Privacy policy

Privacy policy

Thank you for your interest in our company. Data privacy is very important to the management of BHS Control Systems. In principle, our website can be used without providing any personal data. However, if a data subject wants to use specific services offered by our company on our website, processing personal data may be necessary. If processing personal data is necessary and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject, is always carried out in compliance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to BHS Control Systems. With this privacy policy, our company would like to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. This privacy policy also informs data subjects about their rights.

As the controller, BHS Control Systems has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, absolute protection cannot be guaranteed since Internet-based data transmission is generally subject to security vulnerabilities (for example, when communicating by e-mail). Any data subject is therefore free to transmit personal data to us by alternative means, for example, by telephone.

1. Definitions

BHS-Sonthofen GmbH’s data privacy statement is based on the language used by European lawmakers in directives and regulations when issuing the General Data Protection Regulation (GDPR). Our privacy policy aims to be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we want to start by explaining the terms that are used.

a) Personal data

Personal data refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing

Processing refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing refers to the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

f) Pseudonymization

Pseudonymization refers to the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Controller or data controller

Controller or data controller refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

h) Processor

Processor refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient refers to a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party

Third party refers to a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Consent refers to any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

2. Name and address of the controller

The controller pursuant to the General Data Protection Regulation, other data privacy laws applicable in the Member States of the European Union and other data privacy law provisions is:

BHS Control Systems GmbH & Co. KG
(Member and subsidiary of BHS-Sonthofen group)
An der Eisenschmelze 47
87527 Sonthofen (Germany)
Management: Dr. Steffen Kämmerer

+49 8333 923299-0 
info[@]bhs-control-systems[.]com

Data Privacy Officer:

Ms. Jessica Waibel
BHS-Sonthofen GmbH

datenschutz[@]bhs-sonthofen[.]com

3. Cookies

In certain cases, cookies are used by BHS Control Systems’s website. Cookies are small text files that are placed and stored on your computer by an Internet browser. Cookies do not harm your computer and do not contain viruses.

Numerous websites and servers use cookies. Many cookies contain what is called a cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters by which websites and servers can be assigned to the specific Internet browser
in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified by means of the unique cookie ID.

Through the use of cookies, BHS Control Systems can provide you, the user of this website, with more user-friendly services that would not be possible without the use of cookies.

The use of cookies thus allows us to optimize the information and offers on our website for our users. As already mentioned, cookies enable us to recognize the users of our website. The purpose of recognition is to make it easier for you to use our website. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website, because this is handled by the website and the cookie stored on the user’s computer system.

Most of the cookies we use are called “session cookies.” They are deleted automatically at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit.

Cookie consent with Consent Manager Provider

We have integrated the “Consentmanager” consent management tool (www.consentmanager.net) from Jaohawi AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info[@]consentmanager[.]net) on our website for the purpose of requesting consent for data processing or the use of cookies or similar functions. “Consentmanager” allows you to give or refuse your consent for certain functionalities of our website such as those for integrating external elements, integrating streaming content, statistical analysis, coverage measurement and personalized advertising. With “Consentmanager” you can give or refuse your consent for all functions or give your consent for individual purposes or functions. You can change any settings you have made at a later time. If you deactivate the use of cookies in your Internet browser, you may not be able to fully utilize all functions of our website.

The purpose of integrating “Consentmanager” is to allow the users of our website to decide on the previously mentioned functions and to offer them the option to change previously made settings as part of the ongoing use of our website. When using “Consentmanager,” personal data as well as information about the used end devices and IP address are processed.

The legal basis for processing is sentence 1, point (c) of Article 6(1) in conjunction with sentence 1, point (a) of Article 6(3) in conjunction with Article 7(1) GDPR and alternatively point (f). By processing this data, we assist our customers (the “controllers” according to GDPR) to fulfill their legal obligations (for example, obligation to provide evidence). Our legitimate interests in processing are grounded in the storage of user settings and preferences with regard to the use of cookies and other functionalities. “Consentmanager” stores your data for as long as your user settings are active. After two years following the entry of your user settings, consent will be requested again. If given, the user settings will be saved again for this period.

