Data Privacy Policy

Information about capturing personal data

(1)
Information about how we capture personal data when people use our website is given below. Personal data is defined as all data that refers to you personally, for instance, your name, address, e-mail addresses, user behaviour, IP address. 

(2)
The data controller under art. 4 (7) EU GDPR is:

Schulte - Elektrotechnik GmbH & Co. KG
Jüngerstr. 21
58515 Lüdenscheid
Germany

Tel.: + 49 (0) 2351 / 94 81-0

E-mail: info(at)schulte.com

Webseite: www.evoline.com

You can contact our data protection officer at: 

progressorg GmbH
Höveler Weg 2
58553 Halver
Germany

Tel: + 49 (0) 2353 9096 31
Fax: + 49 (0) 2353 9096 49

E-mail: datenschutz(at)progressorg.de

Website: www.progressorg.de

(3)
Should we contract service providers to furnish certain items/services in our portfolio, or wish to use your data for advertising purposes, we will tell you in detail below about the processes involved. We will also specify the criteria laid down for how long we store the data.

General points about data processing

(1)
We only ever capture and use our website visitors’ personal data if this data is required to provide a functional website, our content, and services. We capture and make use of our users’ personal data after users following their consent. An exception occurs when it proves impossible to obtain prior consent for practical reasons and/or when statutory regulations permit processing of such data. 

(2)
Under art. 6 (1) a of the GDPR we can obtain consent from the data subject to using their personal data for our own operational purposes. Under art. 6 (1) b of the GDPR we can process personal data required to execute a contract to which the data subject is party. Such stipulation also applies to processes required to implement pre-contractual measures. Art. 6 (1) c of the GDPR governs any processing of personal data necessary for compliance with a legal obligation to which our company is subject. Art. 6 (1) d of the GDPR allows processing of personal data required to protect the vital interests of the data subject or another natural person. Art. 6 (1) f of the GDPR governs processing necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not override the interest of our company.

(3)
The data subject’s personal data will be erased or restricted as soon as the reason for storing the data no longer applies. Such data may also be stored if allowed for by European or national legislators in EU regulations, laws, or other provisions to which the data controller is subject. A restriction in processing or erasure of the data will also be carried out if the data retention period provided for in the standards outlined expires, unless the data still needs to be stored to conclude or execute a contract.

Data capture when visiting our website

(1)     
If you just visit our website to obtain information, in other words if you do not register or otherwise send information to us, we only capture the personal data that your browser sends to our server. If you wish to look at our website, we capture the following data, which are required from a technical standpoint, to display our website and maintain its stability and safety (legal basis: art. 6 (1), sentence 1, f of the GDPR):

1. IP address,
2. Date and time of the request,
3. Time zone difference to Greenwich Mean Time (GMT),
4. Content of the request (specific page),
5. Access status /HTTP status code,
6. The quantity of data transmitted in each case,
7. The website the request came from,
8. The page previously visited,
9. Browser,
10. The operating system and its interface,
11. Language and version of the browser software.

(2)
The data is also stored in our system’s log files. This data is not stored with other personal data belonging to the user. Art. 6, (1), f of the GDPR governs the provisional storage of the data and the log files. The log files are stored to ensure the website functions properly. The data also helps us to improve the website and safeguard the security of our IT systems. No analysis of the data for marketing purposes will take place in this context. The server log files’ anonymous data is stored separately from all other personal data provided by the data subject.

(3) 
The data is erased as soon as it is no longer necessary to achieve the purpose it was captured for. Where data is captured to provide the website, this erasure occurs when each session has ended. Capturing the data to provide the website and storing the data in log files is vital in order to operate the website. Therefore, the user has no option to object thereto. 

Further functions and offerings of our website

(1)
In addition to the usage of our website for purely informational purposes, we offer various services if you are interested, and we use other standard functions for analysing or marketing our offerings, which are outlined in more detail below. To make use of such services, you will usually have to provide further personal data and we process such data to provide the services in question. The previously stated data processing principles apply to the data processing purposes outlined here.

(2)
To process your data, we sometimes use external service providers. Such providers are selected by us carefully, must follow our instructions and are monitored frequently.

(3)
Furthermore, we may disclose your personal data to third parties if we offer promotional activities, competitions, conclude contracts, or furnish similar services with business partners. Depending on the service provided, such business partners can capture your data at their own responsibility. You can obtain more detailed information when you enter your data, or below where each offering is outlined. 

