PRIVACY POLICY



The protection of your personal data when you visit our website is very important to us. We protect your privacy and your personal information. We collect, process, and use your personal data in accordance with this Privacy Policy and applicable data protection regulations, in particular the General Data Protection Regulation, the German Federal Data Protection Act, and the German Telecommunications and Digital Ser-vices Data Protection Act.

This Privacy Policy explains what personal data we collect, process, and use about you. We therefore ask that you read the following information carefully.


1. Name and address of the Responsible Party


dataTec AG
Ferdinand-Lassalle-Str. 52
72770 Reutlingen, Germany

Phone: +49 7121 / 51 50 50
Fax: +49 7121 / 51 50 10
Email: info@datatec.eu
Website: www.datatec.eu
Imprint: https://www.datatec.eu/imprint


2. Name and Address of the Data Protection Officer


Ingenieurbüro Bernd Hölle GmbH
Gerhard-Kindler-Straße 3
72770 Reutlingen, Germany
Tel: +49 (0) 7121 820 17 40
Email: datatec@ibh-datenschutz.de


3. General Information on Data Processing


3.1 Scope of Processing of Personal Data
As a general rule, we collect and use our users′ personal data only to the extent necessary to provide a fully functional website and our content and services. We generally collect and use our users′ personal data only with their consent. An exception applies in cases where it is not possible to obtain consent in advance for practical reasons and the processing of the data is permitted by law.

3.2 Legal Basis for Data Processing
If you have consented to the processing of your data, we process your personal data on the basis of Arti-cle 6(1)(a) of GDPR (EU General Data Protection Regulation) or Article 9(2)(a) of GDPR, provided that spe-cial categories of data as defined in Article 9(1) of GDPR are being processed.
br> If you have consented to the storage of cookies or to access to information on your device (e.g., via de-vice fingerprinting), data processing is also carried out on the basis of Section 25(1) of the TDDDG (Ger-man Telecommunications and Digital Services Data Protection Act). Consent may be revoked at any time.

If your data is necessary for the performance of a contract or for the implementation of precontractual measures, we process your data on the basis of Article 6(1)(b) of GDPR. Furthermore, we process your data to the extent that it is necessary to comply with a legal obligation, pursuant to Article 6(1)(c) of GDPR.

Data processing may also be carried out on the basis of our legitimate interest pursuant to Article 6(1)(f) of GDPR. The following sections of this Privacy Policy provide information about the legal basis applicable in each specific case.

3.3 Note on the Transfer of Data to Third Countries
As explained in this Privacy Policy, we use services provided by companies that are in some cases based in so-called third countries (outside of the European Union or the European Economic Area) or that process personal data there – that is, in countries where the data protection standards do not correspond to those of the European Union. To the extent that this is the case and the European Commission has not adopted an adequacy decision (Art. 45 of GDPR) for these countries, we have implemented appropriate safeguards in accordance with Art. 44 et seq. of GDPR to ensure an adequate level of data protection for any data transfers. These include, among other things, the European Union′s standard contractual clauses and bind-ing internal data protection policies.

If a transfer to a third country is planned and there is no adequacy decision or appropriate guarantees in place, there is a possibility and a risk that authorities in the respective third country (e.g., intelligence agen-cies) may gain access to the transferred data in order to collect and analyze it, and that the enforceability of your rights as a data subject cannot be guaranteed.

3.4 Withdrawal of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You may revoke your con-sent at any time. The lawfulness of the data processing carried out prior to the revocation remains unaffect-ed by the revocation.

3.5 Retention period
Unless a more specific retention period is specified in this Privacy Policy, we will retain your personal data until the purpose for which it was collected no longer applies. If you submit a valid request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once those grounds no longer apply.

3.6 SSL or TLS encryption
For security reasons and to protect the transmission of confidential information – such as orders or inquir-ies that you send to us as the website operator – this site uses SSL or TLS encryption. You can tell that a connection is encrypted when the browser′s address bar changes from “http://” to “https://” and when you see the padlock icon in your browser′s address bar.

If SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

3.7 Hosting
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the hosting provider′s servers. This may include, in particular, IP addresses, contact requests, metadata and communication data, contract data, contact information, names, website visits, and other data generated through a website.

