Privacy Policy

Data Privacy Statement

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. In addition, we provide an overview of processing situations outside of this website. This applies in particular to the handling of data from applicants, suppliers, business partners and interested parties.

Personal data includes all data that can personally identify you. Detailed information on the topic of data protection can be found in our privacy policy listed below this text.

 

Data collection via this website

Who is responsible for data collection via this website?

The website operator processes the data via this website. You can find their contact details in the ‘Data Controller’s information’ section of this privacy policy.

 

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit our website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you land on this website.

 

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyse your user behaviour.

 

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data, free of charge, at any time. You also have the right to request correction or deletion of this data. If you have given your consent to the processing of your data, you may withdraw this consent at any point in time thereafter. You also have the right to request the restriction of the processing of your personal data under certain circumstances, as well as the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time if you have any further questions about data privacy.

 

Analysis tools and tools from third-party providers

When you visit this website, your surfing behaviour may be statistically evaluated. This is primarily done using so-called analysis programmes.

Detailed information on these analysis programmes can be found in the following privacy policy.

2. General notes and mandatory information

Privacy policy

The operators of this website take the protection of your personal data very seriously. We treat your personal data with the strictest confidentiality, in accordance with statutory data protection regulations and the provisions of this privacy policy.

A variety of personal data is collected when you use this website. Personal data is any data that could be used to personally identify you. This privacy policy explains the types of data we collect and what we use it for. It also explains the manner and the reasons for which we collect and use your personal data.

We would like to point out that transmission of data over the Internet (e.g. in email communications) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

 

Information on the controller

The controller responsible for data processing on this website is
EXAMION GmbH
Erich-Herion-Str. 37
70736 Fellbach
Telephone: 0711 120002 - 0
E-mail: vertrieb@examion.com

The controller is any natural person or corporate entity who alone or jointly with others determines the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

 

Storage period

Unless a more specific storage period has been specified in this privacy policy, your personal data will be stored with us until the purpose of the data processing ceases to apply. If you make a justified request to delete or withdraw your consent to the processing of your data, your data will be deleted unless we have other legally valid reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, your data will be deleted when these reasons no longer apply.

 

General information on the legal basis for data processing on this website

If you have given your consent to having your data processed, we ensure that your personal data is processed based on Art. 6 para. 1 lit. a of the GDPR or Art. 9 para. 2 lit. a of the GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 of the GDPR. Where express consent is given to the transfer of personal data to third countries, the data will be processed based on Art. 49 para. 1 lit. a of the GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), this data processing is also carried out based on Section 25 (1) of the GDPR. Consent can be revoked at any time. If your data is required for the fulfilment of a contract or to implement pre-contractual measures, we process your data based on Art. 6 para. 1 lit. b of the GDPR. Furthermore, we process your data when this is necessary to fulfil a legal obligation based on Art. 6 para. 1 lit. c of the GDPR. Data processing may also be carried out based on our legitimate interest in accordance with Art. 6 para. 1 lit. f of the GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

 

Data protection controller

We have appointed a data protection controller.
EXAMION GmbH
Erich-Herion-Str. 37
70736 Fellbach
Telephone: 0711 120002 - 0
E-mail: datenschutz@examion.com

 

Recipients of personal data

As part of our business activities, we work together with various external bodies. In some cases, it is also necessary to transfer personal data to these external organisations. We only pass on personal data to external bodies when this is necessary for the fulfilment of a contract; when we are legally obliged to do so (e.g. passing on data to tax authorities); when we have a legitimate interest in the transfer in accordance with Art. 6 para. 1 lit. f of the GDPR, or if there is another legal basis permitting the transfer of data. When using data processors, we may only pass on our customers' personal data based on a valid contract for the processing of an order. In the case of joint processing, a Joint Controller Data Processing Agreement shall be concluded.

 

Withdrawal of your consent to data processing

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out up until revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

If the data processing is based on Art. 6 para. 1 lit. e or f of the GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. if you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves in the establishment, exercise or defence of legal claims (objection pursuant to Art. 21 para. 1 of the GDPR).

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of this kind of marketing; this also applies to profiling insofar as it is related to this kind of direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 para. 2 GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

 

Right to data portability

You have the right to have data that we process automatically based on your consent or in fulfilment of a contract given to you or to any third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

 

Information, correction and deletion

Within the framework of the applicable legal provisions, you have the right at any time to request information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, the right to have the personal data corrected or deleted. You may contact us at any time if you have any questions regarding matters pertaining to personal data.