(4)
Should our service providers or business partners be based in a nation outside the European Economic Area (EEA), we will inform you about the consequences thereof in the description of the offering.

Objecting to and revoking processing of your data

(1)
Under art. 7 (3) of the GDPR you may withdraw consent to the processing of your data at any time. If you withdraw consent, your personal data may no longer be processed.

(2)
You may object to your personal data being processed if the company does so solely because it is weighing up its interests against yours. This is the case where processing the data includes but is not limited to executing the contract with you, which is explained in the following outline of the functions. Should you object, we ask you to state the reasons why we should not process your personal data as we have done. Should your objection prove to be justified, we will examine the circumstances and either cease or adapt data processing, or explain compelling legitimate reasons to you for continuing to process the data.

You may, of course, object to the processing of your personal data for advertising or data analysis purposes at any time, without incurring expenses other than the transmission costs at basic rates. You can inform us of your objection to advertising as follows:

Schulte – Elektrotechnik GmbH & Co. KG.
Jüngerstrasse 21,
D-58515 Lüdenscheid,
Tel.: + 49 (0) 2351 /9481-0,
E-Mail: info(at)schulte.com. 

Further functions and offerings of our website

(1)
In addition to the usage of our website for purely informational purposes, we offer various services if you are interested, and we use other standard functions for analysing or marketing our offerings, which are outlined in more detail below. To make use of such services, you will usually have to provide further personal data and we process such data to provide the services in question. The previously stated data processing principles apply to the data processing purposes outlined here.

(2)
To process your data, we sometimes use external service providers. Such providers are selected by us carefully, must follow our instructions and are monitored frequently. Furthermore, we may disclose your personal data to third parties if we offer promotional activities, competitions, conclude contracts, or furnish similar services with business partners. Depending on the service provided, such business partners can capture your data at their own responsibility. You can obtain more detailed information when you enter your data, or below where each offering is outlined.  Therefore, your data will only be disclosed to third parties if you have given explicit consent thereto as per art. 6 (1) a of the GDPR, if disclosure under art. 6 (1) f of the GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data, if there is a statutory obligation to disclose the data as per art. 6 (1) c of the GDPR and this is legally permissible under art. 6 (1) b of the GDPR to execute contracts with you.

(3)
Should our service providers or business partners be based in a nation outside the European Economic Area (EEA), we will inform you about the consequences thereof in the description of the offering.

Erasure of data

The data we process will be erased or processing restricted as mandated in art. 17 and 18 of the GDPR. Unless otherwise explicitly mentioned in this Data Privacy Policy, the data we have stored will be erased as soon as it is no longer required for the purpose for which it was intended and the erasure of the data does not conflict with any statutory duties to retain it. If the data is not erased because it is required for other and legally permissible purposes, the processing of such data will be restricted. In other words, the data will be restricted and not used for other purposes. Such proviso applies, for instance, to data that must be retained for reasons specified under commercial or tax legislation. Legal regulations in Germany state that records must be retained for 6 years in particular as per section 257 (1) of the German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for 10 years as specified in section 147 (1) of the German Fiscal Code (AO) (books, records, management reports, accounting records, commercial and business letters, documents relevant to taxation, etc.).

Transmitting data to third countries

Should we process data in a third country (i.e. outside the European Union [EU] or the European Economic Area [EEA]) or do so because we are using the services of third parties, or disclose or transmit data to third parties, we will do so only if required to meet our (pre) contractual duties, based on your consent, due to a legal obligation, or due to legitimate interests on our part. Subject to statutory or contractual permission, we will only process or have the data processed in a third country if the special conditions laid down in art. 44 et seq. of the GDPR apply. In other words, processing is only carried out in third countries with an adequate level of data protection (art. 45 of the GDPR), where contractual obligations exist and are complied with due to the EU Commission’s safeguards (art. 46 of the GDPR), or where certification or binding internal data protection regulations are in place.

Where the EU Commission has recognised the level of data protection for certain companies in the US as sufficient by adopting the adequacy decision of 10 July 2023 for the Data Privacy Framework (DPF). The list of certified companies is retrievable under www.dataprivacyframework.gov. As part of our Data Privacy Policy, we will provide separate information about which service providers we deploy that are certified under the Data Privacy Framework. 

