General Privacy Policy
Information on the EU General Data Protection Regulation
Data protection information in accordance with the EU General Data Protection Regulation – as at: 14.10.2024
General
We take the protection of your personal data very seriously. Your privacy is an important concern for us.
The following provisions are intended to inform you about the processing of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR).
In particular, taking into account the information obligations under Art. 12 to 14 GDPR, as well as to inform you about the rights of data subjects under the GDPR in accordance with Art. 15 to 22 and Art. 34 GDPR.
Information on the responsible body
Responsible for the processing of your personal data is
A+W Software GmbH
Siemensstraße 3
35463 Fernwald
Phone: +49 641 96620-0
E-Mail: info@a-w.com
Information about us as the responsible body and our contact details can be found in the IMPRINT.
Contact details of the data protection officer
We have appointed a data protection officer for our company. You can reach him at datenschutz@a-w.com or by post (see imprint)
We process your personal data in accordance with the applicable statutory data protection requirements for the purposes listed below for each group of data subjects:
Privacy Policy for customers (including prospective customers) and other affected parties
Information on data processing
As a customer and as an interested party or other data subject, we process your personal data primarily to establish and fulfill a contractual relationship concluded with you or on the basis of our legitimate interest. Your data will be collected, stored and, if necessary, passed on by us to the extent necessary to provide the contractually agreed service, to provide information, to carry out direct marketing activities or other activities of our business operations. Failure to provide this data may mean that the contract cannot be concluded. In addition, we only process your data if you have consented to the processing or another legal permission exists.
Purposes of data processing
We process your personal data to achieve the following purposes in connection with the initiation and execution of a contractual relationship or other activities in the interests of our company:
- contract processing (including shipping, after-sales, complaints management and other customer service)
- communicating about products, services and projects and answering inquiries
- of appointment bookings and other reservations
- existing customer advertising, use as a selection criterion for direct marketing in order to be able to offer you a customized service
- the credit check
- the management of our business relationships
- Quality management
- the improvement and development of intelligent and innovative services
- Customer analysis for market and opinion research
- the handling of our logistics/materials management
- the organization of events and trade fair appearances
- reporting on our company and events organized and attended by us as well as trade fair appearances/visits in electronic and non-electronic media
- compliance with legal or contractual requirements
- the settlement of legal disputes, the enforcement of contracts and the assertion, defense and exercise of legal claims, the detection and prosecution of fraudulent and other unlawful acts
Beyond this, we will only process your data with your express consent.
Types of data processed by us
The following personal data is processed:
- Contact data: e.g. name, address, telephone number;
- identification/payment data: e.g. account number, VAT ID no.
- Order data: e.g. quantity, turnover, intervals
- Geodata: e.g. addresses, delivery conditions
- Image data: Photo and video recordings
- Other data: Other information required in the context of the business relationship, provided voluntarily or available from public sources
Categories of recipients
The personal data will be transmitted to Group companies, supervisory authorities, legal service providers/auditors as required. If we are subject to a legal obligation to do so, we will disclose your data to the competent authority upon request.
In some cases, we use external service providers to process your data. If these service providers are not based in the European Economic Area, we ensure that the transfer of data is permissible under data protection law by means of data protection agreements that meet the legal requirements and, if necessary, other measures to ensure an appropriate level of data protection.
These service providers have been carefully selected by us, commissioned in writing and are bound by our instructions. Our service providers are regularly monitored by us. The service providers will not pass this data on to third parties, but will delete it after the contract has been fulfilled and the statutory storage periods have expired, unless you have consented to further storage.
These are, for example:
- Banking and payment service providers
- Logistics companies and shipping companies
- IT service providers
- Marketing service providers
- Further education/training providers/company consultants
- Photographers
- etc.
For orders on account, we reserve the right to carry out a credit risk assessment based on mathematical-statistical procedures (scoring). For this purpose, your data required for the credit check will be transferred to a credit agency (e.g. Schufa, Creditreform, Bürgel, Atradius, Coface). If the credit check is positive, an order on account is possible. If the credit check is negative, we cannot offer you payment on account. You can object to the transfer of this data to the credit agency at any time, but then it is no longer possible to order on account.
Legal bases for processing
The legal bases for the processing of your data are in particular:
- Art. 6 para. 1 lit. a) on the basis of your consent. This can also be given verbally or through an unambiguous act of consent.
- Art. 6 para. 1 lit. b) for the establishment, execution and termination of a contractual relationship
- Art. 6 para. 1 lit. c) for the fulfillment of a legal obligation
- Art. 6 para. 1 lit. f) for the protection of a legitimate interest
Legitimate interests
Our legitimate interests lie in the achievement of the above-mentioned purposes and, in addition, e.g. in:
- the pursuit of our business interests, including direct marketing and credit checks,
- leveraging efficiency and effectiveness potential, also in cooperation with partners and, where applicable, affiliated companies,
- ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
- the assertion, exercise or defense of legal claims,
- the avoidance of damage and/or liability of the company through appropriate measures,
- the implementation of information and communication measures, including of an advertising nature and
- the reporting of company information.
Customer analysis
In the case of customer analysis, your data is processed either anonymously or, if anonymous processing is not possible or not appropriate for factual reasons, in pseudonymized form.
Some of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. We transmit or receive personal data from these service providers solely on the basis of a processing contract. If the registered office of a service provider is located outside the European Union or the European Economic Area, a third country transfer takes place. With these service providers, data protection agreements corresponding to the legal requirements are contractually defined to establish an appropriate level of data protection and corresponding guarantees are agreed.
Data collected by third parties
Data may be made available to us by third parties, e.g. by trade fair organizers or as part of recommendations. In this case, this is usually contact data in connection with data on specific product or service requirements or interests.
We may collect data from credit agencies regarding creditworthiness and/or negative characteristics.
Storage period
Once the respective purpose no longer applies, your data will be deleted in compliance with statutory retention periods. We delete your business contact data after the end of the business relationship. We store image data permanently.
Privacy Policy for applicants
When you apply for a position in our company, we process and store your personal data.
We take your privacy very seriously and would therefore like to take this opportunity to inform you about how we handle your applicant data.
Purpose of data collection
Before you join our company or during the application process, we process your personal data exclusively for the purpose of establishing a contractual relationship to the extent necessary.
Types of data that we process
The following types of personal data are regularly processed:
- Applicant data; name, date of birth, CV, nationality/work permit, etc. for the selection, recruitment process, entry and exit management,
- Private contact data; address, telephone number, e-mail (for the purpose of establishing contact)
- Data in the context of personnel screening; e.g. police clearance certificate, background check (ZUP)
- If applicable, data subject to professional secrecy; e.g. Data on health aptitude and any restrictions
- Other data in personnel administration; severe disability (if relevant), driving license
We do not require any information from you that is not usable under the General Equal Treatment Act (AGG) (race, ethnic origin, gender, pregnancy, information on physical or mental illness, membership of a trade union, religion or belief, disability, age, sexual identity or sex life), unless relevant to the advertised position.
