Privacy Policy

1. General information

General information

If you have any questions or comments about this information, or if you wish to contact us to exercise your rights, please send your request to

Propain Bicycles GmbH
Schachenstraße 15, 88267 Vogt, Germany
Tel. : +49 (0)7529 / 468 868 0
E-Mail: [email protected]

Legal basis

The term “personal data” under data protection law refers to all information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the DSGVO and the BDSG. Data processing by us only takes place on the basis of a legal permission. We process personal data only with your consent (Section 25 (1) TTDSG or Art. 6 (1) a DSGVO), for the performance of a contract to which you are a party or at your request for the performance of pre-contractual measures (Art. 6 (1) b DSGVO), for the performance of a legal obligation (Art. 6(1)(c) DSGVO) or if processing is necessary for the purposes of protecting our legitimate interests or the legitimate interests of a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6(1)(f) DSGVO).

If you apply for a vacant position in our company, we also process your personal data for the purpose of deciding on the establishment of an employment relationship (Section 26 (1) sentence 1 BDSG).

Duration of storage

Unless otherwise stated in the following notes, we store data only for as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such legal retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

Categories of recipients of the data

We use processors as part of the processing of your data. Processing operations carried out by such processors include, for example, hosting, sending e-mails, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures or file and data carrier destruction. A processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out data processing exclusively for the data controller and are contractually obligated to ensure appropriate technical and organizational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, house bank, tax consultancy/auditing company or the financial administration. Further recipients may result from the following notes.

Data transfer to third countries

Our data processing activities may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is warranted in such third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards exist in accordance with Art. 46 of the GDPR or if one of the conditions of Art. 49 of the GDPR is met.

Unless otherwise stated below, we use the EU standard data protection clauses as suitable safeguards for the transfer of personal data in third countries. You have the possibility to obtain a copy of these EU standard data protection clauses or to inspect them. To do so, please contact us at the address given under Contact.

If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Article 49 (1) a DSGVO.

Processing when exercising your rights

If you exercise your rights under Articles 15 to 22 DSGVO, we process the personal data transferred for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will only process data stored for the purpose of providing information and preparing it for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 DSGVO.

These processing operations are based on the legal basis of Art. 6 para. 1 lit. c DSGVO in conjunction with. Art. 15 to 22 DSGVO and Section 34 (2) BDSG.

Your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

  • In accordance with Art. 15 DSGVO and Section 34 BDSG, you have the right to request information about whether and, if so, to what extent we are processing personal data relating to you or not.
  • You have the right to demand that we correct your data in accordance with Art. 16 DSGVO.
  • You have the right, in accordance with Art. 17 DSGVO and § 35 BDSG, to demand that we delete your personal data.
  • You have the right to have the processing of your personal data restricted in accordance with Art. 18 DSGVO.
  • You have the right, in accordance with Art. 20 DSGVO, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
  • If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Article 7 (3) DSGVO. Such a revocation will not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
  • If you believe that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

Right of objection

In accordance with Art. 21(1) DSGVO, you have the right to object to processing based on the legal basis of Art. 6(1)(e) or (f) DSGVO on grounds relating to your particular situation. If personal data about you is processed by us for the purpose of direct marketing, you may object to such processing pursuant to Article 21 (2) and (3) DSGVO.

Data protection officer

You can reach our data protection officer at the following contact details:

E-mail: [email protected]
Herting Oberbeck Data Protection GmbH
Hallerstr. 76, 20146 Hamburg

https://www.datenschutzkanzlei.de

2. Data processing on our website

When you use the website, we collect information that you provide yourself. In addition, during your visit to the website, we automatically collect certain information about your use of the website. In data protection law, the IP address is also generally considered to be a personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.

Processing of server log files

During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code.

The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f DSGVO. This processing serves the technical administration and security of the website. The stored data will be deleted after thirty days, unless there is a reasonable suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject on the basis of the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11 (2) of the GDPR, unless you provide additional information that enables your identification in order to exercise your rights set forth in these articles.

