Loading...
Data protection2023-07-26T13:02:36+02:00
smartfactory.edag.com – Datenschutz EN 6453847629 – EDAG Datenschutz
smartfactory.edag.com – Datenschutz EN 64538476292023-07-26T12:52:05+02:00

DATA PRIVACY STATEMENT

I. Name and Address of the Data Controller

In terms of the General Data Protection Regulation and other national data protection laws of the EU member states and other data protection-related regulations, the data controller is:

EDAG Production Solutions GmbH & Co. KG
Reesbergstraße 1
D-36039 Fulda
Germany

Tel.: +49 661 – 6000 150
Fax: +49 661 – 6000 319

E-Mail: info[at]edag-ps.com
Website: www.edag-ps.com

II. Name and Address of the Data Protection Officer

The data protection officer responsible can be contacted at the following:

INTARGIA Managementberatung GmbH
Dreieich Plaza 2a
63303 Dreieich

E-mail: datenschutz[at]edag.com

III. General Data Processing Information

1. Extent to which and purpose for which personal data is processed
We only ever collect and use personal data of our users to the extent to which this is necessary to provide a fully functional website and our contents and services. The regular collection and use of personal data of our users is only ever made with the user’s consent (insofar as legally required). One exception to this rule applies in cases in which, for factual reasons, it is not possible to obtain the user’s prior consent, or in which, according to applicable data protection legislation, the processing of this data is permitted on other legal grounds.

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject to process his or her personal data, Art. 6 para. 1 p. 1 point a of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis for the processing of personal data.

Art. 6 para. 1 p. 1 point b of the GDPR shall serve as the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is party. This shall also apply to processing necessary for the performance of pre-contractual measures.Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 p. 1 point c of the GDPR shall serve as the legal basis.

Should it be necessary to process personal data in order to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 p. 1 point d of the GDPR shall serve as the legal basis.

Should processing be necessary to protect the legitimate interests of our company or a third party and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, then Art. 6 para. 1 p. 1 point f of the GDPR shall serve as the legal basis for processing.

3. Data erasure and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose for which it has been saved ceases to apply. Further, data may also be stored if provided for by European or national legislators in Union directives, laws or other regulations, to which the data controller is subject. The data will also be deleted or blocked at such time as the storage period prescribed by the designated standards expires, unless it is necessary for the data to be stored for a further period for the conclusion or performance of a contract.

IV. Provision of the Website and Creation of Log Files

1. Description and extent of data processing
Every time our website is accessed, our system automatically acquires data and information from the computer system of the calling computer.

The following data is collected:

  • The user’s IP address
  • Date and time of access.
  • Page opened / name of file opened
  • Web browser and enquiring domain
  • Amount of data transferred
  • Browser used
  • Operating system used
  • Message stating whether access was successful or not

The data is also stored in the log files of our system. This data is not stored with other personal data of the user.

2. Legal basis for data processing
Art. 6 para. 1 p. 1 point f of the GDPR is the legal basis for the temporary storage of the data and the log files.

3. Purpose of data processing
The temporary storage of the IP address by the system is necessary in order to be able to deliver the website to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session.

Data is stored in log files to ensure that the website functions properly. In addition, the data serves to optimize the website and to guarantee the security of our IT systems. No data evaluation is carried out for marketing purposes in this context.

These purposes are also in our legitimate interests in data processing under Art. 6 para. 1 p. 1 point f of the GDPR.

4. Storage duration
Data is deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of data being collected in order to make the website available, this is the case when the session is terminated.

In the case of data stored in log files, this is the case after a maximum of seven days. Storage beyond this point in time is possible. In this case, the user’s IP address will be deleted or distorted, so that it can no longer be attributed to the accessing client.

5. Right to object and right of elimination
Data acquisition is essential for the provision of the website and the storage of data in log files is essential for operating the website. The user therefore has no right to object.

V. USE OF USERCENTRICS (CONSENT MANAGEMENT)

1. Description and extent of data processing
We use the consent management service Usercentrics GmbH, Sendlinger Str. 7, 80331 München (hereinafter „Usercentrics“). Every time our website is accessed, our system automatically acquires data and information from the computer system of the calling computer. The following data is collected when using this service:

  • opt-in- and opt-out data
  • Referrer URL
  • User Agent
  • User settings
  • Consent ID
  • Time of consent
  • Type of consent
  • Template version
  • Banner language

2. Legal basis for data processing
Due to the legal obligation to store the aforementioned data, the legal basis is Art. 6 para. 1 p. 1 lit. c GDPR.

3. Purpose of data processing
The service is used to manage consent. This serves to comply with legal obligations, according to which data processing requiring consent may only be carried out via the website if the corresponding consent of the user has been obtained. The Usercentrics service is used to store and manage the consent obtained. This also applies in the event of revocation of the consent given.

