Data privacy policy
1. GERNERAL INFORMATION
With the following information we would like to give you an overview of the processing of your personal data by us and your data protection rights when you visit our website soniflex.com, which you can also reach via our various landing pages. On principle, the use of our website is possible without entering any personal data. However, if you wish to make use of special services or use other channels of interacting with us, processing of personal data may be required. Obviously, this will be the case particularly when using the shop functions: without an exchange of data, you cannot purchase products via our shop, as the conclusion and execution of purchase contracts are only possible on the basis of personal data.
2. CONTROLLER
Cellofoam International GmbH & Co. KG
Business unit soniflex
Freiburger Straße 44
88400 Biberach
Germany
Phone: +49 73 51 - 34 02 861
E-Mail: sales@soniflex.de Further information can be found in our Legal Information section. Legal Information.
3. DATA PROTECTION OFFICER
If you have any questions about data processing or data privacy at soniflex, you can also turn to our external data protection officer at DAISECO GmbH at any time. You can contact the data protection officer by letter to the above address (please write "For the attention of the Data Protection Officer" on the envelope), by e-mail to datenschutz@cellofoam.de or confidentially via our Data Pivacy Portal.
4. LEGAL GROUNDS OF DATA PROCESSING
Article 6 (1) (a) GDPR in conjunction with Section 25 (1) TTDSG (German Telecommunications Digital Services Data Protection Act) serves as the legal basis for data processing operations for which we requested and obtained consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which you are party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of any other service or performance, the processing is based on Art. 6 (1) (b) GDPR. The same applies to such processing operations that are necessary for the execution of pre-contractual measures, for example in the case of inquiries about our products or services. Insofar as our company is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of taxation obligations, the processing is based on Art. 6 (1) (c) GDPR. Ultimately, processing operations can be based on Art. 6 (1) (f) GDPR. This provision is the legal basis for processing operations which are not covered by any of the aforementioned legal bases in cases where processing is necessary for the purpose of the legitimate interests pursued by our company or by a third party, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislation authorities. In this respect, the authorities have taken the view that a legitimate interest on our part can be assumed if you are a client of our company (Recital 47 (2) GDPR).
5. DISCLOSURE OF DATA THIRD PARTIES
Your personal data will not be disclosed to third parties for purposes other than those listed below. We only pass on your personal data to third parties:
- if you have given your express consent in accordance with Art. 6, para. 1 (a) GDPR;
- if the disclosure is necessary according to Art. 6, para. 1 (f) GDPR and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data;
- in the event that there is a legal obligation for the disclosure pursuant to Art. 6, para. 1 (c) GDPR, and
- this is legally permissible and - as per Art. 6, para. 1 (b) GDPR - necessary for handling contractual relationships with you.
6. DATA TRANSFER WITHIN THE CELLOFOAM GROUP OF COMPANIES
The Cellofoam Group comprises the following legally independent companies:
- Cellofoam GmbH & Co. KG, Freiburger Str. 44, 88400 Biberach
- Cellofoam Germany GmbH & Co. KG, Freiburger Str. 44, 88400 Biberach
- Cellofoam International GmbH & Co. KG, Freiburger Str. 44, 88400 Biberach
7. TECHNOLOGY
a. SSL/TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the website operator. The use of an encrypted connection is indicated by the lock icon in the browser’s address bar and an URL that begins with “https://“ instead of "http://“. We use this technology to protect your transmitted data. b. Data collected when you visit our website
If you use our website solely for information purposes, i.e. if you do not register or otherwise enter data for transmission to us, we only collect the data that your browser transmits to our server (in the scope of so-called "server log files"). Our website collects a range of general data and information items each time you or an automated system accesses one of our pages. This general data and information items are stored in the server log files. The following data may be recorded: 1. browser types and versions used,
2. operating system used by the accessing system,
3. website from which an accessing system reaches our website (the so-called “referrer”),
4. sub-websites that are accessed on our website via an accessing system,
5. date and time of access to the website,
6. internet protocol address (anonymized IP address) and
7. internet service provider of the accessing system. When processing this general data and information, we do not draw any conclusions regarding your person or identity. Rather, this information is required in order to: 1. deliver the content of our website in the correct form,
2. optimize the content of our website and the related marketing measures,
3. ensure the continued functioning of our IT systems and of the technology used for our website for the long term, and
4. in the event of a cyber-attack, provide law enforcement authorities with the information necessary for prosecution. This collected data and information is therefore analysed by us both in statistical terms and with the aim of maximizing data privacy and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The data of the server log files are stored separately from all personal data provided by a data subject and are deleted after 10 days. The legal basis for data processing is Art. 6 para 1 (1) (f) GDPR. Our legitimate interest follows from the data collection purposes listed above.
