Privacy policy for the plansee-group.com website
Privacy policy for this online offering and further information on the duty to provide information pursuant to Art. 13 GDPR when collecting personal data from the data subject.
Data protection
The controller responsible for the online offering from which you were redirected to this privacy policy is the company named as the controller in the legal notice, on the website or on the social media channel from which you were redirected to this privacy policy (hereinafter referred to as ‘we’, ‘us’ or ‘our’).
As the controller and provider of an information society service, we are obliged to inform you at the beginning of your visit to our online offering about the type, scope and purposes of the collection and use of personal data in a precise, transparent, understandable and easily accessible form in clear and simple language. The content of the information must be available to you at all times. We are therefore obliged to inform you which personal data is collected or used. Personal data refers to all information relating to an identified or identifiable natural person.
We attach great importance to the security of your data and compliance with data protection regulations. The collection, processing and use of personal data are subject to the provisions of the currently applicable European and national laws.
With the following privacy policy, we would like to show you how we handle your personal data and how you can contact us:
Our data protection coordinator:
Email: dataprotection@plansee-group.com
If you wish to contact the controller by regular post, you will find the postal address of the controller in the legal notice of the website or social media channel from which you were redirected to this privacy policy.
A. General
For the sake of clarity, our privacy policy does not differentiate between genders. The meaning of terms used, such as ‘personal data’ or ‘processing’, can be found in Article 4 of the EU General Data Protection Regulation (GDPR).
The personal data of users processed within the scope of this online offer includes, in particular, usage data (e.g. websites visited on our online offer, interest in our products), content data (e.g. entries in the contact form) and server log data (e.g. your IP address).
‘Users’ here includes all categories of persons affected by data processing. This includes, for example, our business partners, customers, interested parties and other visitors to our online offering.
B. Specific
Privacy policy
We guarantee that we will only collect, process, store and use your data in connection with the processing of your enquiries, for internal purposes, and to provide the services or content you have requested.
Legal basis for processing
We process users' personal data only in compliance with the relevant data protection regulations. Users' data is only processed if the following legal grounds for permission exist:
- to provide our contractual services (e.g. processing orders) and online services, or
- if you have given your consent, or
- on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation and security of our online offering within the meaning of Art. 6 (1) lit. f. GDPR, in particular for reach measurement, creation of profiles for advertising and marketing purposes, collection of access data and use of third-party services)
We would like to show you where the above legal bases are regulated in the GDPR:
- Consent - Art. 6(1)(a) and Art. 7 GDPR
- Processing for the performance of our services and the implementation of contractual measures - Art. 6(1)(b) GDPR
- Processing to safeguard our legitimate interests - Art. 6(1)(f) GDPR.
You are not obliged to provide us with the personal data we request. However, if you do not provide your personal data, you may not be able to use all the functions of this website. If the provision of your data is required by law in certain cases, we will inform you separately.
Transfer of your personal data
Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, for example, for contractual purposes or on the basis of legitimate interests in the economic and effective operation of our business.
If we use subcontractors to provide our services, we take appropriate legal precautions and technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal provisions.
We would like to point out that due to the use of services such as Google Analytics, Google Ads, Google reCAPTCHA, Google Maps, Google Web Fonts, YouTube, Adobe Analytics, Microsoft Dynamics 365 Customer Insights - Journeys, LinkedIn Insight Tag, TrustArc, Mouseflow, Meta Pixel, Taboola, Haufe-Umantis, Workday, Cloudflare, Google Tag Manager, Doubleclick.net, LinkedIn Ads Pixel, Optinmonster, Everviz and Microsoft Clarity, data is transferred when you use our online services. Further information can be found in the relevant sections of this document.
Data transfer to a third country or an international organisation
Third countries are countries in which the GDPR is not directly applicable. This basically includes all countries outside the EU or the European Economic Area (‘EEA’).
The level of data protection in other countries may not be the same as in your country. However, we only transfer your personal data to countries that, according to the findings of the EU Commission, have an adequate level of data protection, or we take appropriate measures to ensure that all recipients offer a sufficient level of data protection. We do this, for example, by entering into appropriate data transfer agreements based on standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2021/914 of the European Parliament and of the Council of the European Commission, while applying additional safeguards to ensure an adequate level of data protection.
Retention period
We adhere to the principles of data minimisation and storage limitation. This means that we only store the data you provide to us for as long as is necessary to fulfil the aforementioned purposes or as stipulated by the various storage periods provided for by law. If the respective purpose no longer applies or after the expiry of the corresponding periods, your data will be routinely blocked or deleted in accordance with the statutory provisions. If you have given your consent, we will store your personal data until you revoke your consent.
Contact
If you contact us by e-mail, telephone, fax, contact form, etc., you agree to electronic communication. Personal data is collected when you contact us. The information you provide will be stored exclusively for the purpose of processing your enquiry and for possible follow-up questions.