Usercentrics is used as an contract processor. Therefore, we have concluded contract for commissioned data processing with Usercentrics in accordance with the legal requirements.

4. Storage duration; right to object and right of elimination
The storage period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as they are no longer required for the specified processing purposes.

The consent data (consent given and revocation of consent) is stored for three years. The data will then be deleted immediately.

The collection and storage of the data is required by law for the operation of the website. The user therefore has no right to object.

The privacy policy of the data processor can be found here: https://usercentrics.com/de/datenschutzerklaerung/

VI. USE OF COOKIES

1. Description and extent of data processing
Our website makes use of cookies. Cookies are data files stored on the user’s computer system in or by the Internet browser. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified the next time the website is accessed.

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identified if the user changes from one page to another.
The following data is stored and transmitted in the cookies:

(1) The user’s IP address
(2) Date and time of access
(3) Login information
(4) Amount of data transferred
(5) Enquiring domain

On our website, we also use cookies which make it possible to analyse the user’s surfing habits.

The following data can be transmitted in this way:

(1) Equipment type, model, brand, screen resolution
(2) Operating system, versions, families
(3) Browser, version, configuration, engines, plugins, language, language code
(4) Location data
(5) Provider details
(6) Pages per visit, number of visits, repeat visits, time of visit, date of visit
(7) Entry pages, exit pages, page URL, title of page, search items, downloads
(8) Search engines, search item, websites, social networks
(9) Campaigns, campaign key word

When accessing our website, the user is informed that functional cookies are used, as are cookies for analysis and marketing purposes, and a Cookie Consent Manager is used to obtain his or her consent to the processing of the personal data used in this respect. Information regarding this data privacy statement is also issued in this context.

Detailed information on how the individual cookies work, information on how long they function and details of whether third parties have access to these cookies can also be found in the Cookie Consent Manager. You can access the Cookie Consent Manager any time by clicking the corresponding button in the footer of our website.

2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 p. 1 point f of the GDPR.. In this respect, we have carefully considered our interest in the use of cookies and your interest in confidentiality. In this case, our interest prevails. We are unable to provide our website without using the technically necessary cookies.

The legal basis for the processing of personal data using functional cookies and cookies for analysis and marketing purposes, provided the user’s consent for this purpose has been obtained, is Art. 6 para. 1 p. 1 point a of the GDPR.

3. Purpose of data processing
Depending on their intended use and function, we divide cookies into the following categories:

a) Technically necessary cookies
Technically necessary cookies guarantee functions without which our website cannot be be put to its intended use. These cookies are used exclusively by us, i.e. they are first party cookies. This means that all information stored in the cookies is returned to our website. Technically necessary cookies are used, for example, to ensure that users who have logged in always remain logged in when accessing various sub-pages of our website, and so do not have to re-enter login data every time they access a new page.

It is possible and permissible to use technically necessary cookies on our website without first obtaining consent. For this reason, individual technically necessary cookies cannot be activated or deactivated. These purposes are also in our legitimate interests in the processing of personal data under Art. 6 para. 1 p. 1 point f of the GDPR.  Our interest in ensuring the unobstructed provision of our website and the services it offers prevails.

b) Functional cookies
Functional cookies enable our website to store information that has already been input (such as registered name, language selection or a user’s location) and, on the basis of this information, offer improved and more personalised functions. The way in which these cookies collect and store data ensures that user behaviour on other websites cannot be tracked.

c) Performance cookies
In order to improve the website’s attractiveness, content and functionality, performance cookies collect aggregated information about how it is used. These cookies help us to determine whether, how often and how long which website subpages are visited and what content is of particular interest to users.

These cookies do not store any information that would allow the user to be identified. The information collected is aggregated, and does not allow us to directly identify the individual. The only purpose it serves is to compile statistics in order to better tailor the content of our website to the needs of our users, to improve user experience, and to optimise our range of services.

d) Marketing cookies
Marketing cookies come from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user, to create targeted advertising for the user, and to display advertisements based on the user’s interests. They are also used to limit the frequency with which an advertisement appears, and to measure the effectiveness of advertising campaigns. This information may be shared with third parties, advertisers for instance.

4. Storage duration and right of elimination
Cookies are stored on the user’s computer, from which they are transmitted to our website. As the user, you therefore have complete control over the use of cookies.

Even if you have consented to the use of cookies, you can withdraw your consent at any time, with future effect. Please use one of the following options to do this:

    • You can inform us that you wish to withdraw your consent or change your settings in our Cookie Consent Manager, which can be accessed at any time via the website.
    • You can prevent cookies from being stored by adjusting your browser software accordingly; we would, however, like to draw your attention to the fact that if you do so, this might possibly result in your not being able to use all the functions offered on this website to the full.
    • Cookies which have already been stored can be removed from your settings at any time. This can also be done automatically.
    • Further, you can prevent the collection of data generated by the cookie and relating to your use of our websites (including your IP address) and the processing of this data by downloading and installing the plugin available for your browser.
    • You can also use the tools developed as part of self-regulation programs in many countries, e.g. https://www.aboutads.info/choices/ (USA) or http://www.youronlinechoices.com/uk/your-ad-choices (EU), to manage marketing cookies.