8. HOSTING BY PROFIHOST GMBH
We host our website at profihost GmbH - Hildesheimer Strasse 25, 30880 Laatzen Germany (hereinafter referred to as profihost). When you visit our website, your personal data (e.g. IP addresses in log files) are processed on profihost servers. The use of the services of profihost is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in the most reliable presentation, provision and security of our website. We have concluded a data processing agreement (DPA) with profihost in accordance with Art. 28 GDPR. This is a contract required by data privacy law, which ensures that profihost processes the personal data of any visitors to our website exclusively in accordance with our instructions and in compliance with the GDPR. You can find more information about profihost’s privacy policy at https://www.profihost.com/unternehmen/datenschutzerklaerung.
For contacting their Data Protection Specialist: datenschutz@profihost.com
9. WEBSHOP-SYTEM / E-COMMERCE SOFTWARE
We have implemented our web store as an e-commerce solution with the modular online shop system from ShopWare AG, Ebbinghoff 10, 48624 Schöppingen. When you use our e-commerce shop solution, cookies are stored in your browser to enable the basic functions of the online shop. Cookies are used, for example, to enable the display of shopping cart content, login status and CSRF protection. The visitor cannot use Shopware without allowing the storage of cookies in the browser. Shopware only stores IDs in your browser, the linkage with the respective information takes place in the application itself. The session cookie serves to determine whether you have an active shopping cart and whether you are logged in. This means that it serves as an identification marker between your browser and the server. No information other than the session ID is stored in the browser. The handling of session cookies is controlled on the server side via PHP and is independent of Shopware. In addition, when you visit the store, Shopware generates an individual CSRF cookie that allows you to navigate and use the different areas of the store. Furthermore, an SLT cookie is set which enables us to recognize you when you return to our online shop, even if the initial session has expired. If desired, you can disable the placement of SLT cookies in the settings of your browser. If you use the option of creating a list of your personal favorites, a cookie with the name "sUniqueID" is created to save the content of your watch list. The saved products are stored in the s_order_notes table. A unique user ID is assigned, which is used by Shopware to permanently store the watch list. This cookie makes it possible for you to conveniently save your favorite items in this watch list for immediate retrieval on your next visit to our online shop. Information on the "last viewed articles" is also saved in the browser's local storage. Data privacy information for Shopware: https://www.shopware.com/en/privacy.
10. CONTENT AND CONTACT OPTIONS
As a leading supplier of high-quality sound-insulation and sound-attenuation products as well as sealing products for industrial and technical applications, flame and dry-adhesive lamination, products for the sound-conditioning of rooms plus many specially developed solutions based on flexible foams and nonwovens for a wide variety of industrial applications, we have placed information on our website to tell you more about our company, our locations and our products, our range of services, applications and offers as well as any company news. As a service accompanying our products, we offer brochures and product flyers, certificates and processing instructions and provide information about our purchasing conditions and general terms and conditions. The soniflex.com site offers also the typical online shop functions for direct ordering of the products that we provide, including payment options. We offer you various additional options for contacting us and communicating with us, for example via contact forms: a. Contact via contact form
If you have any questions, you can contact us using the general contact form provided on our website. As part of the contacting process, personal data will be collected. As a minimum, a valid e-mail address is required to process the information in the contact form. Which further data is collected when you use a contact form can be seen from the respective contact form, e.g. in the case of product inquiries; any mandatory information is marked with an (*) where applicable. This data is stored and processed exclusively for the purpose of responding to your inquiry resp. for contacting you, as well as for the purpose of the necessary technical administration of your request. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. If your request has the ultimate aim of concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted after your request has been dealt with conclusively; this is the case if it can be inferred from the circumstances that the matter in question has been fully resolved, and provided that the deletion does not conflict with any statutory obligations to retain the data. As an alternative, you can contact us informally and ask us to delete your data. b. Contact via e-mail
If you contact us via one of the e-mail addresses listed by us, the personal data that you provide will be used exclusively for the purpose of processing your respective inquiry, for corresponding with you, as well as for the initiation and establishment of a contract with you, as the case may be, for inquiries in regard to products and complaints etc., all in accordance with Art. 6 (1) (b) GDPR. Your personal data collected will be deleted automatically after your request has been dealt with conclusively; this is the case if it can be inferred from the circumstances that the matter in question has been fully resolved, and provided that the deletion does not conflict with any statutory obligations to retain the data. c. Registration as a user
