Data privacy is of especially great importance for our company. It is essentially possible to use the website without providing any personal data. Should a particular person wish to make use of special services of our company online, however, it may be necessary to process personal data. Should the processing of personal data be required, and should no legal basis exist for such processing, we will obtain the prior consent of the person concerned.

The processing of personal data, for example the name, address, e-mail address or telephone number of a person concerned, is always carried out in line with the Federal Data Privacy Act (BDSG), the EU General Data Privacy Regulation (GDPR) that comes into force on 25/05/2018, and any laws which likewise apply. With this data privacy statement, our company would like to provide information on the nature, scope and purpose of the personal data processed by us, and explain to persons concerned what rights they are entitled to assert.

Our company has implemented numerous technical and organisational measures in order to ensure that any personal data processed is protected as comprehensively as possible. Web-based data transmission may, however, possibly contain security gaps, so that absolute protection cannot be guaranteed.

1 Definitions

Our company’s data privacy statement is based on the General Data Privacy Regulation (DS-GVO/GDPR). It is formulated so as to be easy to read and understood. In order to ensure this, we are explaining the terms used in advance:

1.1 Personal data

Personal data is “any information which relates to an identified or identifiable natural person (hereinafter referred to as either ’affected person‘ or ’person concerned‘). A natural person is considered identifiable if he or she can be directly or indirectly identified, in particular by means of being allocated to an identifier, such as a name, an ID number, site data, an online identifier or one or more special features which are the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of said natural person” (see Art. 4(1) of the General Data Privacy Regulation (GDPR)).

1.2 Person concerned/affected person

A person concerned or affected person is any identified or identifiable natural person whose personal data is processed by the party responsible for the processing.

1.3 Processing

Processing is any procedure carried out with or without the aid of automated methods, or any such sequence of procedures in connection with personal data, such as the gathering, recording, organising, ordering, storage, adaptation or amendment of data, the reading out of it, querying of it, use, disclosure of it by way of transmission, dissemination or any other form of provision, the comparison or linking of it, or the limitation, deletion or destruction of it.

1.4 Limitation of processing

Limitation of processing means the marking of stored personal data with the aim of limiting its future processing.

1.5 Profiling

Profiling means any kind of automated processing of personal data where such personal data is used to assess certain personal aspects relating to a natural person, in particular in order to analyse or predict aspects in regard to work performance, economic position, health, personal preferences, interests, reliability, conduct, place of residence or change of location of such natural person.

1.6 Pseudonymisation

Pseudonymisation means processing personal data in the case where the personal data can no longer be assigned to a specific person concerned without drawing upon additional information. Such additional information that is subject to the technical and organisational measures is stored separately, and it is thus guaranteed that the personal data cannot be allocated to an identified or identifiable natural person.

1.7  Responsible party or party responsible for the processing

The party responsible, or the party responsible for processing the information, is the natural or legal person, authority, institution or other body which decides, either alone or together with others, for the purpose and means of processing personal data.

1.8  Contract data processor

A contract data processor is a natural or legal person, authority, institution or other body which processes personal data on behalf of the party responsible.

1.9  Recipient

The recipient is a natural or legal person, authority, institution or other body to whom or which personal data is disclosed, irrespective of whether the latter is a third party or not. Authorities which may receive personal data in the context of a particular investigation mandate under EU law or the law of the Member States are not, however, deemed recipients.

1.10 Third party

A third party is a natural or legal person, authority, institution or other body other than the person concerned, the responsible party, the contract data processor and the persons who are authorised, under the direct responsibility of the party responsible or the contract data processor, to process the personal data.

1.11 Consent

Consent means any expression of intent in the form of a declaration or any other clear confirmatory action voluntarily submitted by the person concerned in regard to the particular case in an informed way and unmistakably, with which the person concerned makes it understood that he or she is in agreement with the processing of the personal data concerning him or her.

2. Name and address of the party responsible for the processing

The party responsible within the meaning of the General Data Privacy Regulation (DS_GVO/GDPR) is:

Mr. Hans-Jörg Kremser, Mr. Albert Mees

EFAFLEX Tor- und Sicherheitssysteme GmbH & Co. KG
Fliederstraße 14
84079 Bruckberg / Germany
www.efaflex.com

3. Contact details of our external Data Privacy Officer

Coming soon.