Contact options and requests

Our website contains contact forms through which you can send us messages. The transfer of your data is encrypted (recognizable by the “https” in the address bar of the browser). All data fields marked as mandatory are required to process your request. Failure to provide this data will result in us not being able to process your request. The provision of further data is voluntary. Alternatively, you can send us a message via the contact e-mail. We process the data for the purpose of answering your inquiry.

If your request is directed towards the conclusion or performance of a contract with us, Art. 6 (1) b DSGVO is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is then Art. 6 para. 1 lit. f DSGVO.

Online store

If you order a product via our website, we process personal data exclusively for the purpose of processing the contract or to provide you with the ordered product. In the booking or ordering process, we only process the data that you yourself have entered in the input mask and, if applicable, payment information if you pay by advance bank transfer. In order to be able to deliver the ordered products to you, we transmit your data required for delivery to one of our shipping service companies as specified in the order. The legal basis for the processing is in each case Art. 6 para. 1 letter b DSGVO. All data fields marked as mandatory are required for processing your booking or order. Failure to provide them will result in us not being able to process your booking or order.

The provision of further data is voluntary. We process such voluntarily provided data on the basis of Art. 6 para. 1 letter f DSGVO.

You have the option on our to create a customer account via registration. If you have registered for a customer account, your stored data will be automatically entered into the order mask when ordering a product in our store. In addition, you can use the customer account to check the status of your orders, store a different delivery and billing address and download certain documents. It is not necessary to register for a customer account to place an order in our online store.

The information required for registration can be seen from the input mask. The provision of the information, which is marked by * as mandatory information, is mandatory so that the registration can be completed. A valid e-mail address is required for registration. To confirm the registration, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). After registration, you can log in to the customer account by providing your e-mail address and the password used. The processing of the data provided in the context of registration and use of the customer account is based on the legal basis of Art. 6 (1) b DSGVO.

Payment service provider

To pay for ordered products in our online store, you can choose between different options. For this purpose, we work together with various payment providers.

The payment data you provide during the ordering process may be transmitted by us to the payment service provider, insofar as this transmission is necessary for the execution of the payment transaction. If the option “Leasing via Businessbike” is selected, For this we require additional information, which can be seen from the input mask.

All data fields marked as mandatory are required to process your order. Failure to provide this information will result in us not being able to process your order.

The legal basis for this transmission is Art. 6 para. 1 letter b DSGVO.

Please note that, incidentally, the respective payment information is processed by the relevant payment service providers on their own responsibility.

We use the following payment service providers:

PayPal

You option to pay via the PayPal service of PayPal Europe S.a.r.l. et Cie s.c.a. (Luxembourg, EU). In doing so, PayPal may transmit your address data deposited with PayPal to us, which we process exclusively for the purpose of processing the contract. Further information on data protection at PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE#r5.

Immediately transfer

We offer the payment method “Sofort” in cooperation with the service provider Sofort GmbH, a company of the Klarna Group (Germany, EU). If you use this service, Klarna transmits to us the confirmation of the successful setting of the transfer order to your order. This includes only the data from the transfer form (name, account number, bank code, subject, transfer amount) as well as the date (with time) and the transaction identifier (e.g. order number) selected by us. In the case of SEPA transfers and if it is necessary depending on your bank, BIC and IBAN to set the transfer in your online banking account, the confirmation to us also contains your BIC and IBAN. In principle, we can also take this data from our account statement. Further personal data will not be transmitted to us by Klarna. Further information on data protection at Klarna can be found at https://www.sofort.com/terms.

Stripe

On our website, you have the option of making payment via the payment service Stripe, offered by Stripe Payments Europe Ltd (Ireland, EU). You can find more information about Stripe’s data protection here: https://stripe.com/de/privacy#translation

Data processing for job applications

Principles and purposes for processing personal data in applications and in the application process

If you apply to us electronically, i.e. by e-mail or via our web form, we will collect and process your personal data for the purpose of processing the application procedure and carrying out pre-contractual measures. The legal basis for this processing of personal data is § 26 BDSG.