You have the option of registering as a user on the page of our online shop by providing personal data. Which personal data is transmitted to us is determined by the specific input mask used for registration. The personal data you enter is collected and stored exclusively for internal use by us and for our own purposes. We may arrange for the data to be forwarded to one or more processors, for example a parcel service provider, who is obligated to use the personal data exclusively for internal purposes attributable to us. We may also process this information within our group of companies. When you register as a user on our website, the IP address assigned by your internet service provider (ISP), the date and the time of registration are also stored. This data has to be stored since this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of any criminal offenses committed. In this respect, the storage of this data is necessary to safeguard the security of our company and our services. This data will not be passed on to third parties. This does not apply in cases where we are legally obliged to disclose the data or if the disclosure serves the purpose of criminal prosecution. Your registration including your voluntary provision of personal data also enables us to offer you content or services which, due to their nature, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from our database. On request, we will provide you at any time with information about your personal data stored by us. Furthermore, we will correct or delete personal data at your request, provided that this does not conflict with any statutory retention obligations. The data protection officer named in this privacy policy and all other employees are available to the data subject as contact persons for this purpose. Your data is processed in the interest of ensuring the convenient and easy use of our online shop. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. d. Data processing for a newly opened customer account and for contract execution
In accordance with Art. 6 (1) (b) GDPR, personal data is collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. You can delete your customer account at any time, for example by sending a message to the controller’s address provided above. We store and use the data provided by you in the scope of contract processing. After complete processing of the contract or after deletion of your customer account, your data will be blocked for further use, unless you have expressly consented to further use of your data or we have reserved the right to further use of your data as permitted by law, about which we inform you below. Insofar as tax and commercial law retention periods apply, your blocked data will be retained until these periods have expired, and then deleted. e. Data processing for order processing
As part of the contract processing, the personal data collected by us will be passed on to the transport company commissioned with the delivery, insofar as this is necessary for the delivery of the goods. Within the scope of payment processing, we will pass on your payment data to the commissioned financial institution insofar as this is necessary for payment processing. Insofar as payment service providers are used, we provide explicit information about this below. The legal basis for the transmission of data is Art. 6 (1) ( b) GDPR. f. Contract conclusion via the online shop, retailers and goods shipping
We only transfer personal data to third parties if this is required in the context of contract processing, for example for internal organizational reasons, to the company commissioned with the delivery of the goods or to the financial institution commissioned with payment processing. Any further transmission of your data will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties outside our group of companies, for example for advertising purposes, without your express consent. The basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data for the fulfillment of a contract or for pre-contractual measures. g. Trusted Shops
We use the service provider Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, Germany, to display the Trusted Shops services and to provide you directly with the option to submit a rating. The use of this service provider is based on Art. 6 (1) (f) GDPR and a joint controllership agreement pursuant to Art. 28 GDPR. The joint controllership agreement is retrievable at: https://help.etrusted.com/hc/engb/ articles/4402587369105-Joint-Controllership-agreement-GDPR. The Trustbadge is provided by a US-based CDN (content delivery network) provider. An appropriate level of data privacy is ensured by standard data protection clauses and other contractual measures. Once the order has been completed, order information (order total, order number, product purchased if applicable) as well as the e-mail address (hashed using a one-way cryptographic function) are transmitted to Trusted Shops. The legal basis is Art. 6 (1) (f) GDPR. As it serves to check whether a visitor is already registered for services with Trusted Shops, this transmission is necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection service linked to the specific order, and the services for rating the transaction. If you have not yet registered for the services, you will be given the opportunity to do so after placing your order. Further processing after registration is based on the contractual agreement with Trusted Shops, pursuant to Art. 6 (1) (b) GDPR. If you do not register, all transmitted data will be automatically deleted by Trusted Shops, and inferences of any kind about your person are then no longer possible. The ratings received are analyzed by an AI-supported system to suggest replies that match the respective content of the comments. After approval by the responsible controller, suitable reply comments will be published. The legal basis for the analysis of the rating commentary is Art. 6 (1) (f) GDPR. You can find more information about Trusted Shops' privacy policy at: https://help.etrusted.com/hc/engb/ articles/360026764732-FAQ-on-Trusted-Shops-Data-Protection. Trusted Shops also provides additional information in their Help Center.