You may object to processing. Your right to object may be grounded on reasons arising from your particular situation. If you wish to object, please send an e-mail to datenschutz[@]bhs-sonthofen[.]com.

4. Collection of general data and information on our website

The BHS Control Systems website collects a series of general data and information each time a data subject or automated system calls up the website. This general data and information is stored in the server’s log files. The following data is collected:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of server request
  • IP address
  • Other similar data and information used for hazard prevention in the event of attacks on our IT systems

When using this general data and information, BHS Control Systems does not draw any conclusions about the data subject. Rather, this information is needed to deliver the content of our website correctly, to safeguard the content of our website and the long-term functionality of our IT systems and the technology of our website, and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

This anonymously collected data and information is therefore evaluated by the BHS Control Systems on a statistical basis, and also with the aim of improving data privacy and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files is stored separately from any personal data provided by a data subject.

5. Contact forms

When you submit inquiries to us via our website using a contact form or by e-mail, the data entered in the form, including the contact details you provide, is stored automatically for the purpose of processing or to contact the data subject. We do not share this data without your consent.

The data entered in the contact form is therefore processed exclusively on the basis of your consent (point (a) of Article 6(1) GDPR). You can withdraw this consent at any time. An informal e-mail to this effect is sufficient, addressed to datenschutz[@]bhs-sonthofen[.]com. The withdrawal of consent does not affect the lawfulness of data processing up to the time of withdrawal.

We will retain the information you enter in the contact form until you request its erasure, you revoke your consent to storage, or the purpose of data storage ceases to exist (for example, after your inquiry has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

6. Registration on our website

You have the option to register on the website by providing personal data. What personal data is transmitted in the process depends on the respective input screen used for registration. The personal data entered is collected and stored exclusively for internal use and for our own purposes.

By registering on our website, the IP address assigned by the data subject’s Internet service provider (ISP), the date and the time of registration are also stored. This data is stored because it is essential to prevent the misuse of our services and, if necessary, this data makes it possible to solve crimes that have been committed. In this respect, storing this data is necessary to safeguard us as the controller. As a matter of principle, this data is not shared with third parties unless there is a legal obligation to transfer it or transferring the data serves law enforcement purposes.

The registration of the data subject by voluntarily providing personal data serves to offer the data subject content or services that can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it erased entirely from the controller’s data set.

You have the right to receive information about which personal data pertaining to you as a data subject is stored at any time upon request. Furthermore, we will correct or erase personal data at your request or notice, provided this does not conflict with any statutory retention obligations. All employees of BHS Control Systems are available as contact persons for you as the data subject in this context.

7. Routine erasure and blocking of personal data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or where provided for by European directives and regulations or by another legislator in laws or regulations to which the controller is subject.

If the purpose of storage ceases to apply or if a storage period prescribed by European directives and regulations or another competent legislator expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

8. Rights of the data subject

a) Right to confirmation and right to information

Every data subject has the right to request confirmation as to whether personal data relating to them is being processed; if a data subject wishes to exercise this right to confirmation, they may contact the company’s data privacy officer anytime at datenschutz[@]bhs-sonthofen[.]com.

b) Right to information

Every data subject has the right to obtain at any time, free of charge, information about the personal data stored about them, as well as a copy of this information. In addition, information is granted on the following:

  • The purposes of processing
  • The categories of personal data processed
  • The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular in the case of recipients in third countries or international organizations
  • If possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration
  • The existence of a right to rectify or erase the personal data concerning them or to have processing restricted by the controller, or a right to object to such processing
  • The existence of a right of appeal to a supervisory authority
  • If the personal data is not collected from the data subject: All available information about the origin of the data
  • The existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and the intended effects of such processing for the data subject

Furthermore, the data subject shall have a right to information whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right to information, the request can be sent by e-mail to BHS Control Systems’s Data Privacy Officer at datenschutz[@]bhs-sonthofen[.]com.

c) Right to rectification

Every data subject is granted the right to demand the immediate rectification of any inaccurate personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – also by means of a supplementary declaration. If a data subject wishes to exercise this right of rectification, they may contact the company’s Data Privacy Officer anytime at datenschutz[@]bhs-sonthofen[.]com.

d) Right to erasure (right to be forgotten)