By submitting an application on our recruiting page, you express your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application.

In particular, the following data is collected:

Name (first and last name)
City
E-mail address
Telephone number
Earliest entry date
Salary requirement

You also have the option of uploading meaningful documents such as a cover letter, your resume and references. These may contain additional personal data such as date of birth, address, etc.

Only authorized employees from the HR department or employees involved in the application process have access to your data.

Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied.

Your data will be stored for a period of 90 days beyond the end of the application process. As a rule, this is done to fulfill legal obligations or to defend against any claims arising from legal regulations. Subsequently, we are obliged to delete or anonymize your data. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of women or men in applications, number of applications per period, etc.).

Talent Pool

In addition, we reserve the right to store your data for inclusion in our “Talent Pool” for 120 days after the end of the application process in order to identify any other interesting positions for you. This also applies, for example, to applications for apprenticeships or internships. Inclusion in the Talent Pool only takes place with your consent and is based on the legal basis of Art. 6 (1) lit. a DSGVO.

If you receive an offer of employment with us as part of the application process and accept it, we will store the personal data collected as part of the application process for at least the duration of the employment relationship.

Disclosure of data to third parties

The data transmitted as part of your application is transferred via TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers personnel administration and applicant management software (https://www.personio.de/impressum/). Personio is our order processor in this context according to Art. 28 DSGVO. The basis for the processing here is an order processing contract between us as the controller and Personio.

Newsletter

We offer the possibility on our website to register for our newsletter. After registration, we will regularly inform you about current news regarding our offers. A valid e-mail address is required to register for the newsletter. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and name based on the consent you have given. The processing is based on the legal basis of Art. 6 (1) a DSGVO. You can revoke the consent given at any time with effect for the future, for example via the “unsubscribe” link in the newsletter or by contacting us via the channels mentioned above. The legality of the data processing operations already carried out remains unaffected by the revocation.

When registering for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 DSGVO).

We also analyze the reading behavior and opening rates of our newsletter. For this purpose, pseudonymized usage data is collected and processed by us, which we do not merge with your e-mail address or your IP address. The legal basis for the analysis of our newsletter is Art. 6 para. 1 lit. f DSGVO and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by contacting one of the above mentioned contact channels.

For the management of subscriptions, the sending of the newsletter and the analysis, we use the service Mailchimp, of Rocket Science Group LLC (USA). Your e-mail address is therefore transmitted by us to the service provider. If you do not want your data to be processed by this service provider, you should not subscribe to or unsubscribe from the newsletter.

Please note the information in the section “Data transfer to third countries”.

Cookies

We use cookies and similar technologies (“cookies”) on our website. Cookies are small data sets that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for specific cases.

The use of cookies is partly technically necessary for the operation of our website and thus permissible without the consent of the user. In addition, we may use cookies to offer special features and content and for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 25 (1) TTDSG and, if applicable, Article 6 (1) a DSGVO. You can find information on the purposes, providers, technologies used, stored data and storage duration of individual cookies in the cookie settings of our Consent Management Tool.

Consent Management Tool

This website uses the Consent Management Tool Cookiebot of the provider Usercentrics A/S (Denmark, EU) to control cookies and the processing of personal data.

The Consent banner enables users of our website to give their consent to certain data processing procedures or to withdraw their consent. By confirming the “I accept” button or by saving individual cookie settings, you consent to the use of the associated cookies.

The legal basis under data protection law is your consent within the meaning of Art. 6 (1) a DSGVO.

In addition, the banner supports us in being able to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 DSGVO).