We use the following hoster:
Microsoft Corporation, One Microsoft Way, 98052-6399 Redmond, WA, United States of America (Microsoft Azure).

For more information about the Microsoft Azure Cloud, please see Microsoft′s Privacy Statement: https://www.microsoft.com/en/trust-center


4. Generation of Server Log Files


4.1 Description and Purpose of Data Processing
The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not combined with data from other sources.

4.2 Legal Basis for Data Processing
This data is collected pursuant to Article 6(1)(f) of GDPR in conjunction with Section 25(2)(2) of the TDDDG. The website operator has a legitimate interest in ensuring that its website functions properly and is opti-mized. To this end, server log files must be collected.

4.3 Duration of Storage
The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of data collected for the purpose of providing the website, this occurs when the respective ses-sion ends.


5. Use of Cookies


5.1 Description and Purpose of Data Processing
Our website uses what are known as “cookies”. Cookies are small text files and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.

In some cases, cookies from third-party companies may also be stored on your device when you visit our site (third-party cookies). These enable us or you to use certain services provided by the third-party compa-ny (e.g., cookies for processing payment services).

Cookies serve various purposes. Many cookies are technically necessary because certain website features would not work without them (e.g., the shopping cart feature or the display of videos). Other cookies are used to analyze user behavior or display advertisements.

5.2 Legal Basis for Data Processing
Cookies that are required to carry out the electronic communication process (necessary cookies), to provide certain features you have requested (functional cookies, e.g., for the shopping cart feature), or to optimize the website (e.g., cookies for measuring website traffic) are stored pursuant to Article 6(1)(f) of GDPR in conjunction with Section 25(2)(2) of the TDDDG, unless another legal basis is specified. The website opera-tor has a legitimate interest in storing cookies to ensure that its services are provided in a technically error-free and optimized manner. If consent to the storage of cookies has been requested, the relevant cookies are stored solely on the basis of this consent (Art. 6(1)(a) of GDPR, § 25(2)(1) of the TDDDG); consent may be revoked at any time.

You can configure your browser to notify you when cookies are set, to allow cookies only on a case-by-case basis, to block cookies in specific cases or generally, and to enable the automatic deletion of cookies when you close your browser. If you disable cookies, the functionality of this website may be limited.

5.3 Duration of Storage
By changing the settings in your web browser, you can disable or restrict the use of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.

For detailed information about the cookies used on this website and their respective retention periods, please refer to our cookie consent management tool provided by Usercentrics.


6. Cookies Used

You can find information about the cookies we use here: https://www.datatec.eu/de/en/services-used


7. Contact us via the contact form, email, phone, or fax


7.1 Description and Purpose of Data Processing
Our website features contact forms that can be used to contact us electronically. If a user takes advantage of this option, the data entered in the form will be transmitted to us and stored. These data are:

For the contact form and email contact:

  • Title (Mr., Mrs., Ms., etc.)
  • Professional Title (optional)
  • First Name
  • Last Name
  • Company
  • Email address
  • Phone number
  • Address
  • Message
At the time the message is sent, the following data is also stored:
  • The user′s IP address
  • Date and time of registration
If you contact us by email, phone, or fax, we will store and process your inquiry, including all personal data contained therein, for the purpose of handling your request.

When you contact us, your data will not be shared with third parties. The data is used exclusively for pro-cessing the conversation.

7.2 Legal Basis for Data Processing
This data is processed on the basis of Article 6(1)(b) of GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of precontractual measures. In all other cases, the processing is based on our legitimate interest in effectively handling inquiries directed to us (Art. 6(1)(f) of GDPR).

7.3 Duration of Storage
The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. For personal data entered in the contact form and data sent via email, telephone, or fax, this applies once the respective conversation with the user has ended. The conversation is considered to be over when the circumstances indicate that the matter in question has been fully resolved.

Any additional personal data collected during the submission process via the contact form and email will be deleted no later than six years after collection.


8. Newsletter


8.1 Description and Purpose of Data Processing
When you subscribe to our newsletter, we use the email address you provide, as well as any additional per-sonal data you choose to provide (title, last name), to send you our newsletter on a regular basis. This newsletter provides you with information about our products, special offers, events, and news.