We would like to inform you of the legal basis for this:
- Consent - Art. 6(1)(a) and Art. 7 GDPR
- Processing for the performance of our services and the implementation of contractual measures - Art. 6(1)(b) GDPR
- Processing to safeguard our legitimate interests - Art. 6(1)(f) GDPR.
We use software to maintain customer data (CRM system) or comparable software on the basis of our legitimate interests (efficient and fast processing of user enquiries).
We would like to point out that emails could theoretically be read or altered without authorisation and without notice during transmission. We would also like to point out that we use software to filter out unwanted emails (spam filter). The spam filter may reject emails if they are incorrectly identified as spam due to certain characteristics.
What are your rights?
a) Right to information
You have the right to obtain information about your stored data free of charge at any time. Upon request, we will inform you in writing, in accordance with applicable law, which of your personal data we have stored.
b) Right to correction
You have the right to have your data stored by us corrected if it is incorrect.
c) Right to restriction of processing
Furthermore, you may have the right to request the restriction of processing. In order for the restriction of processing of your data to be taken into account at any time, this data must be kept in a lock file for control purposes.
d) Right to erasure
You may also request the erasure of your personal data. If the relevant legal requirements are met, we will erase your personal data even without a corresponding request from you.
e) Right to data portability
You are entitled to request that we provide the personal data you have submitted to us in a common format that allows it to be transferred to another location.
f) Right to lodge a complaint with a supervisory authority
You have the option of lodging a complaint with the competent data protection supervisory authority. In any case, we will accept the following data protection authority as competent for us:
Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna, Austria
Telephone: +43 1 52152
Website: www.dsb.gv.at
The data protection authority provides a complaint form on its website (ONLY AVAILABLE IN GERMAN).
g) Right to object
You have the right to object to the processing of your data at any time for reasons arising from your particular situation.
h) Right of withdrawal
If we process data on the basis of your consent, you can withdraw your consent at any time. To do so, simply send an email to dataprotection@plansee-group.com. However, such revocation does not affect the lawfulness of the processing operations carried out by us up to that point. This does not affect data processing based on all other legal grounds, such as the initiation of a contract (see above).
Protection of your personal data
We take contractual, organisational and technical security measures in line with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
The security measures include, in particular, the encrypted transmission of data between your browser and our server. Appropriate encryption techniques are used for this purpose.
Your personal data is protected in the context of the following points (excerpt):
a) Maintaining the confidentiality of your personal data
In order to maintain the confidentiality of your personal data stored with us, we have taken various measures to control access and access rights.
b) Maintaining the integrity of your personal data
In order to maintain the integrity of your personal data stored with us, we have taken various measures to control disclosure and input.
c) Safeguarding the availability of your personal data
In order to safeguard the availability of your personal data stored by us, we have taken various measures to control orders and availability.
The security measures in place are continuously improved in line with technological developments. Despite these precautions, we cannot guarantee the security of your data transmission to our online offering due to the uncertain nature of the internet. For this reason, any data transmission from you to our online offering is at your own risk.
Protection of minors
Persons under the age of 16 may only provide us with personal information if they have the express consent of their legal guardians. This data will be processed in accordance with this privacy policy.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This may include, in particular:
- IP address;
- Date and time of the request;
- Time zone difference to Greenwich Mean Time (GMT);
- Content of the request (specific page);
- Operating system and its access status/HTTP status code;
- Scope of the transmitted data;
- Website from which the request is received (‘referrer URL’);
- Browser used, as well as language and version of the browser software.
We would like to inform you of the legal basis for this:
- Processing for the performance of our services and the implementation of contractual measures - Art. 6 para. 1 lit. b. GDPR and/or
· Processing to safeguard our legitimate interests - Art. 6(1)(f) GDPR.
C. Cookies and similar technologies
General information on the scope of our data processing in connection with cookies and similar technologies
Our services use cookies and similar technologies. Cookies are small text files that are stored on your device when you access our services. Cookies contain a unique string of characters that can be used to uniquely identify your browser or applications when our services are requested again in the future. Certain elements of our services require that the browser or application be identified when a new page is accessed.
Our services use session cookies and persistent cookies.
a) Session cookies are automatically deleted when you close your browser. They store a session ID that is used to assign different requests from your browser to the session as a whole. This means that your device can be recognised as long as you visit our website. Session cookies are deleted when you log out or close your browser.
b) Permanent cookies are automatically deleted after a certain period of time, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
Specifically, the following cookies are used: Google Analytics, Google Ads, Google reCAPTCHA, Google Maps, Google Web Fonts, YouTube, Adobe Analytics, Microsoft Dynamics 365 Customer Insights - Journeys, LinkedIn Insight Tag, TrustArc, Mouseflow, Meta Pixel, Taboola, Cloudflare, Doubleclick.net, Google Tag Manager, LinkedIn Ads Pixel, Optinmonster, Everviz and Microsoft Clarity.