Your rights

(1)
You have the following rights regarding your personal data:

a) Right of access
You have the right to request confirmation about whether personal data is being processed and to obtain access to this data and further information and a copy of the data as specified under art. 15 of the GDPR.

b) Right to rectification
Under art. 16 of the GDPR, you have to right to completion of the data, or rectification of inaccurate data about you.

c) Right to deletion or right to restriction of processing
Under art. 17 of the GDPR, you have the right to demand that the data in question be erased without delay, or, as specified under art. 18 of the GDPR, to request that the processing of the data be restricted.

d) Right to data portability
You have the right to receive your personal data, which you furnished us with under art. 20 of the GDPR, and to request that it be transferred to other data controllers.

(2)
You also have the right to lodge a complaint with the data protection supervisory authority responsible about our processing of your personal data. In our case, such authority is the officer for data privacy and freedom of information in North-Rhine Westphalia (ldi): www.ldi.nrw.de/ 

SSL encryption

To protect confidential content that you send to us (e.g. orders, enquiries), this website uses what is known as SSL or TLS encryption. The padlock symbol in your browser bar indicates that this type of encryption is used. The address bar will also switch from http:// to https://. As a result, third parties will not be able to read this data.

Use of cookies

(1)
In addition to the previously mentioned data, we will also apply technical means, such as cookies on your device, when you use our website. Cookies are text files stored on or by the internet browser on the user’s computer. Cookies cannot execute any programs, or transmit viruses to your computer. Their purpose is to make the website more user friendly and more effective. Cookies enable us to recognise users of our website again. A cookie can help to improve the information and offerings on our website to benefit the user. The purpose of being able to recognise users is to make it easier for users on our website. For examples, users visiting websites that apply cookies do not have to re-enter their log-in data each time they visit the website because the website and the cookie on the user’s computer do so.

(2)
Temporary, or session cookies or transient cookies are cookies that are erased once users leave a website and close their browsers. A cookie of this type can, for instance, store the content of a shopping cart in an online shop, or a login status.

(3)
Permanent or persistent cookies are those that are stored even after users have closed the browser. As a result, the login status can be stored if users revisit the online offering several days later.

(4)
Alongside first-party cookies, which we as the data controller apply, third-party cookies, which third-parties apply, are also used. If third-party cookies are applied, we will inform you about them in the online offering’s data privacy information section and about our collaboration with external service providers.

(5)
Technical functions that are essential for displaying the website: The technical structure of the website means that we have to use certain methods, including, but not limited to cookies. Without these methods, it is impossible to display (or fully accurately display) our website, or support functions might not be available. These are always transient cookies, which are deleted when you leave the website or when you close the browser at the latest. You cannot deselect these cookies if you wish to use our website. You can see each of the cookies in the consent manager. The lawfulness of setting and reading the cookies required is provided under section 25 of the German Telecommunications Digital Services Data Protection Act (TDDDG) and art. 6 (1) f of the GDPR provides for data processing from the cookie data.

(6)
We only set some cookies after you have provided your consent. The functions are only enabled with your consent and can be used in particular to allow us to analyse and improve visits to our website, to facilitate your use of different browsers or end devices, to recognise you again when you visit, or to display advertising (including, where applicable, to tailoring advertising to your interests, to gauge the effectiveness of ads, or to display personalised advertising). Art. 6 (1) sentence 1, a of the GDPR is the legal basis for such processing. You can withdraw your consent at any time without having a retroactive impact on the lawfulness of processing the data before you withdraw consent.

(7)
You can view the cookie settings at any time by pressing the relevant button in the website’s footer.

Newsletter

(1)
After giving your consent, you can subscribe to our newsletter in which we will inform you about our current interesting offerings. The products and services advertised are stated in the declaration of consent. The input mask, used for the purpose, shows which personal data is sent to the data controller when you subscribe to the newsletter.

(2)
We use what is known as the double opt-in procedure when you subscribe to our newsletter. In other words, after you register, we will send an e-mail to the e-mail address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm registration within 7 days, your information will be restricted and deleted one month later automatically. Furthermore, we will store your IP addresses and the times you registered and confirmed. This procedure’s purpose is to verify your registration and, if necessary, investigate any potential misuse of your personal data.