To further optimize the newsletter and analyze reading behavior, tracking links or web beacons are used in the newsletters. When you open the newsletter, the system records whether and when it was opened and which links were clicked. This data is analyzed in a pseudonymized form.


8.1 Legal Basis for Data Processing
The data collected as part of the newsletter sign-up process is processed exclusively on the basis of your consent in accordance with Article 6(1)(a) of GDPR. You may revoke your consent to the use of your email address for newsletter distribution at any time. You can unsubscribe by clicking the corresponding link in the newsletter or by sending an email to adressmanagement@datatec.de.


8.1 Duration of Storage
Your data will be stored for the purpose of sending the newsletter as long as you do not withdraw your consent. Once you have withdrawn your consent or unsubscribed from the newsletter, your data will be de-leted immediately, provided there are no legally required retention periods.


9. E-commerce and Payment Providers


9.1 Description and Purpose of Data Processing
Online Store / Data Processing (Customer and Contract Data)
If you would like to place an order in our online store (for products or services such as webinars or semi-nars), you must provide personal information necessary for us to process your order in order to conclude the contract. Required information necessary for processing the contracts is marked separately; additional information is optional. We process the data you provide to fulfill your order. To do this, we may share your payment information with our bank.

You can voluntarily create a customer account, which will allow us to save your information for future pur-chases. We may also process the data you provide to inform you about other interesting products in our portfolio or to send you emails containing technical information.

The following information is collected when a customer account is created in the online store:

  • Professional Title (optional)
  • First Name
  • Last Name
  • Email address
  • Password
  • Phone number
  • Company
  • Department Information (optional)
  • Sales Tax ID (optional)
  • Address
  • Country
Alternatively, you can place your order without creating a customer account. In this case, you do not need to set a password.


9.1.1 Encrypted Payments on This Website
If, after entering into a paid contract, you are required to provide us with your payment information (e.g., account number for direct debit authorization), this information is necessary for processing the payment.

Payment transactions using standard payment methods (Visa/MasterCard, direct debit) are processed ex-clusively via an encrypted SSL or TLS connection. You can tell that a connection is encrypted when the browser′s address bar changes from “http://” to “https://” and when you see the padlock icon in your brows-er′s address bar.

9.1.2 Data Transmission Upon Contract Conclusion for Online Stores, Retailers, and Merchandise Shipping
When you order goods from us, we share your personal data with the shipping company responsible for delivery and with the payment service provider handling the payment transaction. Only data that the respec-tive service provider needs to perform its tasks will be disclosed.

9.1.3 Data Transmission Upon Conclusion of a Contract for Services and Digital Content
We disclose personal data to third parties only when necessary for the fulfillment of the contract, such as to the financial institution responsible for processing payments.

The data will not be disclosed to third parties, or will only be disclosed if you have expressly consented to such disclosure. We will not disclose your data to third parties without your express consent, for example for advertising purposes.

9.1.4 Credit Checks
For purchases on account or other payment methods where we make an advance payment, we may conduct a credit check (scoring). To this end, we will forward the information you have provided (e.g., name, ad-dress, age, or bank details) to a credit bureau. This data is used to determine the probability of default. If the risk of nonpayment is excessive, we may refuse to accept that payment method.

9.1.5 Payment Services
We integrate third-party payment services into our website. When you make a purchase from us, your pay-ment information (e.g., name, payment amount, bank account information, credit card number) is processed by the payment service provider for the purpose of processing your payment. The respective terms and conditions and privacy policies of the relevant providers apply to these transactions.

Paypal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

You can find PayPal′s privacy statement regarding its processing of your personal data as the data control-ler here: https://www.paypal.com/us/legalhub/paypal/privacy-full.

Sofortüberweisung
This payment service is provided by Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “Sofort GmbH”). Using the “Sofortüberweisung” service, we receive real-time payment confirmation from Sofort GmbH and can immediately begin fulfilling our obligations. If you have chosen the "Sofortüber-weisung" payment method, please provide Sofort GmbH with your PIN and a valid TAN so that they can log in to your online banking account.