11. SOCIAL MEDIA
For the purpose of communicating with you and informing you about our services, we have our own pages on social networks. If you visit one of our social media pages, we share joint responsibility with the provider of the respective social media platform for the processing operations triggered by your visit, within the meaning of Art. 26 GDPR. We are not the original provider of these pages, but only use them within the scope of the options offered to us by the respective providers. As a precautionary measure, we would therefore like to point out that, in specific cases your data may also be processed outside the European Union or the European Economic Area, particularly in the USA. The use of our social media pages may therefore be associated with data privacy risks for you, as it may be more difficult for you to protect your rights, e.g. your right to information, erasure, objection, etc., and due to the fact that the providers of social media platforms often carry out data processing directly for advertising purposes or for the analysis of user behavior, without us being able to influence these processing steps. Insofar as the providers create user profiles, they often use cookies or may also link your usage behavior to the member profile that you have created on the respective social network. The operations for processing personal data are carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider to communicate with you in a modern manner and/or to provide you with information on our products and services. If the respective providers request you to give your consent as a user to data processing, the legal basis for processing is Art. 6 (1) (a) GDPR in conjunction with Art. 7 GDPR. As we do not have access to the providers' databases, we would like to point out that your rights (e.g. the right to information, correction, erasure, etc.) are best exercised directly with the respective provider. Further information on the processing of your data in social networks is provided below, listed for the respective providers of the social networks that we use: a. Instagram
(Joint) controller for data processing in Germany:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Data privacy statement (Data Policy):https://instagram.com/legal/privacy b. Pinterest
(Joint) controller for data processing in Germany:
Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA.
Data privacy statement (Data Pivacy Policy): https://policy.pinterest.com/en/privacy-policy c. YouTube
(Joint) controller for data processing in Germany: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Data privacy statement: https://policies.google.com/privacy
12. WEB ANALYSIS
a. Google Analytics 4 (GA4)
On our web pages we use Google Analytics 4 (GA4), a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). In this context, pseudonymised user profiles are created and cookies (see para. "Cookies") are set. The information generated by the respective cookie about your use of this website may include, but is not limited to
- short-term logging of the IP address without permanent storage
- location data
- browser type/version
- operating system used
- referrer URL (the page from where you accessed our page)
- time of the server request
Google Signals is a function in Google Analytics that collects session data from websites and apps where users are logged in with their Google account and have consented to personalised advertising. This function enables advanced analysis by linking user behavior across different devices and providing additional information such as demographic characteristics and interests. Your consent to the use of Google Analytics (see above) also includes consent to the Google Signals add-on function. c. GA4 – Additiona information on Consent Mode, simple implementation
Under the Digital Markets Act, Google is obliged to obtain user consent before processing user data for personalized advertising. Google meets this requirement with their "Consent Mode". Users are obliged to implement this mode in order to prove that they have obtained the consent of the visitors to their website. Google offers two implementation modes for this: simple and advanced implementation. We use the simple implementation method of the Google Consent Mode. Only if you give your consent to the use of Google Analytics (see above), our website will establish a connection to Google, execute a Google code and carry out the processing steps described above. If you refuse consent, Google will only receive information that consent has not been given. The Google code will not be executed and no Google Analytics cookies will be set.