Any person affected may, if he or she has any questions or suggestions on data privacy, contact our Data Privacy Officer directly.

4. Cookies

Our company’s web pages make use of cookies. Cookies are text files that are stored on a computer system via a web browser.

Numerous websites and servers make use of cookies. Many cookies contain a so-called “cookie ID”. A cookie ID is a unique identifier of the cookie. It consists of a character string, through which web pages and servers can be allocated to the specific web browser in which the cookie is stored. This makes it possible for the web pages and servers visited to distinguish the individual browser of the person concerned from other web browsers containing other cookies. A particular web browser can be recognised again and identified via the unique cookie ID. Through the use of cookies, EFAFLEX Tor- und Sicherheitssysteme GmbH & Co. KG can provide the users of this website with user-friendly services, which would not be possible without placing the cookie.

The information and services available on our website can be optimised to the benefit of the user using a cookie. As already mentioned, cookies enable us to recognise the user of our website again. The purpose of such recognition is to facilitate the use of our website for users. The user of a website that uses cookies does, for example, not need to enter his or her access data again every time he or she visits the website, because this is handled by the website and the cookie stored on the user’s computer system. A further example is a cookie administering a shopping cart in the web shop. The web shop notes the items that a customer has placed in the virtual shopping cart via a cookie.

The person concerned can at any time prevent cookies from being placed by our website by adjusting the setting of the web browser used accordingly, and thus permanently oppose the placing of cookies. Furthermore, any cookies already placed can be deleted via a web browser or other software program at any time. This is possible in all common web browsers. Should the person concerned disable the placing of cookies in the web browser used, it will be the case that, under certain circumstances, not all functions of our website can be used in full.

5. Gathering general data and information

Every time the website is accessed by a particular person or an automated system, the web server of EFAFLEX Tor- und Sicherheitssysteme GmbH & Co. KG gathers a range of pieces of general data and information. This general data and information is stored in the log files of the server. The browser types and versions used, the operating system used by the accessing system, the website from which an accessing system reaches our website, the sub-pages of the website which are accessed on our website via an accessing system, the date and time of any access to the website, an Internet protocol address (IP address), the Internet Service Provider of the accessing system and any other similar data and information which serves to fend off risk in the event of our IT systems being attacked may be gathered.

When using such general data and information, EFAFLEX Tor- und Sicherheitssysteme GmbH & Co. KG does not draw any conclusions concerning the person concerned. Rather, such information is needed in order to deliver the content of our website correctly, optimise the content of our website, as well as the advertising for it, guarantee the ongoing functionality of our IT systems and the technology of our website, and provide law enforcement agencies with the information necessary for prosecution in the event of a cyber-attack. Such data and information gathered anonymously is therefore evaluated by EFAFLEX Tor- und Sicherheitssysteme GmbH & Co. KG on the one hand statistically, and also with the aim of increasing data privacy and data security at our company, in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files is stored separately from any personal data given by a person concerned.

6. The option to make contact via the website

Based on statutory regulations, our company’s website contains details which make it possible to make fast contact with our company electronically, as well as enable direct communication with us, which likewise comprises a general e-mail address. Should a person concerned take up contact with the party responsible for the processing via a contact form, the personal data transmitted by the person concerned will automatically be saved. Such personal data transmitted to the person responsible for the processing by a person concerned on a voluntary basis is saved for the purposes of processing the request or taking up contact with the person concerned. Such personal data is not passed on to third parties.

7. Routine deletion and blocking of personal data

The party responsible for the processing only processes and stores personal data of the person concerned for the period of time which is necessary in order to achieve the purpose of the processing, or in so far as the latter has been stipulated in laws or regulations forming the basis for the processing by the party responsible by the legislative authority. Should the purpose of such storage lapse, or should a storage period prescribed by the legislative authority expire, the personal data is routinely blocked or deleted, in line with the statutory regulations.