Every data subject has the right granted by European directives and regulations to demand from the controller that personal data concerning them be erased without delay, provided that one of the following reasons applies and processing is no longer necessary:

  • The personal data was collected or otherwise processed for purposes for which it is no longer necessary.
  • The data subject revokes their consent on which processing is based according to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, and there is no other legal basis for processing.
  • The data subject, pursuant to Article 21(1) GDPR, objects to processing and there are no overriding legitimate reasons for processing, or the data subject objects to processing under Article 21(2) GDPR.
  • The processing of personal data was unlawful.
  • The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of a Member State to which the controller is subject.
  • The personal data has been processed in relation to information society services offered in accordance with Article 8(1) GDPR.

If one of the aforementioned reasons applies and a data subject wishes to arrange for the erasure of personal data stored by BHS Control Systems, they may contact the company’s Data Privacy Officer anytime at datenschutz[@]bhs-sonthofen[.]com, who will address the erasure request promptly.

If the personal data has been made public by BHS Control Systems and our company as the controller pursuant to Article 17(1) GDPR is obliged to erase the personal data, BHS Control Systems – taking into account the available technology and the cost of implementation – shall take reasonable steps, including technical measures, to inform other controllers who process the published personal data that the data subject has requested from those other controllers the deletion of all links to the personal data or to copies or replications of the personal data, unless processing is necessary. BHS Control Systems’s Data Privacy Officer will take the necessary steps in each case.

e) Right to restriction of processing

Every data subject is granted the right to demand from the controller the restriction of processing if one of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • Processing is unlawful, the data subject objects to the erasure of the personal data, and requests instead the restriction of use of the personal data.
  • The controller no longer needs the personal data for the purposes of processing, but the data subject needs the data for the establishment, exercise or defense of legal claims.
  • The data subject has objected to processing pursuant to Article 21(1) GDPR, and it remains to be decided whether the controller’s legitimate interests outweigh those of the data subject.

If one of the aforementioned conditions is met and a data subject wishes to request the restriction of personal data stored by BHS Control Systems, they may contact the company’s Data Privacy Officer anytime at datenschutz[@]bhs-sonthofen[.]com, who will initiate the restriction of processing.

f) Right to data portability

Every data subject is granted the right to obtain personal data concerning them, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, insofar as processing is based on consent pursuant to point (a) of Article 6(1) GDPR, point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising the right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have the personal data transferred directly from one controller to another controller insofar as this is technically feasible (SSL or TLS encryption) and insofar as this does not adversely affect the rights and freedoms of other persons. To assert the right to data portability, the data subject may contact the company’s Data Privacy Officer anytime at datenschutz[@]bhs-sonthofen[.]com.

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” as well as by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

g) Right to object

Every data subject is granted the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them based on point (e) or (f) of Article 6(1) GDPR.

In case of an objection, BHS Control Systems shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If BHS Control Systems processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of the personal data for such purposes. If the data subject objects to BHS Control Systems to processing for direct marketing purposes, BHS Control Systems will no longer process the personal data for these purposes.

To exercise the right to object, the data subject may contact the company’s Data Privacy Officer directly at datenschutz@bhs-sonthofen.com. Notwithstanding Directive 2002/58/EC, the data subject is also free in connection with the use of information society services to exercise their right to object by means of automated procedures using technical specifications.

h) Automated case-by-case decisions including profiling

Every data subject is granted the right not to be subject to a decision based solely on automated processing – including profiling – that produces legal effects concerning them or similarly significantly affects them, unless the decision is necessary for entering into, or the performance of, a contract between the data subject and the controller, or unless it is permitted by Union or Member State law to which the controller is subject, and that law contains suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or with the data subject’s explicit consent.

If the decision is necessary for entering into, or the performance of, a contract between the data subject and the controller, or if it is made with the data subject’s explicit consent, BHS Control Systems shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, which include at least the right to obtain the data subject’s involvement on the part of the controller, to express their point of view and to contest the decision. If the data subject wishes to assert rights relating to automated decision-making, they may contact an employee of the controller at any time.

i) Right to withdraw consent under data protection law

Every data subject is granted the right to withdraw consent to the processing of personal data at any time. If the data subject wishes to exercise the right to withdraw consent, they may contact the company’s Data Privacy Officer anytime at datenschutz[@]bhs-sonthofen[.]com. The lawfulness of data processing carried out until the time of withdrawal shall not be affected by the withdrawal of consent.

h) Right to lodge a complaint with a supervisory authority

Every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy, if the data subject considers that the processing of personal data relating to them infringes this Regulation. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. The responsible supervisory authority is the Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Privacy Supervision).

