Data protection
Datenschutzhinweise Geschäftspartner
Datenschutz für Websitebesucher
1 Privacy at a Glance
1.1 General Information
We are pleased about your interest in our website. Protecting your personal data during your visit to our homepage is of particular importance to the management of Circlon | group. The following information provides you with an overview of how we process your personal data and your rights under data protection law. Personal data includes all data that can be related to you personally, e.g., name, address, email addresses, user behavior.
If a person concerned wishes to make use of special services of our company via our website, such as our contact form, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned. The processing is always carried out in accordance with the EU General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Circlon | group.
As the data controller, Circlon | group has implemented technical and organizational measures to ensure the most comprehensive protection possible for the personal data processed via this website against loss, destruction, access, modification, or dissemination by unauthorized persons. This also includes SSL or TLS encryption for security purposes and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the change in the browser's address line from "http://" to "https://" and by the lock symbol in your browser's address bar. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
However, absolute protection cannot be guaranteed due to fundamental security vulnerabilities in internet-based data transmissions.
1.2 Controller for Data Processing
The controller pursuant to Article 4(7) GDPR and the applicable country-specific data protection regulations is:
Circlon | group
Ettore-Bugatti-Straße 35 | D-51149 D-Köln
Tel. +49 2203 18880 | marketing(at)circlon.de
For general questions regarding data protection at Circlon | group, please contact dso-team(at)circlon.de.
Our data protection officer can be reached by mail at the above address with the addition - Data Protection Officer - or by email at: dso(at)circlon.de.
The receipt of emails may be disrupted in exceptional cases due to technical or operational reasons. Please ensure that time-sensitive messages are also sent by post or fax. Please note that communication via email is fundamentally insecure, as third parties may have the opportunity to access and manipulate it. Confidential data should never be transmitted via unencrypted email.
1.3 How do we collect your data?
Your data is collected when you provide it to us. This may include data that you enter into a contact form.
Other data is automatically collected or after your consent when visiting the website by our IT systems. This mainly includes technical data (e.g., internet browser, operating system, or time of page access). This data is automatically collected as soon as you enter this website.
1.4 What do we use your data for?
Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyze your user behavior.
1.5 Who receives my data?
Unless otherwise stated in the detailed descriptions of the services, within our company, only those departments that need your data to fulfill our contractual and legal obligations or to implement our legitimate interests will have access to your data.
We will only share information about you outside the company if legal or regulatory reporting obligations allow or require this, the disclosure is necessary for the processing and thus the fulfillment of the contract, or, at your request, for the implementation of pre-contractual measures, if we have your consent, if we have a legitimate interest under Art. 6(1)(f) GDPR in the disclosure, or if we are authorized to provide information.
If we rely on contracted service providers for certain features of our offering, they have been carefully selected and contracted by us, are bound by our instructions, and are regularly monitored. Your personal data will be processed on the basis of commissioned data processing contracts under Art. 28 GDPR, and we ensure that the processing of personal data complies with the provisions of the GDPR. The categories of recipients in this case are our service providers for website hosting, website management, live chat, and online marketing.
1.6 General Information on the Legal Basis of Data Processing on this Website
If you have consented to the processing of your data, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, if special categories of data under Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to access information on your terminal device (e.g., via device fingerprinting), data processing is additionally based on Section 25(1) TDDG. The consent is revocable at any time, with effect for the future. If your data is necessary for the fulfillment of the contract or for the implementation of pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation based on Art. 6(1)(c) GDPR. The data processing can also be based on our legitimate interest according to Art. 6(1)(f) GDPR. The legal bases applicable in each case are specified in the following paragraphs of this privacy notice.
1.7 Storage Duration
Unless a specific storage period has been mentioned within this data protection information, your personal data will remain with us until the purpose for the data processing no longer applies. If you submit a legitimate deletion request or revoke your consent to data processing, your data will be deleted, provided we do not have any other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
2 Your Rights
2.1 Right to Information, Correction, and Deletion
You have the right, within the framework of applicable legal regulations, to free information about your stored personal data, its origin and recipients, and the purpose of data processing, as well as a right to correct or delete this data. For this purpose and for further questions regarding personal data, you can contact us at any time.