5. Forwarding of personal data
If you accept the functional cookies above and beyond those that are technically necessary, and cookies for analysis and advertising purposes, you also consent to the processing of your data in the USA pursuant to Art. 49 para. 1 p. 1 point a of the GDPR. We would like to point out that the European Court of Justice regards the US as a country with a level of data protection that is insufficient by EU standards. In view of this fact, no other suitable data protection safeguards exist. There is therefore a risk of your data being processed by U.S. authorities for control and monitoring purposes, possibly without the possibility of legal recourse. If you do not want this to happen, click Refuse.

VII. REGISTRATION FOR APPLICANT LOGIN

1. Description and extent of data processing
On the external website of the EDAG GROUP (https://www.edag.com/en/career/jobs-application/job-advertisements), we offer users the opportunity to register on our recruiting portal; when using this, they are required to provide personal data. The data is entered in an input mask, transmitted to us, and stored. There is no disclosure of data to third parties. The following data is collected during the registration process:

(1) Title
(2) Name, First name
(3) E-Mail
(4) Phone
(5) Nationality
(6) Date of Birth

The following data is also stored at the time the registration is submitted:

(7) The user’s IP address
(8) Date and time of registration

During the registration process, we refer to the data privacy statement for applicants for further processing of the application documents.

2. Legal basis for data processing
The legal basis for the processing of data, provided the user’s consent has been obtained, is Art. 6 para. 1 p. 1 point a of the GDPR.

If the point of the application is to enter into a contract, then Art. 6 para. 1 p. 1 point b of the GDPR will serve as an additional legal basis for processing.

3. Purpose of data processing
The user must register in order to be able to use the recruiting portal.

4. Storage duration
Data is deleted as soon as it is no longer needed for the purpose for which it was collected. For the data collected during the registration procedure, this is the case when the registration on the website is closed or amended.

In the event of a rejection, the applicant data that has been uploaded is deleted no later than six months after the end of the application process. If the data subject gives the data controller his or her consent to being contacted at a later date in order to resume the application process, should another position for which he or she might be considered become available, then any data that has been transmitted is deleted at the end of a period of 24 months.

5. Right to object and right of elimination
As the user, you can cancel your registration at any time. You can amend any stored data concerning you at any time.

VIII. CONTACT FORM AND CONTACT VIA E-MAIL

1. Description and extent of data processing
Contact forms for different purposes are available on our website. These forms can be used to establish contact via electronic means for the purpose specified in that form. Should a user make use of this option, the data entered in the input mask of the respective contact form is transmitted to us and stored. The form contains a few mandatory input fields. In addition, input fields that are marked “optional” can be filled in voluntarily.

The following data is also stored at the time the message is sent:

(1) The user’s IP address

(2) Date and time of registration

Your consent to the processing of this data will be requested and reference made to this data privacy statement when you send your message.

Alternatively, an e-mail address is provided if you prefer to contact us this way. In this case, the personal data of the user transmitted with the email is stored.

2. Legal basis for data processing
The legal basis for the processing of data, provided the user’s consent has been obtained, is Art. 6 para. 1 p. 1 point a of the GDPR.

The legal basis for the processing of data collected when an e-mail is being sent is Art. 6 para. 1 p. 1 point f of the GDPR. If the reason of the email contact is the conclusion of a contract, then Art. 6 para. 1 p. 1 point b of the GDPR will serve as an additional legal basis for processing.

3. Purpose of data processing
The reason for processing personal data from the input mask is to enable us to handle communication with you. If contact is made by email, this also establishes a legitimate interest in processing the data.The other personal data collected when the message is sent serve to prevent any misuse of the contact form and to guarantee the security of our IT systems.

4. Storage duration
Data is deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data from the input mask of the contact form and data transmitted by electronic mail, this is the case when a particular communication with the user is finished. Communication is finished when circumstances indicate that the matter concerned has been fully resolved.

The additional personal data collected while the message is being sent will be deleted after a period of no more than seven days has elapsed.

5. Right to object and right of elimination
The user has the right to withdraw his or her consent to the processing of the personal data at any time. If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. If this is the case, then the communication cannot be continued. In this case, all personal data collected as a result of contact being made will then be deleted.