We ask that you do not send us such data. The same applies to content that is likely to infringe the rights of third parties (e.g. copyrights, ancillary copyrights or other intellectual property rights, personal rights, press law or general rights of third parties).
Legal basis for processing
- for the establishment, performance and termination of a contractual relationship pursuant to Art. 6 para. 1 lit. b GDPR
- to fulfill a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR,
- in the case of processing to safeguard a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR,
- as well as on the basis of your consent by voluntarily providing data that is not absolutely necessary for the purpose, such as hobbies in your CV. However, such consent is generally not required for the conclusion of a contract or the continuation of an existing contract. The legal basis is Art. 6 para. 1 lit. a GDPR.
Our legitimate interests lie, for example, in
- optimizing application processes,
- achieving efficiency gains by bundling services in individual Group companies (in particular HR, IT),
- ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
- asserting, exercising or defending legal claims,
- avoiding damage and/or liability of the company by taking appropriate measures.
Categories of recipients
- Internal recipients according to the “need to know” principle, generally on the basis of necessity for the performance of the employment relationship and on the basis of an overriding legitimate interest;
- our Works Council within the scope of its powers and statutory duties, in particular the co-determined recruitment process on the basis of a legal provision;
- Companies affiliated under company law (group companies) as joint controllers: The main contents of the regulation of tasks in relation to the rights of data subjects can be requested from the contact address provided; however, in accordance with Art. 26 (3) GDPR, these rights can be claimed by data subjects from all companies involved.
- Service providers who support us professionally or technically in the application process:
- BITE GmbH, Magirus-Deutz-Str. 16, 89077 Ulm, Germany, the company responsible for providing and operating the application management software
Deletion periods
Your data will be deleted after the respective purpose has been achieved. However, data will be stored for as long as is necessary for the defense of legal claims. The retention period is generally 6 months. If your profile has been transmitted to us by a personnel service provider and there are commission claims from this service provider, the storage period may be up to their fulfillment or the statute of limitations. If processing relevant to accounting has been carried out, such as the reimbursement of travel expenses, the data required for this will be deleted in compliance with the statutory retention periods, usually 6 or 10 years. If the application was successful and we conclude a contract with you, we will transfer the data collected during the application process to our personnel file.
Privacy Policy for employees
Information about data processing
We would like to take this opportunity to inform our employees about how we handle their personal data in the context of the employment relationship.
Purpose of data collection
During the course of your employment, your personal data will be processed primarily for the purpose of performing and/or terminating the contractual relationship, including the tasks associated with the respective activity. Other purposes may include processing for compliance with legal requirements (including third party requests for information) or for business development or communication activities.
Types of data we process
We process the following personal data in the context of your employment relationship:
- Applicant data; name, date of birth, curriculum vitae, certificates, matriculation certificate for students, work permit if applicable, driver’s license for the entry process;
- Private contact data; address, telephone number, e-mail;
- Business contact data; e.g. telephone numbers, e-mail, place of work telephone numbers, e-mail, place of work, job title;
- image data; photo for identification and photos for company events;
- identification/payment data; identity card or work permit data for identification and to determine the legitimacy of the employment, place of birth, marital status, if you are a parent, proof of birth certificate(s) of the child(ren), tax identification number, health insurance membership, social security number (copy of social security card or letter from pension insurance), income tax class, allowances, religious confession for church tax, account number, any garnishments (for purposes of payroll and compliance with social security, tax and other legal obligations);
- Health data; periods of incapacity to work, e. g. g. health data; periods of incapacity to work, e.g. in the context of payroll accounting, for accounting with health insurance funds or professional associations, or in the context of legal obligations as an employer, such as company integration management or the fulfillment of obligations regarding the protection of severely handicapped persons, or in the context of operational self-regulation, such as occupational safety or company medical examinations;
- time recording, access and usage data; vacation periods, working time accounts, shift schedules, if applicable, locking times or access protocols, time protocols regarding the activities performed, locking times or access protocols, also electronic protocols in the context of the use of our IT infrastructure, etc.
- Data collected in the course of personnel screening; if part of the information management system: e. g. police clearance certificate
- Aptitude and performance/behavioral monitoring data; training and development information; data to measure goal achievement, e.g., for variable compensation, data on incidents.
- Other data in personnel administration: secondary employment, data in connection with occupational health care and occupational health management, occupational safety, copy of severely handicapped certificate, copy of driver’s license, any employee surveys;
Categories of recipients
We may disclose your personal data to the following recipients, for example, to comply with legal obligations or obligations arising from the employment relationship:
- internal departments on a need-to-know basis,
- the works council within the scope of its powers and statutory duties,
- banking service providers, financial service providers, service providers for the calculation of pension provisions, if applicable,
- Service providers for payroll accounting – tax consultants, auditors, service companies for information and communication technology, companies for software and equipment maintenance, service providers for personnel restructuring only,
- Health, social security, pension and accident insurance providers as well as other insurance companies and providers of capital-forming benefits,
- Authorities such as tax authorities, social security funds, employment agencies, safety, health, road traffic or related fine authorities, customs authorities or monitoring bodies for illegal employment and minimum wage; other authorities,
- Company medical service,
- Companies affiliated under company law (group companies) and controllers with joint responsibility: the main contents of the regulation of the tasks with regard to the rights of data subjects can be requested at the contact address provided, but according to Art. 26 para. 3 GDPR, these rights can be claimed by data subjects from all companies involved,
- Third-party debtor in the case of wage garnishment, insolvency administrator in the case of personal insolvency
- Business partners and customers (business contact data), temporary employment agencies
Legal basis of the processing
When processing your personal data, we naturally comply with applicable law. Processing therefore only takes place on a legal basis. The following legal bases come into consideration in particular in the employment relationship:
- Art. 6 para. 1 lit. a) on the basis of your consent, whereby none is generally required for the conclusion of a contract or the continuation of an existing contract: this applies in particular to data that is neither legally nor factually necessary for the execution of the employment relationship and that you have voluntarily provided to us or for which you have consented to processing.
- Art. 6 para. 1 lit.b) i.c.w. §26 BDSG for the establishment, execution and termination of a contractual relationship: all data that establish the employment relationship such as curriculum vitae and proof of qualifications, employee master data required for the execution of the contract, from other insurances, on status in the context of disability and pregnancy protection, to prove the provision of the contractually owed service (e.g. time sheets, vacation planning) and, if applicable, according to §26 BDSG data in connection with internal investigations to clarify a concrete suspicion of criminal offenses or serious breaches of duty.
- Art. 6 para. 1 lit.c) to fulfill a legal obligation: information on tax circumstances, health and social insurance, other records on legally required training and instruction, possibly data within the framework of the Infection Protection Act (if applicable).
- Art. 6 para. 1 lit. f) to safeguard a legitimate interest: all other data such as log files, internal coordination data and planning, internal correspondence and in the context of internal IT systems.