(3)
To send the newsletter, the only information you must provide is your e-mail address. If you provide any other data specifically indicated, you do so voluntarily and such data is used to address you personally. Once you have provided confirmation, we will store your e-mail address to send the newsletter. Art. 6 (1) sentence 1, a of the GDPR is the legal basis for doing so.

(4)
You can withdraw your consent to receiving the newsletter at any time and unsubscribe. You can withdraw consent by clicking on the link in each newsletter e-mail, by sending an e-mail to mediendesign@schulte.com, or by sending a message to the contact stated in the legal notice. 

(5)
The newsletters are sent via a service provider called CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. The data you enter to receive the newsletter (e.g. e-mail address, name) is stored on CleverReach servers in Germany and Ireland. CleverReach uses this information to send and analyse the newsletters on our behalf. We signed an order processing contract with CleverReach pursuant to art. 28 of the GDPR. Your contact information from our CRM system is automatically synchronised with CleverReach if you have subscribed to receive the newsletter. Changes to your data are compared bi-directionally between our CRM system and CleverReach. The newsletters contain what are known as a web beacon, a pixel file, which is retrieved from the CleverReach server when you open the newsletter. Technical information such as browser details, IP addresses (truncated), and time of access are collected. The purpose of this information is to improve our newsletter based on technical data and a target group analysis. The legal basis for processing is given by your consent under art. 6 (1) a of the GDPR and article 25 (1) of the German Telecommunications Digital Services Data Protection Act (TDDDG). You can find more information about data privacy at CleverReach at: https://https://www.cleverreach.com/en-de/privacy-policy/ 

Using our contact form

Our website features a contact form which can be used to contact us electronically. If users make use of this option, the data entered into the input mask will be sent to us and processed. This data is as follows: company, address, postcode, place, country, form of address, first name, surname, e-mail, phone number and message. When you send a message, the following data will also be saved: The user’s IP address, date and time of registration.

To process the data, your consent will be sought when the data is sent and reference will be made to this Data Privacy Policy. You can also contact us via the e-mail address provided. In this case, the user’s personal data sent with the e-mail, will be stored. In this context, no data will be disclosed to third parties. The data will only be used to process communications. If user consent is provided, the legal basis for processing this data is art. 6 (1) a of the GDPR. The legal basis for processing the data transferred when sending an e-mail is art. 6 (1) f of the GDPR. If the purpose of getting into contact by e-mail is to conclude a contract, an additional legal basis for processing the data is given under art. 6 (1) b of the GDPR. The sole purpose of processing the personal data from the input mask is to process the contact request. Where a contact request is made by e-mail, this also constitutes the required legitimate interest in processing the data. The purpose of the other personal data processed when the e-mail is sent is to prevent misuse of the contact form and to ensure the security of our IT systems. The data is erased as soon as it is no longer required to achieve the purpose for which it was captured. In terms of personal data from the contact form’s input mask and that sent by e-mail, this is the case when communication with the user has ceased. Communication is considered ended once circumstances show that the issue concerned has been fully resolved. The personal data also captured during the transmission process is to be erased after seven days at the latest. Users may revoke their consent to processing of their personal data at any time. Should users get in touch with us by e-mail, they can object to their personal data being stored. In this case, communication cannot be continued. All personal data saved because users have got in touch will be erased.

WhatsApp Business
for communications and job applications

(1)
You can also get in touch with us via the WhatsApp Business messenger service to apply for jobs, or ask questions about the application process. WhatsApp Business is provided by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“WhatApp”) and belongs to the Meta Group. WhatsApp Ireland Limited is the data controller for Europe. For further information about data privacy at WhatsApp, see WhatsApp’s data privacy policy at: www.whatsapp.com/legal/privacy-policy 

(2)
We process your personal data, which you send us via WhatsApp Business, only for purposes associated with the job application. Such purposes include but are not limited to:

• Looking at your application documents
• Communicating with you during the application process
• Organising and conducting interviews
• Deciding on whether to employ you

The legal basis for processing your applicant data is art. 88 of the GDPR and section 26 (1) of the BDSG [German Federal Data Protection Act]. These regulations state that personal data may only be processed if it is required when employing somebody.
WhatsApp Business is only used for sending your written application and communicating with you as part of the application process if you have given explicit consent as specified in art. 6 (1) a of the GDPR. This consent is voluntary. You can also apply for a job with us in other ways (e.g. by e-mail to [e-mail address] or via our online application form at [URL]. Whether you decide to use WhatsApp Business or not will have no impact on your chances of being employed by us.