If the specific cookies and similar technologies are not technically necessary to provide a service you have requested, we will only use them if you have given us your consent.
Purpose of data processing
We use cookies to make our services attractive and user-friendly, to improve them and to speed up requests.
Certain elements of our services require the browser to be identified when a new page is accessed. In these cases, the browser must be recognised after a new page has been accessed.
Legal basis for data processing
Art. 6(1)(f) GDPR forms the legal basis for the processing of personal data with cookies that are technically necessary to provide you with a service you have requested.
The legal basis for the processing of personal data that is not necessary to provide you with a service you have requested is your informed consent in accordance with Art. 6(1)(a) GDPR.
Duration of storage
Session cookies are deleted when you close your browser.
Persistent cookies are automatically deleted after a certain period of time. This period may vary from cookie to cookie. The exact storage period is described below.
Option to object and delete data
To enable you to configure your cookie preferences, we use the cookie management solution from TrustArc Inc., 111 Sutter Street, Suite 600 San Francisco, CA, 94104, USA. You can use this solution to configure your cookie preferences at any time.
In addition, almost all browsers can be configured to block cookies completely, delete existing cookies, display a warning before cookies are stored on your device, or delete cookies at the end of a browsing session.
Please note, however, that you may not be able to use all the features of our services if you block or delete cookies.
You can access your personal cookie settings by clicking on the link of the same name at the bottom of each page (in the footer).
With regard to the above-mentioned cookies, the following also applies:
Google Analytics
Scope of data processing
We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
Google analyses your use of our services on our behalf. We use cookies, among other things, for this purpose. We have described what cookies are and how they can be deleted in the ‘Cookies’ section above.
The information collected by Google about your use of our services (e.g. the pages visited on our website) is transmitted to a Google server in the USA, stored and analysed there, and the results are made available to us in anonymised form.
We use the IP address anonymisation function offered by Google. This means that your IP address is truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there.
Data is transferred to the USA on the basis of the European Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Purpose of data processing
On our behalf, Google uses this information to evaluate the use of our services and to compile reports on user activity. This enables us to improve your online experience and increase the user-friendliness of our digital offerings.
Legal basis for processing
The legal basis for this processing is your informed consent in accordance with Art. 6(1)(a) GDPR.
Duration of storage
Sessions and campaigns are terminated after a certain period of time. By default, sessions are terminated after 30 minutes of inactivity and campaigns after six months. The time limit for campaigns is a maximum of two years.
Possibility of objections and deletion of data
You can prevent the storage of cookies by adjusting your browser software settings or by configuring TrustArc, as described above in the ‘Cookies’ section. You can also prevent Google from collecting the data generated by the cookie and relating to your use of our services, as well as Google from processing this data, by downloading and installing the browser plugin available from Google: https://tools.google.com/dlpage/gaoptout.
If you wish to prevent Google Analytics from collecting your data in the future when visiting our website with different devices (in particular with mobile devices such as smartphones and tablets), you must perform this opt-out on all systems you use: https://tools.google.com/dlpage/gaoptout.
Please note that this opt-out cookie only blocks web analytics until it is deleted. For more information about Google Analytics, please refer to the Google Analytics Terms of Service, the Google Analytics Security and Privacy Principles, and the Google Privacy Policy.
Adobe Analytics
Scope of data processing
Our services use Adobe Analytics, a web analytics service provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (‘Adobe’).
Adobe Analytics uses local storage and ‘cookies’, which are text files placed on your device, to enable analysis of the entire data stream of all our services.
When usage information about our services is transmitted to Adobe, your IP address is anonymised before geolocation and replaced with a generic IP address before storage.
You can prevent the use of tracking by selecting the appropriate settings on your device. Please note, however, that if you do so, you may not be able to use all the features of the website. In addition, you can prevent Adobe from collecting and using data (cookies and IP address) in your browser by downloading and installing the browser plugin available at http://www.adobe.com/privacy/opt-out.html.
Purpose of data processing
On our behalf, Adobe uses this information to evaluate the use of our services and to compile reports on user activity. This enables us to improve your online experience and increase the user-friendliness of our digital offerings.
Legal basis for processing
The legal basis for this processing is your informed consent in accordance with Art. 6(1)(a) GDPR.
Duration of storage
Sessions and campaigns are terminated after a certain period of time. By default, sessions are terminated after 30 minutes of inactivity and campaigns after six months. The time limit for campaigns is a maximum of two years.
Possibility of objections and deletion of data
Adobe will not link your IP address to other data held by Adobe. You can prevent the storage of cookies by adjusting the settings on your device or, in the case of the website, by configuring TrustArc as described above in the ‘Cookies’ section.
