Data Protection Notice for Business Partners


1 Data protection at a glance

1.1 General information

Thank you for your interest in our website. The protection of your personal data during your visit to our website is of particular importance to the management of Circlon Entwicklung- und Service GmbH. The following information provides you with an overview of how we process your personal data and your data protection rights. Personal data is any information that can be attributed to you personally, e.g. name, address, e-mail addresses, user behaviour.

If a data subject wants to use special services of our company via our website, such as our contact form, processing of personal data could become necessary. If the processing of personal data is necessary and if there is no legal basis for such processing, we generally obtain consent from the data subject. The processing is always in line with the General Data Protection Regulation (GDPR) passed by the European Union and in accordance with the country-specific data protection regulations applicable to the Circlon Entwicklung- und Service GmbH.

As the controller, Circlon Entwicklung- und Service GmbH has implemented technical and organisational measures to ensure that the personal data processed via this website is protected against loss, destruction, access, alteration or distribution by unauthorised persons as completely as possible. This also includes the fact that this site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as website operator. You can identify an encrypted connection if the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Nevertheless, absolute protection cannot be guaranteed due to fundamental security gaps in Internet-based data transmissions.


1.2 Controller for data processing

The controller in accordance with Art. 4 para. 7 GDPR and the applicable country-specific data protection regulation is:
Circlon | group
Ettore-Bugatti-Straße 35 | D-51149 D-Köln
Tel. +49 2203 18880 | marketing(at)circlon.de

Please send general questions about data protection at Circlon Entwicklung- und Service GmbH to dso-team@circlon.de.

You can reach our data protection officer by mail at the above address with the addition - data protection officer - or by e-mail at: dso@circlon.de.
The reception of e-mails may be disrupted in exceptional cases for technical or operational reasons. Please ensure that time-critical messages are also sent by post or fax. Please bear in mind that communication by e-mail is fundamentally insecure, as it is possible for third parties to gain knowledge and manipulate the data. Confidential data should never be transmitted unencrypted by e-mail.


1.3 How do we collect your data?

On the one hand, your data is collected by you providing it to us. This may involve data that you enter in a contact form, for example.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This concerns mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.


1.4 What do we use your data for?

Part of the data is collected to ensure that the website is error-free. Other data may serve to analyse your user behaviour.


1.5 Who receives my data?

Unless otherwise stipulated in the detailed descriptions of the offers, your data will be accessed within our company by those departments that need it to fulfil our contractual and legal obligations or to implement our legitimate interests. Information about you will only be passed on outside the company when this is permitted or required by legal or official notification obligations, the transfer is necessary for the processing and thus the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information.

Any service providers contracted by us for individual functions of our offer have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. Your personal data may be processed on the basis of order processing contracts in accordance with Art. 28 GDPR and we ensure that the processing of personal data is carried out in accordance with the regulations of the GDPR. The categories of recipients in this case are our service providers for website hosting, website management, live chat and online marketing.


1.6 General information on the legal basis of data processing on this website

If you have consented to the data processing, we process your personal data on the basis of Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO, if special categories of data are processed according to Art. 9 (1) DSGVO. In the event of express consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1) a DSGVO. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is also based on Section 25 (1) TTDSG. The consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DSGVO. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c DSGVO. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6 para. 1 lit. f DSGVO. Information about the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.


1.7 Note on data transfer to the USA and other third countries

We use, among other things, tools from companies based in the USA or other third countries that are not secure under data protection law. When these tools are active, your personal data may be transferred to these third countries and processed there. Please note that these countries cannot guarantee a level of data protection similar to that in the EU. For example, US companies are obliged to hand over personal data to security authorities with no possibility for you as a data subject to take legal action against this. Therefore, it cannot be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.


1.8 Storage period

Unless a more specific storage period is stated within this data protection information, your personal data will remain with us until the purpose for processing the data no longer applies. If you make a justified request for erasure or revoke your consent to data processing, your data will be erased unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be erased once these reasons no longer apply.