 

Right to restriction of processing

You have the right to request that the processing of your personal data be restricted. You may contact us at any time to do this. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of the personal data stored by us, we generally need time to verify this. You have the right to request that the processing of your personal data be restricted whilst the investigation is in progress. If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of erasure.

If we no longer require your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of processing of your personal data instead of its erasure.

If you have lodged an objection in accordance with Art. 21 para. 1 of the GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests should prevail, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data is restricted, the data in question (with the exception of the storage thereof) may only be processed with your consent; or for the establishment, exercise or defence of legal claims; or for the protection of the rights of another natural or legal person; or for reasons of substantial public interest of the European Union or a Member State.

 

SSL and TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us in our capacity as site operator. You can identify an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

Objection to advertising emails

We hereby express our objections to the use of published contact information (which forms part of our legal obligations) for the purpose of sending unsolicited advertising or informative material. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited forwarding of advertising material such as spam e-mails.

3. Data collection on this website

Cookies

Our Internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f of the GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a of the GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this privacy policy.

 

Consent with Cookiebot

Our website uses Cookiebot's consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as "Cookiebot").

When you enter our website, a connection is established to Cookiebot's servers in order to obtain your consent and other declarations regarding cookie use. Cookiebot then stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

 

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that the personal data of our website visitors is processed exclusively in accordance with our instructions and in compliance with the GDPR Server log files.

The webpage provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server query
  • IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f of the GDPR. The website operator has a legitimate interest in the error-free technical presentation and optimisation of its website and the server log files must be recorded for this purpose.

 

Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures this data is processed on the basis of Art. 6 para. 1 lit. b of the GDPR. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f of the GDPR) or on your consent (Art. 6 para. 1 lit. a of the GDPR) if this has been requested; consent can be revoked at any time.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer applies (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

 

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry, including all personal data (name, nature of enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b of the GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f of the GDPR) or on your consent (Art. 6 para. 1 lit. a of the GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you ask us to delete it, withdraw your consent to storage or when purpose of data storage ceases to apply (e.g. after your request has been processed). Mandatory statutory provisions, and statutory retention periods in particular, remain unaffected.

4. Analysis tools and advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools that it integrates. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f of the GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a consent has been requested for this, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a of the GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

The company Is certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. All companies certified under the DPF undertake to comply with these data protection standards. Further information regarding this matter can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

 

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user’s end device. It is not assigned to a user ID.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the recorded data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent may be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

 

IP anonymisation

Google Analytics IP anonymisation is activated. As a result, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

 

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on how Google Analytics handles user data in Googl’'s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

 

Order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

 

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms (keyword targeting). Furthermore, targeted adverts may be displayed based on the user data available to Google (such as location information or interests) (target group targeting). As the website operator, we can analyse this data quantitatively to determine, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a of the GDPR and § 25 para. 1 TTDSG. Consent may be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: policies.google.com/privacy/frameworks and privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

 

Google Conversion-Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, we (and Google) can determine whether the user has carried out certain actions. For example, we can analyse which buttons on our website were clicked, how often, and which products were viewed or purchased most frequently. This information is used to create conversion statistics. We can determine the total number of users who have clicked on our advertisments and what actions they have taken. We do not have access to any information which could be used to personally identify individual users. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a of the GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

You can find more information about Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

 

Meta pixel

This website uses the Facebook/Meta visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy(https://de-de.facebook.com/about/privacy/). This allows Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https: //www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information on protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function “Custom Audiences” in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

 

LinkedIn Ads

We use LinkedIn Ads for advertising. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is carried out on the basis of consent. Data subjects can withdraw their consent at any time, e.g. by contacting us using the contact details provided in our privacy policy.The revocation does not affect the legality of the processing until the revocation.

We delete the data when the purpose for which it was collected no longer applies.Further information can be found in the provider's privacy policy at https://www.linkedin.com/legal/privacy-policy?

 

LinkedIn Insight Tag

We use LinkedIn Insight Tag for conversion tracking. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU.

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is carried out on the basis of consent. Data subjects can withdraw their consent at any time, e.g. by contacting us using the contact details provided in our privacy policy.

The revocation does not affect the legality of the processing until the revocation.

The data will be deleted if the purpose of its collection no longer applies and there is no obligation to retain it.Further information can be found in the provider's privacy policy at https://www.linkedin.com/legal/privacy-policy?