Google Ads
Scope of data processing
We use Google's Google Ads service (formerly Google AdWords) to advertise our products and related services on external platforms through advertising media (Google Ads). These advertising materials are delivered by Google via so-called ‘ad servers’. For this purpose, we use ad server cookies, which allow certain parameters to be measured for performance measurement, such as the display of ads or clicks by users. If you access our services via a Google ad, Google Ads will store a cookie on your device.
We have described above what cookies are and how they can be deleted. Google can recognise your internet browser with the help of these cookies. If a user visits certain pages of an AdWords customer's website and the cookie stored on their device has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page. Each AdWords customer is assigned a different cookie. Cookies cannot therefore be tracked across the websites of AdWords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures; we only receive statistical evaluations from Google. These evaluations enable us to identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating AdWords Conversion, Google receives the information that you have accessed the relevant part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may find out and store your IP address.
Purpose of data processing
We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. Our interest in this is to show you advertising that is of interest to you, to make our services more interesting for you and to achieve a fair calculation of advertising costs.
Legal basis for processing
The legal basis for this processing is your informed consent in accordance with Art. 6(1)(a) GDPR.
Duration of storage
These cookies usually expire after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (indicating that the user no longer wishes to be targeted) are usually stored as analysis values for this cookie.
Option to object and delete data
You have various options for preventing this tracking process:
a) By changing the settings of your browser software, specifically by rejecting third-party cookies; this will prevent you from receiving advertising from third-party providers.
b) By deactivating conversion tracking cookies by setting your browser to block cookies from the domain www.googleadservices.com, https://www.google.com/settings/ads; please note that this setting will be cancelled if you delete your cookies.
c) By deactivating personalised advertising from providers participating in the ‘About Ads’ self-regulation programme via the link http://www.aboutads.info/choices; please note that this setting will be reset if you delete your cookies.
d) By permanently deactivating the process in Firefox, Internet Explorer or Google Chrome using the link https://www.google.co.uk/settings/ads/plugin.
Further information on data protection at Google can be found here: https://policies.google.com/privacy and https://services.google.com/sitestats/en.html.
Alternatively, you can visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org.
Microsoft Dynamics 365 Customer Insights – Journeys
Scope of data processing
We use Microsoft Dynamics 365 Customer Insights – Journeys, a marketing automation platform provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland ("Microsoft").
Customer Insights – Journeys collects your IP address and links browser cookies to the email address you have provided in order to record your browsing behavior and interactions with our websites and emails.
The information generated by these cookies is securely transmitted to Microsoft servers, which are generally located within the European Union (EU) or European Economic Area (EEA). In cases where data is transferred to third countries (e.g., the USA), Microsoft ensures an adequate level of data protection through the use of EU Standard Contractual Clauses (SCCs) and other appropriate safeguards.
Tracking is not used to identify you personally, unless you have given your separate consent.
Purpose of data processing
The aforementioned data is processed for the purpose of optimising our services and products, for marketing and sales activities via email and to improve your web experience and email activities with more segmented, targeted and relevant information.
Legal basis for the processing
The legal basis for this processing is your informed consent in accordance with Art. 6 para. 1 lit. a. GDPR.
Duration of storage
Microsoft retains personal data only as long as necessary for the purposes described. Specific retention periods may vary depending on the type of data and applicable legal requirements. For marketing interactions, data is typically retained for a period aligned with your consent and engagement activity.
Possibility of objection and deletion of data
You may withdraw your consent at any time. Additionally, you can disable the storage of cookies in your browser settings.
You can also manage your cookie preferences via our cookie consent tool, as described in the "Cookies" section above.
For more information about Microsoft’s privacy and cookie practices, please refer to the https://privacy.microsoft.com/privacystatement.
LinkedIn Insight Tag
Scope of data processing
We use the Insight Tag operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, which provides us with information about the use of our services and enables us to offer you advertising content from other websites that is tailored to your interests.
Purpose of data processing
LinkedIn uses the data to create anonymous reports for us about advertising activities and information about your interaction with our digital services.
Legal basis for processing
The legal basis for this processing is your informed consent in accordance with Art. 6(1)(a) GDPR.
Duration of storage
For this purpose, a cookie with a 120-day duration is set in your browser, which allows LinkedIn to recognise you when you visit a website.
Possibility of objection and deletion of data
You can deactivate the LinkedIn Insight Conversion Tool and interest-based advertising by opting out via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
If you are a member of LinkedIn, click on the ‘Opt out on LinkedIn’ field. Other visitors must click on ‘Opt out’.
On our websites or in our apps, you can prevent LinkedIn from storing cookies by using the TrustArc cookie settings at the bottom of each page.
For more information about LinkedIn's privacy policy, please visit: https://www.linkedin.com/legal/privacy-policy#choices-oblig.