You may contact the controller’s Data Privacy Officer about this or other data privacy matters anytime at datenschutz[@]bhs-sonthofen[.]com.

9. Data privacy pertaining to applications and the application process

We collect and process the personal data of applicants for the purpose of the application process. Processing may also be carried out electronically. This is the case in particular when an applicant submits corresponding application documents electronically to BHS Control Systems via a form on the website. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of the employment relationship in compliance with the applicable legal regulations. If the controller does not conclude an employment contract with the applicant, the application documents shall be erased six months after notification of the rejection decision, provided that no other legitimate interests of the controller prevent this erasure. Other legitimate interests in this sense include, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

If we do not make you a job offer, there may be the option of being accepted into our applicant pool. In the event of acceptance into our pool, all documents and information from your application will be transferred to the applicant pool in order to contact you in the event that suitable vacancies arise. Acceptance into the applicant pool is carried out exclusively on the basis of your express consent (point (a) of Article 6(1) GDPR). Granting consent is voluntary and in no way relates to the ongoing application procedure. The data subject can withdraw their declaration of consent at any time. In this case, the data from the applicant pool is irrevocably erased, provided that no legal obligations for its further retention exist. The data from the applicant pool is irrevocably erased two years after consent is granted at the latest.

10. Privacy policy for the use of YouTube

BHS Control Systems uses a YouTube channel owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Please note that you use the YouTube channel offered here and its functions under your own responsibility. This applies in particular to the use of the “Discussion” function. Information about what data is processed by Google, and for what purposes it is used, can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de&gl=de#infocollect.

BHS Control Systems has no influence on the type and scope of data processed by Google, the way in which it is processed and used, or the transfer of this data to third parties. BHS Control Systems also does not have any effective means of control in this respect. If you use Google, your personal data will be collected, transferred, stored, disclosed and used by Google and, in doing so, will be transferred to and stored and used in the United States, Ireland and any other country in which Google does business, regardless of your country of residence. Data is transferred to companies affiliated with Google and other trusted companies or persons who process it on behalf of Google.

On the one hand, Google processes data you provide voluntarily, such as your name and username, e-mail address and phone number. Google also processes the content that you create, upload or receive from others when using the services. This includes, for example, photos and videos you save, documents and spreadsheets you create and comments you post on YouTube videos. Google furthermore also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages you send directly to other users, and may determine your location using GPS data, wireless network information or your IP address to deliver advertisements or other content to you.

Google may use analytics tools such as Google Analytics for evaluation purposes. BHS Control Systems has no influence on the use of such tools by Google and was not informed about such potential uses. If tools of this type are used by Google for the YouTube channel of BHS Control Systems , BHS Control Systems has neither commissioned nor otherwise supported this in any way. Also note that the data obtained from the analysis is not made available to us. Only the profiles of the subscribers can be viewed by BHS Control Systems via its account.

Furthermore, BHS Control Systems has no means to prevent or turn off the use of such tools on its YouTube channel. Finally, Google also receives information when you view content, for example, even if you have not created an account. Such “log data” may include your IP address, browser type, operating system, information about the website you previously visited and the pages you viewed, your location, your mobile carrier, the device you are using (including device ID and application ID), the search terms you used and cookie information. There are options in the general settings of your Google account you can use to restrict the processing of your data. In addition to these tools, Google also offers privacy settings specific to YouTube. See the Google Product Privacy Guide for more information: https://policies.google.com/technologies/product-privacy?hl=de&gl=de

Further information about these points is found in the Google privacy policy under “Privacy settings”:

https://policies.google.com/privacy?hl=de&gl=de#infochoices

You can also request information using the Google data privacy form: https://support.google.com/policies/answer/9581826?visit_id=637054532384299914-2421490167&hl=de&rd=3.