Here you can revoke your consent for cookies: Cookie Statement

Tracking & Retarging

Matomo

We use the Matomo service of Matomo.org on our website for web optimization by means of open source software, which anonymously evaluates the accesses of the website visitors by using cookies. In the process, the IP address is anonymized immediately after it is processed and before it is stored. Therefore, no further processing of personal data takes place when Matomo is used. The information generated by the cookies about your use of this offer will not be used for personal evaluation or profiling and will also not be passed on to third parties.

The processing of your data is based on your consent in accordance with Art. 6 Par. 1 Bucht. a DSGVO.

Cookies are set on your terminal device to integrate the service. Cookies are set with your consent, which you can revoke at any time with future effect via our Consent Management Tool. For more information on data protection at Matomo, please see Matomo’s privacy policy at https://matomo.org/privacy-policy/.

Hotjar

We use the Hotjar service of the provider Hotjar Ltd (Malta, EU) on our website to analyze movements on our website using so-called “heat maps”. For example, it is possible to see how far users scroll and how often they click on which buttons. Furthermore, with the help of the tool it is also possible to obtain feedback directly from the users of the website. In this way, we obtain valuable information to make our website even faster and more customer-friendly. With Hotjar, we can only track which buttons are clicked, mouse history, how far scrolled, device screen size, device type and browser information. In addition, we receive information about your geographic location (country) and preferred language for displaying our website. Areas of the websites in which personal data of you or third parties are displayed are automatically hidden by Hotjar and are therefore not traceable by the tool at any time.

The processing of your data is based on your consent in accordance with Art. 6 (1) a DSGVO.

Cookies are set on your terminal device to integrate the service. The setting of cookies as well as access to information stored in your end device used is done with your consent, which you can revoke at any time with effect for the future via our Consent Management Tool. For more information on data protection at Hotjar, please see Hotjar’s privacy policy at https://www.hotjar.com/legal/policies/privacy/.

Google Analytics

We use the Google Analytics service of the provider Google Ireland Limited (Ireland, EU) on our website.

Google Analytics is a web analytics service that allows us to collect and analyze data about the behavior of visitors to our website. Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website are processed.

In part, this data is information stored in the terminal device you are using. In addition, further information is also stored on your used end device via the cookies used. Such storage of information by Google Analytics or access to information already stored in your end device will only take place with your consent.

Google Ireland will process the data collected in this way on our behalf in order to evaluate the use of our website by the user:inside, to compile reports on the activities within our website and to provide us with further services associated with the use of our website and Internet use. In doing so, pseudonymous usage profiles of the users can be created from the processed data.

The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6 para. 1 letter a DSGVO. You can revoke this consent via our Consent Management Tool at any time with effect for the future.

The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google Ireland’s sub-processors maintain facilities. Please refer to the information in the section “Data transfer to third countries”.

We only use Google Analytics with IP anonymization activated. This means that the IP address of the user is shortened by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user’s browser is not merged with other data. Further information on the use of data for advertising purposes can be found in Google’s privacy policy at: www.google.com/policies/technologies/ads/.

We use the Google Universal Analytics variant. This allows us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to put individual user actions in context and analyze long-term relationships.

Data on user actions is stored for a period of 14 months and then automatically deleted. Data whose storage period has expired is automatically deleted once a month.

We also use the Google Analytics 4 variant, which allows us to track interaction data from different devices and from different sessions. This allows us to put individual user actions in context and analyze long-term relationships.

Data about user actions is stored for a period of 14 months and then automatically deleted. All other event data is stored for 2 months and then automatically deleted. Here, the deletion of data whose storage period has expired takes place automatically once a month.

We also use the Google Analytics advertising functions (remarketing). This function enables us, in conjunction with the cross-device functions of Google, to display advertisements in a more targeted manner and to present users with ads that are tailored to their interests. Via remarketing, users are shown ads and products for which interest has been identified on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with the cross-device functions of Google Ads. In this way, interest-based, personalized advertising messages that have been adapted to a user depending on previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another end device of the user (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browsing history with your Google account for this purpose. In this way, the same personalized advertising messages can be served on every end device on which you log in with your Google account. The aggregation of the collected data in your Google account is based solely on your consent, which you can give or revoke at Google. For these linked services, data is then collected via Google Analytics for advertising purposes. To support the remarketing function, Google Analytics collects users’ google-authenticated IDs, which are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device ad advertising.