8. Rights of the person concerned

8.1 The right to receive confirmation

Every person concerned is entitled to request from the person responsible for the processing a confirmation on whether personal details concerning him or her are processed. Should a person concerned wish to lay claim to this right of confirmation, he or she may contact our Data Privacy Officer or any other employee of the party responsible for the processing for that purpose.

8.2 Right to information

Any person affected by the processing of personal data is entitled to receive the information on the personal data stored on his or her person from the party responsible for the processing, free of charge, and be given a copy of such information along with the information cited here:

• The purposes of processing the personal data
• The categories of personal data that is being processed
• The recipient or categories of recipients to whom the personal data has been disclosed or is yet to be disclosed, in particular in the case of recipients in non-EU countries or at
     international organisations
• If possible, the scheduled duration for which the personal data will be saved, or, if this is not possible, the criteria for laying down such duration
• The existence of a right to correction or deletion of the personal data concerning him or her or to restricting the processing by the party responsible or of a right of opposition
     against such processing
• The existence of a right to appeal to a regulatory authority
• If the personal data is not gathered from the person concerned: any information available on the origin of the data
• The existence of automated decision making, including profiling pursuant to Article 22(1) and (4) General Data Privacy Regulation (GDPR), and — at least in such cases —
     meaningful information on the logic involved, as well as the reach, and the effects of such processing aimed for, for the person concerned.

The person concerned moreover has a right to information on whether personal data has been transmitted to a non-EU country or an international organisation. Should this be the case, the person concerned shall also be entitled to receive information on the appropriate warranties in connection with the transmission.

Should a person concerned wish to lay claim to such a right to information, he or she may contact our Data Privacy Officer for this purpose at any time.

8.3 Right to correction

Any person affected by the processing of personal data has the right to demand immediate correction of any incorrect personal data concerning him or her. The person concerned is, furthermore, entitled, taking into account the purpose of the processing, to demand that incomplete personal data is completed – also by way of a supplementary statement.

Should a person concerned wish to lay claim to such a right to information, he or she may contact our Data Privacy Officer for this purpose at any time.

8.4 The right to deletion (the right to be forgotten)

Any person affected by the processing of personal data has the right to demand of the party responsible that the personal data concerning him or her is deleted immediately, if one of the following grounds applies and if the processing is not necessary:

• The personal data has been gathered for such purposes, or processed in another way, for which it is no longer needed.
• The person concerned revokes his or her consent, on which he or she based the processing pursuant to Art. 6(1)(a) General Data Privacy Regulation (GDPR) or Art. 9(2)(a)
      General Data Privacy Regulation (GDPR), and there is no other legal basis for the processing.
• Pursuant to Art. 21(1) General Data Privacy Regulation (GDPR), the person concerned is filing an opposition to the processing, and there are no overriding justified grounds for
     the processing, or the person concerned is filing an opposition against the processing pursuant to Art. 21(2) General Data Privacy Regulation (GDPR).
• The personal data has been processed illegitimately.
• The deletion of the personal data is necessary in order to fulfil a legal obligation in accordance with EU law or the law of the Member States to which the party responsible is
     subject.
• The personal data has been gathered in regard to services offered in the information society pursuant to Art. 8(1) General Data Privacy Regulation (GDPR).

Should one of the above-mentioned grounds apply and an affected person wish to arrange for the deletion of personal data that is stored with our company, he or she may contact our Data Privacy Officer for this purpose at any time. Our Data Privacy Officer will arrange for the request for deletion to be complied with without delay.

Should the personal data have been published by our company, and should our company, as the party responsible pursuant to Art. 17(1) General Data Privacy Regulation (GDPR), be obliged to delete said personal data, our company shall, taking into account the available technology and the implementation costs, take appropriate steps, also of a technical nature, to inform other parties responsible for the data processing, who process the published personal data, that the person concerned has requested from such other parties responsible for processing the data that all links to said personal data or copies or replications of such personal data be deleted, provided that the processing is not necessary. The Data Privacy Officer will arrange for whatever is necessary in the individual case.