(3)
WhatsApp processes certain data as part of providing the messenger service. This data includes but is not limited to:

• Metadata (e.g. when the communication took place, usage frequency, device information, IP address)
• Phone numbers of the parties communicating with each other
• Contact info from your address book (if you have allowed WhatsApp to access it)

Call content (text messages, photos, videos, documents) is protected by WhatsApp’s end-to-end encryption. This means that only you and we as the recipient can read the messages – WhatsApp itself has no access to this content. Processing of this data is governed by WhatsApp’s data privacy policies. Therefore, WhatsApp is an independent data controller.

(4)
The following categories of personal data are processed during communications via WhatsApp Business:
Data you send:

• Master data: first name and surname, postal address
• Contact data: phone number, e-mail address (if stated)
• Application documents: CV, cover letter, references, certificates
• Content data: text messages, photos, videos, audio files, PDFs
• Further data: Any information you give us voluntarily as part of the application process

(5)
WhatsApp belongs to the Meta Group and is headquartered in the US. When providing the service, your data (including but not limited to metadata and phone numbers) might be transmitted to servers belonging to Meta Platforms Inc. in the US. The legal basis for this transfer of data to third countries is the adequacy decision of the EU Commission on the EU-US Data Privacy Framework (DPF) under art. 45 (1) of the GDPR. Meta Platforms Inc. is certified under the Data Privacy Framework. Go to www.dataprivacyframework.gov to see the certification. WhatsApp has also agreed standard terms as per art. 46 (2) c of the GDPR with companies that receive your data. For more information, see the WhatsApp Business Data Transfer Addendum at: www.whatsapp.com/legal/business-data-transfer-addendum

(6)
Your job application data will only be directed to the following recipients:

• Internal departments: HR, other departments relevant to the application, the management (if required for the application procedure)
• WhatsApp Ireland Limited/Meta Platforms Ireland Limited: As part of providing the messenger service
• Meta Platforms Inc. (US): As part of the technical infrastructure and the EU-US Data Privacy Framework

Data is not sent to other third parties unless we are legally required to do so, or you have explicitly given your consent.

(7)
We save your application documents and the communications via WhatsApp Business while the application procedure is ongoing. If your application is rejected:
All your data will be deleted once the application procedure has been completed, but six months after sending you a rejection at the latest. The purpose of keeping the data for this period is so that we can defend ourselves should legal disputes occur (e.g. under the Allgemeines Gleichbehandlungsgesetz [German Equal Opportunities Act]) as specified in art. 17 (3) e of the GDPR.

(8)
When applicants are appointed: If an employment relationship is established, the applicant data already collected will be processed for the purposes of the employment relationship as per art. 88 of the GDPR and section 26 (1) of the BDSG. With your explicit consent:
If you give us your explicit consent to retention of your application documents in an applicant pool for future job vacancies, they will be stored for the period you specify, but for a maximum of two years. You can revoke this consent at any time.
WhatsApp will stored undelivered messages for up to 30 days, after which they will be deleted automatically. Photos and other media will only be stored temporarily. We recommend disabling backups of WhatsApp in the Cloud to prevent any additional, unencrypted storage of your data.
 

Using Google Analytics 4

(1)
This website uses Google Analytics 4, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (“Google”). Web analysis involves capturing, collecting and analysing data on the behaviour of people visiting websites. Google Analytics 4 uses cookies, which are stored on your computer and enable an analysis of how you use the website. We have already explained what cookies are above. The information generated by the cookie about how you use the website is usually transmitted to a Google server in the US and stored there. The EU Commission’s adequacy decision of 10 July 2023 for the EU-US Data Privacy Framework and the standard terms agreed with Google (https://business.safety.google/adsprocessorterms/?hl=en) are the legal basis for transmitting data to the US.

(1)
Your IP address is some of the data captured. However, the address is truncated by Google and therefore anonymised. Google will not merge the truncated IP address sent from your browser as part of Google Analytics 4 with other data.