13. ADVERTISING
a. Google Ads (AdWords) remarketing/retargeting
We have integrated Google Ads on this website. The company operating the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). We use this service to advertise our website in Google search results and on third-party websites. For this purpose, Google places a cookie in the browser of your end device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the internet pages you visit. Any further data processing will only take place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalize the ads that are presented to you while you surf on the internet. In this case, if you are logged in to Google while visiting our web pages, Google will use your data in combination with Google Analytics data to create and define target group lists for the purpose of cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data in order to create target groups. These processing operations are only carried out if express consent is given, pursuant to Art. 6 (1) (a) GDPR. The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. For data privacy policy and further information: Advertising – Privacy & Terms – Google. b. Google Ads with Conversion-Tracking
We have integrated Google Ads on this website. The company operating the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an internet advertising service that allows advertisers to place their ads both in Google's search engine results and within the Google advertising network. Google Ads enables an advertiser to define in advance specific keywords that serve a the basis for targeted ads display, i.e. an ad is only displayed in Google's search engine results if the user uses the search engine to retrieve a search result that is relevant for the keyword(s). In the Google Advertising Network, an automatic algorithm uses the previously defined keywords to place ads on websites containing content relating to the corresponding topics. The purpose of Google Ads is to promote our website by displaying targeted advertising (relevant to user interests) on the websites of third-party companies and in the search engine results of the Google search engine, and by displaying third-party advertising on our website. If you access our website via a Google ad, Google stores a so-called conversion cookie on your IT system. A conversion cookie is valid for no more than thirty days and will not be used to identify you. As long as the conversion cookie has not yet expired, it is used to track whether certain sub-pages, such as the shopping cart of an online shop system, have been accessed on our website. The conversion cookie enables both us and Google to track whether the activities of a user who has accessed our website via an AdWords advertisement have generated sales, i.e. whether the user has completed a purchase or cancelled it. The data and information collected with the help of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via Google Ads advertisements, i.e. to determine the success or lack of success of the respective advertisement and to optimize our advertisements for the future. Neither our company nor other Google Ads advertisers receive information from Google that can be used to identify you. The conversion cookie serves to store personal information, such as the web pages you have visited. Every time you visit our website, personal data, including the IP address of the internet connection you are using, is therefore transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. This personal data that Google collects by mans of the technical process may be passed on to third parties. These processing steps are only carried out if express consent is given, as stipulated by Art. 6 (1) (a) GDPR. The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. For data privacy policy and further information: Privacy Policy – Privacy & Terms – Google. c. Google Ads with enhanced conversions
We have integrated Google Ads on this website. The company operating the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an internet advertising service that allows advertisers to place their ads both in Google's search engine results and within the Google advertising network. The purpose of Google Ads is to promote our website by displaying targeted advertising (relevant to user interests) on the websites of third-party companies and in the search engine results of the Google search engine, and by displaying third-party advertising on our website. If you access our website via a Google Ads advertisement, Google stores a so-called conversion cookie on your IT system. A conversion cookie is valid for no more than thirty days and will not be used to identify you. As long as the conversion cookie has not yet expired, it is used to track whether certain sub-pages, such as the shopping cart of an online store system, have been accessed on our website. The conversion cookie enables both us and Google to track whether the activities of a user who has accessed our website via a Google Ads advertisement have generated sales, i.e. whether the user has completed a purchase or cancelled it. We use the option of enhanced conversions of Google Ads. For this purpose, we transmit personal data collected by ourselves, such as telephone numbers or e-mail addresses, to Google. This data is compared with event data on Google conversions. Every time you visit our website, personal data, including the IP address of the internet connection you are using, is therefore transmitted to Google in the United States of America. This personal data that Google collects by mans of the technical process may be passed on to third parties. These processing steps are only carried out if express consent is given, as stipulated by Art. 6 (1) (a) GDPR. The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. For the privacy policy and further information of Google Ads: Privacy Policy – Privacy & Terms – Google or How Google uses enhanced conversion data - Advertising Policies Help. d. Google Ads – additional information on the Consent Mode, simple implementation
Under the Digital Markets Act, Google is obliged to obtain user consent before processing user data for personalized advertising. Google meets this requirement with their "Consent Mode". Users are obliged to implement this mode in order to prove that they have obtained the consent of the visitors to their website. Google offers two implementation modes: simple and advanced implementation. We use the simple implementation method of the Google Consent Mode. Only if you give your consent to the use of Google Analytics (see above), our website will establish a connection to Google, execute a Google code and carry out the processing steps described above. If you refuse consent, Google will only receive information that consent has not been given. The Google code will not be executed and no Google Ads cookies will be set. e. Cooperation with the companies of our group of companies
In order to safeguard the legitimate interests of the Cellofoam Group in optimizing the advertising and sales market presence of our international corporate organization, pursuant Art. 6 (1) ( f) GDPR, it may be necessary for us to share certain personal data within the Cellofoam group of companies in the scope of the use of the services offered here. This applies in particular to the contact data provided, information on your interests and your customer profile as well as on your use of and on the processing of your order of our products. If necessary, we will pass on your data to our group companies located within the EU for the contractual fulfilment of your order or your request, for advertising purposes or for internal administrative purposes. The companies of the Cellofoam group have concluded the necessary agreements on joint data processing that are required for this transfer of data within the scope of joint responsibility within the group, as stipulated in Art. 6 (1) (f) GDPR.