8.5 Right to limit the processing

Any person affected by the processing of personal data has the right, granted by the Legislator of the respective European Directives and Regulations, to require the party responsible to limit the processing of the data if one of the following prerequisites exists:

• The accuracy of the personal data is disputed by the person concerned, and in fact for a period of time which enables the party responsible to check the accuracy of the personal
     data.
• The processing is illegitimate, and the person concerned refuses to have the personal data deleted, and instead demands that the use of the personal data be restricted.
• The party responsible no longer requires the personal data for the purposes of the processing, the person concerned does, however, require it to assert, exercise or defend legal
     claims.
• The person affected has filed an opposition against the processing of the data pursuant to Art. 21(1) General Data Privacy Regulation (GDPR), and it has not yet been
      established whether the justified grounds of the party responsible outweigh those of the affected person.

Should any of the above-mentioned prerequisites apply and an affected person wish to request that the personal data that is stored with our company be limited, he or she may contact our Data Privacy Officer for this purpose at any time. The Data Privacy Officer will arrange for the processing of the data to be limited.

8.6 The right to data portability

Any person affected by the processing of personal data is entitled to receive the personal data concerning him or her, which has been provided to a party responsible by the affected person, in a structured, up-to-date and machine-readable format. He or she additionally has the right to transmit such data to a different party responsible, without being hindered by the party responsible, to which or whom the personal data has been provided, as long as the processing is based on the consent pursuant to Art. 6(1)(a) General Data Privacy Regulation (GDPR) or Art. 9(2)(a) General Data Privacy Regulation (GDPR) or an agreement pursuant to Art. 6(1)(b) General Data Privacy Regulation (GDPR), and the processing is undertaken with the aid of automated procedures, as long as the processing is not necessary in order to complete a task that is in the public interest or completed to exercise official authority that has been conferred upon the party responsible.

When exercising his or her right to data portability pursuant to Art. 20(1) General Data Privacy Regulation (GDPR), the person concerned is, moreover, entitled to cause the personal data to be transmitted directly from one party responsible to another party responsible, if the latter is technically feasible, and as long as the rights and freedoms of other persons are not thereby impaired.

In order to assert the right to data portability, the person concerned may contact the Data Privacy Officer appointed by us at any time.

8.7 Right to file an opposition

Any person affected by the processing of personal data has the right, for reasons which arise from his or her particular situation, to file an opposition against the processing of personal data concerning him or her that is being undertaken based on Art. 6(1)(e) or (f) General Data Privacy Regulation (GDPR), at any time. This also applies to any profiling based on these provisions.

In the event of an opposition, our company no longer processes the personal data, unless we can provide evidence of mandatory grounds for the processing, worthy of protection, which outweigh the interests, rights and freedoms of the person concerned, or the processing serves the purpose of asserting, exercising or defending legal claims.

Should our company process personal data in order to carry out direct marketing, the person concerned is entitled to file an opposition against the processing of the personal data for the purposes of such marketing, at any time. This also applies to profiling, in so far as it is connected with such direct marketing. Should the person concerned oppose the data being processed for the purposes of direct marketing, vis-à-vis our company, we will no longer process the personal data for such purposes.

In addition, the person concerned is entitled, for reasons arising from his or her particular situation, to file an opposition against the processing of personal data concerning him or her that is performed by our company for scientific or historic research purposes or for statistical purposes pursuant to Art. 89(1) General Data Privacy Regulation (GDPR), unless such processing is necessary in order to complete a task that falls within the scope of the public interest.

In order to exercise the right of opposition, the person concerned may contact the Data Privacy Officer directly.

8.8 Automated decisions in the individual case, including profiling

Any person affected by the processing of personal data has the right not to be subjected to a decision based exclusively on automated processing – including profiling – which develops legal validity in regard to him or her or affects him or her considerably in a similar way, as long as the decision is not required for concluding or fulfilling an agreement between the person concerned and the party responsible, or admissible based on legislation of the Union or the Member States, to which the party responsible is subject, with such legislation containing appropriate steps to preserve the rights and freedoms, as well as the justified interests of the person concerned, or effected with the express consent of the person concerned.