2 Your rights

2.1 Information, rectification and erasure

Within the framework of the applicable legal regulations, you have the right at any time to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, the right to rectification or erasure of this data. You may contact us at any time with regard to this and any other questions on the subject of personal data.


2.2 Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data happened/is happening unlawfully, you may request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
- If you have filed an objection in accordance with Art. 21 para. 1 GDPR, both of our interests must be taken into consideration. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.


2.3 Right to data portability

You have the right to request that data which we process automatically on the basis of your consent or in fulfilment of a contract be handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.


2.4 Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE REGULATIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION INFORMATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSES OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).


2.5 Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.


2.6 Right of appeal to the competent supervisory authority

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.

In the case of North Rhine-Westphalia, this is the State Commissioner for Data Protection and Freedom of Information, Kavalleriestr. 2-4, 40213 Düsseldorf.


3 Data collection on our website

3.1 External hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This may include in particular IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website.

The host is used for the purpose of contract fulfilment towards our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast, efficient and reliable provision of our online offer by a professional provider according to Art. 6 para. 1 lit. f GDPR).

Our host will only process your data insofar as this is necessary for the fulfilment of his service obligations and follow our instructions with regard to this data. To ensure data protection-compliant processing, we have concluded a contract for commissioned processing with our host.


3.2 Use of server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This comprises:
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the technically error-free presentation and optimisation of his website; for this purpose, the server log files must be collected.

The data is stored for a maximum period of 7 days and is overwritten by a log rotation process after this time.


3.3 Use of cookies

Our Internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your terminal. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising. Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions desired by you (functional cookies, e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of services. If consent to the storage of cookies has been requested, the storage of the respective cookies is exclusively based on this consent (Art. 6 para. 1 lit. a GDPR); a revocation can be made at any time with effect for the future.

You can set your browser so that you are informed about the placement of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

If cookies are used by third-party companies or for analysis purposes, you will be informed separately within the scope of this data protection information and, if necessary, we will request your consent.


3.3.1 Cookie consent management tool “Usercentrics”

This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this consent in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter "User-centrics"). When you enter our website, the following personal data is transferred to Usercentrics:
- your consent(s) or revocation of your consent(s).
- your IP address
- information about your browser
- information about your terminal device
- time of your visit to the website
- Geolocation

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent you have given or its revocation. The data collected in this way will be stored until you request us to delete it, until you delete the Usercentrics cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.

We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.


3.4 Contact form

If you send us requests via the contact form, your details from the request form, including the contact details you have provided there, will be stored by us for the purpose of processing the request and to answer any follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 para. 1 lit. f GDPR).

The data you enter in the contact form will remain with us until you request us to erase it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.


3.5 Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your request including all personal data resulting from it (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 para. 1 lit. f GDPR).

The data you send to us via contact requests will remain with us until you request us to erase it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular legal retention periods - remain unaffected.


3.6 Handling of applicant data

We offer you the opportunity to apply to us (e.g. by e-mail). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.


3.6.1 Scope and purpose of data collection

If you send us an application, we process your corresponding personal data (e.g. contact and communication data, application documents, etc.) insofar as this is necessary to decide on the establishment of employment. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time, with effect for the future. Your personal data will only be passed on within our company to persons involved in processing your application.

If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.


3.6.2 Retention period of data

If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 Para. 1 lit. f DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until the purpose for continued storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 Para. 1 lit. a DSGVO) or if legal storage obligations prevent deletion. The consent can be revoked at any time, with effect for the future.


4 Analysis tools and advertising

When visiting this website, your surfing behaviour may be statistically analysed. This is mainly done with so-called analysis programs. Detailed information on these analysis programs can be found in the following section.

4.1 Google Tag Manager

We use the Google Tag Manager. This is a service provided by Google Ireland Limited, a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").

Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves the administration and deployment of the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transmitted to Google's parent company in the United States.