14. PLUGINS AND OTHER SERVICES
a. Microsoft Teams
We use the "Microsoft Teams" ("MS Teams") tool to communicate with customers and suppliers, both in written form (chat) and in the oral form of telephone conferences, online meetings and video conferences. This service is operated by Microsoft Ireland Operations ("Microsoft"), Ltd, 70 Sir John Rogerson's Quay, Dublin, Ireland. Microsoft Ireland Operations, Ltd. is part of the Microsoft group of companies based at One Microsoft Way, Redmond, Washington, USA. When you use MS Teams, the following personal data is being processed: Meetings, chats, voicemails, shared files, recordings and transcripts; data about you that is shared within MS Teams (examples for such data are your e-mail address, your profile picture and your telephone number); a detailed history of the telephone calls you make; call quality data; support/feedback data (such as information related to troubleshooting tickets or to feedback sent to Microsoft); diagnostic and service data (diagnostic data related to your use of the service). To enable the display of video clips and the playback of audio files, data from the microphone on your end device and from a video camera on your end device is processed for the duration of the meeting. You can switch off the camera and/or mute the microphone yourself at any time via the "Microsoft Teams" applications. If a corresponding consent has been requested and given, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR. In the context of an employment relationship with us, employment-related data processing is carried out on the basis of Section 26 BDSG (German Federal Data Protection Act), unless it is already carried out in accordance with Art. 6 (1) (b) GDPR since it is required for the performance of a contract (employment contract). The legal basis for the use of "MS Teams" in the context of contractual relationships is Art. 6 (1) (b) GDPR. In all other cases, the legal basis for the processing of your personal data is Art. 6 (1) (f) GDPR. Our interest in this context is the ability to ensure that online meetings are conducted effectively. In case we record online meetings, we will inform you of this before the start and, if necessary, ask for your consent to the recording. If you do not wish to give your consent, you can leave the online meeting. As a cloud-based service, "MS Teams" processes the aforementioned data as part of the provision of the service. To the extent that "MS Teams" processes personal data in connection with Microsoft's legitimate business operations, Microsoft is an independent data controller for such use and as such is responsible for compliance with the applicable laws and any data controller obligations. When and if you access the MS Teams website, Microsoft is the controller responsible for data processing. If you want to download the MS Teams software you need to access their website. If you do not want to or are not able to download the software, the service can be provided via your browser and, as a consequence, via the Microsoft website. This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that the transfer of personal data does not require further guarantees or additional measures. Detailed information on data privacy protection by Microsoft in connection with "MS Teams" can be found at: https://docs.microsoft.com/en-en/microsoftteams/teams-privacy. b. Google Tag Manager
We use the Google Tag Manager service on this website. The operating company of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This tool can be used to implement "web page tags" (i.e. keywords that are integrated into HTML elements) and manage them via an interface. By using Google Tag Manager, we can automatically track which button, link or personalized image you have actively clicked on and can thus record which content on our website is of particular interest to you. The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have deactivated tags at domain or cookie level, this deactivation remains valid for all tracking tags implemented via Google Tag Manager. These processing steps are only carried out if express consent has been given, pursuant to Art. 6 (1) (a) GDPR. The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. For data privacy information: Privacy Policy – Privacy & Terms – Google. c. YouTube (Videos)