After you log in, Sofort GmbH automatically checks your account balance and processes the transfer to us using the TAN you provided. It then sends us a transaction confirmation immediately. After you log in, your transaction history, your overdraft limit, and the existence of other accounts and their balances will also be automatically checked. In addition to your PIN and TAN, the payment information you enter and your per-sonal information are also transmitted to Sofort GmbH. Your personal information includes your first and last names, address, phone number(s), email address, IP address, and, if applicable, any other information required for payment processing. Providing this information is necessary to verify your identity beyond a doubt and to prevent fraud.

For details on paying via Sofortüberweisung, please see the following links: https://www.klarna.com/international/privacy-policy/ and https://www.klarna.com/international/enterprise/sofort-to-klarna-payments/.

Mollie
This payment service is provided by Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, Netherlands (here-inafter “Mollie”). With Mollie′s help, we can integrate various payment methods into our website. For more details, please refer to Mollie′s Privacy Policy: https://www.mollie.com/gb/legal/privacy.

Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Water-loo, Belgium (hereinafter “Mastercard”).

For details on Mastercard′s data processing, please visit: https://www.mastercard.com/gb/en/privacy-notice.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA
This payment service is provided by Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).

You can find details about VISA′s data processing here: https://www.visa.co.uk/legal/global-privacy-notice.html.

9.2 Legal Basis for Data Processing
Data processing in the online store is carried out for the purpose of fulfilling a contract with you, based on Article 6(1)(b) of GDPR. If you have provided your consent in accordance with Article 6(1)(a) of GDPR, we will share your email address with the shipping company responsible for delivery so that it can notify you via email about the shipping status of your order; you may withdraw your consent at any time.

9.3 Duration of Storage
When you create a customer account under “My Account”, the information you provide will be stored on a revocable basis. You can delete all other data, including your user account, at any time in the customer portal.

Due to commercial and tax law requirements, we are obligated to store your address, payment, and order information for a period of ten years. Your data will be used to comply with legal obligations.


10. Value-added Content such as White Papers and Trade Show Passes


10.1 Description and Purpose of Data Processing
From time to time, we offer value-added content on our website, such as white papers on the products we offer or free tickets to trade shows. To access the value-added content, you must register on our website. The following personal data is processed during the registration process:

  • Last Name / First Name
  • Email Address
  • Phone Number
  • Company Name
By registering and receiving value-added content, you will receive regular updates from us about our prod-ucts, services, and events in the form of a newsletter. You can unsubscribe from the newsletter at any time.

Your data will only be shared with third parties whom we have engaged as service providers to send out the newsletter. Appropriate data processing agreements or confidentiality agreements have been entered into with the service providers.

10.2 Legal Basis for Data Processing
The processing of the data collected during registration is based solely on your consent in accordance with Article 6(1)(a) of GDPR. You may revoke your consent to the use of your email address for newsletter dis-tribution at any time. You can unsubscribe by clicking the corresponding link in the newsletter or by sending an email to adressmanagement@datatec.de.

10.3 Duration of Storage
Your data will be stored for the purpose of sending the newsletter as long as you do not withdraw your consent. Once you have withdrawn your consent or unsubscribed from the newsletter, your data will be de-leted immediately, provided there are no legally required retention periods.


11. Online meetings, including webinars, via “Microsoft Teams”


11.1 Description and Purpose of Data Processing
We use “Microsoft Teams” to hold online meetings. Online meetings may include: Job interviews, client meetings, internal communication, webinars. “Microsoft Teams” is a service provided by Microsoft Corpora-tion, One Microsoft Way, Redmond, WA 98052-6399, headquartered in the United States.

If online meetings are recorded, you will be clearly informed of this in advance, before the online meeting begins. A notification about the ongoing recording will be displayed during the online meeting. However, as a rule, online meetings are not recorded.

If it is necessary for the purpose of documenting the results of an online meeting, we will record the chat content. However, that will generally not be the case.

Automated decision-making as defined by Article 22 of GDPR does not apply.

When using Microsoft Teams, various types of data are processed. The scope of the personal data also depends on what information you provide before or during your participation in an online meeting.

