1. BASIC INFORMATION ON DATA PROCESSING AND LEGAL BASIS
1.1 This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our online offering and the associated websites, features, and content (collectively referred to as "online offering" or "website"). The privacy policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) used for the online offering.
1.2 The terms used, such as "personal data" or "processing," refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
1.3 Personal data processed in the context of this online offering includes inventory data (e.g., names and addresses of customers), contractual data (e.g., services utilized, names of contact persons, payment information), usage data (e.g., the websites visited within our online offering, interest in our products), and content data (e.g., entries made in contact forms).
1.4 The term "user" includes all categories of persons affected by data processing. This includes our business partners, customers, interested parties, and other visitors to our online offering. The terms used, such as "user," are to be understood as gender-neutral.
1.5 We process personal data of users only in compliance with the applicable data protection regulations. This means that user data will only be processed if there is a legal permission to do so. Specifically, data processing is required for the provision of our contractual services (e.g., processing orders) or is legally mandated, consent from users is provided, or is based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation and security of our online offering within the meaning of Article 6(1)(f) GDPR, particularly in regard to reach measurement, creating profiles for advertising and marketing purposes, as well as collection of access data and use of services from third parties).
1.6 We point out that the legal basis for consent is Article 6(1)(a) and Article 7 GDPR, the legal basis for processing to fulfill our services and conduct contractual measures is Article 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) GDPR.
2. SECURITY MEASURES
2.1 We take organizational, contractual, and technical security measures in accordance with the state of the art to ensure compliance with the provisions of data protection laws and to protect the data we process against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.
2.2 Security measures include particularly the encrypted transmission of data between your browser and our server.
3. DISCLOSURE OF DATA TO THIRD PARTIES AND THIRD PARTY PROVIDERS
3.1 Data will only be disclosed to third parties within the framework of legal provisions. We only pass on user data to third parties if, for example, this is necessary for contractual purposes based on Article 6(1)(b) GDPR or based on legitimate interests pursuant to Article 6(1)(f) GDPR for the economic and effective operation of our business.
3.2 If we use subcontractors to provide our services, we take suitable legal precautions as well as corresponding technical and organizational measures to ensure the protection of personal data in accordance with the applicable legal regulations.
3.3 If content, tools, or other means from other providers (collectively referred to as "third parties") are used as part of this privacy policy and their registered office is located in a third country, it is to be assumed that a data transfer to the countries of the third party takes place. "Third countries" are countries in which the GDPR is not directly applicable, i.e., generally countries outside the EU or the European Economic Area. The transfer of data to third countries only occurs when an adequate level of data protection is in place, consent from users has been given, or other legal permissions exist.
4. PROVIDING CONTRACTUAL SERVICES
4.1 We process inventory data (e.g., names and addresses as well as contact data of users), contractual data (e.g., services utilized, names of contact persons, payment information) in order to fulfill our contractual obligations and services according to Article 6(1)(b) GDPR.
5. CONTACTING US
5.1 When contacting us (via contact form or email), the information provided by the user will be processed for the purpose of handling the contact inquiry and its processing in accordance with Article 6(1)(b) GDPR.
5.2 User information may be stored in our Customer Relationship Management System ("CRM System") or a comparable inquiry organization.
6. COMMENTS AND CONTRIBUTIONS
6.1 If users leave comments or other contributions, their IP addresses will be stored based on our legitimate interests according to Article 6(1)(f) GDPR for seven days.
6.2 This is done for our security, in case someone leaves illegal content in comments and contributions (insults, prohibited political propaganda, etc.). In this case, we can be held responsible for the comment or contribution and are therefore interested in the identity of the author.
7. COLLECTION OF ACCESS DATA AND LOG FILES
7.1 Based on our legitimate interests pursuant to Article 6(1)(f) GDPR, we collect data about each access to the server on which this service is located (so-called server log files). Access data includes the name of the retrieved website, file, date and time of access, transferred data volume, notification of successful retrieval, browser type and version, the operating system of the user, referrer URL (the previously visited page), IP address, and the requesting provider.
7.2 Log file information is stored for security reasons (e.g., to clarify cases of abuse or fraud) for a duration of a maximum of seven days and then deleted. Data whose further storage is necessary for evidence purposes is exempt from deletion until the respective incident has been finally clarified.