Should the decision regarding the conclusion or fulfilment of an agreement between the person concerned and the party responsible be required, or should it be taken with the express consent of the person concerned, our company will take appropriate steps to preserve the rights and freedoms of the person concerned, as well as his or her justified interests, which at least includes the right to arrange for the intervention of a person on the part of the party responsible, the right to explain one’s own position and the right to contest the decision.
Should the person concerned wish to assert rights in regard to automated decisions, he or she may, for this purpose, contact our Data Privacy Officer at any time.

8.9 The right to revocation of any consent under data privacy law

Any person affected by the processing of personal data has the right to revoke any consent given to the processing of personal data at any time. Should the person concerned wish to assert his or her right to revoke any consent granted, he or she may contact our Data Privacy Officer for this purpose at any time.

9. Data privacy in the case of applications and in the application process

The party responsible for the processing gathers and processes the personal data of applicants for the purpose of executing the application procedure. The processing may also be carried out electronically. This is in particular the case if an applicant transmits corresponding application documents to our company electronically, for example by e-mail or via a web form to be found on the website. Should our company conclude an employment contract with an applicant, the data transmitted will be saved for the purpose of handling the employment relationship, adhering to the statutory regulations. Should no employment contract with the applicant be concluded by our company, the application documents will automatically be deleted six months after announcing the decision to turn down the application, unless such deletion is in conflict with any justified interests on the part of the party responsible for the processing. A justified interest, in this sense, may, for example, be an obligation to provide evidence in any proceedings under the German General Equal Treatment Act (AGG).

10. Data privacy provisions 

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Use is made based on Art. 6 para. 1 sentence 1 lit. f. DSGVO. Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of the website such as

• browser type / version,
• used operating system,
• Referrer URL (the previously visited page),
• host name of the accessing computer (IP address),
• time of server request,

are usually transmitted to a Google server in the US and stored there. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. We have also extended the code “anonymizeIP” on this website to Google Analytics. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases, will the full IP address be sent to a Google server in the US and shortened there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator. You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to fully use all the functions of this website. 

In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install: tools.google.com/dlpage/gaoptout.

We continue to use Google Analytics to analyze data from Double-Click and AdWords for statistical purposes. If you do not want to do this, you can disable it through the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=en).

For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).

11 Data Protection Provisions Regarding the Use of Google-Ads

The data controller has integrated Google Ads into this website. Google Ads is a service for internet advertising which allows advertisers to place adverts in Google search engine results and also in the Google advertising network. Google Ads enables an advertiser to pre-determine keywords by which an advert is only displayed in Google’s search engine results if the user retrieves a search engine result which includes a relevant keyword. In the Google advertising network, adverts are distributed on thematically relevant websites by means of an automatic algorithm and in consideration of pre-determined keywords.

The operating company of the Google Ads services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Ads is to advertise our website by inserting interest-related advertising on the websites of third-party companies and in the search engine results of the Google search engine and an inclusion of outside advertising on our website.

If our website is accessed by a data subject via a Google advert, a so-called conversion cookie is placed on the IT system of the data subject by Google. The definition of cookies is provided above. A conversion cookie loses validity after thirty days and cannot be used to identify the data subject. By means of the conversion cookie, provided that it has not yet expired, it can be determined whether specific sub-pages, for example the shopping basket in an online shop system, have been accessed on our website. With the conversion cookie, we and Google can determine whether a data subject who has accessed our website via an Ads advertisement has generated revenue, i.e. has completed or cancelled a purchase.

The data and information collected through the use of the conversion cookie are used by Google to compile visitor statistics for our website. We in turn use these visitor statistics to establish the total number of users that access us via Ads advertisements, and to thus establish the success or lack of success of the respective Ads advertisement and to optimise our future Ads advertisements. Neither our company nor other advertising clients of Google Ads receive information from Google which could enable identification of the data subject.

By means of the conversion cookie, personal data is stored, for example the websites visited by the data subject. Every time our website is accessed, these personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the USA. These personal data will be stored by Google in the USA. Google may transfer these personal data collected by way of this technical process to third parties.

As explained above, the data subject can prevent the setting of cookies by our website at any time with the appropriate settings on his or her web browser, and therefore object to the setting of cookies on a permanent basis. Adjusting the settings of the internet browser in this way also prevents Google from setting a conversion cookie in the data subject’s IT system. Moreover, the data subject may at any time delete a cookie which has already been set by Google Ads using the internet browser or another software programme.