IX. USE OF WEB TRACKING

A. Use of Google Analytics

1. Description and extent to which personal data is processed

This website uses Google Analytics, a web analytics service of Google Inc. („Google“). This makes it possible for data, sessions and interaction across multiple devices to be assigned to a pseudonymized user-ID, permitting the cross-device analysis of the activities of a user.

Google Analytics makes use of “cookies”, text files which are stored on your computer and enable the use of the website to be analyzed. As a rule, the information relating to your use of this website generated by the cookie is transferred to a Google server in the USA, where it is saved. If IP address anonymization has been activated on this website, Google will truncate your IP address within member states of the European Union or other states party to the Agreement on the European Economic Area (including Switzerland). Only in exceptional cases is the IP address transferred to a Google server in the USA and truncated there. On behalf of the owner of this website, Google will use this information to evaluate your usage of the website, to compile reports on the website activities, and to perform further services relating to the use of the website and Internet for the website owner.

To do this, the following data concerning you is processed:
(1)    The user’s IP address
(2)    Date and time of access
(3)    Login information
(4)    Amount of data transferred
(5)    Enquiring domain
(6)    Equipment type, model, brand, screen resolution
(7)    Operating system, versions, families
(8)    Browser, version, configuration, engines, plugins, language, language code
(9)    Location data
(10)    Provider details
(11)    Pages per visit, number of visits, repeat visits, time of visit, date of visit
(12)    Entry pages, exit pages, page URL, title of page, search items, downloads
(13)    Search engines, search item, websites, social networks
(14)    Campaigns, campaign key word

The IP address sent by your browser via Google Analytics is not merged with other data by Google.

2. Legal basis for the processing of personal data

The legal basis for the use of Google Analytics, provided your consent has been obtained, is Art. 6 para. 1 p. 1 point a of the GDPR.

3. Purpose of data processing

The purpose behind the use of the web analytics service is to analyze and make regular improvements to the use of our website. The statistics obtained enable us to improve our services and make them more interesting to you, our users. For any exceptional cases in which personal data is transferred to the USA, standard contractual clauses have been agreed with Google under the terms of the contractual arrangements.

4. Storage duration, right to object and right of elimination

Any data that is sent by Google and linked with cookies, user authentication (e.g. user ID) or advertising IDs is automatically deleted after 14 months. According to Google, data which has come to the end of its storage period is automatically deleted once a month. We draw your attention to the fact that we have no influence over how long data is stored by Google.

You can prevent cookies from being stored by adjusting your browser software accordingly; we would, however, like to draw your attention to the fact that if you do so, this might possibly result in your not being able to use all the functions offered on this website to the full. Further, you can prevent the acquisition of the data generated by the cookie and relating to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available on the following link: tools.google.com/dlpage/gaoptout.

Opt-out cookies prevent the future acquisition of your data when visiting this website. To prevent acquisition across multiple devices by Universal Analytics, you will have to activate the opt-out for all systems in use. Click here to set the opt-out cookie: ga-optout text=“Deactivate Google Analytics“

This website uses Google Analytics with the “_anonymizeIp()” function. This ensures that IP addresses are processed in truncated form, making it impossible to trace them to a specific user. Should the data about you that has been collected produce a direct personal link, this is immediately blocked, so the personal data is instantly deleted.

Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. The conditions of use can be found at: www.google.com/analytics/terms/de.html; a data privacy summary can be found at: www.google.com/intl/de/analytics/learn/privacy.html, and a data privacy statement at: www.google.de/intl/de/policies/privacy.
To this purpose, we have also entered into a data processing contract with Google.

5. Use of Google Tag Manager

We use Google Tag Manager. Google Tag Manager is a solution that enables marketers to manage website tags via one interface. The Tool Tag Manager itself, which implements the tags, is a service that can collect personal data by setting cookies. The tool triggers other tags that under certain circumstances may themselves collect data. Google Tag Manager does not access this data. If deactivation has been effected at domain or cookie level, it will remain in force for all tracking tags implemented with Google Tag Manager. More information can be found here: https://www.google.de/tagmanager/use-policy.html

B. Use of SalesViewer®

1. Description and extent to which personal data is processed

Our website uses the SalesViewer® technology of SalesViewer® GmbH, Bongardstrasse 29, 44787 Bochum (in the following referred to as: SalesViewer®) to collect and store personal data for marketing, market research and optimisation purposes. For this purpose, a JavaScript-based code is used to collect company-related data and the corresponding use. The data collected using this technology is encrypted via a non-reversible one-way function (hashing). The data is immediately pseudonymised, and is not used to personally identify the visitor to this website. The following data is collected:

  • Name, origin and sector of the visiting company
  • Source/referrer of the visiting company
  • Keyword
  • Visitor’s behaviour (e.g. (sub-) pages visited, time and duration of visit)
2. Legal basis for data processing 

The legal basis for the processing of data, provided the user’s consent has been obtained, is Art. 6 para. 1 p. 1 point a of the GDPR.