8. COOKIES & REACH MEASUREMENT
8.1 Cookies are information that is transmitted from our web server or web servers of third parties to the web browsers of users and stored there for a later retrieval. Cookies can be small files or other types of information storage.
8.2 Users are informed about the use of cookies within the framework of pseudonymous reach measurement in this privacy policy.
8.3 If users do not want cookies to be stored on their computer, they are requested to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Excluding cookies may lead to functional limitations of this online offering.
8.4 Users can object to the use of cookies that serve the purpose of reach measurement and advertising via the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
9. GOOGLE ANALYTICS
9.1 Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Article 6(1)(f) GDPR), we use Google Analytics, a web analysis service of Google Inc. ("Google"). Google uses cookies. The information generated by the cookie about the user's use of the online offering is usually transmitted to a server of Google in the USA and stored there.
9.2 Google is certified under the Privacy Shield Agreement and thus provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3 Google will use this information on our behalf to evaluate the use of our online offering by the users, to compile reports on the activities within this online offering, and to provide us with other services related to the use of this online offering and internet usage. Pseudonymous user profiles can be created from the processed data.
9.4 We use Google Analytics to show advertisements only to users who have shown interest in our online offering or who exhibit certain characteristics (e.g., interests in certain topics or products that are determined based on the websites visited) that we transmit to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interest of users and do not appear intrusive.
9.5 We use Google Analytics only with IP anonymization activated. This means that the IP address of the users is shortened by Google within member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of Google in the USA and shortened there.
9.6 The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software accordingly; furthermore, users can prevent the collection of the data generated by the cookie and related to their use of the online offering by Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
9.7 Further information on the use of data by Google, setting and objection options can be found on Google's websites: https://www.google.com/intl/en/policies/privacy/partners ("Data use by Google when you use websites or apps of our partners"), http://www.google.com/policies/technologies/ads ("Data use for advertising purposes"), http://www.google.com/settings/ads ("Manage information Google uses to show you ads").
10. INTEGRATION OF SERVICES AND CONTENT FROM THIRD PARTIES
10.1 We use within our online offering, based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Article 6(1)(f) GDPR), content or service offerings from third parties to integrate their content and services, such as videos or fonts (collectively referred to as "content"). This always assumes that the third-party providers of this content perceive the IP address of the users, as they cannot send the content to their browser without the IP address. The IP address is therefore necessary for the presentation of this content. We strive to use only such content, whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit time, and further information on the usage of our online offering, as well as be linked to such information from other sources.
10.2 The following representation provides an overview of third party providers and their content, along with links to their privacy policies, which contain further information on data processing and, in some cases already mentioned here, options to object (so-called opt-out):
-
External fonts from Google, Inc., https://www.google.com/fonts ("Google Fonts"). The integration of Google Fonts is done through a server call to Google (usually in the USA). Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
-
External code from the JavaScript framework "jQuery", provided by the third-party provider jQuery Foundation, https://jquery.org.
11. RIGHTS OF USERS
11.1 Users have the right to request free information about the personal data that we have stored about them.
11.2 In addition, users have the right to correct inaccurate data, restrict processing, and delete their personal data if applicable, to assert their rights to data portability, and in the event of an unlawful data processing assumption, to file a complaint with the competent supervisory authority.
11.3 Users can also revoke consents, generally with effect for the future.
12. DELETION OF DATA
12.1 The data stored with us will be deleted as soon as they are no longer required for their intended purpose, and there are no legal retention obligations preventing deletion. If user data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.
12.2 According to legal provisions, retention occurs for 6 years in accordance with § 257 Abs. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial correspondence, accounting documents, etc.) and for 10 years according to § 147 Abs. 1 AO (books, records, management reports, accounting documents, commercial and business letters, tax relevant documents, etc.).
13. RIGHT OF OBJECTION
Users can object to the future processing of their personal data according to legal provisions at any time. The objection can particularly be made against the processing for the purposes of direct marketing.
14. CHANGES TO THE PRIVACY POLICY
14.1 We reserve the right to change the privacy policy to adapt it to changed legal situations or to adjust it regarding changes in the service as well as data processing. This applies, however, only in relation to declarations about data processing. If consents from users are required or components of the privacy policy contain regulations of the contractual relationship with the users, the changes will only take place with the consent of the users.
14.2 Users are requested to regularly inform themselves about the content of the privacy policy.