- Art. 88 GDPR on the basis of collective agreements (works agreements) with regard to the processing regulated in the works agreements.
The data types are not exhaustive and are further detailed above.
Legitimate interests
If we process your data within the scope of our legitimate interest, this lies, for example, in
- the implementation of electronic access controls,
- the optimization of personnel planning,
- the achievement of efficiency gains by bundling services in individual Group companies (in particular personnel, IT, procurement),
- ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
- the assertion, exercise or defense of legal claims, including data for the documentation of service flows,
- the avoidance of damage and/or liability of the company through appropriate measures.
- the implementation of internal information and communication measures.
- reporting on company information.
You have the right to object to the processing of personal data within the scope of a legitimate interest on grounds relating to your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds on our part that outweigh your rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
We do not use the personal data provided by you to make automated decisions concerning you.
Data collected by third parties
We collect payroll data via the ELSTAM procedure, which the tax authorities provide to us for correct payroll accounting. This applies in particular to the payroll data listed below.
From 2021, due to the introduction of the electronic certificate of incapacity for work, we are obliged to retrieve the sick leave data (i.e. start and duration of incapacity for work, as well as the time of termination of continued payment of remuneration in the event of illness) from your health insurance company on the basis of a sick note from you.
Note: The general information can be found on our main data protection page.
Data transfer to third countries
As part of our business processes, personal data may be transferred to countries outside the European Economic Area, in particular to Canada. The transfers are made on the basis of the adequacy decision pursuant to Art. 45 GDPR of the European Commission. Alternatively, standard contractual clauses (SCC) are available.
Storage period
After the respective purpose has been achieved, your data will be deleted in compliance with the statutory retention periods, usually 6 or 10 years, for various data categories such as occupational pension provision 30 years and longer.
Privacy Policy for social media channels
Facebook fan page
We operate one or more company websites (“fan pages”) on the professional social media network Facebook, in particular for self-presentation, branding but also for the purpose of customer communication and recruiting.
According to the ruling of the European Court of Justice (ECJ) of 5 June 2018, case no. C-210/16, the operator of social media pages is at least jointly responsible for data processing, at least in the case of Facebook fan pages, within the meaning of Art. 26 GDPR. Although Facebook offers such a declaration under Facebook, we do not know whether this now meets the requirements of the GDPR.
We only process your data – apart from any further procedures below – if you contact us via the platform. In this case, Facebook collects your data and makes it available to us. Under certain circumstances, we may also store and further process your data. The processing of your personal data in the event of an inquiry or application is governed by our other data protection declarations in this regard.
The legal basis for the processing of personal data is, depending on the case constellation, the processing for the initiation and execution of a contract with you in accordance with Art. 6 para. 1 lit. b) GDPR or on the basis of our legitimate interest in communicating with users and our external presentation for the purpose of advertising in accordance with Art. 6 para. 1 lit. f) GDPR.
If you have given the provider of the social network your consent to the data processing described above with effect for us, the legal basis is Art. 6 para. 1 lit. a) GDPR.
We may also collect data from visitors to our company website if the display can be defined as visitor processing. However, we do not store this data – subject to the further procedures listed below – on our own systems, nor is it systematically processed beyond occasional awareness. Our information regarding the controller, the data protection officer and the declaration of your rights as a data subject apply to these processing steps.
We would like to point out that for any further processing on our fan pages, the privacy policy of Meta Platforms, Inc (1601 Willow Road Menlo Park, CA 94025 United States) or Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) applies.
The transfer of data to third countries is based on the EU-U.S. Data Privacy Framework, according to which Meta Platforms, Inc. is certified and thus guarantees an adequate level of data protection. Further information can be found at: https://www.facebook.com/privacy/policies/data_privacy_framework/ .
Further, detailed information on Facebook’s data processing and corresponding objection options can be found at https://www.facebook.com/about/privacy/ and at https://www.facebook.com/legal/terms/dataprocessing. Facebook is the provider of this service and is solely authorized to provide complete information on data processing on Facebook. We would like to point out that the assertion of data subject rights and requests for information are best addressed to Facebook. Only Facebook has access to your data and can take immediate action to delete or restrict the data, etc., or to provide information. We will of course support you in asserting your rights if necessary. You can find opt-out options at: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.
Additional information Facebook Insight
We use the “Facebook Insight” analysis function on our fan pages. This function serves the purpose of advertising and market research in order to provide you with more relevant content and to develop new functions that are of interest to you. Facebook uses cookies that enable your visits to the fan pages to be analyzed. The information generated by the cookies about your use of the fan pages is usually transferred to Facebook servers in the USA and stored there. Facebook or Meta Platforms, Inc. relies on the EU-U.S. Data Privacy Framework when transferring data to third countries in order to comply with European data protection rules: https://www.facebook.com/privacy/policies/data_privacy_framework/.
The processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR from the legitimate interest in targeted advertising and targeted design of the fan pages. If you have given your consent to the provider of the social network for the data processing described above with effect for us, the legal basis is Art. 6 para. 1 lit. a) GDPR. You can find more information on terms of use and data protection at https://www.facebook.com/about/privacy/ . Detailed information on the respective processing and objection options can be found at https://www.facebook.com/legal/terms/page_controller_addendum and https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com/.
Instagram channel
We maintain one or more presences on the social network Instagram in order to communicate with the users registered there and to provide information about our company, products and services.
According to the ruling of the European Court of Justice (ECJ) of June 5, 2018, Ref. C-210/16, the operator of social media pages is at least jointly responsible for data processing, at least in the case of Facebook fan pages, within the meaning of Art. 26 GDPR. To date, we are not aware that Instagram offers an agreement that meets the requirements of Art. 26.
We process your data that you send us via these networks in order to communicate with you and to reply to your messages there. Under certain circumstances, we may also store and further process this data.
The processing of your personal data in the event of an application is governed by our applicant data protection declaration. We may also collect data from visitors to our company website if the advertisement can be defined as visitor processing. However, we do not store this data on our own systems, nor is it systematically processed beyond occasional acknowledgement. Our information regarding the controller, the data protection officer and the declaration of your rights as a data subject apply to these processing steps. The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external presentation for the purpose of advertising in accordance with Art. 6 para. 1 lit. f GDPR. If you have given your consent to the provider of the social network for the data processing described above with effect for us, the legal basis is Art. 6 para. 1 lit. a GDPR.
For any further processing, we would like to point out that the privacy policy of Meta Platforms Inc, the operator of the Instagram platform, 1601 Willow Road, Menlo Park, CA, 94025, USA, applies on our company website.
For more information on the purpose and scope of data collection and the further processing and use of data by Instagram, as well as your rights in this regard and settings options for protecting your privacy, please refer to Instagram’s privacy policy: http://instagram.com/about/legal/privacy/ or https://help.instagram.com/155833707900388/ .