(2)
The purpose of integrating Google Analytics 4 is for us to analyse user behaviour on our website and respond accordingly. As a result, we will be able to improve our offering on a continuous basis. Art. 6 (1) a of the GDPR is the legal basis for processing the personal data outlined here. You can withdraw your consent at any time without having a retroactive impact on the lawfulness of processing the data before you withdraw consent. In apps, you can reset the advertising ID under Android or iOS settings. The easiest way of revoking consent is via our consent manager.

(3)
Consequently, every time users visit our web pages, personal data, including the IP address of internet connection used by the data subject will be sent to Google in the US and stored there. The EU Commission’s adequacy decision of 10 July 2023 for the EU-US Data Privacy Framework and the standard terms agreed with Google (https://business.safety.google/adsprocessorterms/?hl=en) are the legal basis for transmitting data to the US.

(4)
Google Analytics 4 uses the special demographics function with which it can produce statistics on the age, gender and interests of website visitors. This is done by analysing advertising and information from third-party providers. As a result, target groups for marketing activities can be identified. However, the data cannot be attributed to a particular person and is erased after it has been saved for two months.

(5)
As an extension of Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have enabled ad personalisation and linked your devices to your Google account, Google can, subject to your consent to using Google Analytics, under art. 6 (1) a of the GDPR, analyse your user behaviour across devices and create data base models, cross-device conversions etc. We receive no personal data from Google, just statistics. If you want to stop the cross-device analysis, you can disable the ad personalisation function in your Google account settings. Follow the instructions telling you how to do so on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=en-GB You can more information about Google Signals under the following link: https://support.google.com/analytics/answer/7532985?hl=en#zippy=%2Cin-this-article 
 

Google Ads data processing
(conversion tracking) 

(1)
We use Google Ads (previously called Google AdWords) as an online marketing tool to advertise our products and services. By doing so, we want to draw more people’s attention online to our offerings’ high quality. This is an online advertising service by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. As part of our advertising via Google Ads, we use Google’s conversion tracking tool on our website. This free tracking tool allows us to adapt our advertising better to your interests and requirements. 

(2)
The Google conversion tracking tool is an analysis service. In the process, Google places a conversion cookie if users visit our website via a Google ad. This cookie helps us and Google to see if someone has clicked on an ad and been directed to our website. The information provided by the conversion cookie helps to draw up conversion statistics. We can identify the total number of users who have clicked on our ad and were redirected to a page with a conversion tracking tag. It is not possible to personally identify the user.

(3)
You can find more detailed information about the data processed at: policies.google.com/privacy at “Information we collect as you use our services”, and at privacy.google.com/businesses/adsservices/. 

(4)
The Google Ads conversion tracking cookie is usually deleted after 90 days automatically. This means that users clicking on a Google ad are counted as conversions up to 90 days after the click, unless the cookie has been removed manually beforehand or deleted because of browser settings.

(5)
Art. 6 (1) a of the GDPR is the legal basis for processing the personal data outlined here. The legal basis for processing the data generated while we obtain consent is our legitimate interest under art. 6 (1) f of the GDPR. We have a legitimate interest in proving that you have given your consent to the measurement protocol (Art. 7 (1) GDPR).

(6)
You also have the option not to take part in Google Ads’ conversion tracking. If you disable the Google conversion tracking cookie in your browser, conversion tracking will not be possible. In this case, you will not be taken into account in the tracking tool’s statistics. You can change the cookie settings in your browser at any time. This works slightly differently in each browser. Should you not want any cookies at all, you can set up your browser so that it always tells you when a cookie will be placed. Therefore, you can decide for each cookie whether you allow the cookie or not. By downloading and installing this browser plug-in at support.google.com/ads/answer/7395996, all advertising cookies will also be disabled. Please be aware that by disabling these cookies you will not prevent ads from being displayed, but just personalised ads.

(7)
Please note that by using this tool, your data can also be stored and processed outside the EU. The EU Commission’s adequacy decision of 10 July 2023 for the EU-US Data Privacy Framework and the standard terms agreed with Google (https://business.safety.google/adsprocessorterms/?hl=en) are the legal basis for transmitting data to the US. 