Google Optimize

We use the Google Optimize service of the provider Google Ireland Limited (Ireland, EU) on our website to test variants of our website in various ways and thus personalize our website.

Cookies are set on your terminal device to integrate the service. Cookies are set with your consent, which you can revoke at any time with future effect via our Consent Management Tool. Insofar as personal data is also processed via the Google Optimize service, this processing also takes place with your consent.

The legal basis for data processing in connection with the Google Optimize service is therefore Art. 6 (1) a DSGVO.

The personal data processed on our behalf to provide Google Optimize may be transferred to any country in which Google Ireland or Google Ireland’s sub-processors maintain facilities. Please refer to the notes in the section “Data transfers to third countries”.

Google Ads

We use the online advertising program Google Ads of Google Ireland Limited (Ireland, EU) on our website, through which we place advertisements on the Google search engine. If you access our website via a Google ad, Google sets a cookie on your terminal device (“conversion cookie”). In the process, a different conversion cookie is assigned to each Google Ads customer, so that the cookies are not tracked across the websites of different Ads customers. The information obtained with the help of the cookie is used to create conversion statistics. Thus, we learn the total number of user:s who clicked on one of our Google ads. However, we do not receive any information with which users can be personally identified.

The processing of your data is based on your consent in accordance with Art. 6 (1) a DSGVO.

Cookies are set with your consent, which you can revoke at any time with future effect via Consent Management Tool. When using the service, a transfer of your data to the USA cannot be excluded. Please note the information in the section “Data transfer to third countries”. Further information on data protection at Google can be found in Google’s privacy policy at https://policies.google.com/privacy#infocollect.

Meta Pixel

We use Meta Pixel, a meta business tool provided by Meta Platforms Ireland Limited (Ireland, EU), on our website. For information on the contact details of Meta Platforms Ireland Ltd. and the contact details of Meta Platforms Ireland Ltd.’s data protection officer, please see Meta Platforms Ireland Ltd.’s data policy at https://www.facebook.com/about/privacy.

The meta pixel is a JavaScript code snippet that allows us to track the activity of visitors to our website. This tracking is called conversion tracking. The meta pixel collects and processes the following information (so-called event data) for this purpose:

  • Information about actions and activities of the visitor:s of our website, such as searching and viewing a product or purchasing a product;
  • Specific pixel information such as the pixel ID and the Facebook cookie;
  • Information about buttons clicked by visitors to the website;
  • Information present in HTTP headers, such as IP addresses, web browser information, page location, and referrer;
  • Information about the status of disabling/restricting ad tracking.

In part, this event data is information stored in the device you are using. In addition, cookies are also used via the meta pixel, via which information is stored on your end device used. Such storage of information by the Facebook pixel or access to information that is already stored in your end device only takes place with your consent in accordance with Section 25 (1) TTDSG.

The event data collected via the meta pixel is used for targeting our ads and improving ad delivery on meta products such as the social media platforms Facebook and Instagram, for personalizing features and content, and for improving and securing meta products. For this purpose, the event data collected on our website by means of the meta pixel is transmitted to Meta Platforms Ireland Ltd. This collection and transmission of event data is carried out by us and Meta Platforms Ireland Ltd. as jointly responsible parties. We have entered into a joint controller processing agreement with Meta Platforms Ireland Ltd. that sets forth the allocation of data protection obligations between us and Meta Platforms Ireland Ltd. In this agreement, we and Meta Platforms Ireland Ltd. have agreed, among other things,

  • that we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR about the joint processing of personal data;
  • that Meta Platforms Ireland Ltd. is responsible for enabling the rights of data subjects pursuant to Art. 15 to 20 GDPR with respect to the personal data stored by Meta Platforms Ireland Ltd. after the joint processing.