Additional information on Instagram Insights
We use the “Instagram Insights” analysis function of Meta Platfoms Inc (1601 Willow Road Menlo Park, CA 94025 United States; “Facebook”) on our Instagram page. The function is used for the purpose of advertising and market research in order to provide you with more relevant content and to develop new functions that are of interest to you. Facebook or Meta uses cookies that enable your visits to the fan page to be analyzed. The information generated by the cookies about your use of the fan page is usually transferred to Facebook servers in the USA and stored there. Facebook or Meta Platforms Inc. relies on the EU-U.S. Data Privacy Framework regarding data transfer to third countries, according to which Meta Platforms Inc. is certified in accordance with the requirements of the European Commission: https://www.facebook.com/privacy/policies/data_privacy_framework/ . Processing is carried out on the basis of Art. 6 para. 1 lit. a) GDPR. We use Instagram Insights to design targeted advertising and the targeted design of the fan page.
Further, detailed information on data processing by Facebook or Meta and the corresponding objection options can be found at https://www.Facebook.com/about/privacy/. Facebook or Meta is the provider of this service and is solely authorized to provide complete information on data processing on Instagram.
We would like to point out that the assertion of data subject rights and requests for information should most appropriately be directed against Meta Platforms Inc (“Facebook”). Only Facebook has access to your data and can take immediate action to delete or restrict the data, etc., or to provide information. We will of course support you in asserting your rights if necessary.
Privacy policy for the Vimeo channel
We operate one or more company websites on the social media network http://Vimeo.com Inc. in particular for self-presentation, but also for recruiting.
According to the ruling of the European Court of Justice (ECJ) of June 5, 2018, Ref. C-210/16, the operator of social media pages is at least jointly responsible for data processing, at least in the case of Facebook fan pages, within the meaning of Art. 26 GDPR. We assume that this decision can be applied analogously to other social networks, including Vimeo. To date, we are not aware that Vimeo offers an agreement that meets the requirements of Art. 26.
We would like to point out that you use the Vimeo channel offered here and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, liking, liking, commenting). We only process your data if you contact us via the Vimeo platform. In this case, Vimeo collects your data and makes it available to us. Under certain circumstances, we may also store and further process your data.
The processing of your personal data is then governed by one of our other privacy policies, depending on which group of data subjects you belong to. We may also collect data from visitors to our company website if the display as a visitor can be defined as processing. However, we do not store this data on our own systems, nor is it systematically processed beyond occasional awareness.
The legal basis for the processing of personal data is, depending on the case constellation, the processing for the initiation and execution of a contract with you in accordance with Art. 6 para. 1 lit. b) GDPR (e.g. for questions about products or services) or on the basis of our legitimate interest in communicating with users and our external presentation for the purpose of advertising in accordance with Art. 6 para. 1 lit. f) GDPR.
If you have given your consent to the provider of the social network for the data processing described above with effect for us, the legal basis is Art. 6 para. 1 lit. a) GDPR. Our information regarding the controller, the data protection officer and the declaration of your rights as a data subject apply to these processing steps. Please note that for any further processing on our Vimeo channels, the privacy policy of Vimeo, Inc, 555 West 18th Street, New York, New York 10011 applies. We have no lasting knowledge of and no influence on the type and scope of the data processed by Vimeo, the type of processing and use or the transfer of this data to third parties.
We also have no effective means of control in this regard. Further information on the processing of personal data by Vimeo can be found here:
- Terms of use: https://vimeo.com/terms
- Privacy policy: https://vimeo.com/privacy
For cases in which personal data is transferred to the USA, the EU-U.S. Data Privacy Framework applies, according to which Vimeo is certified.
Privacy policy for the YouTube channel
We operate one or more company websites on the Google Inc. social media network YouTube, in particular for self-presentation, but also for recruiting.
According to the ruling of the European Court of Justice (ECJ) of 05.06.2018, Ref. C-210/16, the operator of social media pages is at least jointly responsible for data processing, at least in the case of Facebook fan pages, within the meaning of Art. 26 GDPR. We assume that this decision can be applied analogously to other social networks, including YouTube. To date, we are not aware that YouTube offers an agreement that meets the requirements of Art. 26.
We would like to point out that you use the YouTube channel offered here and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, liking, liking, commenting).
We only process your data if you contact us via the YouTube platform. In this case, YouTube collects your data and makes it available to us.
Under certain circumstances, we may also store and further process your data. The processing of your personal data is then governed by one of our other privacy policies, depending on which group of data subjects you belong to. We may also collect data from visitors to our company website if the display as a visitor can be defined as processing.
However, we do not store this data on our own systems, nor is it systematically processed beyond occasional awareness.
The legal basis for the processing of personal data is, depending on the case constellation, the processing for the initiation and execution of a contract with you in accordance with Art. 6 para. 1 lit. b) GDPR (e.g. for questions about products or services) or on the basis of our legitimate interest in communicating with users and our external presentation for the purpose of advertising in accordance with Art. 6 para. 1 lit. f) GDPR.
If you have given your consent to the provider of the social network for the data processing described above with effect for us, the legal basis is Art. 6 para. 1 lit. a) GDPR. Our information regarding the controller, the data protection officer and the declaration of your rights as a data subject apply to these processing steps.
Please note that for any further processing on our YouTube channels, the privacy policy of Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 or alternatively Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA applies.
We have no lasting knowledge of and no influence on the type and scope of the data processed by Google, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this regard. Further information on the processing of personal data by YouTube can be found here:
- Terms of use: http://www.google.com/analytics/terms/de.html
- Privacy policy: http://www.google.de/intl/de/policies/privacy
In cases where personal data is transferred to the USA, the EU-U.S. Data Privacy Framework applies, according to which Google is certified.
Privacy policy for the LinkedIn page
Our company operates a social media channel on the LinkedIn platform.
According to the ruling of the European Court of Justice (ECJ) of June 5, 2018, Ref. C-210/16, the operator of social media pages is at least jointly responsible for data processing, at least in the case of Facebook fan pages, within the meaning of Art. 26 GDPR. To date, we are not aware that LinkedIn offers an agreement that meets the requirements of Art. 26 GDPR.
We only process your data if you contact our HR department via the LinkedIn platform or apply for an advertised position via LinkedIn for precisely these purposes. In this case, LinkedIn collects your data and makes it available to us.
The legal basis for the processing of personal data is, depending on the case constellation, the processing for the initiation and execution of a contract with you in accordance with Art. 6 para. 1 lit. b) GDPR or on the basis of our legitimate interest in communication with users and our external presentation for the purpose of advertising in accordance with Art. 6 para. 1 lit. f) GDPR. If you have given your consent to the provider of the social network for the data processing described above with effect for us, the legal basis is Art. 6 para. 1 lit. a) GDPR. This may also involve storage and further processing by us.
The processing of your personal data in the event of an application is governed by our applicant data protection declaration. We may also collect data from visitors to our company website if the advertisement can be defined as visitor processing. However, we do not store this data on our own systems, nor is it systematically processed beyond occasional acknowledgement. Our information regarding the controller, the data protection officer and the declaration of your rights as a data subject apply to these processing steps.