The following types of personal data may be processed:

  • IP address
  • Information provided by the participant: Display name, email address (if applicable), profile pic-ture (optional), preferred language.
  • Meeting metadata: Subject, date, time, meeting ID and password, phone number, location, device and hardware information, telemetry data, and diagnostic data.
  • Text, audio, and video data: You may be able to use the chat feature during an online meeting. If this is the case, the text you enter will be processed so that it can be displayed in the online meet-ing. To enable video display and audio playback, data from your device′s microphone and, if appli-cable, its video camera will be processed for the duration of the online meeting. You can turn off or mute your camera or microphone at any time using the Microsoft Teams app.
Your personal data is processed by dataTec AG employees who are involved in conducting the online meeting. Access to personal data is limited to the minimum necessary.

Microsoft Teams is a service provided by a U.S.-based provider. This means that Microsoft also processes personal data in a third country. We have entered into a contract with the provider of Microsoft Teams in accordance with what are referred to as the EU Standard Contractual Clauses. In addition, the EU has is-sued an adequacy decision for the United States pursuant to Article 45 of GDPR. Microsoft is also listed on the U.S.-E.U. Privacy Framework.

As an additional protective measure, we have also configured our Microsoft Teams settings so that only data centers located in the EU or the EEA are used for online meetings. However, data transfers to a third country cannot be ruled out.

11.2 Legal Basis for Data Processing
The legal basis for the processing of your personal data in connection with the conduct of online meetings is based on our legitimate interest in the effective conduct of such meetings and in establishing visual con-tact with, among others, job applicants (Art. 6(1)(f) of GDPR). Furthermore, the legal basis may be the per-formance of a contractual relationship with you (Art. 6(1)(b) of GDPR).

11.3 Duration of Storage
As a general rule, we delete personal data when there is no longer a need to retain it. Such a requirement may exist, in particular, if the data is still needed to fulfill contractual obligations or to assess, grant, or defend against warranty and, where applicable, guarantee claims. In the case of statutory retention require-ments, deletion may only be considered after the respective retention period has expired.

We have no control over how long Microsoft retains your data for its own purposes.


12. Handling of Applicant Data


12.1 Description and Purpose of Data Processing
We offer you the opportunity to apply for a position with us (e.g., by email, mail, or through our online ap-plication form). Below, we provide information about the scope, purpose, and use of your personal data collected as part of the application process. We assure you that the collection, processing, and use of your data are carried out in accordance with applicable data protection laws and all other legal requirements, and that your data will be treated with the strictest confidentiality.

If you submit an application to us, we will process your related personal data (e.g., contact and communica-tion information, application documents, notes taken during job interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. Your personal data will be shared within our com-pany exclusively with those individuals involved in processing your application.

12.2 Legal Basis for Data Processing
The legal basis for this is Section 26 of BDSG (German Federal Data Protection Act) (initiation of an em-ployment relationship), Article 6(1)(b) of GDPR (general contract initiation), and – if you have given your consent – Article 6(1)(a) of GDPR. Consent may be revoked at any time.

If your application is successful, the data you submitted will be stored in our data processing systems in accordance with Section 26 of BDSG and Article 6(1)(b) of GDPR for the purpose of carrying out the em-ployment relationship.

12.3 Duration of Storage
If we are unable to offer you a position, if you decline a job offer, or if you withdraw your application, we reserve the right to retain the data you have provided for up to 6 months from the end of the application process (rejection or withdrawal of the application) based on our legitimate interests (Art. 6(1)(f) of GDPR).

The data will then be deleted, and the physical application documents will be destroyed. The data is retained primarily for evidentiary purposes in the event of a legal dispute. If it is apparent that the data will be need-ed after the 6-month period has expired (e.g., due to an impending or pending legal dispute), the data will not be deleted until the purpose for its continued retention no longer applies.

Data may also be retained for a longer period if you have provided the appropriate consent (Art. 6(1)(a) of GDPR) or if statutory retention requirements prevent its deletion.