TrustArc
Scope of data processing
We use the TrustArc Cookie Preference Manager from TrustArc Inc., 835 Market Street, Suite 800, San Francisco, CA, USA, (‘TrustArc’) on our websites and in our apps. This is intended to enable you to manage your own cookie preferences in an intuitive and user-friendly manner.
Purpose of data processing
The TrustArc Cookie Preference Manager allows you to manage and save your preferred cookie settings for our services according to your own preferences. For this purpose, we ask for your cookie preferences when you visit our websites or apps for the first time. You can then agree to or object to the use of cookies.
Your IP address is used so that the Cookie Preference Manager can process your cookie preferences accordingly. If you use a mobile device (e.g. a smartphone), the advertising identifier stored on that device is used.
Legal basis for processing
This is based on the protection of our legitimate interests in accordance with Art. 6(1)(f) GDPR. Our legitimate interest here is to take your cookie preferences into account when providing our services in order to ensure the protection of your privacy and personal data according to your choice and to ensure the proper functioning of our website, in particular to implement appropriate technical and organisational measures to comply with a legal obligation to which we are subject (Article 6(1)(c) GDPR).
TrustArc uses standard contractual clauses (in accordance with Article 46(2) and (3) of the GDPR) as the basis for data processing, which ensure that data processing complies with European standards even without an adequacy decision.
Duration of storage
TrustArc stores your cookie preferences for a maximum of three months or until you delete your internet browser history. TrustArc cookies are classified as necessary cookies.
Possibility of objection and deletion of data
If you delete your internet browser history, all cookies (including opt-out cookies) will be deleted. In this case, you will be asked again for your cookie preferences the next time you visit our services.
Detailed information about TrustArc's data processing privacy policy can be found here: https://trustarc.com/privacy/.
Mouseflow
Scope of data processing
We use Mouseflow on our websites. This tool is provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen V, Denmark.
We use Mouseflow to analyse your user behaviour on our services. The tool allows us to record your mouse movements, scrolling movements and clicks, among other things.
Mouseflow can create so-called heat maps by tracking how long your mouse pointer has remained in the same position. This information allows us to determine which areas of our website are of particular interest to you. In addition, we can determine how long you stayed on the page and when you left it.
Purpose of data processing
The purpose of using Mouseflow is to evaluate user behaviour on our websites by using user recognition technologies (e.g. cookies or device fingerprints).
Legal basis for processing
The legal basis for this processing is your informed consent in accordance with Art. 6(1)(a) GDPR.
Duration of storage
Your activity data is stored for 365 days from the date of collection.
Possibility of objection and deletion of data
You can prevent Mouseflow from collecting data by adjusting the settings in your browser software or by configuring TrustArc as described above in the ‘Cookies’ section. In addition, you can prevent Mouseflow from collecting and using data (cookies and IP address) by downloading and installing the browser plugin available at https://mouseflow.com/legal/company/privacy-policy/.
On our website, you can prevent Mouseflow from storing cookies by using the TrustArc cookie settings, which are accessible via the controls at the bottom of each page.
For more information about Mouseflow and the data collected by Mouseflow, please refer to the Mouseflow privacy policy: https://mouseflow.com/opt-out/.
Meta Pixel
Scope of data processing
In order to measure conversion rates, we use Meta's visitor activity pixel on our websites. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the data collected is transferred to the USA and other third countries.
Purpose of data processing
Meta uses this data to create anonymous reports on the effectiveness of our advertising activities and to provide information about your interaction with our advertising campaigns on Facebook and our website.
Legal basis for processing
This data processing serves our legitimate interests in designing and optimising our advertising in a targeted manner. The legal basis is Art. 6(1)(f) GDPR.
In the event of data transfer to the USA, Meta undertakes to comply with a data protection standard comparable to the European standard on the basis of the European Commission's Standard Contractual Clauses (SCC). Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.
As the operator of this website, we cannot draw any conclusions about the identity of our users, as this information is anonymised for us. This data is also archived and processed by Meta so that the company can establish a link between the respective user profiles and then use this information for its own advertising purposes in accordance with Meta's data use policy: https://www.facebook.com/privacy/policy.
If personal data is collected on our website using the Meta Pixel and transmitted to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 GDPR). For us, this responsibility applies exclusively to the collection and forwarding of data to Meta. The processing of data by Meta is excluded from this responsibility.
Further information can be found here: https://www.facebook.com/privacy/policy/.
Duration of storage
Your data will be stored for 180 days from the date of collection.
Option to object and delete data
On our website, you can prevent Meta from storing cookies by using the TrustArc cookie settings, which are accessible via the controls at the bottom of each page.
The data processor's privacy policy and further information can be found here: https://www.facebook.com/privacy/policy/.