For any further processing, we would like to point out that the privacy policy of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter: LinkedIn) applies to our LinkedIn company page. Further information on the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.
Privacy policy for the XING company page
We operate one or more company websites on the professional social media network XING, in particular for self-presentation, but also for recruiting.
According to the ruling of the European Court of Justice (ECJ) of 05.06.2018, ref. C-210/16, the operator of social media pages is at least jointly responsible for data processing on Facebook fan pages within the meaning of Art. 26 GDPR. We assume that this decision can be applied analogously to other social networks, including XING. To date, we are not aware that XING offers an agreement that meets the requirements of Art. 26.
We only process your data if you contact our HR department via the XING platform or apply for an advertised position via XING. In this case, XING collects your data and makes it available to us. Under certain circumstances, we may also store and further process your data. The processing of your personal data in the event of an application is governed by our applicant data protection declaration.
The legal basis for the processing of personal data is, depending on the case constellation, the processing for the initiation and execution of a contract with you in accordance with Art. 6 para. 1 lit. b) GDPR or on the basis of our legitimate interest in communicating with users and our external presentation for the purpose of advertising in accordance with Art. 6 para. 1 lit. f) GDPR. If you have given the provider of the social network your consent to the data processing described above with effect for us, the legal basis is Art. 6 para. 1 lit. a GDPR. This may also involve storage and further processing by us. The processing of your personal data in the event of an application is governed by our applicant data protection declaration.
We may also collect data from visitors to our company website if the advertisement can be defined as visitor processing. However, we do not store this data on our own systems, nor is it systematically processed beyond occasional acknowledgement. Our information regarding the controller, the data protection officer and the declaration of your rights as a data subject apply to these processing steps.
Please note that the privacy policy of XING SE, Dammtorstraße 30, DE-20354 Hamburg, Germany, Tel.: +49 40 419 131-0 , Fax: +49 40 419 131-11, E-Mail: info@xing.com, (hereinafter: XING) applies to any further processing on our XING company page. Further information on the processing of personal data by XING can be found here: https://privacy.xing.com/de/datenschutzerklaerung
Privacy Policy for website users
Scope of application
This data protection declaration applies to all pages of our online network that link to this declaration. The general information can be found on our main data protection page.
Purpose of data collection
The purpose of data collection is the optimization of the website, error analysis, individual tailoring to your needs, the offer to contact you and, if necessary, the sale of goods and services.
General information on data processing
We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services or to the extent that you as a user provide us with this data voluntarily. The collection and use of personal data by you as a user takes place regularly only with your consent or for the establishment and execution of a legal transaction. An exception applies in cases where prior consent cannot be obtained for factual reasons or is disproportionate and the processing of the data is permitted by another legal provision.
Legal basis for the processing of your data:
- Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
- When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
- If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
Legitimate interests can be in particular:
- responding to inquiries;
- carrying out direct marketing measures;
- providing services and/or information intended for you;
- processing and transferring personal data for internal or external purposes. administrative purposes;
- the operation and administration of our website;
- the technical support of users;
- the prevention and detection of fraud and criminal offenses;
- protection against payment defaults when obtaining credit information for inquiries about deliveries and services;
- ensuring network and data security, insofar as these interests are in accordance with applicable law and the rights and freedom of the user;
- the achievement of efficiency gains by bundling services in individual Group companies (in particular marketing, IT, procurement)
Categories of recipients
- Service providers for website optimization, online marketing service providers and tools, service companies for information and communication technology, companies for software and device maintenance, some of which are described in more detail below
- Social networks and communities
- Internal recipients according to the “need to know” principle
Usage data/server log files
Each time our website is accessed, our systems automatically collect data and information from the computer system of the accessing computer.
The following types of data are collected: Browser type, version used, user’s operating system, host name, internet service provider, user’s IP address, date and time of access, websites from which the user’s system has accessed our website or which the user accesses from our website.
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR with the above-mentioned legitimate interests.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. Our legitimate interest in data processing also lies in these purposes. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. We also reserve the right to check the files if there is a justified suspicion of unlawful use or a specific attack on the pages based on concrete evidence. In this case, our legitimate interest is processing for the purpose of investigating and prosecuting such attacks and unlawful use.
Use of cookies
We use cookies. Cookies are data that can be stored in the Internet browser or by the Internet browser on the user’s computer system and retrieved again when visiting a website. Cookies may contain a characteristic string of characters that enables the browser to be uniquely identified when the website or an integrated service is called up again. We use cookies to enable the operation of our website (technically necessary cookies), to make our website more user-friendly (functional cookies) and for marketing and advertising purposes (advertising cookies).
Technical cookies: Some elements of our website require that the accessing browser can be identified even after a page change. The purpose of their use is to enable the website to function at all. Examples of technically necessary cookies are the provision of a shopping cart or logging in as a registered user. The processing is therefore carried out on the basis of Art. 6 para. 1 lit. b or f GDPR.
Functional cookies: There may be functions that are not absolutely technically necessary for the operation of our website, but which considerably simplify its use, such as the adoption of language settings or font sizes, the remembering of search terms, etc.. The processing is also carried out on the basis of Art. 6 para. 1 lit. b or f GDPR.
Advertising cookies: We also use cookies on some of our websites that enable us to analyze the surfing behavior of users. In this way, for example: search terms entered in search engines, frequency of page views, use of website functions, and information about the operating system and browser, etc. are transmitted. The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has consented to this – e.g. by making a selection in a cookie opt-in banner – otherwise Art. 6 para. 1 lit. f GDPR in conjunction with Art. 6 para. 1 lit. f GDPR. If third-party services are integrated, processing by them is governed by their respective data protection provisions, which are mentioned and/or linked below.
Usercentrics
We use the consent management service Usercentrics from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This enables us to obtain and manage the consent of website users for data processing in order to comply with our legal obligation (Art. 7 para. 1 GDPR) and to ensure the functionality of the website. The following data is processed Date and time of access, browser information, device information, geographical location, cookie preferences and URL of the page visited. Usercentrics is our processor and recipient of your personal data. The processing takes place within the European Union. Further information on objection and removal options vis-à-vis Usercentrics can be found at Privacy Policy. The data will be deleted after 3 years. Please also note our general information on deleting and deactivating cookies above.
Google Analytics
If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses cookies to help the website analyze how users use the site. The information collected by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. During your visit to the website, your user behavior is recorded in the form of “events”. Events can be: page views, first visit to the website, start of the session, interaction with the website, scrolls, clicks on external links, internal search queries, interaction with videos, file downloads, ads viewed/clicked on, language setting.
The following is also recorded Your approximate location (region), your IP address (in abbreviated form), technical information about your browser and the end devices you use (e.g. language setting, screen resolution), your internet provider, the referrer URL (via which website/advertising medium you came to this website) On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website
Recipients of the data are/may be Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR); Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. It cannot be ruled out that US authorities may access the data stored by Google. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities. Data transmission to the USA is currently based on the EU-U.S. Data Privacy Framework, according to which Google is certified. The data sent by us and linked to cookies is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by clicking
- Do not give your consent to the setting of cookies or
- Download and install the browser add-on to deactivate Google Analytics HERE.