If we do not offer you a position, we may be able to add you to our candidate pool. If you are accepted, all documents and information from your application will be added to the candidate pool so that we can con-tact you if suitable openings arise. Inclusion in the candidate pool is based solely on your explicit consent (Art. 6(1)(a) of GDPR). Providing consent is voluntary and has no bearing on the ongoing application pro-cess. The data subject may withdraw their consent at any time. In this case, the data will be permanently deleted from the candidate pool unless there are legal grounds for retaining it.

Data from the candidate pool will be permanently deleted no later than two years after consent is granted.


13. Privacy Notice for Business Partners


13.1 Description and Purpose of Data Processing
We process personal data that we receive from you in connection with a prospective or existing business relationship. We receive this data directly from you, for example, when you inquire about our products, when you place an order, during a trade show interaction, or through an order we place for the delivery of products and services. The data is stored internally in our customer and supplier management system. Spe-cifically, we process the following data:

  • Title (Mr., Mrs., Ms., etc.)
  • Last Name and First Name of the Contact Person
  • Professional Title
  • Position
  • Department
  • Phone Number
  • Email Address
  • Address of the company in question
  • Industry
  • Data related to the fulfillment of an order
  • Correspondence / Content of Conversations
Within our company, only those employees who need your data to fulfill our contractual and legal obliga-tions are granted access to it. Service providers and agents contracted by us may receive data for these purposes, provided that the individuals involved are bound by confidentiality obligations and comply with written data protection guidelines. These are primarily companies from the categories listed below:

Support/maintenance of computer/IT applications, archiving, document, and data carrier destruction, pur-chasing/procurement, debt collection, tax advisors for preparing monthly and annual financial statements, mail and transportation services, credit bureaus, payment processing, asserting legal claims, and defense in legal disputes.

Data may be transferred to entities in countries outside the European Economic Area (EU/EEA) (so-called third countries) if such a transfer is necessary to fulfill a contractual obligation to the business partner, if it is in our legitimate interest, or if you have given us your consent. In this context, the processing of data in a third country may also take place in connection with the engagement of service providers in the context of data processing on behalf of the controller. If the European Commission has not issued a decision confirm-ing that the country in question has an adequate level of data protection, we will ensure, in accordance with EU data protection requirements, through appropriate contracts and suitable technical and organizational measures, that your rights and freedoms are adequately protected and guaranteed.

13.2 Legal Basis for Data Processing
To fulfill contractual obligations pursuant to Article 6(1)(b) of GDPR. Example: Initiating, concluding, per-forming, and terminating a contract with you for the delivery of our products and services or for the pro-curement of products and services. This also includes the disclosure of personal data to our co-partners in connection with a specific request (e.g., registration for an event).

In the context of the balancing of interests pursuant to Article 6(1)(f) of GDPR: To the extent necessary, we process your data beyond the actual performance of the contract to protect our legitimate interests or those of third parties. Examples: Support requests, advertising/market and opinion research (provided you have not objected to the use of your data), credit checks, the assertion of legal claims and defense in legal dis-putes, and, where applicable, the disclosure of contact information to affiliates of dataTec AG for the pur-pose of processing a request.

Based on your consent pursuant to Article 6(1)(a) of GDPR, to the extent that you have given us consent to process personal data for specific purposes.

Due to legal requirements under Article 6(1)(c) of GDPR, i.e., various legal obligations, such as Section 257 of the German Commercial Code (Handelsgesetzbuch), Section 147 of the German Fiscal Code (Abgabe-nordnung), and the German Principles for the Storage of Accounting Data (GoBD) regarding the retention of tax-related data, as well as other relevant laws.

13.3 Duration of Storage
Your personal data will be stored for as long as necessary to fulfill our contractual and legal obligations. If the data is no longer necessary for the fulfillment of contractual or legal obligations, it will be deleted.

Personal data of individuals interested in our products and services is deleted after one year if the initial interest has not led to a business relationship.

Correspondence with you regarding the sale of our products and services (e.g., via email) will not be delet-ed due to potential support requests, as this information is necessary to properly address such requests. Correspondence related to the procurement of products and services is also not deleted for the purpose of follow-up inquiries.