You can access the agreement concluded between us and Meta Platforms Ireland Ltd. at https://www.facebook.com/legal/controller_addendum.

Meta Platforms Ireland Ltd. is the sole responsible party for the subsequent processing of the submitted Event Data. For more information about how Meta Platforms Ireland Ltd. processes personal data, including the legal basis on which Meta Platforms Ireland Ltd. relies and how you can exercise your rights against Meta Platforms Ireland Ltd. please see Meta Platforms Ireland Ltd.’s Data Policy at https://www.facebook.com/about/privacy.

We have also engaged Meta Platforms Ireland Ltd. to prepare reports on the impact of our advertising campaigns and other online content based on the Event Data collected through the Meta Pixel (Campaign Reports) and to provide analysis and insights about User:s and their use of our website, products and services (Analytics). We transfer personal data contained in the Event Data to Meta Platforms Ireland Ltd. The transferred personal data is processed by Meta Platforms Ireland Ltd. as our processor to provide us with the campaign reports and analytics.

The collection and transmission of personal data by us to Meta Platforms Ireland Ltd. and the commissioned processing of personal data by Meta Platforms Ireland Ltd. for the creation of analyses and campaign reports will only take place if you have given your prior consent to this. The legal basis for the processing of personal data is therefore Art. 6 (1) a DSGVO.

The data processed on our behalf is transmitted by Meta Platforms Ireland Ltd. to Meta Platforms, Inc. in the USA. Meta Platforms Ireland Ltd. transfers the data to Meta Platforms, Inc. on the basis of processor-to-processor standard contractual clauses, but reserves the right to use an alternative transfer method recognized by the GDPR and other applicable data protection laws in the European Economic Area, the United Kingdom and Switzerland.

External media and third party services

YouTube

We use the YouTube service of Google Ireland Limited (Ireland, EU) on our website to integrate videos. For such an integration, a processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Google and Google may set its own cookies. We use YouTube in “extended data protection mode”, so that no cookies are set by YouTube to analyze user behavior.

The processing of your data is based on Art. 6 (1) f DSGVO and is based on our legitimate interest in the appealing design and economic operation of our website.

When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. For more information on data protection at Google, please refer to Google’s privacy policy at https://www.google.com/policies/privacy.

Cloudflare

We use the Cloudflare service of Cloudflare Inc (USA) on our website to display content. For such integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Cloudflare. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Please note that this may result in functional restrictions on the website.

The processing of your data is based on Art. 6 (1) f DSGVO and is based on our legitimate interest in the optimization and economic operation of our website.

When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. For more information on data protection at Cloudflare, please see Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/.

Font Awesome

Our website uses so-called web fonts or icons from the provider Fonticons, Inc. (USA) for the uniform display of fonts or icons. When you call up a page, your browser loads the required web fonts or icons into your browser cache in order to display texts, fonts and icons correctly. For this purpose, the browser you are using must connect to the servers of Fonticons, Inc. This allows Fonticons to know that your IP address has been used to access our website. If your browser does not support Fontawesome, a standard font will be used by your computer.

The processing of your data is based on Art. 6 para. 1 lit. f DSGVO and is based on our legitimate interest in the optimization and economic operation of our website.

When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. For more information on data protection at Fonticons, please see the privacy policy of Fonticons https://fontawesome.com/privacy.

Google reCAPTCHA

We use the Google reCAPTCHA service (hereinafter “reCAPTCHA”) of the provider Google Ireland Limited (Google, EU).

The purpose of reCAPTCHA is to check whether data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). In this way, automated access attempts and attacks can be detected and defended against. We are required by law to take technically and commercially reasonable measures to ensure the security of the portal.

We are required by law to take technically and commercially reasonable measures to ensure the security of the portal.