You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.
Demographic characteristics in Google Analytics
This website uses the “demographic characteristics” function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics.
Google Analytics Remarketing
Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of your devices (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you sign in with your Google account.
To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create audiences for cross-device advertising.
You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account by following this link: https://www.google.com/settings/ads/onweb/.
The summary of the data collected in your Google account is based exclusively on your consent, which you can give or revoke at Google (Art. 6 para. 1 lit. a GDPR). For data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 para. 1 lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes.
Further information and the data protection provisions can be found in Google’s privacy policy at: https://www.google.com/policies/technologies/ads/.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google AdWords, we use what is known as conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the user’s computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your Internet browser under user settings. You will then not be included in the conversion tracking statistics.
The storage of “conversion cookies” is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising.
You can find more information about Google AdWords and Google Conversion Tracking in Google’s privacy policy: https://www.google.de/policies/privacy/ .
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM.
Further information about Google reCAPTCHA and Google’s privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
Google Tag Manager
We use Google Tag Manager on this website. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The tool that implements the tags is a cookie-less domain. This means that Google Tag Manager does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation is carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager. The use of Google Tag Manager makes it easier to use our website.
Further data protection information on the use of Google Tag Manager can be found at https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/ .
Use of HubSpot
On our website, we use the HubSpot service provided by HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. HubSpot is an integrated software solution that can be used to cover various online marketing activities. This includes, for example, our website content management (CMS), email marketing, social media publishing & reporting, contact management, as well as the provision of any landing pages and contact forms.
Our registration service enables our website visitors to find out more about our company. You can also download content and provide your contact information and other demographic information. This information and the content of our website are stored on the servers of our software partner HubSpot and can be used by us to contact our website visitors. We also use the information to determine which of our company’s services are of interest to you. We use HubSpot on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR.
In addition, we use essential functions of HubSpot on the basis of the legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR. The legitimate interest is to ensure the functionality of the website for users.
HubSpot is a software company from the USA. To legitimize the transfer of data to the USA, HubSpot Inc. relies on the EU-U.S. Data Privacy Framework, according to which HubSpot Inc. is certified: https://legal.hubspot.com/dpa.
Further information on data protection can be found in HubSpot’s privacy policy: HubSpot privacy policy, HubSpot information on the EU GDPR, information on the cookies used by HubSpot.
In addition, we use essential functions of HubSpot on the basis of the legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR. The legitimate interest is to ensure the functionality of the website for users.
HubSpot Analytics
HubSpot Analytics is a service provided by HubSpot Inc, 25 First Street, Cambridge, MA 02141 USA. This web analysis service helps us to analyze the behavior of users on our website in order to improve user-friendliness and develop targeted marketing measures. Data such as IP address, visit history, time spent on certain pages and click behavior are recorded.
This data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time. As HubSpot Inc. is based in the USA, the data collected will also be transferred there. HubSpot is certified in accordance with the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection in accordance with the requirements of the GDPR.
The data collected will only be stored for as long as is necessary to fulfill the stated purposes or until you revoke your consent. You can prevent the collection of your data by HubSpot Analytics at any time by deactivating the setting of cookies in your browser settings or by using the corresponding opt-out link.
Further information on data protection at HubSpot can be found at https://legal.hubspot.com/privacy-policy.
Newsletter distribution with HubSpot
If you subscribe to our e-mail newsletter or voluntarily provide us with data in a form (e.g. contact form, whitepaper downloads, seminar registration), this data will be stored in our HubSpot CRM. This enables us to record your visits to our website using your additional personal details (e.g. name, e-mail address) and provide you with targeted information on your preferred topics. We also use the data to optimize our sales and marketing measures.
If you generally do not want HubSpot to collect your data, you can prevent the storage of cookies at any time by changing your browser settings.
For more information about how Hubspot works, please refer to the Hubspot Inc. privacy policy, available at: http://legal.hubspot.com/de/privacy-policy.
With the help of HubSpot, we can analyze our newsletter campaigns. When you open an email sent with HubSpot, a file contained in the email (known as a web beacon) connects to HubSpot’s servers. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you do not want HubSpot to analyze your data, you must unsubscribe from the newsletter or email notifications. We provide a link for this purpose in every message. You can also unsubscribe from the newsletter directly on the website.
Data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from our e-mail notifications. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and HubSpot’s servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
HubSpot Forms
On our website, we use the HubSpot service provided by HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. HubSpot is an integrated software solution that can be used to cover various online marketing activities. This includes, for example, our website content management, e-mail marketing, social media publishing & reporting, contact management, as well as the provision of any landing pages and contact forms. Our registration service enables our website visitors to find out more about our company. You can also download content and provide your contact information and other demographic information. This information and the content of our website are stored on the servers of our software partner HubSpot and can be used by us to contact our website visitors. We also use the information to determine which of our company’s services are of interest to you.
We use HubSpot on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR. HubSpot is a software company from the USA. To legitimize the transfer of data to the USA, HubSpot Inc. relies on the EU-U.S. Data Privacy Framework, according to which HubSpot Inc. is certified: https://legal.hubspot.com/dpa.
Further information on data protection can be found in HubSpot’s privacy policy: Cookies used by HubSpot.
General statements on web beacons / tracking pixels
Web beacons are invisible graphics the size of a pixel. These are used by partner companies, in particular for the purpose of tracking a user via various webpages to create a profile for use in advertising tailored to the user (targeting). A pixel integrated into the webpage is loaded from the partner’s server when the webpage is accessed. This provides the partner with your IP address, as well as information about your browser and its version, browser plug-ins used (browser fingerprint), your operating system and your network operator. For the integration of external services through web beacons / tracking pixels or other scripts, the information for advertising cookies applies accordingly.
Content from external providers
We use active JavaScript content and fonts on our website, which may also originate from external providers such as Google. By accessing our website, these providers may receive information about your visit to our website, for example by transmitting your IP address. You can prevent this transmission by installing a JavaScript blocker such as the browser plugin ‘NoScript’ or by deactivating JavaScript in your browser. However, this can lead to functional restrictions.
Some of our websites incorporate third-party content, such as videos from YouTube, maps from Google Maps, images, texts and multimedia files, RSS feeds or other services from other websites. This always requires your IP address to be transmitted to the providers of this content. We cannot make any statement about the use of your data by these providers and also have no influence on further processing. In particular, we have no control over whether the data is used for other purposes, such as profiling. Please refer to the relevant data protection notices of the respective third-party providers. You can protect yourself against further tracking by tracking pixels from these providers by deactivating the acceptance of third-party cookies in your browser settings.
The legal basis for the transfer of personal data when integrating third-party providers is Art. 6 para. 1 lit. a GDPR if the user has given their consent – e.g. by selecting this in a cookie opt-in banner – otherwise Art. 6 para. 1 lit. f GDPR in conjunction with Art. 6 para. 1 lit. f GDPR i.c.w recital 47.