14. Facebook and Instagram


14.1 Description and Purpose of Data Processing
When you visit our Facebook or Instagram page, where we showcase our company or individual products from our lineup, certain information about you is processed. Meta Platforms Ireland Limited (Ireland/EU – “Meta”) is the sole controller responsible for this processing of personal data. For more information about Meta′s processing of personal data, please visit https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.

Meta provides us with anonymized statistics and insights for our Facebook and Instagram pages, which help us gain an understanding of the types of actions people take on our pages (referred to as “page in-sights”). These page insights are generated based on specific information about people who have visited our page. This processing of personal data is carried out by Meta and us as joint controllers.

We cannot link the information we receive through page insights to individual Facebook profiles that interact with our Facebook page. We have entered into a joint controller agreement with Meta that sets forth the allocation of data protection obligations between us and Meta. For details on the processing of personal data for the purpose of generating page insights and the agreement entered into between us and Meta, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data.

14.2 Legal Basis for Data Processing
The legal basis for our processing of data in this regard is our legitimate interest in effectively informing users and communicating with them, in accordance with Article 6(1)(f) of GDPR.

Please note that, in accordance with Meta′s privacy policy, user data may also be processed in the United States or other third countries. Meta transfers user data only to countries for which the European Commis-sion has issued an adequacy decision pursuant to Article 45 of GDPR or on the basis of appropriate safe-guards pursuant to Article 46 of GDPR.

14.3 Right to Object and Right to Rectification
Meta offers the option to object to certain data processing activities; information on this and opt-out op-tions can be found at https://www.facebook.com/settings?tab=ads.

With regard to this data processing, you have the option of exercising your rights as a data subject (see “Your Rights”) with Meta as well. For more information on this, please see Meta′s Privacy Policy at https://www.facebook.com/privacy/explanation.


15. LinkedIn

15.1 Description and Purpose of Data Processing
LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is generally the sole data controller responsible for the processing of personal data when you visit our LinkedIn page. For more information about LinkedIn′s processing of personal data, please visit https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit our LinkedIn company page, follow the page, or interact with it, LinkedIn processes personal data to provide us with statistics and insights in an anonymized form. This provides us with insights into the types of actions that people take on our page (referred to as page insights). To do so, LinkedIn processes, in particular, the data you have already provided to LinkedIn through the information in your profile, such as data regarding your job title, country, industry, years of service, company size, and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. LinkedIn does not provide us with any of your personal data through page insights. We only have access to the summarized page insights. Furthermore, we are unable to draw conclusions about individual members based on the information from page insights. This processing of personal data in connection with page insights is carried out by LinkedIn and us as joint controllers. This processing serves our legitimate interest in analyzing the types of actions taken on our LinkedIn company page and using these insights to improve our company page.

We have entered into a joint controller agreement with LinkedIn that sets forth the allocation of data protec-tion obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum.

We have an agreement with LinkedIn that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=en) or reach LinkedIn using the contact information provided in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the fol-lowing link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us using the con-tact information provided to exercise your rights regarding the processing of personal data in connection with page insights. In such a case, we will forward your request to LinkedIn.

We have an agreement with LinkedIn that the Irish Data Protection Commission is the lead supervisory au-thority responsible for overseeing the processing of page insights. You always have the right to file a com-plaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority.

15.2 Legal Basis for Data Processing
The legal basis for our processing of data in this regard is our legitimate interest in effectively informing users and communicating with them, in accordance with Article 6(1)(f) of GDPR.

Please note that, in accordance with LinkedIn′s Privacy Policy, personal data may also be processed by LinkedIn in the United States or other third countries. In doing so, LinkedIn transfers personal data only to countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of GDPR or on the basis of appropriate safeguards pursuant to Article 46 of GDPR.


16. XING

16.1 Description and Purpose of Data Processing
We use the social media platform provided by XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany. We process your data in connection with our Xing account for communication purposes and, where appli-cable, to carry out precontractual or contractual measures.

We process personal data when you contact us through our Xing account, for example, by sending a direct message. If you contact us through our social media accounts, we will process the content of your mes-sage as well as any other personal data you provide. Please note that, in addition to the data and content you actively submit, we may also have access to other information regarding your user profile, your posts, and, for example, your “Likes.” Access to this information depends on the privacy settings you have con-figured in your user account.