BHS Control Systems itself does not collect any data through its YouTube channel. The IP addresses of website visitors are not transmitted to Google via the integration of YouTube videos of BHS Control Systems on its website (https://www.firma.de).

The data freely published and distributed by you on YouTube will be included unchanged in our YouTube channel and made available to our followers. We use YouTube in the interest of making our online presence more appealing. This constitutes a legitimate interest in accordance with point (f) of Article 6(1) GDPR.

Google also processes your data in the USA, among other places. Please note that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be accompanied by various risks to the lawfulness and security of data processing.

As a basis for data processing with recipients located in third countries (outside the EU, Iceland, Liechtenstein and Norway) or a data transfer there, Google uses provided templates, which are intended to ensure that your data complies with European data privacy standards even when it is transferred to third countries and stored there. These clauses are based on an implementation decision of the EU Commission. The decision and corresponding standard contractual clauses are found here, for example: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_de.

The Google Ads Data Processing Terms, which correspond to the standard contractual clauses, are available here: https://www.google.com/analytics/terms/dpa/dataprocessingamendment_20200816.html.

If you want to know more about data processing by Google, we recommend you read the company’s privacy policy at:
https://policies.google.com/privacy?hl=en-US

11. Privacy policy for the use of Google Fonts

We use Google Fonts from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in the European region. We have embedded the Google fonts locally, so they are being hosted on our web server rather than on Google’s servers. This means there is no connection to Google servers and thus no data transfer or storage takes place.
In the past, Google Fonts was also called Google Web Fonts. This is an interactive directory of over 800 fonts that Google provides for free. With Google Fonts, you could use fonts without uploading them to your own server. However, in order to prevent any information transfer to Google servers in this regard, we have downloaded the fonts to our server. As a result, our actions are data privacy compliant and we do not send any data to Google Fonts.

12. Privacy policy for the use of Web Fonts

This website uses Web Fonts provided by Monotype GmbH (fonts.com or fast.fonts.net) to display fonts. When you call up a page, your browser loads the required Web Fonts into its browser cache in order to display texts and fonts correctly. Your browser has to establish a connection to the servers of fonts.com for this purpose.

This enables fonts.com to know that our website has been accessed via your IP address. We use Fonts.com Web Fonts in the interest of making the presentation of our online offering more consistently appealing. This constitutes a legitimate interest according to point (f) of Article 6(1) GDPR. If your browser does not support Web Fonts, a default font will be used by your computer.

For more information about Web Fonts, please see https://www.fonts.com/info/legal, Fonts.com’s privacy policy: https://www.fonts.com/info/legal/privacy/ and Monotype GmbH’s privacy policy: https://www.monotype.com/legal/privacy-policy/

13. Privacy policy for the use of etracker Analytics

On our website, we use the tracking and analysis tool etracker Analytics from the German company etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany. etracker Analytics is a software product that collects and analyzes data about your actions on our website. We receive analysis reports about your use our of website, allowing us to keep optimizing our site in order to serve you better. In this privacy policy, we go into more detail about the analysis tool and show in particular what data is stored when, how and where.

etracker Analytics is an analysis tool that can measure the performance of our website and online campaigns and analyze them accordingly. For example, the software collects data about how long you are on our website, how many users visit our website, and from where you came to our website. We also receive accurate evaluations of visitor behavior on our website. For example, we can find out which buttons you like to click or which subpages you like and which you tend to avoid. All this information is anonymous. This means that we do not identify you personally through this data, but only receive general user information and statistics.

We use the software tool to improve the quality of our website and what we offer. Our goal is to provide you with the best possible service. The data also helps us perform our online marketing and advertising activities more individually and effectively.

For tracking to work, JavaScript code has to be included in the website. etracker uses a pixel technology. By default, etracker does not use cookies or technologies for tracking on a website as this has been implemented in cookie-less mode through privacy by design. Only absolutely essential cookies are used in this case. However, etracker also uses cookies if you have actively agreed to their use.

The following data is stored and processed when you access a page:

  • Your pseudonymized IP address
  • Technical information about your browser, operating system and the device you are using
  • Location information up to a maximum of city level
  • The accessed URL with the associated page title and optional information about the page contents
  • Referrer website: This is the website from which you came to our website
  • The following page: This is the website you click on afterwards
  • How long you stay on our website (dwell time)
  • Interaction on the website. This can include, for example, clicks on the website, entered search terms, downloaded files, videos or ordered items.