2.2 Right to Restrict Processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restrict processing applies in the following cases:
• If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data was/ is unlawful, you can request the restriction of data processing instead of deletion.
• If we no longer need your personal data, but you need it for the assertion, exercise, or defense of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
• If you have filed an objection under Art. 21(1) GDPR, a balancing of your and our interests must be made. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.
2.3 Right to Data Portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done as far as it is technically feasible.
2.4 Right to Object to Data Collection in Specific Cases and to Direct Advertising (Art. 21 GDPR)
WHEN DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION NOTICE. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR PROCESSING IS FOR THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING AT ANY TIME; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).
2.5 Withdrawal of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You can withdraw any consent you have already given at any time. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.
2.6 Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of a breach of the GDPR, data subjects have a right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work, or the place of the alleged breach. This right to lodge a complaint is without prejudice to other administrative or judicial remedies.
For North Rhine-Westphalia, this is the State Commissioner for Data Protection and Freedom of Information, Kavalleriestr. 2-4, 40213 Düsseldorf.
3 Data Collection on Our Website
3.1 External Hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.
The use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, efficient, and reliable provision of our online offer by a professional provider (Art. 6(1)(f) GDPR).
Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions regarding this data. In order to ensure data protection-compliant processing, we have concluded a data processing agreement with our hoster.
3.2 Use of Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address
The legal basis for the temporary storage of data and log files is based on Art. 6(1)(f) GDPR. As a website operator, we have a legitimate interest in ensuring a smooth connection setup of the website, a technically error-free presentation and optimization of our website, as well as analysis for system security and stability. For this purpose, we use server log files. The provider reserves the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence.
The data is stored for a maximum of 7 days and is overwritten through a log rotation procedure after this time.
3.3 Use of Cookies
Our internet pages use so-called "cookies." Cookies are small and do no harm to your terminal device. They are either temporarily stored for the duration of a session (session cookies) or permanently stored (persistent cookies) on your terminal device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies can be set by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).
Cookies have different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to analyze user behavior or display advertising.
Cookies required to carry out the electronic communication process, provide certain functions requested by you (e.g., for the shopping cart function), or optimize the website (e.g., cookies for measuring the web audience) are stored based on Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for technically error-free and optimized provision of its services. Where consent for the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively based on this consent (Art. 6(1)(a) GDPR and § 25(1) TDDG); consent may be revoked at any time with future effect.
You can set your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. The functionality of this website may be limited if cookies are deactivated.
If cookies from third-party companies or for analysis purposes are used, we will inform you about this separately in this data protection declaration and, if necessary, request your consent.
3.3.1 Cookie Consent Management Tool "Usercentrics"
This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or the use of certain technologies and to document them in a data protection-compliant manner. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").
When you enter our website, the following personal data is transmitted to Usercentrics:
• Your consent(s) or revocation of your consent(s)
• Your IP address
• Information about your browser
• Information about your terminal device
• Time of your visit to the website
• Geolocation
Usercentrics also stores a cookie in your browser to be able to assign the consent given or its revocation. The data collected in this way is stored until you ask us to delete it, delete the Usercentrics cookie yourself, or the purpose for the data storage no longer applies. Mandatory legal retention periods remain unaffected.
The use of Usercentrics is carried out to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6(1)(c) GDPR.
We have entered into a data processing agreement (DPA) with the provider mentioned above. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.
3.4 Contact Form
If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact details you provide, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6(1)(f) GDPR).
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after the inquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
3.5 Inquiry by Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6(1)(f) GDPR).
The data sent to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions – especially legal retention periods – remain unaffected.
3.6 Handling Applicant Data
We offer you the opportunity to apply to us (e.g., by email). In the following, we will inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data will be carried out in accordance with applicable data protection laws and all other legal provisions and that your data will be treated confidentially.