We use the data strictly for the specific purpose of communicating with you or processing your request.

We and Xing share joint responsibility for the data agreement. XING collects data from logged-in users and other visitors using cookies, pixels, local storage, and other tracking technologies. In addition, user behav-ior is tracked based on sent emails by monitoring which emails are opened, when they are opened, and which links within the emails are clicked. We do not use any analytics tools on the platforms that provide us with statistical analyses of user interaction. Xing currently has no agreement regarding joint responsibility as defined by Article 26(1), sentence 2 of GDPR, which specifies which controller is responsible for fulfilling which data protection obligations under GDPR.

For information on what data XING processes and for what purposes it is used, please see XING′s Privacy Policy: https://privacy.xing.com/en/privacy-policy 

You can find information about the available personalization and privacy settings here: https://privacy.xing.com/en/your-privacy.

You also have the option of requesting information via the XING contact: https://www.xing.com/support/contact/security/data_protection.

16.2 Legal Basis for Data Processing
The legal basis for the processing is Article 6(1)(f) of GDPR. Our legitimate interest, which prevails following a balancing of interests, is to communicate with you and respond to your inquiries and other concerns. To the extent that we are able to do so, and provided that we have also processed the data outside of Xing (e.g., by sending you an email), we will delete the data you have actively provided once the purpose for processing no longer applies – specifically, once our contact with you has been definitively terminated. This does not apply to data stored automatically by Xing as part of our communication; we have no control over the deletion of this data. Mandatory statutory retention periods remain unaffected by this.

Xing transfers personal data and other information to countries within the EU. According to Xing, data trans-fers to third countries take place exclusively in compliance with the legally prescribed conditions for per-missibility. (https://privacy.xing.com/en/privacy-policy/who-may-receive-information-about-you/third-countries).


17. Rights of Affected Individuals

If your personal data is being processed, you are a data subject within the meaning of GDPR, and you have the following rights with respect to the data controller:

17.1 Right to Information
The right, pursuant to Article 15 of GDPR, to request information about your personal data that we process. In particular, you may request information regarding the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, erasure, restriction of processing, or objection; the existence of a right to lodge a complaint; the origin of your data, if it was not collected by us; and the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details.

17.2 Right to Rectification
The right to request that we immediately correct any inaccurate personal data concerning you and, where applicable, complete any incomplete personal data (Art. 16 of GDPR).

17.3 Right to Restriction
The right, pursuant to Article 18 of GDPR, to request the restriction of the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful but you oppose its erasure, and if we no longer need the data but you require it to assert, exercise, or defend legal claims, or you have objected to the processing pursuant to Article 21 of GDPR.

17.4 Right to Erasure
The right to request that we immediately erase personal data concerning you, provided that one of the grounds listed in Article 17 of GDPR applies; e.g., if the data is no longer necessary for the purposes for which it was collected (right to erasure).

17.5 Right to Information
If you have exercised your right to rectification, erasure, or restriction of processing with the data controller, the data controller is obligated to notify all recipients to whom your personal data has been disclosed of such rectification, erasure, or restriction of processing, unless this proves impossible or involves a dispro-portionate effort.

You have the right to request information from the data controller regarding these recipients.

17.6 Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. In addition, you have the right to transmit this data to anoth-er controller – to whom the personal data was provided – without any interference from us.

17.7 Right to Object
The right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning you. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or that the processing is necessary for the establishment, exercise, or defense of legal claims (Art. 21 of GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.

If you object to the processing of your personal data for direct marketing purposes, your personal data will no longer be processed for those purposes.

17.8 Right of Withdrawal
You have the right to withdraw your consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of that consent prior to its withdrawal.

17.9 Right to File a Complaint
Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority – in particular, in the Member State where you reside, where you work, or where the alleged infringement occurred – if you believe that the processing of your personal data violates GDPR.

The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of seeking judicial remedy under Article 78 of GDPR.

Our responsible supervisory authority is: Der Landesbeauftragte für den Datenschutz und die Informations-freiheit, Königstraße 10 a, 70173 Stuttgart, Germany.

Version: 11.05.2026