Google Tag Manager is used on the basis of art. 6 para. 1 lit. f GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) in accordance with the TTDSG. Consent can be revoked at any time with effect for the future.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF commits to complying with these data protection standards. For further information, please contact the provider at the following link: 4.2 Google Analytics

This website uses Google Analytics for web analysis. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the data records collected and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google's data protection information: https://support.google.com/analytics/answer/6004245?hl=de.

Google-Signals
We use Google signals. When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalized adver-tising messages. The data is also used to compile anonymous statistics on the user behavior of our users.
Order Processing
We have concluded an order processing contract with Google and fully implement the strict require-ments of the German data protection authorities when using Google Analytics.

5 Newsletter

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address and that you agree to receive the newsletter. No further data is collected unless provided voluntarily. We use newsletter service providers to handle the newsletter, which are described below.


5.1 Mailchimp with deactivated performance measurement

This website uses the services of Mailchimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Mailchimp is a service that can be used to organize the sending of newsletters, among other things. If you enter data for the purpose of subscribing to the newsletter (e.g. email address), this data is stored on Mailchimp's servers in the USA. We have deactivated performance measurement at Mailchimp so that Mailchimp will not evaluate your behavior when you open our newsletter.

If you do not want your data to be transferred to Mailchimp, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

Data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing op-erations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the news-letter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter mailing list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

For more information, please refer to Mailchimp's privacy policy at: https://mailchimp.com/de/legal/terms/

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TXVKAA4&status=Active

Order Processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it only processes the per-sonal data of our website visitors in accordance with our instructions and in compliance with the GDPR.


5.2 Existing customer advertising by e-mail

If you are already one of our customers, we will also use your contact data to send you further information about our products that is relevant to you by e-mail ("customer advertising"). This may include, in particular, news, promotions and offers as well as feedback and other surveys.

The legal basis for this data processing is Art. 6 (1) lit. f DSGVO in conjunction with Section 7 (3) UWG, according to which data processing is permissible in order to safeguard legitimate interests, insofar as this relates to the storage and further use of data for advertising purposes.

In order to be able to provide you exclusively with relevant offers within the framework of the existing customer newsletter, a customer segmentation is also carried out using the data you provided when placing your order. The legal basis for this processing is our aforementioned legitimate interest pursuant to Art. 6 Para. 1 lit. f DSGVO.

You can object to the use of your data for advertising purposes at any time by using a corresponding link in the e-mails or by notifying the above contact details (e.g. by e-mail or letter), without incurring any costs other than the transmission costs according to the basic rates.


6 Plugins and Tools

6.1 Adobe Fonts

This website uses Adobe web fonts for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you open this website, your browser loads the required fonts directly from Adobe to be able to display them correctly on your terminal. Your browser establishes a connection to Adobe's servers in the USA. This enables Adobe to know that your IP address has been used to access this website. According to Adobe, no cookies are stored when providing the fonts.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website and with regard to a technically secure, maintenance-free and efficient use of fonts, taking into account possible restrictions under licensing law for their integration. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; a revocation can be made at any time with effect for the future.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.adobe.com/privacy/eudatatransfers.html

You can find more information on Adobe Fonts at: https://www.adobe.com/privacy/policies/adobe-fonts.html. Adobe's data protection information can be found at: https://www.adobe.com/privacy/policy.html

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TNo9AAG&status=Active

6.2 tawk.to

We use tawk.to, inc, 187 E Warm Springs Rd, SB298, Las Vegas, Nevada 89119, USA (hereinafter: "tawk.to") to process user requests through our support channels or live chat systems.

Messages that you send to us may be stored in the tawk.to ticket system or answered in live chat by our staff. Furthermore, with the help of tawk.to we can determine, among other things, from which region the enquirer comes and how long he or she has communicated with us.

The messages sent to us remain with us until you request us to delete them or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.

The use of tawk.to is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in processing your requests as quickly, reliably and efficiently as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details and further information can be found at: https://www.tawk.to/privacy-policy/ and https://www.tawk.to/data-protection/ bzw. https://www.tawk.to/data-protection/gdpr/.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. Further information on this can be obtained from the provider at the following link:https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt00000008SblAAE&status=Active

Order processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.