We have integrated YouTube components on this website. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube is an internet video portal that allows video publishers to post video clips free of charge, and enables other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programs as well as music videos, trailers or videos made by users themselves can be retrieved via the internet portal. Each time you access one of the individual pages of this website, which is operated by us and on which a YouTube component (YouTube video) has been integrated, the internet browser of your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube content from the YouTube server. The services Google WebFonts, Google Video and Google Photo can also be downloaded from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/en/ As part of this technical process, YouTube and Google receive information about which specific sub-page of our website you are visiting. If you are logged in to YouTube at the same time, your access of one of our sub-pages containing a YouTube video allows YouTube to identify which specific sub-page of our website you are visiting. This information is collected by YouTube and Google and associated with your YouTube account. If you are logged in to YouTube while accessing our website, the YouTube component always provides YouTube and Google with the information that you have visited our website; this occurs regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent it from being transmitted by logging out of your YouTube account before accessing our website. These processing steps are only carried out if express consent has been given, pursuant to Art. 6 (1) (a) GDPR. The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. For YouTube's privacy policy: Privacy Policy – Privacy & Terms – Google. d. YouTube videos in extended data protection mode (Youtube-NoCookies)
Some subpages of our website contain links to the service offer of YouTube. In general, we are not responsible for the content of linked websites. In the event that you follow a link to YouTube, however, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses the data for commercial purposes. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. On some sub-pages of our website we directly embed also videos stored on YouTube. With this integration, content from the YouTube website is displayed in a section of a browser window. When you call up a (sub-)page of our website on which YouTube videos are integrated, a connection to the YouTube servers is established and the content is sent to your browser for display as part of the website. The integration of YouTube content only takes place in "extended data protection mode". This is provided by YouTube itself and ensures that YouTube will not store any cookies on your device at the outset. However, when the relevant pages are called up, the IP address and, if applicable, other data are transmitted, in particular data on which of our webpages you have visited. However, this information cannot be connected to your person unless you have logged in to YouTube or another Google service before accessing our page, or if you are logged in permanently to YouTube/Google. As soon as you click on an embedded video to start it, the extended data protection mode ensures that YouTube only stores cookies on your device that do NOT contain any data that allow to identify you, unless you are currently logged in to a Google service. If desired, you can prevent the storage of these cookies through appropriate browser settings and extensions. Your accessing the video simultaneously constitutes your consent to the placement of the corresponding cookie (Art. 6 (1) (a) GDPR). This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. For data privacy information: Privacy Policy – Privacy & Terms – Google.
15. PAYMENT PROVIDER
a. PayPal
We have integrated PayPal components on this website. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there is no customary account number. PayPal allows users to send payments to third parties and to receive payments. PayPal also assumes fiduciary functions and offers buyer protection services. If you select "PayPal" as the payment option in the scope of the order process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of the personal data required for payment processing. The personal data transmitted to PayPal typically includes first and last name, address, e-mail address, IP address, telephone number, cell phone number or other data necessary for payment processing. Personal data in connection with the respective order is also required to process the purchase contract. The purpose of transmitting the data is to process payments and prevent fraud. We will transfer personal data to PayPal in particular when there is a legitimate interest in the transfer. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit agencies in some cases. The purpose of this transmission is to check identity and creditworthiness. PayPal may pass on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfill the contractual obligations or if the data is to be processed on behalf of PayPal. You have the option of revoking your consent to PayPal handling your personal data at any time. A revocation does not affect any personal data that need to be processed, used or transmitted for (contractual) payment processing. The use of PayPal is in the interest of correct and smooth payment processing. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. These processing steps are only carried out if express consent is given, as stipulated by Art. 6 (1) (a) GDPR. Data privacy policy: Legal Agreements for PayPal Services..