3. Purpose of data processing

The purpose behind the use of the web analytics service is to analyse and make regular improvements to the use of our website. The statistics obtained enable us to improve our services and make them more interesting to you, our users.

We use data that has been acquired by means of the SalesViewer® service for the above-mentioned purposes only, and do not disclose such data to third parties. To this purpose, we have also entered into a data processing contract with SalesViewer®.

4. Storage duration, right to object and right of elimination

You can prevent the acquisition of data by SalesViewer® by using the Consent Manager to prohibit the storage of the JavaScript-based code. The data is deleted as soon as it is no longer required for processing purposes.

Further, you can object to the collection and storage of data at any time with effect for the future by clicking on this link, to prevent the collection of data by SalesViewer® within this website in the future. As a result, an opt-out cookie for this website is stored on your device. If you delete your cookies in this browser, you will need to click on the link again.

The data will be deleted as soon as they are no longer needed for the processing purposes. In this case no later than 12 months after termination of the contractual relationship.

X. USE OF GOOGLE WEB FONTS

1. Beschreibung und Umfang der Datenverarbeitung
Wir nutzen zur einheitlichen Darstellung von Schriftarten so genannte Web Fonts, die von Google bereitgestellt und auf unsere Server lokal heruntergeladen werden. Dazu werden die benötigten Web Fonts in Ihren Browsercache geladen, um Texte und Schriftarten korrekt anzuzeigen. Wenn Ihr Browser Web Fonts nicht unterstützt, wird eine Standardschrift von Ihrem Computer genutzt.

Beim Aufruf der Seite werden hierfür bei Ihnen keine Cookies gesetzt. Es findet auch kein direkter Verbindungsaufbau zu den Servern von Google statt, da die Schriftarten lokal in unsere Webseite eingebunden sind.

2. Rechtsgrundlage der Datenverarbeitung
Rechtsgrundlage für die Verarbeitung ist auf Grund unseres berechtigten Interesses an einer einheitlichen Darstellung Art. 6 Abs. 1 S. 1 lit. f DSGVO.

3. Zweck der Datenverarbeitung
Google Web Fonts ist eine frei verfügbare Bibliothek von über 800 Schriftarten. Google Web Fonts erlaubt es uns, dem Nutzer unsere Webseite in einem ansprechenden Design und über alle Geräte hinweg in gleichartiger Qualität darzustellen. Nur so ist es technisch möglich, dass alle Besucher unserer Homepage eine gleichbleibende und angenehme Nutzererfahrung haben.

Hierin liegt auch unter berechtigtes Interesse im Sinne von Art. 6 Abs. 1 S. 1 lit. f DSGVO.

4. Dauer der Speicherung, Widerspruchs- und Beseitigungsmöglichkeit
Die Daten werden solange gespeichert, wie sie für die Erreichung des Zweckes ihrer Erhebung erforderlich sind. Sie haben die Möglichkeit der Verwendung durch Veränderung Ihrer Browser-Einstellungen zu widersprechen.

XI. USE OF FONTAWESOME

1. Beschreibung und Umfang der Datenverarbeitung
Wir nutzen zur einheitlichen Darstellung von Schriftarten die Funktion Fontawesome der Fonticons, Inc. Diese werden auf unsere Server lokal heruntergeladen und bei Seitenabruf von diesen abgerufen. Dazu werden die benötigten Schriftarten und Icons in Ihren Browsercache geladen, um Texte und Schriftarten korrekt anzuzeigen. Wenn Ihr Browser die Schriftarten von Fontawesome nicht unterstützt, wird eine Standardschrift von Ihrem Computer genutzt.

Beim Aufruf der Seite werden hierfür bei Ihnen keine Cookies gesetzt. Es findet auch kein direkter Verbindungsaufbau zu den Servern der Fonticons, Inc statt, da die Schriftarten lokal in unsere Webseite eingebunden sind.

2. Rechtsgrundlage der Datenverarbeitung
Rechtsgrundlage für die Verarbeitung ist auf Grund unseres berechtigten Interesses an einer einheitlichen Darstellung Art. 6 Abs. 1 S. 1 lit. f DSGVO.

3. Zweck der Datenverarbeitung
Fontawesome ist eine frei verfügbare Bibliothek von Schriftarten und Icons und erlaubt es uns, dem Nutzer unsere Webseite in einem ansprechenden Design und über alle Geräte hinweg in gleichartiger Qualität darzustellen. Nur so ist es technisch möglich, dass alle Besucher unserer Homepage eine gleichbleibende und angenehme Nutzererfahrung haben.
Hierin liegt auch unter berechtigtes Interesse im Sinne von Art. 6 Abs. 1 S. 1 lit. f DSGVO.

