personalised. No cookies are set in enhanced privacy mode. Instead, however, so-called local storage elements are stored in the user’s browser; these contain personal data in a similar way to cookies and can be used for recognition purposes. Details on enhanced privacy mode can be found here: https://support.google.com/youtube/answer/171780. Where applicable, further data processing operations may be triggered after a YouTube video is activated, over which we have no control. The use of YouTube is in the interest of presenting our online services in an appealing manner. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time. Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=en. The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.

Vimeo without tracking (Do Not Track)

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages featuring Vimeo videos, a connection is established with Vimeo’s servers. In doing so, the Vimeo server is informed which of our pages you have visited. Vimeo also obtains your IP address. However, we have configured Vimeo so that it does not track your user activity and does not set any cookies. The use of Vimeo is in the interest of presenting our online services in an appealing manner. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. Where consent has been sought, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time. Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses and, according to Vimeo, on ‘legitimate business interests’. Details can be found here: https://vimeo.com/privacy. Further information on the handling of user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy. The company is certified under the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/participant/5711.

WhatsApp Business via Roger365

Communication via WhatsApp Business

We offer you the option of communicating with us via the messaging service “WhatsApp Business”. Messages are integrated into our Microsoft Teams system via the platform Roger365.io B.V., Elektronicaweg 37, 2628 XG Delft, Netherlands.

Scope of data processing:

The data you transmit via WhatsApp (in particular your telephone number, profile name, message content, and, where applicable, images, videos, documents, location information and timestamps) is processed. This data is processed in Roger365 and displayed to our authorised employees within Microsoft Teams.

Purposes:

Processing your enquiries
Documentation
Internal communication and support

Legal basis:

Processing is carried out on the basis of Article 6(1)(b) of the GDPR (performance of a contract or pre-contractual measures) or Article 6(1)(f) of the GDPR (legitimate interest in efficient customer communication, legitimate interest in processing enquiries).

Recipients:

Roger365.io B.V. (data processor, hosting within the EU)
Microsoft Ireland Operations Ltd. (sub-processor for Microsoft Teams, data processing in EU data centres)
Meta Platforms Ireland Ltd. (independent controller for the provision of the WhatsApp service, including transfer to third countries – USA, see WhatsApp Privacy Policy)

Retention period:

Communication conducted via WhatsApp is processed and stored on the basis of Article 6(1)(b) of the GDPR (performance of a contract) or Article 6(1)(f) of the GDPR (legitimate interest in processing enquiries). The data will be deleted as soon as it is no longer required for the purposes of processing, but at the latest upon expiry of the statutory retention periods.

Your rights:

You may at any time request access to, rectification or erasure of your data processed via WhatsApp. Furthermore, you may object to the use of this communication channel at any time and use other contact methods (e.g. email, telephone).