Using Google Ads remarketing

(1)
We use the Google Ads service’s remarketing tool. This is a Google tool that allows us to re-engage with you. This tool allows us to display our ads to you when you continue to use the internet after visiting our website. This is achieved via cookies stored on your browser, which Google uses to record and analyse user behaviour when you visit various websites. This allows Google to identify your previous visit to our website. The EU Commission’s adequacy decision of 10 July 2023 for the EU-US Data Privacy Framework and the standard terms agreed with Google (https://business.safety.google/adsprocessorterms/?hl=en) are the legal basis for transmitting data to the US.

(2)
Google will not merge data captured during remarketing with your personal data, which might have been stored by Google. In particular, according to Google, data collated during remarketing is pseudonymised. Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland operates Google Ads remarketing services. If consent is sought (for instance, consent to storing cookies), processing is carried out solely on the basis of art. 6 (1) a of the GDPR; consent may be revoked at any time.

(3)
Google Ads remarketing places a cookie on the data subject’s IT system. We have already explained what cookies are above. Placing cookies allows Google to recognise visitors to our website again if they then visit websites that are also members of the Google ad network. Each time a website is visited on which the Google Ads remarketing service is integrated, the data subject’s browser identifies itself automatically to Google. During this process, Google obtains information about personal data, such as the IP address or the user’s surfing behaviour, which Google uses to display personalised advertising etc. The cookie allows personal data, such as the websites visited by the data subject, to be stored. As a result, each time users visit our web pages, personal data, including the data subject’s IP address, is transmitted to Google. 

(4)
The data subject can prevent cookie placement by our website (as explained above) by adjusting the relevant setting in their browser and therefore object to any cookies from being placed permanently. A setting like this on the browser would also prevent Google placing a cookie on the data subject’s IT system. What’s more, a cookie already placed by Google can be deleted at any time via the browser or other software. The data subject can also object to personalised advertising by Google. To do so, data subjects must visit the www.google.com/settings/ads/plugin link from the browser they are using and make the settings required there. Visit http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/en.html for more information and Google’s data privacy policies.

 

Data privacy policy
for integrating PowerCaptcha

(1)
On some of our website’s pages we use PowerCaptcha – a security service provided by Uniique Information Intelligence AG, Oehleckerring 11, 22419 Hamburg (website: power-captcha.com) to distinguish between legitimate user enquiries and automated bots (e.g. in forms or logins). Its purpose is to provide protection from spam, abuse and unauthorised access.

(2)
As part of this security check, PowerCaptcha collects and processes the following data in particular:

• Technical request headers such as user agent, origin, and referrer (required for technical reasons to provide the web request),
• A timestamp of the request,
• The e-mail address entered into the form, which is transmitted in an encrypted way and then analysed in an anonymised form (using a one-way hash).
• The IP address of the user sending the request, which is also transmitted in an encrypted form and analysed in an anonymised form (using a one-way hash).

This data is only used to check access legitimacy and distinguish real users from automated bots. PowerCaptcha uses no cookies on user devices. The personal data transmitted is only kept temporarily on the PowerCaptcha’s RAM and automatically deleted once the security check has been completed, but after a few days at the latest (for a maximum of up to 3 days if the enterprise tariff is chosen). No data is stored for longer periods of time (for instance on the hard disk).

(3)
To carry out the check, the above-mentioned data is sent to PowerCaptcha (Uniique Information Intelligence AG), which as order processer processes this data strictly according to our instructions (art. 28 of the GDPR). An order processing contract has been signed with the provider. PowerCaptcha operates its servers only in certified data centres in Germany, which means that personal data is not transferred to third countries.

(4)
The legal basis for integrating PowerCaptcha is our legitimate interest under art. 6 (1) f of the GDPR. Our legitimate interest is given by our desire to protect our website and services from abusive access attempts, spam bots and similar damaging automated activities and to guarantee the security of our IT systems. 

 

reCAPTCHA privacy policy

(1)
We incorporated the reCAPTCHA service on our website. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is the provider of reCAPTCHA. This service protects our website from spam and misuse. The purpose of reCAPTCHA is to prevent automated software (called bots) from abuse on the website. It checks whether entries (e.g. in online forms) really stem from a human being. To find out whether this is the case, the following data in particular is captured and processed: 

• The referrer (address of the page on which the Captcha is used),
• The user’s IP address, the Google account (if the user has registered with Google, this is identified and allocated). 
• The user’s data input behaviour (e.g. answering the reCAPTCHA question, input speed in the form fields, the order in which the user selects the input fields) to improve Google’s pattern recognition. Browser, browser size and resolution, browser plug-ins, date, language setting 
• The website’s display instructions (CSS) and scripts (Javascript) 
• Mouse and touch events on the website 
• Screenshot of the browser window

(2)
Google also reads cookies from other Google services such as Gmail, Search, and Analytics. All this data is sent to Google in an encrypted form. Google’s subsequent analysis governs the form in which the Captcha is displayed on the page - for example in the form of a checkbox or by entering text. No personal data is read or stored from the input fields belonging to the form concerned.