YouTube plugin
YouTube is a service provided by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, and is used on our website to embed videos. When you visit a page with an embedded YouTube video, personal data such as your IP address, the website visited and other technical information (browser type, browser version, operating system) is transmitted to YouTube. This information can also be collected if you are not logged in to YouTube. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
YouTube is used to present our content in an appealing way and to provide you with videos directly on our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If you have consented to the use of YouTube videos, the processing is also based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can revoke at any time.
As YouTube is a Google LLC company based in the USA, data is transferred to the USA. Google is certified under the EU-U.S. Data Privacy Framework, which guarantees an adequate level of data protection in accordance with the requirements of the GDPR.
The data collected by YouTube will be stored by Google for as long as is necessary to fulfill the purposes for which it was collected or until you withdraw your consent. To prevent YouTube from collecting data about you, you can deactivate the setting of cookies in your browser or use a corresponding browser plug-in.
Further information on the purpose and scope of data processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.
Google Fonts
This website uses so-called web fonts provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. As far as possible, we have integrated Google Fonts locally on our web server. In this respect, there is no connection to Google servers and therefore no transmission of your IP address. If this is not the case, you will be asked for your consent to load the fonts. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy.
Google Maps
This site uses the Google Maps map service via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.
When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. Personal data is transmitted to Google (IP address, time of the request, content of the request, amount of data transferred, website from which the request comes, language and version of the browser, information on the operating system). This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy . For the exceptional cases in which personal data is transferred to the USA, standard contractual clauses apply.
Google Photos and YouTube images
If the Google Photos or YouTube images plugin is used on our website, services from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are integrated. These plugins make it possible to display images and other media content directly from Google Photos or YouTube on our website. When you access a page on which these plugins are integrated, data is automatically transmitted to Google. This includes information such as your IP address, the browser used, the page visited and possibly other technical details.
These plugins are used to present our content in a visually appealing and user-friendly manner, which constitutes our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. If you have previously given your consent to the use of such content, your data will also be processed on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time.
Since Google LLC is based in the USA, the data is transferred to the USA. Google is certified under the EU-U.S. Data Privacy Framework, which ensures that an adequate level of data protection is guaranteed in accordance with the requirements of the GDPR.
The data collected by Google will be stored for as long as necessary to fulfill the stated purposes or until you withdraw your consent. To prevent Google from collecting data via these plugins, you can prevent the plugins from loading by changing your browser settings or using the corresponding add-ons.
Further information on data processing by Google can be found in Google’s privacy policy: https://policies.google.com/privacy.
Fontawesome
This site uses the web font “Font Awesome” from the provider Fonticons, 307 S. Main St., Suite 202, Bentonville, AR 72712, USA, to display special symbols. When you call up a page, your browser loads the required web fonts into your browser cache in order to display the symbols.
For this purpose, the browser you are using must connect to Font Awesome’s content delivery network. This access data is usually stored on servers in the country or region (e.g. Europe) from which you are accessing the website and is deleted after a few weeks. Anonymous statistics are also transferred to servers in the USA. The use of Font Awesome is in the interest of an appealing presentation of our online offers and for reasons of loading time optimization. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Further information about Font Awesome can be found at https://fontawesome.com/ and in Font Awesome’s privacy policy: https://fontawesome.com/privacy.
jsDelivr
jsDelivr is a content delivery network (CDN) operated by ProspectOne, Królewska 65A/1, 30-081 Kraków, Poland. We use jsDelivr on our website to improve the loading speed of JavaScript libraries and other resources. This involves establishing a connection to the jsDelivr servers in order to retrieve the required files. In this context, your IP address and technical information about your browser and operating system are transmitted to jsDelivr.
The use of jsDelivr is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, as we want to ensure the fast and efficient provision of our website. If you have previously given your consent to the use of jsDelivr, your data will also be processed on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time.
The data collected by jsDelivr is only used to provide the content and is generally not stored permanently. The data will not be passed on to third parties unless this is necessary to fulfill legal obligations.
Since jsDelivr operates servers worldwide, it cannot be completely ruled out that your data may be transferred to locations outside the European Union. If your data is processed outside the European Union, this is done in accordance with the applicable data protection regulations. According to jsDelivr’s privacy policy, the processing of personal data takes place entirely within the European Union.
To prevent the collection of data by jsDelivr, you can block the execution of JavaScript in your browser. However, this can lead to restrictions in the functionality of the website. Further information on data processing by jsDelivr can be found in jsDelivr’s privacy policy: https://www.jsdelivr.com/terms/privacy-policy.
Bootstrap CDN
We use the Bootstrap CDN service from the provider http://jsdelivr.com on our website. This is an open source service of the Polish software company ProspectOne, Królewska 65A/1, 30-081, Kraków, Poland. Bootstrap is a so-called Content Delivery Network (CDN). This is a network of regionally distributed servers that are connected via the Internet. As a result, content, especially large files, can be delivered quickly and optimally, even during high load peaks. The service is used to deliver individual websites quickly and flawlessly on all devices. As a result, personal data such as your IP address, browser type, browser version, which website is loaded and the time and duration of use of the website are processed. Your personal data may be processed in third countries without an adequate level of data protection. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a GDPR.
You can find further information on processing in the privacy policy of https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.
amCharts
As part of the operation of our website, we use the service amCharts, provided by http://amcharts.com, based in Vilnius, Lithuania. amCharts enables us to display interactive charts and graphics that serve to clearly visualize content and improve the user-friendliness of our website.
In particular, usage data, such as the IP address and information about your interactions with the charts, may be collected and processed on amCharts’ European servers. The legal basis for this processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our interest is to provide you with a functional and visually appealing website.
The data collected will only be stored for as long as is necessary to achieve the purpose. You have the option of objecting to the processing of your data by amCharts. You can do this, for example, by making the appropriate settings in your browser, by deactivating the execution of JavaScript or by using special browser add-ons. Please note that this may impair the functionality of the interactive charts.
Further information on data processing by amCharts can be found in the privacy policy at: https://www.amcharts.com/privacy/.
Contact form and e-mail contact
A contact form is available on our website, which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are Name, address, e-mail address, telephone number, etc. Not all of this data is mandatory. The following data is also stored when the message is sent: The IP address, date and time. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.
The legal basis for the processing is:
- For the receipt of the data on the basis of the sending of the contact form as consent pursuant to Art. 6 para. 1 lit. a in conjunction with. Art. 5 (expectable processing) GDPR or alternatively on the basis of the legitimate interest in responding to your contact request in accordance with Art. 6 para. 1 lit. f GDPR.
- For the processing of data transmitted in the course of sending an e-mail, Art. 6 para. 1 lit. f GDPR with the above-mentioned legitimate interests.
- If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended and there is no reason for further storage. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. There may be retention periods under commercial and tax law.