Additionally, the data subject has the option of objecting to interest-related advertising by Google. To do this, the data subject must access the link www.google.de/settings/ads via each internet browser he or she uses to adjust the settings accordingly.

Further information and Google’s applicable data protection policy is available at https://www.google.de/intl/de/policies/privacy/.

12 Data Protection Provisions Regarding the Use of YouTube

The data controller has integrated components of YouTube into this website. YouTube is an online video portal where video publishers can publish videos free of charge, and where other users can watch, rate, and comment on these, also free of charge. YouTube allows the publication of all kinds of videos, which is why both complete films and television shows, but also music videos, trailers or videos created by the users themselves can be accessed via the online portal.

The operator of YouTube is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For each visit to one of the individual pages of this website which is operated by the data controller and into which a YouTube component (YouTube video) has been integrated, the web browser on the information technology system of the data subject will be automatically prompted by the corresponding YouTube component to download a display of the corresponding YouTube component from YouTube. Further information on YouTube is available at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google are made aware of the specific sub-page of our website which the data subject has visited.

If the data subject is logged into YouTube at the same time, YouTube will recognise which specific sub-page of our website the data subject is visiting if a sub-page containing a YouTube video is accessed. This information will be collected by YouTube and Google and matched with the corresponding YouTube account of the data subject.

Via the YouTube component, YouTube and Google always receive notification of any visit made to our website by the data subject if the data subject is simultaneously logged into YouTube when he or she accesses our website; this occurs irrespective of whether the data subject clicks on the YouTube video or not. If the data subject does not want information to be transferred to YouTube and Google in this way, he or she can prevent this transfer by logging out of their YouTube account before he or she accesses our website.

The privacy policy of YouTube, which is available at www.google.de/intl/de/policies/privacy/, provides information on the collection, processing, and use of personal data by YouTube and Google.

13 Privacy Policy for Facebook

Our website uses functions of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Upon accessing our websites containing a Facebook plug-in, a connection is established between your browser and the Facebook servers. This already involves a transfer of data to Facebook. If you have a Facebook account, these data can be linked to it. If you do not want the data to be assigned to your Facebook account, please log out of Facebook before visiting our website. Interactions, including but not limited to using a comment feature or clicking on a “Like” or “Share” button, are also forwarded to Facebook. For more information, please visit https://de-de.facebook.com/about/privacy.

14 Facebook Connect

Data Protection Provisions Regarding the Application and Use of Facebook

The data controller has integrated components of the company Facebook into this website. Facebook is a social network. A social network is a place for social meetings on the internet; an online community which generally allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences or enable the internet community to provide personal or business-related information. Facebook allows the users of its social network to create private profiles, to upload photos, and to network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside of the United States of America or Canada, the data controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

For each visit to one of the websites which is operated by the data controller and into which a Facebook component (Facebook plug-in) has been integrated, the web browser on the information technology system of the data subject will be automatically prompted by the corresponding Facebook component to download a display of the corresponding Facebook component from Facebook. An overview of all the Facebook plug-ins is available at https://developers.facebook.com/docs/plugins/?locale=de_DE. During the course of this technical procedure, Facebook is made aware of the specific sub-page of our website that was visited by the data subject.

If the data subject is logged into Facebook at the same time, every time the data subject accesses our website and for the entire duration of their stay on our website, Facebook is able to see which specific sub-pages of our website the data subject is visiting. This information will be collected by the Facebook component and assigned to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons that have been integrated into our website such as the “Like” button, or if the data subject submits a comment, Facebook will match this information with the personal Facebook user account of the data subject and store these personal data.

Via the Facebook component, Facebook will always receive notification of any visit made to our website by the data subject if the data subject is simultaneously logged into Facebook when he or she accesses our website; this will occur regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want such a transfer of information to Facebook to take place, he or she may prevent this transfer by logging out of their Facebook account before he or she accesses our website.