4. Dauer der Speicherung, Widerspruchs- und Beseitigungsmöglichkeit
Die Daten werden solange gespeichert, wie sie für die Erreichung des Zweckes ihrer Erhebung erforderlich sind. Sie haben die Möglichkeit der Verwendung durch Veränderung Ihrer Browser-Einstellungen zu widersprechen.

XII. INTEGRATION OF YOUTUBE VIDEOS (VIA PLUGIN)

1. Description and extent of data processing
We have integrated YouTube videos into our online service; these are stored at www.YouTube.com and can be played directly from our website. These are all embedded in “enhanced privacy mode,” which means that no data about you as a user is transferred to YouTube unless you play the videos. The data mentioned below will not be transmitted until you play the videos. We have no influence on this data transmission.

Should you visit the website, YouTube receives the information that you have activated the corresponding subpage of our website. In addition, basic data such as IP address and time stamp is also transmitted. This happens regardless of whether or not YouTube has provided a user account by means of which you have logged on. If you have logged on to Google, your data is assigned directly to your account.

2. Legal basis for data processing
Provided your consent has been obtained, the legal basis for the processing of data is Art. 6 para. 1 p. 1 point a of the GDPR.

3. Purpose of data processing
YouTube stores your data as usage profiles, which it then uses for advertising or market research purposes, and/or the needs-based design of its website. An analysis of this type is carried out (even for users who have not logged on) in particular to provide needs-based advertising, and to inform other people using the social network of your activities on our website.

4. Storage duration, right to object and right of elimination
If you do not wish the data to be assigned to your profile with YouTube, you must log out before activating the button. You have the right to object to the creation of these user profiles, and to exercise this right, you must contact YouTube.

Further information concerning the purpose and scope of data acquisition and its processing by YouTube can be found in the data privacy statement, where you will also find additional information on your rights and setting options to protect your private sphere: https://www.google.de/intl/de/policies/privacy.

5. Forwarding of personal data
YouTube also processes your personal data in the USA. With your consent to the integration of YouTube videos, you also consent to the processing of your data in the USA pursuant to Art. 49 para. 1 p. 1 point a of the GDPR. We would like to point out that the European Court of Justice regards the US as a country with a level of data protection that is insufficient by EU standards. In view of this fact, no other suitable data protection safeguards exist. There is therefore a risk of your data being processed by U.S. authorities for control and monitoring purposes, possibly without the possibility of legal recourse. If you do not want this to happen, click Refuse.

XIII. ONLINE PRESENCE IN SOCIAL MEDIA

We maintain online presences within social networks in order to communicate with any customers, interested parties and users active there, and to inform them about our services. In this context, only simple links are used, or only social media plug-ins that do not establish any connection to the network in question when the page is loaded. This is the difference between the social media plug-ins used here and the the widespread Like buttons, which transmit data to the social networks as soon as the page is loaded, without the button having to be clicked. Additional information on the processing of data can be found in the following social media data privacy statement.

XIV. USE OF HUBSPOT

1. Description and extent of data processing
For analysis purposes, as well as for e-mailing, blogs and posting social media, we use HubSpot, a service provided by HubSpot Inc., on our website. HubSpot Inc. is a US company which has a subsidiary in Ireland (HubSpot, 2nd floor 30 North Wall Quay, Dublin 1, Ireland, Tel.: +353 1 5187500). HubSpot uses cookies which are stored on the user’s computer and collect certain types of data. The following data is collected:

    • IP address
    • Location
    • Browser
    • Duration of visit
    • Websites opened

2. Legal basis for data processing
If the user’s consent has been obtained, the legal basis for the processing of personal data by the HubSpot service is Art. 6 para. 1 p. 1 point a of the GDPR. The use of the service for the purpose of emailing, blogging and social media posting is otherwise based on our legitimate interest in accordance with Art. 6 para. 1 p. 1 point f of the GDPR.

3. Purpose of data processing
The purpose of using the service for analysis is to be able to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user.

The data collected via the HubSpot service is used for mailing lists, blogs and social media postings, making customer care easier and clearer.
The purposes described above are also in our legitimate interests in the processing of personal data under Art. 6 para. 1 p. 1 point f of the GDPR and the analogous provisions in accordance with the applicable data protection law.

4. Storage duration, right to object and right of elimination
We use data that has been acquired by means of the HubSpot service for the above-mentioned purposes only, and do not disclose such data to third parties. To this purpose, we have also entered into a data processing contract with HubSpot Inc.

You can prevent the acquisition of data by HubSpot by making the appropriate browser settings to forbid cookies from being stored. Instructions can be found on http://www.meine-cookies.org/cookies_verwalten/index.html
If you would like to prevent your data from being used for marketing purposes, you can unsubscribe by clicking on http://www.youronlinechoices.eu/

Further information on data processing by HubSpot and the HubSpot data protection conditions can be found athttps://legal.hubspot.com/legal-stuffhttps://legal.hubspot.com/privacy-policy, and  https://legal.hubspot.com/website-terms-of-use.