16. COOKIES
a. General information on cookies
Cookies are data records for information purposes that your browser creates automatically and that are stored on your IT system or terminal device (laptop, tablet, smartphone, etc.) when you visit our website. The information stored in the cookie in a given instance depends on the specific terminal device used. However, this does not mean that this enables the direct identification of your identity. The purpose of cookies is to optimize the usability of our website for you. Session cookies allow us to see whether you have already visited individual pages of our website. Session cookies are deleted automatically after you have left our page. In addition we use temporary cookies to optimize user-friendliness. These cookies are stored on your terminal device for a defined period of time. If you visit our page again, for instance to make use of our services, the system automatically recognizes that you have already been on our website as well as any settings and entries that you made the previous time so that you do not need to enter them again. We also use cookies for statistic records of the use of our website and for evaluation for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already visited our site when you return. These cookies are automatically deleted after a defined period of time. The respective storage duration of the cookies can be found in the settings of the consent tool we use. b. How to prevent, select and delete cookies in the usual browsers
You can delete cookies, allow only selected cookies or deactivate cookie setting completely at any time via the settings of the browser you are using. For further information go to the support pages of the respective providers:
- Chrome: https://support.google.com/chrome/answer/95647?tid=311178978
- Safari: Clear cookies in Safari on Mac – Apple Support (UK).
- Firefox: Clear cookies and site data in Firefox | Firefox Help
- Microsoft Edge: Manage cookies in Microsoft Edge: View, allow, block, delete and use - Microsoft Support
On our website, we use the Cookie Consent Manager of shopware AG (Ebbinghoff 10, 48624 Schöppingen, Germany; "Shopware"). The tool enables you to give your consent to data processing operations via the website, in particular the setting of cookies, and to exercise your right to withdraw consent you have already given. The purpose of data processing is to obtain and document the necessary consent to data processing in order to comply with legal obligations. Cookies can be used for this purpose. User information, including your IP address, is collected and transmitted to Shopware. This data will not be passed on to other third parties. The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 (1) (c) GDPR. For data privacy information: Privacy | Shopware.
17. YOUR RIGHTS AS A DATA SUBJECT
Right to confirmation - You have the right to request confirmation from us as to whether or not personal data concerning you is being processed by us. Right to information Art. 15 GDPR - You have the right to receive free-of-cost information from us at any time about the personal data that we have stored about you and a copy of this data in accordance with the legal provisions. Right to rectification Art. 16 GDPR - You have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data. Right to erasure Art. 17 GDPR - You have the right to request us to erase personal data concerning you without undue delay where one of the grounds defined by the legal provisions applies and insofar as the processing or storage of the data is not required.
Right to restriction of processing Art. 18 GDPR - You have the right to demand that we restrict processing if one of the grounds defined by the legal provisions applies Right to data portability Art. 20 GDPR - You have the right to receive the personal data concerning you, and which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us as the recipient of the personal data you have provided, where the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Furthermore, when exercising your right to data portability pursuant to Art. 20 (1) GDPR, you have the right to have your personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of other persons. Right to object Art. 21 GDPR - You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) (data processing carried out in the public interest) or (f) (data processing necessary for the purposes of legitimate interests) GDPR. This also applies to profiling based on these provisions within the meaning of Art. 4 (4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims. In some cases, we may process personal data for direct marketing purposes. You can object to the processing of your personal data for the purpose of such marketing at any time. This also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which we carry out for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications. Right to withdraw your consent to data processing - You have the right to withdraw your consent to the processing of personal data at any time with effect for the future. Right to lodge a complaint with a supervisory authority - You have the right to lodge a complaint with a supervisory authority responsible for data protection about our processing of personal data relating to you. A list of the contact details of the data protection officers in the German federal states and of the supervisory authorities for the non-public sector and in other states can be found on the website of the Bundesbeauftragten für den Datenschutz und die Informationsfreiheit (BfDI = Federal Commissioner for Data Protection and Freedom of Information) in the Service – Addresses and Links rubric. Automated decision-making including profiling - We do not use profiling within the meaning of Art. 22 GDPR in the scope of the use of our websites.
18. STORAGE, ERASURE AND BLOCKING
We process and store your personal data only for the period of time that is required to achieve the purpose of storage or insofar as this is stipulated by the statutory provisions to which our company is subject. When the storage purpose no longer applies or when the stipulated storage period expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.
19. STORAGE PERIOD
The basis for the duration of the storage of personal data is the respective statutory retention period. After expiry of this period, the corresponding data is routinely erased, provided it is no longer required for the performance or the initiation of a contract.
20. QUESTIONS REGARDING DATA PRIVACY ISSUES
If you have any further questions, comments or other requests regarding your personal data that are not answered in the scope of this statement, please contact us at any time via one of the communication channels listed above.
This text is a translated version of our data privacy information. The relevant and applicable version is always the original German text.