The data protection guidelines published by Facebook, which are available at https://de-de.facebook.com/about/privacy/, provide information about the collection, processing and use of personal data by Facebook. They also provide information on the setting options that Facebook offers to protect the privacy of the data subject. Furthermore, several applications are available that allow the suppressing of a data transfer to Facebook, for example the Facebook blocker by the provider Eyeo GmbH which can be downloaded at https://adblockplus.org/de. These applications can be used by the data subject to prevent data from being transferred to Facebook.

15 Facebook Custom Audience

This website uses the service “Facebook Custom Audiences”. Facebook Custom Audiences is a service provided by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; hereinafter referred to as “Facebook“). This service allows us to address Facebook users with advertisements which are of interest to them.

To enable this service, we have implemented the Facebook Remarketing Tag on our website. When you visit the website, this tag establishes a direct connection to the Facebook servers. It provides Facebook with information on the pages of our website you have visited. Facebook then compares them with your Facebook user account. Upon your next visit to Facebook, you are then shown personalised advertisements – Facebook Ads – which are relevant to your interests.

The legal basis for the use of the service is art. 6 (f) GDPR – legitimate interest. Our legitimate interest in using this service is addressing the website’s users with targeted advertising.

For further information, please refer to the Facebook privacy policy: https://www.facebook.com/about/privacy/.

Facebook has been certified for the Privacy Shield: https://m.facebook.com/about/privacyshield

16 HubSpot

On this website, we use HubSpot for our online marketing activities. HubSpot is a software company from the USA with a branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, phone: +353 1 5187500.

It is an integrated software solution covering various aspects of our online marketing. These include:

E-mail marketing (newsletter and automated mailing, e.g. for provision of downloads), social media publishing & reporting, reporting (e.g. traffic sources, visits, etc., …), contact management (e.g. user segmentation & CRM), landing pages and contact forms.

Our registration service allows the visitors of our website to learn more about our company, download content and provide their contact information and additional demographic information. This information and the content of our website are stored on the servers of our software partner HubSpot. They can be used by us to contact users of our website and to determine which services of our company are of interest to them. All information collected by us is subject to this privacy policy. We are using all collected information to optimise our marketing measures only.

Furthermore, we use the live chat service “Messages” by HubSpot on some sub-pages to send and receive messages in order to improve the user experience on our website (round chat icon at the lower right edge of the screen). If you consent to and use this function, the following data are transmitted to the HubSpot servers:

• Content of all chat messages sent and received
• Context information (e.g. page on which the chat was used)
• Optional: E-mail address of the user (if provided by the user via the chat feature)

The legal basis for the use of the HubSpot services is art. 6 (f) GDPR – legitimate interest. Our legitimate interest in using this service is to optimise our marketing measures and improve our service quality on the website.

HubSpot is certified according to the provisions of the “EU-U.S. Privacy Shield Frameworks” and is subject to TRUSTE’s Privacy Seal and the “U.S.-Swiss Safe Harbor” Framework.

More information on the Privacy Policy of HubSpot »
More information by HubSpot regarding the EU Privacy Policy »
For more information on the cookies used by HubSpot, please visit this page & this page »

If you do not wish to have your data collected by HubSpot in general, you may prevent the storing of cookies at any time by making the appropriate settings in your browser.

17 LinkedIn Analytics

Data Protection Provisions Regarding the Use of LinkedIn

The data controller has integrated components of LinkedIn Corporation into this website. LinkedIn is an internet-based social network enabling connection of users with existing business contacts and establishing new business contacts. Over 400 million registered persons in more than 200 countries are using LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites world-wide.

LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. Data protection matters outside of the USA are the responsibility of LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time our website receives an access request which is equipped with a LinkedIn component (LinkedIn plug-in), the component prompts the browser used by the data subject to download a display of this component from LinkedIn. More information on the LinkedIn plug-ins is available at https://developer.linkedin.com/plugins. During the course of this technical procedure, LinkedIn is made aware of the specific sub-page of our website that was visited by the data subject.

If the data subject is logged into LinkedIn at the same time, every time the data subject accesses our website and for the entire duration of his or her stay on our website, LinkedIn is able to see which specific sub-pages of our website the data subject is visiting. This information will be collected by the LinkedIn component and associated with the corresponding LinkedIn account of the data subject by LinkedIn. If the data subject clicks on one of the LinkedIn buttons that have been integrated into our website, LinkedIn will attribute this information to the personal LinkedIn user account of the data subject and store these personal data.