3.6.1 Scope and Purpose of Data Collection
If you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, etc.) to the extent necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG (German Data Protection Act) under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation), and – if you have given your consent – Art. 6(1)(a) GDPR. The consent is revocable at any time with future effect. Your personal data will only be passed on within our company to persons involved in processing your application.
If the application is successful, the data you have submitted will be stored based on § 26 BDSG and Art. 6(1)(b) GDPR for the purpose of carrying out the employment relationship in our data processing systems.
3.6.2 Retention Period of Data
If we are unable to make you a job offer, you reject a job offer, or you withdraw your application, we reserve the right to retain the data you have submitted based on our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted, and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is foreseeable that the data will be required after the 6-month period (e.g., due to a pending or imminent legal dispute), deletion will only take place once the purpose for the further retention no longer applies.
Longer retention may also take place if you have given your consent (Art. 6(1)(a) GDPR) or if legal retention obligations prevent deletion. The consent is revocable at any time with future effect.
3.7 Circlon Innovation Day 2024
If you wish to register for the "Circlon Innovation Day 2024" via the online registration form on our website, we require your email address, as well as other information that allows us to verify that you are the owner of the provided email address and agree to the invitation. We use the service provider rapidmail GmbH for registration, verification, and management of the registrations. The provided data will be used for planning and preparing the "Circlon Innovation Day 2024".
Furthermore, we provide the participating partner companies at the Circlon Innovation Day 2024 (see "Well-Known Participants" on the event registration website) with your registration data (name, first name, company, title, and email address) for the purpose of providing proof of service.
The data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time, with effect for the future. The legality of the data processing carried out until the revocation remains unaffected.
4 Analytics Tools and Advertising
When you visit this website, your surfing behavior may be statistically analyzed. This happens primarily with so-called analysis programs. Detailed information about these analysis programs can be found in the following section.
4.1 Google Tag Manager
We use Google Tag Manager. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").
Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform its own analyses. It only serves the management and display of the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.
The use of Google Tag Manager is based on Art. 6(1)(a) GDPR and § 25(1) TDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting). The consent is revocable at any time with future effect. Additionally, the website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
4.2 Google Analytics
This website uses Google Analytics for web analysis. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of visit, operating systems used, and the origin of the user. This data is summarized in a user ID and assigned to the respective device of the website visitor.
Furthermore, we can record your mouse and scroll movements and clicks with Google Analytics. Additionally, Google Analytics uses various modeling approaches to complement the collected data sets and employs machine-learning technologies for data analysis.
Google Analytics uses technologies that allow the user to be recognized for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to and stored on a server in the USA.
The use of this service is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TDDG. The consent is revocable at any time with future effect.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
IP Anonymization
The IP anonymization of Google Analytics is activated. As a result, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website use and internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser Plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Google Signals
We use Google Signals. When you visit our website, Google Analytics, among other things, captures your location, search history, and YouTube history, as well as demographic data (visitor data). This data may be used with the help of Google Signals for personalized advertising. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.
Contract Data Processing
We have entered into a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
5 Newsletter
If you would like to subscribe to the newsletter offered on the website, we require an email address from you, along with information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use newsletter service providers, which are described below, to manage and distribute newsletters.
5.1 Rapidmail
This website uses Rapidmail for sending newsletters. The provider is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg, Germany.
Rapidmail is a service that organizes and analyzes newsletter distribution. The data you enter for the purpose of subscribing to the newsletter will be stored on the servers of Rapidmail in Germany.
Emails sent through Rapidmail include a tracking pixel, which connects to the servers of Rapidmail upon opening the email. This makes it possible to determine whether a newsletter email was opened.
In addition, we can use Rapidmail to track which links in the newsletter were clicked. All links in the email are so-called tracking links, which allow your clicks to be counted. If you do not wish to be analyzed by Rapidmail, you will need to unsubscribe from the newsletter. A corresponding link is provided in each newsletter message for this purpose.