Taboola
Scope of data processing
On our website, we use cookies from Taboola to provide targeted advertising to visitors to our website by displaying personalised ads to visitors. The provider is Taboola Germany GmbH, Alt-Moabit 2, 10557 Berlin, Germany.
Purpose of data processing
The purpose of this data processing is to use targeted advertising and measure its effectiveness.
Legal basis for processing
Data processing serves our legitimate interest in optimising the user experience on our websites and designing targeted advertising. The legal basis is Art. 6(1)(f) GDPR. In the case of retargeting or conversion tracking, no personal data is stored.
Duration of storage
Taboola stores your cookie preferences for a maximum of 13 months or until you delete your internet browser history.
Option to object and delete data
On our website, you can prevent Taboola from storing cookies by using the TrustArc cookie settings, which are accessible via the controls at the bottom of each page.
The data processor's privacy policy and further information can be found here: https://www.taboola.com/policies/privacy-policy.
Cloudflare
Scope of data processing
On our website, we use the Content Delivery Network (CDN) service provided by Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany, and its DPF-certified US parent company Cloudflare Inc. 101 Townsend St., San Francisco, California 94107, USA (‘Cloudflare’).
Purpose of data processing
CDN improves the performance and security of websites by storing content in geographically distributed data centres and reducing server load. This results in an increased transfer rate when delivering our information to the user.
Legal basis for processing
Data processing serves our legitimate interest in increasing the security and delivery speed of our website. The legal basis for this data processing is Art. 6(1)(f) GDPR. In the case of retargeting or conversion tracking, no personal data is stored.
Duration of storage
Cloudflare stores your cookie preferences for a maximum of 30 days.
Possibility of objection and deletion of data
On our website, you can prevent the storage of cookies by CDN using the TrustArc cookie settings, which are accessible via the controls at the bottom of each page.
For more information on how to object to and delete Cloudflare, please visit: www.cloudflare.com/de-de/privacypolicy/.
Optinmonster
Scope of data processing
On our website, we use the Optinmonster software from Retyp LLC. 7732 Maywood Crest Dr., West Palm Beach, FL 33412, USA (https://optinmonster.com).
Purpose of data processing
The purpose of this data processing is to provide our visitors with additional offers via overlays on our website.
Legal basis for processing
The data entered in the form is processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR).
Duration of storage
Optinmonster stores your cookie preferences for a maximum of 10 years.
Possibility of objections and deletion of data
You can revoke your consent to the storage and use of your data at any time.
On our website, you can prevent Optinmonster from storing cookies by using the TrustArc cookie settings, which are accessible via the controls at the bottom of each page.
For details on how Optinmonster handles your personal data and your rights in this regard, please refer to Optinmonster's privacy policy: https://optinmonster.com/privacy.
The legality of data processing operations that have already taken place remains unaffected by the revocation.
Scope of data processing
The online forms on our websites and in our apps use the ‘Google reCAPTCHA’ service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose of data processing
The purpose of this data processing is to protect our services from fraud and abuse by determining whether the data entered (e.g. information entered in a form) is provided by a human user or by an automated programme.
Legal basis for processing
We have a legitimate interest in protecting our services from abusive automated spying and SPAM. The data is stored and analysed on the basis of Art. 6(1)(f) GDPR. If a corresponding agreement has been requested, processing takes place solely on the basis of Art. 6(1)(a) GDPR. This agreement can be revoked at any time.
Duration of storage
The storage period is 30 days for cookies and 9 to 18 months for log files.
Possibility of objections and deletion of data
Information regarding the handling of user data can be found in Google's privacy policy at https://policies.google.com/privacy.
Google Tag Manager
Scope of data processing
We use Google's Google Tag Manager service to manage tags on our website. Google Tag Manager is a tag management system that allows tags to be configured and implemented without changing the source code of the website. These tags can be used to optimise marketing and analysis purposes. Google Tag Manager itself does not collect any personal data. However, it ensures that other tags are triggered, which may collect data. These other tags may in turn collect data as described in the respective privacy policies of the corresponding services.
Purpose of data processing
The use of Google Tag Manager enables us to optimise the management and implementation of tags, correct configuration errors and modify tags that have already been implemented. This helps to improve the performance and security of our website or mobile app and optimise the user experience.
The legal basis for this processing is your informed consent in accordance with Art. 6(1)(a) GDPR.
Duration of storage
Google Tag Manager itself does not store any personal data. The data collected by other tags is stored in accordance with the respective privacy policies of the corresponding services.
Possibility of objection and deletion of data
You have various options for preventing this tracking process: (i) By changing the settings of your browser software accordingly, specifically by rejecting third-party cookies; this will prevent you from receiving advertising from third-party providers; (ii) by deactivating conversion tracking cookies by setting your browser to block cookies from the domain www.googleadservices.com (please note that this setting will be reset if you delete your cookies); (iii) By deactivating personalised advertising from providers participating in the ‘About Ads’ self-regulation programme via the link http://www.aboutads.info/choices (please note that this setting will be cancelled if you delete your cookies); or (iv) By permanently deactivating the process in Firefox, Internet Explorer or Google Chrome using the link https://www.google.co.uk/settings/ads/plugin.