The processing of your data is based on Art 6 para. 1 lit. c DSGVO in conjunction with. Art. 32 DSGVO and § 19 para. 4 TTDSG.

For more information on Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

3. Data processing on our social media pages

We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:

  • Facebook
  • Instagram
  • LinkedIn

When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information about it is often automatically collected, which may also constitute personal data.

Visiting a social media page

Facebook and Instagram

When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Meta Platforms Ireland Limited (Ireland, EU). For more information about the processing of personal data by Meta, please visit https://www.facebook.com/privacy/explanation. Meta offers the possibility to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.

Meta provides us with anonymized statistics and insights for our Facebook and Instagram page, which help us gain insights into the types of actions people take on our page (so-called “page insights”). These Page Insights are created based on certain information about individuals who have visited our Page. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis for this processing is Article 6 (1) (f) DSGVO.

We cannot associate the information obtained through Page Insights with individual user profiles that interact with our Facebook and Instagram page. We have entered into a joint controller agreement with Meta, which sets out the distribution of data protection obligations between us and Meta. For details about the processing of personal data to create Page Insights and the agreement entered into between us and Meta, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data. With regard to these data processing operations, you have the option of asserting your data subject rights (see “Your rights” in this regard) against Meta as well. Further information on this can be found in Meta’s privacy policy at https://www.facebook.com/privacy/explanation.

Please note that, in accordance with the Meta Privacy Policy, user data is also processed in the USA or other third countries. Meta only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 DSGVO or on the basis of appropriate safeguards in accordance with Art. 46 DSGVO.

LinkedIn

LinkedIn Ireland Unlimited Company (Ireland, EU) is the sole responsible party for the processing of personal data when visiting our LinkedIn page. For more information about the processing of personal data by LinkedIn, please visit https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions that people take on our page (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower:in our LinkedIn company page. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members via the information in the Page Insights. This processing of personal data in the context of the Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these insights. The legal basis for this processing is Article 6(1)(f) DSGVO

We have entered into a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:

  • LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn to do so online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at our provided contact details about exercising your rights in connection with the processing of personal data in the context of Page Insights. In such a case, we will forward your request to LinkedIn.
  • LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see dataprotection.ie) or any other supervisory authority.

Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn transfers personal data only to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 of the GDPR or on the basis of appropriate safeguards in accordance with Article 46 of the GDPR.

Comments and direct messages

We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message to us. These processing operations by us are carried out as the sole responsible party. We process this data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for the data processing is Art. 6 para. 1 letter f DSGVO. Further data processing may take place if you have consented (Art. 6 para. 1 letter a DSGVO) or if this is necessary for the fulfillment of a legal obligation (Art. 6 para. 1 letter c DSGVO).

If you have provided us with the information because of participation in a sweepstake, we will only process it in order to be able to send you a prize, if applicable. After delivery of the prize or if you have not won, we will delete the data.

The legal basis for the processing is Art. 6 para. 1 letter b DSGVO.

4. Further data processing
Contacting us by e-mail

If you send us a message via the contact email provided, we will process the transmitted data for the purpose of responding to your inquiry. We process this data based on our legitimate interest to get in touch with inquiring persons.

The legal basis for the data processing is Art. 6 para. 1 letter f DSGVO.

Customer and interested party data

If you contact our company as a customer or interested party, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of the personal master, contract and payment data provided to us as well as contact and communication data of our contact persons for commercial customers and business partners. The legal basis for this processing is Article 6 (1) b DSGVO.

We also process customer and interested party data for evaluation and marketing purposes. These processing operations are carried out on the legal basis of Art. 6 (1) (f) DSGVO and serve our interest in further developing our offer and informing you specifically about our offers.

Further data processing may take place if you have consented (Art. 6 para. 1 letter a DSGVO) or if this is necessary for the fulfillment of a legal obligation (Art. 6 para. 1 letter c DSGVO).