Via the LinkedIn component, LinkedIn will always receive notification of any visit made to our website by the data subject if the data subject is simultaneously logged into LinkedIn when he or she accesses our website; this will occur regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want such a transfer of information to LinkedIn to take place, he or she may prevent this transfer by logging out of his or her LinkedIn account before he or she accesses our website.

At https://www.linkedin.com/psettings/guest-controls, LinkedIn offers the option to unsubscribe from e-mail messages, text messages and targeted adverts and to manage advertisement settings. Furthermore, LinkedIn uses partners like Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame which may store cookies on the data subject’s computer. These cookies can be refused at https://www.linkedin.com/legal/cookie-policy. The applicable privacy policy of LinkedIn is available at https://www.linkedin.com/legal/privacy-policy. For the LinkedIn cookie policy, please visit https://www.linkedin.com/legal/cookie-policy.

18 Newsletter

When registering for our newsletter, the following personal data are collected: Your name and your e-mail address. By subscribing to our newsletter, you consent to the above data being collected, processed and saved. We will use these data to send the newsletter exclusively. You are giving your consent for the newsletter subscription to ‘mailingwork GmbH’ only. To optimise our offer, we are analysing in a personalised manner which links you are clicking on in the newsletter. By subscribing, you are giving your consent to such analysis. You may cancel your consent to storage of the e-mail address and its use to send the newsletter with effect for the future by using the unsubscribe link at the bottom of the newsletter.

19 Google Maps

We integrate the maps of the “Google Maps” service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data processed may include but is not limited to IP addresses and the users’ location data; however, these are not collected without their permission (usually via the settings of their mobile devices). These data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

20 Twitter Button

Data Protection Provisions Regarding the Use of Twitter

The data controller has integrated components of Twitter into this website. Twitter is a multilingual, publicly accessible micro-blogging service where users can post and disseminate so-called Tweets, short messages limited to 280 characters. These short messages are accessible for everybody, including persons not registered with Twitter. The Tweets will also be displayed to the so-called followers of the user in question. Follower are other Twitter users who follow the Tweets of a user. Furthermore, Twitter allows addressing a large audience through the use of hashtags, linking or retweeting.

Twitter is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

By visiting one of the individual pages of this website which is operated by the data controller and into which a Twitter component (Twitter button) has been integrated, the web browser on the information technology system of the data subject will be automatically prompted by the Twitter component to download a display of the corresponding Twitter component from Twitter. Further information on the Twitter buttons is available at https://about.twitter.com/de/resources/buttons. During the course of this technical process, Twitter is made aware of the specific sub-page of our website that was visited by the data subject. The purpose of integrating the Twitter component is allowing our users to share the content of this website, to make this website known in the digital world, and to increase the number of people visiting our website.

If the data subject is logged into Twitter at the same time, every time the data subject accesses our website and for the entire duration of his or her stay on our website, Twitter is able to see which specific sub-pages of our website the data subject is visiting. This information will be collected by the Twitter component and associated with the corresponding Twitter account of the data subject by Twitter. If the data subject clicks on a Twitter button that is integrated into our website, the data and information transmitted by doing so will be associated with the personal Twitter user account of the data subject, and will be saved and processed by Twitter.

Via the Twitter component, Twitter will always receive notification of any visit made to our website by the data subject if the data subject is simultaneously logged into Twitter when he or she accesses our website; this will occur regardless of whether the data subject clicks on the Twitter component or not. If the data subject does not want such a transfer of information to Twitter to take place, he or she may prevent this transfer by logging out of his or her Twitter account before he or she accesses our website.

The applicable privacy policy of Twitter is available at https://twitter.com/privacy?lang=de.

21. Competent regulatory authority for data privacy

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113 or 01625 545745
Fax: 01625 524510

22. Amendments to the data privacy provisions

We reserve the right to alter our security and data privacy provisions, should it be necessary due to technological developments. We will, in such cases, also adapt our data privacy statement accordingly. Please note the respective current version of our data privacy statement.

(04/2019)