You can find more detailed information about the analysis functions of Rapidmail at the following link: https://de.rapidmail.wiki/kategorien/statistiken/.
The data processing is based on your consent (Art. 6(1)(a) GDPR). The consent is revocable at any time, with future effect. The legality of the data processing carried out until the withdrawal remains unaffected.
The data you provide to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after unsubscribing from the newsletter. Data stored for other purposes will remain unaffected.
After unsubscribing from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interests and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.
You can find more detailed information in Rapidmail's data security notices at: https://www.rapidmail.de/datensicherheit.
Contract Data Processing
We have entered into a data processing agreement (DPA) with the provider mentioned above. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.
5.2 Customer Advertising via Email
If you order goods or services from us and provide your email address during the process, we may use this email address to send you newsletters, provided we inform you in advance. In this case, the newsletter will only contain direct advertising for our own similar goods or services. You can unsubscribe from this newsletter at any time. A corresponding link is provided in each newsletter message for this purpose. The legal basis for sending the newsletter is Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG.
After unsubscribing from the newsletter distribution list, your email address will be stored by us in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interests and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.
6 Plugins and Tools
6.1 Adobe Fonts
This website uses web fonts from Adobe to ensure uniform representation of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When you visit this website, your browser loads the required fonts directly from Adobe to display them correctly on your device. In doing so, your browser establishes a connection to Adobe's servers in the USA. This allows Adobe to know that your IP address was used to access this website. According to Adobe, no cookies are stored when fonts are provided.
The data storage and analysis are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If consent was requested, the processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) under TDDG. The consent is revocable at any time with future effect.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.
Further information about Adobe Fonts can be found at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.
Adobe's privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/list.
6.2 tawk.to
We use tawk.to, inc., 187 E Warm Springs Rd, SB298, Las Vegas, Nevada 89119, USA (hereinafter "tawk.to") to process user inquiries through our support channels or live chat systems.
Messages you send to us may be stored in the tawk.to ticket system or answered in the live chat by our employees. Furthermore, with the help of tawk.to, we can determine, for example, from which region the requester comes and how long they have communicated with us.
The messages directed to us will remain with us until you ask us to delete them or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions – especially retention periods – remain unaffected.
The use of tawk.to is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the fastest, most reliable, and efficient processing of your inquiries. If consent was requested, the processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) under TDDG. The consent is revocable at any time with future effect.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details and further information can be found at: https://www.tawk.to/privacy-policy/ and https://www.tawk.to/data-protection/.
We have entered into a data processing agreement (DPA) with the provider mentioned above. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt00000008SblAAE&status=Active.
6.3 YouTube with Extended Data Protection
This website integrates videos from YouTube. This is a service provided by Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").
When you visit a page on this website that contains a YouTube video, a connection to YouTube's servers is established. The YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube in extended data protection mode. According to YouTube, videos played in extended data protection mode are not used to personalize browsing behavior on YouTube. Ads displayed in extended data protection mode are also not personalized. No cookies are set in extended data protection mode. Instead, so-called local storage elements are stored in the user's browser, which contain similar data to cookies and can be used for recognition. Details on extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.
Further data processing operations may be triggered after the activation of a YouTube video, over which we have no control.
The processing is based on Art. 6(1)(a) GDPR and § 25(1) TDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) under TDDG. The consent is revocable at any time with future effect. The website operator also has a legitimate interest in an appealing presentation of its online offerings.
For more information on data protection at YouTube, please refer to their privacy policy at: https://policies.google.com/privacy?hl=en.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
7 Our Social Media Presence
7.1 Purpose of Data Processing on Social Media Presences
We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.
The purpose of such social media presences is public relations, i.e., to offer our customers information about offers, products, competitions, and news, as well as interaction with our visitors on the various platforms on all these topics, including answering related inquiries. The purely informational visit to our social media platform is generally possible without the active provision or collection of personal data.