(3)
Users can find more information about Google data privacy policies and opt outs at: https://policies.google.com/privacy. For more information about data used for marketing purposes by Google, go to: https://policies.google.com/technologies/ads. You can find Google’s data privacy policy at https://policies.google.com/privacy.

(4)
If you wish to object to personalised advertising from Google marketing services, you can use Google’s setting and opt out options at: https://adssettings.google.com/authenticated. 

Integration of Google Maps

(1)
We integrate Google Maps on our website. Its service provider is: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US; website: https://mapsplatform.google.com/intl/en. As a result, we can display interactive maps directly on the website and enable you to use the maps function easily. The legal basis for using the maps is art. 6 (1) sentence 1, a of the GDPR and section 25 (1) sentence of the TDDDG, in other words, Google Maps is only integrated only after you have provided consent.

(2)
When you visit the website, Google receives information that you have accessed the website’s relevant subpage. The above-mentioned basic data such as the IP address and timestamp are also transmitted. This procedure happens regardless of whether Google provides a user account, via which you log on, or there is no user account. If you are logged on with Google, your data will be attributed directly to your account. If you do not wish Google to attribute the data to your profile, you need to log off before you activate the button. Google saves your data as user profiles and applies it for advertising, market research and/or tailoring the website to your needs. This type of analysis is, in particular, (even for users who are not logged on) to provide personalised advertising and to inform other users of the social network about your activities on our website. You have the right to object to these user profiles being created, but to exercise this right, you need to address Google itself.

(3)
The information captured is stored on Google servers, which are also in the US. In those cases, the provider says that it has imposed its own standard that resembles the former EU-US Privacy Shield and has undertaken to comply with data protection laws when transferring data internationally. We have also agreed what are known as standard contractual clauses with Google, the purpose of which is to maintain an appropriate level of data protection in the third country.

(4)
For more information on why and to what extent the plug-in provider collects and processes data, please refer to their data privacy policy. This will give you more information on your rights and settings options to protect your privacy: https://policies.google.com/privacy?hl=en.

YouTube integration

(1)
We have integrated YouTube videos on our website that are stored on YouTube.com and can be played directly from our website. [These are all integrated in “extended privacy mode,” so that no data about users is transferred to YouTube if you do not play the videos. The data listed in paragraph 2 is only transmitted if videos are played. We have no influence over transmission of this data.] YouTube is a YouTube LLC service (“YouTube”), 901 Cherry Ave., San Bruno, CA 94066, US and is provided by it. YouTube LLC is a subsidiary of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis for showing the videos is art. 6 (1) sentence 1, a of the GDPR, i.e. the videos are only integrated if you have given consent.

(2)
By visiting the website, YouTube is told that you have visited our website’s relevant subpage. The above-mentioned basic data such as the IP address and timestamp are also transmitted. This will happen regardless of whether YouTube provides a user account, via which your are logged on, or there is no user account at all. If you are logged on with Google, your data will be attributed directly to your account. If you do not wish YouTube to identify your profile, you need to log off before you activate the button. YouTube saves your data as user profiles and uses it for advertising and market research purposes and/or to tailor its website to your requirements. This type of analysis is, in particular, (even for users who are not logged on) to provide personalised advertising and to inform other users of the social network about your activities on our website. You have the right to object to these user profiles being created, but to exercise this right, you need to address YouTube itself.

(3)
The information captured is stored on Google servers, which are also in the US. The EU Commission’s adequacy decision of 10 July 2023 for the EU-US Data Privacy Framework and the standard terms agreed with Google (https://business.safety.google/adsprocessorterms/?hl=en) are the legal basis for transmitting data to the US.

(4)
For more information on why and to what extent YouTube collects and processes data, please refer to their data privacy policy. The policy will also provide more information about your rights and settings options to protect your privacy: policies.google.com/privacy.