5. Newsletters and direct mail advertising communications that are independent of visits to this website

Newsletter

If you would like to receive a newsletter offered by us, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The information entered in the newsletter registration form is processed exclusively after you have given your consent (Art. 6 para. 1 lit. a of the GDPR). You may withdraw your consent to the storage of the information, the e-mail address and its use for the purpose of sending newsletters at any time, for example via the ’unsubscribe‘ link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.

The data you provide us with in order to subscribe to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter. It will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or if the purpose no longer applies. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 para. 1 lit. f of the GDPR.

Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address may be retained by us or the newsletter service provider in an deleted address list if this is necessary to prevent future mailings. The data from the deleted address list will be used exclusively for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending out newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f of the GDPR). Listings in the deleted address list are not time-restricted. You may object to retention if you consider that your interests outweigh our legitimate interest.

Newsletters to existing customers

If you order goods or services from us and enter your email address, this email address may subsequently be used by us to send you newsletters, given that we have given you advance warning of this possibility. In this case, only direct advertising for our own goods or services of a similar nature will be contained in the newsletter. You may cancel the newsletter at any time. A respective link to unsubscribe is included in all newsletters to do this. In this case, the legal basis for sending the newsletter is Art. 6 para. 1 lit. f of the GDPR in conjunction with Section 7 para. 3 UWG.

After you unsubscribe from the newsletter distribution list, we may store your e-mail address in a blacklist to prevent future mailings to you. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f of the GDPR). Storage in the blacklist is not limited in time. You can object to the storage when your interests outweigh our legitimate interest.

 

Direct mail advertising

We may use your address to send direct mail advertising in compliance with all legal provisions.

The legal basis for this is our legitimate interest in direct mail advertising in accordance with Art. 6 para. 1 lit. f in conjunction with recital 47 of the GDPR. Wherethe corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a of the GDPR and consent may be withdrawn at any time. More specific regulations may be communicated to you during data collection which might take precedence over this regulation.

Your address will be retained by us until the purpose of data processing no longer applies. If you make a duly justified request for deletion or withdraw your consent to direct mail advertising, your data will be deleted unless we have other legitimate reasons for storing your personal data (e.g. retention periods under tax or commercial law) and in the latter case, deletion will take place once these reasons no longer apply.

We would like to point out that in exceptional cases, advertising material may still be sent temporarily even after we have received your objection. This is due to the technical lead time required for the selection process and does not mean that we have not implemented your objection.

Note on deletion: If you object to advertising, we will assume that you do not wish to receive any further advertising from us and will therefore place your contact on an advertising blacklist. This data will then be used exclusively for matching with our future advertising files. If we delete your data completely from our database, we cannot guarantee that your address will not be added to it again. It cannot be ruled out that you may receive advertising again in the event of a future - then legally permissible - use of third-party data. Whether the data will be deleted or added to the advertising blacklist depends on the content of your declaration to us.

6. Own services

Handling of applicant data

We offer you the opportunity to apply to us (e.g. by e-mail, post or online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that your data will be collected, processed and used in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in the strictest confidence.

 

Scope and purpose of data collection

If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b of the GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a of the GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b of the GDPR for the purpose of implementing the employment relationship.

 

Data retention period

If we are unable to make you a job offer, or if you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted based on our legitimate interests (Art. 6 para. 1 lit. f of the GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention specifically serves as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for which further storage is required no longer applies.

Data may be stored for longer if you have given your consent (Art. 6 para. 1 lit. a of the GDPR) or if statutory retention obligations prevent deletion.

 

Inclusion in the applicant pool

If we do not make you a job offer, you may have the opportunity to join our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

Inclusion in the applicant pool takes place exclusively on the basis of your express consent (Art. 6 para. 1 lit. a of the GDPR). Giving consent is voluntary and is not related to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent was granted.

7. Data protection information for our business partners (customers, suppliers, service providers, interested parties, etc.)

Data categories and the purposes of processing

We process the personal data of our service providers and partners received directly by us as part of our business relationship. If we have received data from you, it is processed exclusively for the purposes for which we received or collected it.

As a general rule, we may process the following categories of data received from you:

  • Surname, first name
  • Address and/or company address
  • Telephone contact data
  • E-mail address
  • Company name
  • Professional function and/or position
  • Bank details/credit card number/other payment details
  • Data regarding the history of the business relationship or other data relevant to the business relationship

As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts initiated by you or by one of our employees, further personal data is generated, e.g. information about the contact channel, date, occasion and result; (electronic) copies of correspondence.