Website data from the web server is used here along with information the web browser transmits to the web server to access websites. This information is transmitted with each individual page view. Unlike other technologies, etracker does not read any information from your device memory and does not store any data on your device. The data is not used by etracker for any other purpose or passed on to third parties.

The cookies that are used do not contain any information that can identify you personally. Data such as the IP address, device and domain data are encrypted or shortened during storage. Personally identifying individuals is therefore impossible for us and for etracker.

If you have consented to the use of cookies, the following cookies may be used:

Name: GS3-v
Value: 146480958331674811879-9
Purpose: This cookie is used for cookie recognition and is only stored when cookies are activated.
Expiry: after 3 years.

Name: -et-coid
Value: e9cc2b3efbf7807c6157e8b151baa2f333167811879-1
Purpose: This cookie is used for cookie recognition and is only stored when cookies are activated.
Expiry: after 3 years

Name: pll_language
Value: de
Purpose: This cookie is used to save the language setting.
Expiry: after one year

Notice: Please note that the list provided here only includes a selection of cookies that are used, and is not exhaustive. Which cookies are stored in a specific case depends on the evaluation mechanisms used in each case. You can view all cookies in a list under the following link: https://www.etracker.com/docs/integration-setup/einstellungen-accounts-etracker-cookies/verwendete-cookies-zaehlung/.

The etracker data center (servers) is located in Hamburg. System administration takes place entirely in Hamburg as well. All data is therefore stored exclusively on servers in Germany. The data is stored by etracker until the contract with us as a customer expires. Shortly after the contract ends, all data will be permanently erased.

You have the right to information, correction or deletion, or restriction of the processing of your personal data at any time. You can also revoke your consent to the processing of data at any time.

Legal basis

The use of etracker requires your consent, which we have obtained with our cookie popup. According to point (a) of Article 6(1) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur during data collection by web analytics tools.

Aside from consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our website, both in terms of its technology and economic effectiveness. With the help of etracker, we can detect website errors, identify attacks and improve profitability. The legal basis for this is point (f) of Article 6(1) GDPR (legitimate interests). Nevertheless, we only use etracker if you have given your consent.

If you want to learn more about the tracking service, we recommend that you read the company’s privacy policy at https://www.etracker.com/datenschutz/.

14. Data processing by social networks

Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (for example, “Like” buttons or advertising banners). Visiting our social media profiles triggers numerous processing operations relevant to data privacy. Details:

If you are logged in to your social media account and visit our social media profile, the operator of the social media site can match this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media site. In this case, data collection takes place, for example, via cookies that are stored on your device or by recording your IP address.

With the help of data collected in this way, the operators of social media sites can create user profiles that capture and store your preferences and interests. Interest-based advertising can thus be displayed to you inside and outside the respective social media site. If you have an account with the respective social network, interest-based advertising may be displayed on all devices on which you are logged in or have been logged in.

Please also note that we do not have insight into all processing operations on social media sites. Depending on the provider, further processing operations may therefore be carried out by the operators of social media sites. Please see the terms of use and data privacy provisions of the respective social media sites for details.

Our social media profiles are intended to maximize our Internet presence. This is a legitimate interest according to point (f) of Article 6(1) GDPR. The analysis processes initiated by social networks may be founded on different legal bases, which must be stated by the social network operators (for example, consent according to point (a) of Article 6(1) GDPR.)

When you visit one of our social media profiles (on Facebook, for example), we and the operator of the social media platform are jointly responsible for the data processing operations initiated during your visit. You can exercise your rights (information, correction, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media site (for example, against Facebook).

Please note that despite our joint responsibility with social media site operators, we do not have full control over the data processing operations of social media sites. Our options are largely determined by the respective provider’s company policies.

Data collected by us directly through the social media profile is erased from our systems when the purpose of storage ceases to exist, you request erasure, you revoke your consent to storage, or when the purpose of data storage no longer applies. Stored cookies remain on your device until you erase them. Mandatory legal provisions – retention periods in particular – remain unaffected.
We have no influence on the storage period of any of your data that may be stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (for example, in their privacy policy, see below).