Further information on data protection at Google can be found here: https://policies.google.com/privacy and https://support.google.com/tagmanager/answer/9323295?hl=en. Alternatively, you can visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org.
Further information about Google Tag Manager can be found at:
https://support.google.com/tagmanager/?hl=en#topic=3441530.
LinkedIn Ads Pixel
Scope of data processing
We use the ‘LinkedIn Ads Pixel’ service, operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn Ads Pixel stores and processes information about your user behaviour on our website. LinkedIn Ads uses cookies for this purpose.
Purpose of data processing
The purpose of this data processing is to analyse your user behaviour on our website. This helps us to optimise and target our advertising measures.
Legal basis for processing
The use of LinkedIn Ads Pixel is based exclusively on your consent in accordance with Art. 6(1)(a) GDPR. This consent can be revoked at any time.
Duration of storage
For this purpose, a cookie with a 7-month duration is set in your browser, which LinkedIn can use to recognise you when you visit a website.
Possibility of objections and deletion of data
In addition to the option of revoking your consent, you can deactivate the storage of cookies in your web browser settings. You can also prevent LinkedIn from collecting the aforementioned information by setting an opt-out cookie from LinkedIn on one of the websites linked below or by managing your user settings on LinkedIn accordingly:
· https://www.linkedin.com/psettings/guest-controls
· https://www.linkedin.com/psettings/enhanced-advertising
Everviz
Scope of data processing
We use functions and services provided by the Visual Elements AS platform, Lars Hilles Gate 39, 5008 Bergen, Norway.
Purpose of data processing
The use of Everviz functions and services enables us to display interactive diagrams and graphics.
Legal basis for processing
The legal basis for data processing is Art. 6(1)(f) GDPR. Our overriding legitimate interest lies in optimising our website.
Duration of storage
Personal data in connection with these functions or services is automatically deleted when you close your browser.
Possibility of objection and deletion of data
In addition to the option of revoking your consent, you can deactivate the storage of cookies in your web browser settings.
Doubleclick.net
Scope of data processing
We use the ‘Doubleclick.net’ service, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. DoubleClick.net uses cookies to display relevant ads to users, improve campaign performance reports, and prevent users from seeing the same ads multiple times.
Purpose of data processing
With the help of the DoubleClick.net service, we can ensure that users see relevant ads, improve campaign performance reports, and prevent users from seeing the same ads multiple times. Google uses a cookie ID to track which ads are displayed in which browser and to record conversions when users visit the advertiser's website and make a purchase after viewing an ad. When a page with DoubleClick.net is accessed, the browser establishes a direct connection to Google. We have no influence on the data collected by Google. By using DoubleClick.net, Google receives information that you have visited our website or clicked on an ad. If you are logged in to Google, Google can associate this information with your account. Even without logging in to Google, Google can associate your behaviour with the IP address you are using.
Legal basis for processing
The legal basis for this processing is your informed consent in accordance with Art. 6(1)(a) GDPR.
Duration of storage
Google stores your cookie preferences for a maximum of 1 year.
Possibility of objections and deletion of data
In addition to the option of revoking your consent, you can deactivate the storage of cookies in your web browser settings.
Further information about Doubleclick.net can be found here: https://www.google.de/doubleclick.Further information on data protection at Google can be found here: https://policies.google.com/privacy and https://support.google.com/tagmanager/answer/9323295?hl=en. Alternatively, you can visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org.
Haufe-Umantis
Workday
On our websites, we offer our visitors the opportunity to submit applications to us via an embedded online application form from Workday. If you click on the corresponding link, you will be redirected to the website of our third-party provider Workday Austria GmbH, Küniglberggasse 7, 1130 Vienna, Austria. There you will have the opportunity to register and apply for the desired position. As part of the registration and application process, further personal data will be collected from you. Further information on the processing of your data in connection with your application can be found on the third-party provider's website.
Microsoft Clarity
We use Microsoft Clarity web analytics software for our website. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft also processes your data in the USA, among other places. Clarity and Microsoft are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Microsoft also uses standard contractual clauses (= Art. 46(2) and (3) GDPR) . Standard contractual clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the US). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Microsoft undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.
For more information on Microsoft's standard contractual clauses, please visit https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.
You can find out more about the data processed by Microsoft in the privacy policy at https://privacy.microsoft.com/en-gb/privacystatement?tid=331754356958.
D. External services and content
We use external services and content.
When using such a service or third-party content, communication data such as date, time and IP address is exchanged between your browser and the respective service provider for technical reasons. This applies in particular to your IP address, which is required to display content in your browser.