XV. USE OF CLOUDFLARE

1. Description and extent of data processing
We use the CDN Cloudflare (Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA), to increase the speed and security of our website. This is done through a Content Delivery Network (CDN) which creates copies of our websites and distributes them on Cloudware’s servers. Using a load balancing system, a large part of our website is then made available to the visitor from the server that, on the basis of workload and proximity to the visitor, is able to do so the fastest.

Cloudflare also offers various security services such as DDoS protection or the web application firewall.

In order to implement Cloudflare’s CDN services, the following data concerning you is processed:

  • Data of the retrieved web page
  • The browser type used
  • The operating system,
  • The referrer URL,
  • The IP address
  • The requesting provider

2. Legal basis for data processing
The legal basis for the processing of data once you have given your consent is Art. 6 para. 1 sentence 1 point a of the GDPR. Consent is voluntarily given. We would like to point out, however, that if it is not given, the performance of our website may be impaired for you.

3. Purpose of data processing
We need to use CDN Cloudflare to provide you with the best and fastest possible service on our website (e.g. by reducing loading times) and moreover to make our website more secure and protect it from attacks.

4. Storage duration, right to object and right of elimination
Data is stored for as long as it is needed for the purpose for which it was collected – as a rule up to 7 days. You have the option of objecting to the use by changing your browser settings.

5. Forwarding of Personal Data
Cloudflare also processes your personal data in the USA. With your consent to the integration of the functions, you also consent to the processing of your data in the USA pursuant to Art. 49 para. 1 sentence 1 point a of the GDPR. We would like to point out that the European Court of Justice regards the US as a country with a level of data protection that is insufficient by EU standards. In view of this fact, no other suitable data protection safeguards exist. There is therefore a risk of your data being processed by U.S. authorities for control and monitoring purposes, possibly without the possibility of legal recourse. If you do not want this to happen, click Refuse.

XVI. USE OF GOOGLE RECAPTCHA

1. Description and extent of data processing
This website uses Google reCAPTCHA, provided by Google Ireland Limited (Google). Google reCAPTCHA is used to determine whether data entry on this website (e.g., in a contact form) is effected by a human or an automated program.

To do this, the following data concerning you is processed:

  • IP address of the visitor to the website
  • Date
  • A complete screenshot of the browser window
  • Referrer URL (the address of the page from which the visitor has come)
  • Browser plugins
  • Information on the operating system (Windows, Linux, iOS)
  • Cookies such as other Google cookies from the last 6 months and NID cookies which are capable of creating user profiles
  • Settings on the user’s device (e.g. language settings, location, browser, etc.)

These details are added together and ‘captchas’ used to determine the probability of your being a human being. This analysis begins automatically when the visitor to the website accesses the website.

2. Legal basis for data processing
The legal basis for the processing of data once you have given your consent is Art. 6 para. 1 sentence 1 point a of the GDPR. Consent is voluntarily given. We would like to point out, however, that if it is not given, the use of some services on our website (e.g. the contact form) can either not be provided at all, or provision will be restricted.

3. Purpose of data processing
We need to use Google reCAPTCHA to prevent machines, computer programs or malicious software from interacting on our website (e.g. via the contact form).

4. Storage duration, right to object and right of elimination
Data is stored for as long as it is needed for the purpose for which it was collected. You have the option of objecting to the use by changing your browser settings.

5. Forwarding of personal data
Google also processes your personal data in the USA. With your consent to the integration of the functions, you also consent to the processing of your data in the USA pursuant to Art. 49 para. 1 sentence 1 point a of the GDPR. We would like to point out that the European Court of Justice regards the US as a country with a level of data protection that is insufficient by EU standards. In view of this fact, no other suitable data protection safeguards exist. There is therefore a risk of your data being processed by U.S. authorities for control and monitoring purposes, possibly without the possibility of legal recourse. If you do not want this to happen, click Refuse.

XVII. RIGHTS OF DATA SUBJECT

If personal data concerning you is processed, you are the data subject as defined in the GDPR, and have the following rights against the data controller:

1. Right to be informed
You can ask the controller to provide you with confirmation as to whether or not personal data concerning you is processed by us.