In addition, social media platforms offer the ability to leave a variety of content such as videos, images, public messages, and comments (posts) on our company profiles. In cases of illegal or inappropriate posts and content on our presence (this includes, but is not limited to, infringing or illegal posts, hate comments, suggestive comments (explicit sexual content), or attachments such as images or videos, and violations of copyright, personal rights, or criminal law), we are jointly responsible with the platform operator for their removal. In cases of direct communication with us (personal private message, letter, or email), the operator has no control.
Social media platforms can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g., like buttons or ad banners). By visiting our social media presences, various data protection-relevant processing operations may be triggered. This includes, for example:
• The entire infrastructure of the social media platforms is the responsibility of the respective operator. They maintain their own data protection policies and have their own user relationship with you if you act as a registered user.
• If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Your personal data may also be collected if you are not logged in or do not have an account with the social media portal. This data collection may be done via cookies stored on your device or through technical data collection in so-called log files or server protocol files such as your IP address.
• With the help of the collected data, social media platform operators can create user profiles that contain your preferences and interests. In this way, you may be shown interest-based advertising both inside and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising may be displayed on all devices you are logged into or have been logged into.
Please note that we cannot fully understand all processing activities on social media platforms. Depending on the provider, additional processing activities may be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection policies of the respective social media portals.
Where we are able to, we strive to make our social media offerings as privacy-friendly as possible.
7.1.1 Legal Basis
Our social media presences serve our public relations efforts and are intended to ensure as comprehensive an internet presence as possible. This is supplemented by our legitimate interest in responding to inquiries from our users and visitors and, therefore, maintaining and promoting customer satisfaction. This is a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
The analysis processes initiated by social networks may be based on different legal bases, which must be indicated by the operators of the social networks (e.g., consent within the meaning of Art. 6(1)(a) GDPR).
7.1.2 Controller and Exercise of Rights
When you visit one of our social media presences, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can exercise your rights (access, correction, deletion, restriction of processing, data portability, and complaint) both against us and the operator of the respective social media portal (e.g., against Facebook).
Please note that despite the joint responsibility with the social media platform operators, we do not have full control over the data processing activities of the social media platforms. Our options depend primarily on the corporate policy of the respective provider.
7.1.3 Retention Period
The data we directly collect via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory legal provisions – especially retention periods – remain unaffected.
We have no control over the retention period of your data, which is stored by the social media platform operators for their own purposes. For details, please refer directly to the data protection policies of the respective social media platforms (e.g., in their data protection notices, see below). Cookies stored on your device remain until you delete them.
Public posts by you on one of our social media presences generally remain in place indefinitely. Of course, you can delete the post yourself as long as this is possible. As mentioned above, we reserve the right to delete posts and content that is illegal or inappropriate on our presence.
We have no control over the deletion of your data or content by the social media platform operator. The data protection policies of the respective platform operators apply accordingly.
7.1.4 Individual Social Networks
• Facebook: We maintain a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter "Meta"). According to Meta, the collected data is also transferred to the USA and other third countries.
We have entered into an agreement with Meta regarding joint processing (Controller Addendum). This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your ad settings independently in your user account. Click the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For more details, please refer to Facebook's data protection notice: https://www.facebook.com/about/privacy/.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.
• Instagram: We maintain a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For more details, please refer to Instagram's data protection notice: https://privacycenter.instagram.com/policy/.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.
• For more details, please refer to Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.
• YouTube: We maintain a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
For more details, please refer to YouTube's privacy policy: https://policies.google.com/privacy?hl=en.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
• XING: We maintain a profile on XING. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
For more details, please refer to XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
• LinkedIn: We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For more details, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to adhering to these data protection standards. You can find more information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5448.
8 Changes to Our Privacy Policy
We reserve the right to update this privacy policy to reflect current legal requirements or to implement changes in our services, such as the introduction of new services. Your renewed visit will then be subject to the updated privacy policy.