(a) Facebook

As the controller, we may have integrated components of the company Facebook in various places on our website. Facebook is operated by Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter “Facebook”). For Facebook, the controller for any Facebook users outside the USA and Canada is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If users and thus data subjects access a page of our website that contains a Facebook component, known as a Facebook plugin, or on which this has been integrated, the Internet browser on the data subject’s IT system is prompted by the Facebook component to download this Facebook component. Through the procedure just explained, Facebook receives information about which of our websites and sub-pages are visited by you as a data subject. Further information on the various individual Facebook plugins is available directly from the provider Facebook at https://developers.facebook.com/docs/plugins/?locale=de_DE.

Should you as a data subject be logged in to your Facebook account during your visit to our website, Facebook records every call to each of our individual sub-pages and the duration of the respective stay, as well as the total time spent on our website. This data is collected by the previously mentioned Facebook component(s) assigned to the individual Facebook account of the respective data subject and thus to the respective usage account of the data subject, which is thereby linked to the data collected when visiting our website.

If the data subject registered with Facebook clicks on a Facebook component on our website and thereby, for example, shares or creates a post, marks our fan page on Facebook with “like” or leaves a comment, this action is automatically assigned to the respective Facebook user account of the data subject on the social network Facebook, and this personal data is processed and stored.

Facebook provides us with statistical data called “Insights.” As the site operator, we have no influence on this generation and display of data and cannot deactivate it. The following information is provided over specific time periods: Total page views, “likes,” page activity, post interactions, reach, video views, post reach, comments, shared content, replies, proportion of men and women, origin based on country and city, language, clicks on route planners, clicks on phone numbers. Data on Facebook groups linked to our Facebook page is also provided. The legal basis for the use of Facebook Insights is our legitimate interest in operating an information and communication channel according to point (f) of Article 6(1) GDPR. Since Facebook changes the way this data is provided from time to time, please see Facebook’s data privacy statement for the current status: https://www.facebook.com/policy.php.

We do not transfer your data to third parties, third countries or international organizations. We do not know how Facebook handles the transfer of data. We would like to point out, however, that public posts, comments or “likes” can generally be viewed by anyone. Via the respective integrated Facebook component, the platform always receives individual information when you visit our website if you are logged in to Facebook at the same time. This is independent of a direct interaction such as clicking on the respective Facebook component.

If this collection of your online activity and interaction with our website is not desired, you as a data subject must log out from your Facebook account and thus from their own online service before calling up our website. If you need information about your personal user data or rights, or if you have questions about data processing by Facebook, please contact the company directly. You will find Facebook’s data privacy notice under the following link: https://de-de.facebook.com/about/privacy. The objection options (“opt-out”) can be set under the following link: https://www.facebook.com/settings?tab=ads. For direct contact with the data privacy officer of Facebook, click here.

(b) Instagram

Components of the Internet service Instagram have been integrated on the controller’s website. Instagram is a social network designed to focus on audiovisual media. Users generally post pictures and videos on their own profiles on the Instagram platform, which can then be viewed by other users. If they have their own account, users can also interact with these posts, for example, by commenting on them. The Instagram service also offers companies the opportunity to create a profile and make images, text and video available to users.

The social network Instagram, among other things through cooperation with Facebook, enables a further distribution of the data published there in other social networks (for Facebook and the associated operating company, see the point “Facebook” in our privacy policy). Instagram belongs to Meta Platforms Inc., which is why the operating company of Instagram’s services outside the USA and Canada is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereinafter “Instagram”).

In some circumstances, various Instagram components called Insta buttons are integrated into the controller’s website. Depending on activation, users are either redirected to our own profile on Instagram and have the opportunity to follow our company and view our previously published media, or they are prompted by the link click to share our homepage or a specific medium, such as an image, from our homepage on Instagram. For each individual sub-page of the controller’s website, the integration of an Instagram component means that this component requests the Internet browser used by the data subject to download this component in order to display it graphically. This informs Instagram about which subpages the data subject has clicked on the controller’s website.