If such processing is being undertaken, you can ask the controller to provide you with information concerning the following:

(1) The purposes for which the personal data is processed;

(2) The personal data categories which are processed;

(3) The recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;

(4) The planned storage duration of the personal data concerning you or, if it is not possible to provide concrete information on this point, criteria for defining the storage duration;

(5) The existence of a right to correct or delete the personal data concerning you, a right to limit processing by the controller, or a right to object to such processing;

(6) The existence of a right to lodge a complaint with a supervisory authority;

(7) All available information concerning the origin of the data, if the personal data was not acquired from the data subject him or herself;

(8) The existence of automated decision-making and profiling in accordance with Art. 22 para. 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic involved and the implications and intended impact of such processing for the data subject.
You have the right to request information on whether or not the personal data concerning you is transmitted to a third country or international organisation. In this context, you may ask for information on appropriate guarantees in accordance with Art. 46 of the GDPR relating to the transmission of data.

2. Right to rectification and completion
You have a right to have the controller correct or complete any personal data concerning you which, having been processed, is either incorrect or incomplete. The data controller must carry out any corrections without undue delay.

3. Right to restrict processing
Subject to the following conditions, you can request that processing of the personal data concerning you be restricted:

(1) If you dispute the accuracy of the personal data concerning you for a period which allows the controller to check the accuracy of the personal data;

(2) The processing is unlawful and you refuse deletion of the personal data, instead requesting that use of the personal data be restricted;

(3) The controller no longer needs the personal data for processing purposes, but you need it in order to establish, exercise or defend legal claims, or

(4) If you have filed an objection to the processing of the data in accordance with Art. 21 para. 1 of the GDPR, and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

If the processing of the personal data concerning you has been restricted, then, storage aside, this data may only be processed with your consent (insofar as legally required), or to establish, exercise or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of substantial public interest on the basis of Union or Member State law.

If the processing has been restricted under the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.

4. Right to deletion

a) Obligation to delete
You can ask the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete this data without delay if one of the following reasons applies:

(1) The personal data concerning you is no longer needed for the purposes for which it was collected or otherwise processed.

(2) You revoke your consent, which served as the basis for processing in accordance with Art. 6 para. 1 p. 1 point a or Art. 9 para. 2 point a of the GDPR, and there is no other legal basis for the processing.

(3) You file an objection to processing in accordance with Art. 21 para. 1 of the GDPR, and there are no overriding legitimate reasons for the processing, or you file an objection to processing in accordance with Art. 21 para. 2 of the GDPR.

(4) The personal data concerning you has been unlawfully processed.

(5) Deletion of the personal data concerning you is necessary in order to ensure compliance with a legal obligation under Union or Member State law to which the data controller is subject.

(6) The personal data concerning you has been acquired in relation to the offer of information society services in accordance with Art. 8 para. 1 of the GDPR.

b) Information to third parties
If the controller has made the personal data concerning you public, and is obliged to delete such data in accordance with Art. 17 para. 1 of the GDPR, then, taking into account the technologies available and implementation costs, he – the controller – applies appropriate measures, which may also be of a technical nature, to inform the people responsible for processing personal data that, as the data subject, you have requested that they should delete all links to this personal data as well as all copies or replications of this personal data.

c) Exceptions
The data subject does not have the right to have his or her data deleted if processing is necessary

(1) to exercise the rights to freedom of expression and freedom of information;

(2) to comply with a legal obligation calling for processing on the basis of Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 points h and i and Art. 9 para. 3 of the GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 of the GDPR, insofar as the right set out in section a) is likely to render impossible or seriously impair the achievement of the purposes of this processing, or

(5) to establish, exercise or defend legal claims.

5. Right to information
If you have exercised your right to have the controller correct, delete or restrict the processing of your data, then the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of such correction or deletion of the data or restriction of the processing, unless it proves impossible to do so or would involve unreasonable expense and effort.

You are entitled to have the controller inform you of these recipients.

6. Right to data portability
You have the right to receive the personal data concerning yourself with which you have provided the controller in a structured, commonly used and machine-readable format. Further, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, providing that

(1) the processing is based on consent in accordance with Art. 6 para. 1 p. 1 point a of the GDPR or Art. 9 para. 2 point a of the GDPR or on a contract in accordance with Art. 6 para. 1 p. 1 point b of the GDPR, and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing of personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 para. 1 p. 1 point e or f of the GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.

If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling, insofar as it is related to such direct marketing.
Should you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

In the context of the use of information society services – notwithstanding Directive 2002/58/EG – you are entitled to exercise your right to object by automated means using technical specifications.

8. Right to withdraw declaration of consent under data protection law
You have the right to withdraw your declaration of consent to the processing of personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.

9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects that concern you or significantly affects you in a similar way. This shall not apply if the decision
(1) is necessary for entering into or the performance of a contract between you and the data controller,
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is made with your explicit consent.

These decisions must not, however, be based on special categories of personal data referred to in Art. 9 para. 1 of the GDPR, unless Art. 9 para. 2 point a or g applies, and suitable measures have been undertaken to safeguard your rights and freedoms and your legitimate interests.

With regard to the cases described in points (1) and (3), data controller will implement suitable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy in accordance with Art. 78 of the GDPR.