6.3 YouTube with enhanced data protection

This website embeds videos from YouTube. This is a service provided by Google Ireland Limited, a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, regardless of whether you watch a video, YouTube establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your terminal or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.

YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=en.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

7 Our social media presences

7.1 Purpose of data processing on social media presences

We maintain publicly accessible profiles on social networks. The individual social networks used by us can be found below.

The purpose of such social media presences is public relations, i.e. to offer our customers information about offers, products, competitions, news and, of course, to interact with our visitors on the various platforms on all these topics, including answering corresponding queries. The purely informative visit to our social media platform is generally possible without the active provision or collection of personal data.

In addition, the social media platforms offer the possibility of leaving a wide variety of content such as videos, images, public messages and comments (posts) on our company profiles. In the event of unlawful or inappropriate posts and content on our presence (this includes, among other things, posts that violate or infringe the law, hate comments, lewd comments (explicitly sexual content) or attachments such as images or videos, as well as violations of copyrights, personal rights, criminal laws), we are jointly responsible with the platform operator for their deletion. In the case of communication addressed directly to us (personal private message, letter or e-mail), the operator has no possibilities of influence.

Social media platforms can usually comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presences may thereby trigger numerous processing operations relevant to data protection. These include, for example:
- The entire infrastructure of the social media platforms is the responsibility of the respective operator. The operator maintains his own data protection regulations and a corresponding user relationship with you should you act as a registered user.
- If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, data collection takes place, for example, via cookies that are stored on your terminal or due to the technically required collection of various data and information in so-called log files or server log files, such as your IP address.
- With the help of the data collected, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.

Please note that we are not able to track all processing procedures on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection regulations of the respective social media portals.

Whenever we have the opportunity, we make sure that our social media offerings are as data protection-friendly as possible.


7.2 Legal basis

Our social media presences serve our public relations work and are intended to ensure as comprehensive a presence as possible on the Internet. In addition, we have a legitimate interest in answering requests from our users and visitors and thus maintaining and promoting customer satisfaction. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

The analysis processes initiated by the social networks may be based on different legal grounds, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).


7.3 Recipients/categories of recipients

Unless otherwise specified in the detailed descriptions, those departments within our company will receive access to your data that need it to fulfil our contractual and legal obligations or to implement our legitimate interests. Information about you will only be passed on outside the company when this is permitted or required by legal or official notification obligations, the transfer is necessary for the processing and thus the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information.

Any service providers contracted by us for individual functions of our offer have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. Your personal data will then be processed on the basis of order processing contracts in accordance with Art. 28 GDPR and we will ensure that the processing of personal data is carried out in accordance with the regulations of the GDPR.


7.4 Storage period

The data collected directly by us via the social media presence will be erased from our systems as soon as the purpose for storing it no longer applies, you request us to erase it, revoke your consent for storage or the purpose for storing the data no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below). Stored cookies remain on your terminal until you delete them.

Public posts by you on any of our social media presences will generally remain in the timeline indefinitely. Of course, you have the option to delete the post yourself. As already described above, we reserve the right to independently delete illegal or inappropriate posts and content on our presence.

We have no means of influencing the deletion of your data or content by the social media platform operator. In addition, the data protection provisions of the respective platform operators apply.


7.5 Social networks in detail

- XING: We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
For details on their handling of your personal data, please refer to XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
- LinkedIn: We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs.
For details on their handling of your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
- YouTube:We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
For details on their handling of your personal data, please refer to YouTube's privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
- Facebook: We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.

We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum You can independently adjust your advertising settings in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum und https://de-de.facebook.com/help/566994660333381.
For details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
- Instagram: We have a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found on: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 und https://de-de.facebook.com/help/566994660333381.
For details on their handling of your personal data, please refer to Instagram's data protection notices: https://help.instagram.com/519522125107875.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active


8 Changes to our data protection information

We reserve the right to adapt this data protection information so that it always complies with the current legal requirements or to implement changes to our services in the data protection information, e.g. when introducing new services. The new data protection information will then apply to your next visit.