If the Instagram component is placed in a location on our homepage that is fundamentally functional and visible on every subpage, such as the menu, header or footer, all subpages of our entire homepage are captured by Instagram. If the data subject is logged in to Instagram when calling up our site, Instagram recognizes any call to our website during the entire duration of the respective user’s stay, which sub-pages are visited at what time, and how long the user stays on these sub-pages and our website as a whole.

The Instagram component integrated by the controller collects this personal data and automatically assigns it to the Instagram account where the user is currently logged in. As soon as a component on our website is clicked, i.e., one of the Insta buttons on our website, this data is transmitted to Instagram and stored and processed by the social network. Through the Instagram component(s) located on the controller’s website, Instagram receives information at any time as soon as the respective data subject visits our website, provided that the data subject is logged in to an Instagram account at that time. This takes place regardless of whether an Instagram component was clicked or not.

If you as a user want to avoid this transmission of the above-mentioned personal data, you have to log out or log off the social network Instagram in the browser used before visiting our website. For more information, Instagram’s privacy policy is available at https://www.instagram.com/about/legal/privacy/. Additional interesting facts and articles about Instagram privacy can be found at https://help.instagram.com/155833707900388.

We do not transfer your data to third parties, third countries or international organizations. How Instagram handles the transfer of data is not known to us. We would like to point out that public comments or “likes” can, however, generally be viewed by anyone. If you need information about your personal user data or rights, or have questions about data processing at Instagram, please contact Facebook directly. Instagram’s privacy policy is available under the following link: https://help.instagram.com/519522125107875.

(c) Xing

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Whenever a data subject accesses one of the individual pages of this website operated by the controller and on which a Xing component (Xing plug-in) has been integrated, the Internet browser on the data subject’s IT system is automatically prompted by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information on the Xing plug-ins can be found at https://dev.xing.com/plugins. As part of this technical procedure, Xing receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Xing at the same time, Xing recognizes which specific subpage of our website the data subject is visiting with each call to our website by the data subject and for the entire duration of the respective stay on our website. This information is collected by the Xing component and associated by Xing with the respective Xing account of the data subject. If the data subject activates one of the Xing buttons integrated on our website, such as the “Share” button, Xing associates this information with the data subject’s personal Xing user account and stores this personal data.

Xing always receives information via the Xing component that the data subject has visited our website if the data subject is logged in to Xing while calling up our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not want this information to be transmitted to Xing, they can prevent transmission by logging out of their Xing account before accessing our website.

For more information, see Xing’s privacy policy available at https://www.xing.com/privacy. Xing has also published data privacy information for the XING Share button at https://www.xing.com/app/share?op=data_protection.

For details on the collection, processing and use of personal data by Xing, please refer to XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

(d) LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to deactivate LinkedIn advertising cookies, please follow this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The transfer of data to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on their handling of your personal data, please see LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

15. Legal basis of processing

Point (a) of Article 6(I) GDPR serves as our company’s legal basis for processing operations in which we obtain consent for a specific purpose of processing. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, with processing operations necessary for the provision of services or consideration, processing is based on point (b) of Article 6(I) GDPR.

The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example, in case of inquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for compliance with tax obligations, processing is based on point (c) of Article 6(I) GDPR.

Finally, processing operations may be based on point (f) of Article 6(I) GDPR. Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to protect a legitimate interest of our company or a third party, unless the interests, fundamental rights and freedoms of the data subject outweigh this interest. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, the legislator considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).

16. Legitimate interest in processing

When the processing of personal data is based on point (f) of Article 6(I) GDPR, our legitimate interest is the performance of our business activities.

17. Storage period

The criterion for the storage duration of personal data is the respective statutory retention period. After the retention period ends, the corresponding data is routinely erased, provided that it is no longer needed for contract fulfillment or initiation.

18. Legal or contractual requirements to provide the personal data; necessity for contract conclusion; obligation of the data subject to provide the personal data; possible consequences of not providing data

We hereby inform you that providing personal data is in part prescribed by law (tax regulations, for example) or may also result from contractual provisions (information about the contractual partner, for example). In order to conclude a contract, it may at times be necessary for a data subject to provide us with personal data that subsequently has to be processed by us. For example, the data subject is obligated to provide us with personal data if our company concludes a contract with the data subject. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether providing the personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

19. Use of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.