On the other hand, we also process personal data that we have legitimately obtained from publicly accessible sources (e.g. commercial and association registers, press, media, Internet), whichwe are authorised to process.

Data processing for other purposes is only undertaken if the necessary legal requirements in accordance with Art. 6 para. 4 of the GDPR are met. In this case, we will of course comply with any notification obligations pursuant to Art. 13 para. 3 of the GDPR and Art. 14 para. 4 of the GDPR.

 

Legal bases on which we process your data:

As a rule, we process the data of our business partners in the course of the initiation and execution of contractual relationships on the legal basis of Art. 6 para. 1 lit. b of the GDPR. Furthermore, we are obliged to comply with statutory data retention periods for which your data is stored on the basis of Art. 6 para. lit. c GDPR.

In certain cases, processing may also take place on the basis of Art. 6 para. 1 lit. f of the GDPR, insofar as we are able to establish legitimate interests in individual cases based on the respective circumstances.

 

Recipients of your data

Disclosure to processors within the scope of Art. 28 of the GDPR

Your data will be passed on to data processors employed by us (Art. 28 of the GDPR), in particular in the area of IT services and, for example, printing services, who process your data for us in accordance with our instructions. If we commission service providers to fulfil our tasks, we always observe the data protection regulations; in particular, data is only passed on after contracts for order processing have been concluded. We will be happy to provide you with information regarding the data processors we use.

Fulfilment of contractual relationships

We pass on your personal information, for example, to our bank for the processing of payments or to shipping service providers such as Deutsche Post, DHL, UPS, DPD or other service providers as the case may be, where this is necessary for fulfilment of the contract with you.

Disclosure due to legal obligation

If there is a legal or official obligation, we will pass on your data to public bodies or institutions (authorities, for example in the context of criminal prosecution).

Other bodies, insofar as you have given us your consent

If you have given your explicit consent, we will also pass on your data to other bodies. However, this takes place within the limits of your verifiable consent.

 

Information regarding deletion periods for personal data

Principle of purpose limitation and compliance with statutory retention periods

We process the data for as long as this is necessary for the respective purpose. If necessary, we may process your personal data for as our business relationship remains active, which also includes the initiation and fulfilment of a contract.

In addition, like any company, we are obliged to comply with the statutory retention periods, for example the periods set out under commercial and tax law. Insofar as statutory retention obligations exist, the relevant personal data is stored for the duration of obligation. The storage period is also based on the statutory limitation periods, which, for example, in accordance with Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases may be up to thirty years. After the retention period has expired, a check is carried out to determine whether there is a continued need for processing. If it is no longer necessary, the data is deleted.

As a rule, such retention periods in the context of legal transactions (according to §147 AO/§257 HGB/§14b UStG) are 10 years, beginning with the year following the legal transaction.

Specific example

For example, if you provide us with your contact details by e-mail, telephone or by handing over your business card, we store this data on the basis of Art. 6 para. 1 lit. b of the GDPR regarding pre-contractual measures and in the legitimate interest (Art. 6 para. 1 lit. f of the GDPR) of unimpeded and targeted communication. If no legal transaction is concluded, we will delete your data if you so request it or if no further contact takes place within a period of three years. If you enter into a legal transaction with us (Art. 6 para. 1 lit. b of the GDPR), we will store your data for a period of ten years, until the expiry of the period required under commercial and tax law. At the end of this period, we will review the information and decide whether we can delete the data and then proceed with deletion as appropriate.

E-mails and business letters

We generally archive all our e-mail correspondence for ten years. If you send us an e-mail, your data and the entire content of the e-mail will be stored for 10 years. Most emails count as business letters, and emails can also contain information relevant to tax law. In our opinion, the effort involved in checking every single e-mail in this respect is disproportionate to the benefit and the sender's legitimate interests. You may of course ask us to delete your emails at any time and we will accordingly carry out a case-by-case review and notify you of the outcome. This may lead to erasure or restriction of processing, depending on the content of the correspondence.

Transfer to a third country

Your personal data is usually processed by us in data centres in the Federal Republic of Germany or the European Union. Transfers to third countries may only take place if you have given us your consent or if we have concluded a contract for order processing in accordance with Art. 28 of the GDPR, in the light of suitable guarantees.