The respective provider of the services or content may process your data for further internal purposes. As we have no influence on the data collected by third parties and its subsequent processing, we are unable to provide binding information about the purpose and scope of the processing of your data.
For this reason, we refer you to the privacy policies of the provider of the services or content integrated by us, who is responsible under data protection law, for further information about the purpose and scope of the collection and processing of your data.
The following list contains an overview of the external providers, their content and links to the respective privacy policies, which contain further information on the processing of data and your possible objections.
YouTube
Scope of data processing
We occasionally use embedded videos from the YouTube video platform. The operator of the corresponding plugins is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ireland Limited is a subsidiary of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. YouTube videos are embedded in ‘privacy-enhanced mode’. In this mode, YouTube does not set any cookies on your device until you click the play button in the YouTube video player.
You can find more information about YouTube's ‘privacy-enhanced mode’ at https://support.google.com/youtube/answer/171780.
For more information on how YouTube handles user data, please refer to the Google Ireland Limited privacy policy at https://policies.google.com/privacy.
Details on Google's storage period can be found here: https://policies.google.com/technologies/retention.
You can manually delete data in your Google account. If you do not have a Google account, you can delete the cookies stored by Google or prevent the automatic setting of cookies in your web browser settings.
Further information on the handling of user data in the context of YouTube can be found here: https://policies.google.com/privacy.
Google Maps
Scope of data processing
Our websites use the Google Maps map service. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Purpose of data processing
By embedding Google Maps in our websites, we can show you our international locations on an interactive map.
Legal basis for processing
The above-mentioned purposes constitute our legitimate interest in data processing by Google. The legal basis is Art. 6(1)(f) GDPR.
In order to offer the full range of Google Maps functions, Google must collect and store your data. To the best of our knowledge, this data includes the date and time, the URL of the website visited, search terms and your IP address, as well as geolocation data.
In the event of data transfer to the USA, Google undertakes to comply with a data protection standard comparable to the European standard on the basis of the European Commission's Standard Contractual Clauses (SCC).
Details can be found here: https://privacy.googlecom/businesses/gdprcontrollerterms/ and https://privacygoogle.com/businesses/gdprcontrollerterms/sccs/.
Duration of storage
The information stored via Google functions is stored for 3 to 18 months and deleted regularly.
You can prevent cookies from being stored by adjusting the settings in your browser.
Option to object and delete data
If you do not want Google to collect, process or use data about you via our website, you can disable JavaScript in your browser settings. In this case, however, you will not be able to use the map display and certain elements of our website.
By using our website, you agree to Google Maps processing data about you.
For more information on the handling of user data, please refer to Google's privacy policy at https://policies.google.com/privacy.
Google Web Fonts
Our services use Google Web Fonts to ensure consistent use of fonts. We use Google Fonts in the locally installed configuration, so that no connection to Google's servers is required to load and display the fonts.
Further information about Google Web Fonts can be found here: https://developers.google.com/fonts/faq. Please also note Google's privacy policy at https://policies.google.com/privacy.
Links to other websites
Our services may contain links to other websites and their specialist content. We have no control over these other websites. You visit these websites at your own risk. The controller or operator of the website cannot accept any responsibility or liability for these other websites and their content, which is hereby excluded, or for their data protection measures. We recommend that you familiarise yourself with the privacy policies of these other websites before providing any information about yourself or conducting any business with these websites.
Disclosure of personal data for order processing
The personal data we collect will be passed on to the transport company responsible for delivery within the scope of contract processing, insofar as this is necessary for the delivery of the goods. We pass on payment data to the commissioned credit institution as part of the payment processing.
If we make advance payments (only for purchases on account), we reserve the right to carry out a credit check in order to protect our legitimate interests. The personal data required for a credit check is transmitted by us to Bisnode D&B Deutschland GmbH, Robert-Bosch-Straße 11, D-64293 Darmstadt, Germany. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, these are based on a scientifically recognised mathematical-statistical procedure. Address data, among other things, is included in the calculation of score values. The result of the credit assessment is used exclusively for the purpose of deciding on the establishment, implementation or termination of a contractual relationship. The data passed on in this way may only be used by the recipient to fulfil their task. Any other use of the information is not permitted.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - ‘purchase on account’ via PayPal, we pass on the payment data to PayPal (Europe) Sarl et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter ‘PayPal’) as part of the payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - ‘purchase on account’ via PayPal. PayPal uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding whether to provide the respective payment method. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, these are based on a scientifically recognised mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values. For further information on data protection, including the credit agencies used, please refer to PayPal's privacy policy[TH2] .
Changes to our data protection provisions
We reserve the right to amend our data protection declaration as necessary so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration. This could, for example, relate to the introduction of new services. The new data protection declaration will then apply to your next visit.