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
Newsletter
You can subscribe to a free newsletter with advertising content on our website. Our newsletters contain information about our services, promotions, events, competitions, job offers and articles. Newsletters, on the other hand, do not include messages without advertising information that are sent as part of our contractual or other business relationship. This includes, for example, the sending of service emails with technical information and queries about orders, events, competition notifications or similar messages. When registering for the newsletter, the data from the input screen is transmitted to us. In addition, the IP address of the accessing computer and the time of access are collected. Your consent is obtained for the processing of the data during the registration process and reference is made to this privacy policy. If you purchase goods on our website via our online store and enter your e-mail address, we reserve the right to send you newsletters with direct advertising for our own similar goods. No data will be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given consent and for sending the newsletter as a result of the sale of goods in accordance with Section 7 para. 3 UWG or Art. 6 para. 1 lit. f. (dispatch on the basis of our legitimate business interest).
The purpose of collecting the user’s email address is to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. This is also used to withdraw consent for the newsletter to be sent.
A statistical evaluation of the reading behavior only takes place to the extent that it can be determined whether the recipients have opened the newsletter and clicked on the links. However, this is a function that we only use to check user activities and to be able to make corresponding optimizations. For this purpose, the newsletter contains a so-called “web beacon”, a pixel-sized file that is retrieved from our server when the newsletter is opened. This web beacon can be personalized so that personal data is collected. Clicks are tracked via personalized links to the respective website. If personalized data is collected, the legal basis is Art. 6 para. 1 lit. a GDPR.
Data collection during registration and registered use
Some of our websites require or offer registration. The data collected is used for the purpose of using the respective websites and services, unless otherwise described and explicitly consented to during registration. The data collected results from the input mask during registration, the processing is based on Art. 6 para. 1 lit. b GDPR. All other data that you can enter at a later date to complete your profile are optional and voluntary and are based on the legal basis of Art. 6 para. 1 lit. a GDPR. After registration, we may inform you about relevant circumstances related to our offer for which you have registered by means of the e-mail address you have provided.
Data in user-generated content
If you write comments or posts, upload files to our servers, publish images or use other services, your IP address and – if you are logged in – your user data will be stored for our security. Due to the large amount of illegal content that is posted on the Internet every day, we reserve the right to use this information to defend ourselves in legal disputes or for criminal prosecution, i.e. to pass it on to opposing parties, law enforcement authorities and courts. The legal basis for the content provided is Art. 6 para. 1 lit. a and/or b GDPR, for all other data collected in the process Art. 6 para. 1 lit. f GDPR.
Comment subscriptions
On some of our websites you can subscribe to follow-up comments. If you are not logged in, you will receive a confirmation email as part of a double opt-in procedure to check whether you are the legitimate owner of the specified mailbox. You can unsubscribe from the notification at any time. Instructions on how to do this are included in each of the emails. Registered users do not have to go through the double opt-in procedure, as this takes place during registration. The legal basis for sending newsletters applies.
Credit rating information
Furthermore, we reserve the right to pass on personal data to third parties for credit rating information in the case of orders or commissions, insofar as this is necessary to safeguard our legitimate interests. Only the data required by the credit agency to calculate creditworthiness using a mathematical-statistical procedure will be transmitted. We require creditworthiness information in order to be able to decide on the establishment and execution of a contractual relationship while safeguarding our legitimate interests.
Data transmission via the Internet
Data transmission via the Internet is generally associated with certain risks. Data is not specially encrypted; in particular, messages from the contact form on our website and messages in the service chat are transmitted unencrypted. Please bear this in mind when transmitting data. If you wish to communicate with us by encrypted e-mail, this is possible via SMIME encryption. Please let us know if you wish to use encryption, as we regularly send unencrypted emails due to the currently low market penetration of email encryption methods.
Data transfer
If you provide us with personal data, it will only be passed on to third parties if this is necessary to process the contractual relationship or if another legal reason legitimizes this transfer. However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and taken appropriate measures to protect your personal data.
Storage periods
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Use of service providers
Some of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. We transmit or receive personal data from these service providers solely on the basis of a processing contract. If the registered office of a service provider is located outside the European Union or the European Economic Area, a third country transfer takes place. With these service providers, data protection agreements corresponding to the legal requirements are contractually defined to establish an appropriate level of data protection and corresponding guarantees are agreed.
Information on your rights
You have the right
-
- to request confirmation from us as to whether personal data concerning you is being processed by us; if this is the case, you have the right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
- to request the release of the data concerning you in the restrictions of Art. 20 GDPR in a common electronic, machine-readable data format. This also includes the transfer (where possible) to another controller named directly by you.
- to demand that we rectify your data if it is incorrect, inaccurate and/or incomplete. Rectification also includes completion by means of explanations or notification.
- to demand that we erase personal data concerning you without undue delay if one of the reasons listed in Art. 17 GDPR applies. Unfortunately, we are not permitted to erase data that is subject to a statutory retention period. If you no longer wish us to contact you by newsletter or other means, we will store your contact details in this regard on a blacklist.
- to revoke any consent you have given with effect for the future without any disadvantages for you.
- to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR is met.
- to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (Art. 21 GDPR).
- without prejudice to any other administrative or judicial remedy, and if you consider that the processing of personal data relating to you infringes the GDPR, to lodge a complaint wit
- our data protection officer: datenschutz@a-w.com or by post (see legal notice).
- to a supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement.
Deletion of your data
Unless otherwise stipulated in the more detailed data protection declarations, we delete your personal data when the contractual relationship with you has ended, you have exercised your right to deletion, all mutual claims have been fulfilled and there are no other statutory retention obligations or legal justifications for storage. Commercial law retention periods for financially relevant data are generally up to 10 years. In addition, we may retain data for as long as necessary to protect ourselves against claims that could be asserted against us. These periods can be up to 30 years.
Definitions
For the purposes of this general information, the term:
- Personal data – any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples include contact data, communication data and billing data.
- Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Recipient – a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
- Employees – employees, including temporary workers in relation to the hirer, persons employed for their vocational training, participants in benefits for participation in working life as well as in clarifications of professional aptitude or work trials (rehabilitants), persons employed in recognized workshops for disabled persons, volunteers who perform a service in accordance with the Youth Volunteer Service Act or the Federal Volunteer Service Act, persons who are to be regarded as employee-like persons due to their economic independence. These also include people working from home and those treated as such, federal civil servants, federal judges, soldiers and persons performing civilian service. As well as applicants for employment and persons whose employment has ended.
- Third party – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- Profiling – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person. In particular, to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or relocation of that natural person.
- Restriction of processing – the marking of stored personal data with the aim of restricting its future processing.
Changes to the privacy policy
We reserve the right to change our privacy policy if necessary and to publish it here. Please check this page regularly. The updated declaration shall enter into force upon publication, subject to the applicable legal provisions. If we have already collected data about you that is affected by the change and/or is subject to a legal obligation to provide information, we will also inform you of any significant changes to our privacy policy.