Data privacy policy - www.EBZ-Group.com

Automotive.
Challenge Accepted!

Privacy policy

 

Wir fereun uns sehr über Ihr interesse an unserem Unternehmen. Wir nehmen den Schutz Ihrer persönlichen Daten sehr ernst.Ihgre Provatsphäre ist für unsein wichtiges Anliegen.Daher verarbeiten  wir personenbezogene Daten im Einklang mit den jeweils anwendbaren gesetzlichen Datenschutzanforderungen. Nähere Informationen hierzu erhalten Sie in den folgenden Datenschutzerklärungen.

 

Privacy policy applicable to the EBZ Web Presences

Privacy policy applicable to applicants

Privacy policy applicable to business contacts and customersen

Privacy policy applicable to video surveillance

 

 

 

Privacy policy applicable to the EBZ Web Presences


Preamble


With this privacy policy, we would like to inform you of the types of Personal Data (hereinafter also referred to as “Data”) we process and of the purposes and extent of the Processing. This privacy policy applies to any Processing of Personal Data, including in connection with the provision of our services, on our websites, in mobile applications and within external web presences such as our social media profiles (hereinafter collectively referred to as "Web Presence").


The terms are used in gender-neutral form.


Revised: December 9, 2019



Controller


EBZ SE
Bleicherstr. 7
88212 Ravensburg
Germany


Authorized representatives:
Thomas Bausch, Markus Müller, Alexander Schmeh


E-mail address:
This email address is being protected from spambots. You need JavaScript enabled to view it.


Telephone:
+49 (0)751 886-0



Data Protection Officer


Data protection officer:
Charlotte Zormeier
 
E-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.



Governing legal bases


Hereinafter, we list the legal bases contained in the General Data Protection Regulation (GDPR) based on which we process Personal Data. Please note that the national data protection regulations applicable in your or in our country of residence/registered office may apply in addition to those contained in the GDPR.

  • Consent (Article 6(1)a of the GDPR): The Data Subject has given consent to the Processing of his or her Personal Data for one or more specific purposes;

  • Performance of contract and pre-contractual measures (Article 6(1)b of the GDPR): Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;

  • Legitimate interests (Article 6(1)f of the GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data.


Protection measures

In accordance with legal provisions and taking into consideration the state of technology, the implementation costs and the type, extent, circumstances and purposes of Processing and taking into account the different likelihoods and severity of the risk to the rights and freedoms of the Data Subject, we take suitable technical and organizational measures in order to ensure an appropriate level of security.


These measures include without limitation ensuring confidentiality, integrity and availability of data by monitoring physical and electronic access to the data and related access, entry, disclosure, availability and separation. In addition, we implemented processes that ensure that Data Subjects can exercise their rights, that data are erased, if required, and that we can quickly react to any threats to data security. Moreover, when developing and/or selecting hardware, software and processes, each in accordance with data protection regulations, we ensure the protection of Personal Data by design and by default.


Shortened IP address:
To the extent possible or to the extent your IP address does not need to be stored, we shorten your IP address or have it shortened. Shortening your IP address (also called IP Masking) means the last byte, i.e. the last two digits, of your IP address will be erased (your IP address is the individual identification number allocated to your internet connection by your internet provider). Shortening IP addresses is to prevent or at least materially complicate the identification of an individual based on their IP address.


SSL encryption (https)
: We use SSL encryption in order to protect the data you transmit via our Web Presence. If the address bar of your web browser shows the prefix https://, your connection is SSL-encrypted.



Transmission and disclosure of Personal Data


The Processing of your Personal Data may include the transmission or disclosure of these data to other bodies, companies, legally independent organizations or persons. The recipients of your Personal Data may include without limitation payment institutions in relation to payment transactions, service providers rendering IT services or providers of contents or services that are to be included into a website. In such case, we comply with statutory provisions which means, including without limitation, that we conclude data privacy contracts and/or agreements with the recipients of your Personal Data.


Data transfer within the EBZ group of companies:
We may transfer Personal Data to other EZB group companies or grant such companies access to these data. To the extent these data are transferred for administrative purposes, the legal basis therefor is our legitimate business and economic interests or the fulfilment of our contractual obligations or the Data Subject's consent or a legal authorization.


For an overview of the EBZ group of companies, please go to: https://www.ebz-group.com/de/ebz-gruppe/standorte.html


Data transmission within the organization:
We may transfer Personal Data to other bodies within our organization or grant such bodies access to these data. To the extent these data are transferred for administrative purposes, the legal basis therefor is our legitimate business and economic interests or the fulfilment of our contractual obligations or on the Data Subject's consent or legal authorization.



Data Processing in third countries


Any Processing of your data in a third country, i.e. in a country that is not a member state of the European Union or of the European Economic Area, by us or by a service provider, or any disclosure or transfer of these data to other persons, bodies or companies, shall be strictly subject to applicable laws.


Unless you gave your express consent or the transfer of data is required based on contract or law, we only process your data (or have them processed) in third countries with an adequate level of protection (US-processors certified in accordance with the Privacy Shield), subject to appropriate safeguards, including without limitation contractual obligations based on the EU Commission’s so-called standard protection clauses or based on certifications or binding corporate rules (Articles 44 through 49 of the GDPR, website of the EU Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).



Cookies


Cookies are text files that contain data of websites or domains you visited and that are stored by the browser on the user’s computer. The main purpose of the cookie is to store information on a user during or after this user’s visit to a website. The information stored by the cookie may contain, without limitation, the language settings of a website, login status, shopping cart or the location where a video was watched. Other technologies fulfilling similar functions, (e.g. storage of user information based on pseudonymized web IDs, also called user IDs) are also deemed to be cookies.


We distinguish between the following types of cookies and functions:

  • Temporary cookies (so-called session cookies): Temporary cookies will be erased after the user left our Web Presence and closed their browser.

  • Permanent cookies: Permanent cookies remain on your hard drive after you closed your browser. This means your login status may be stored and preferred contents can be shown directly when you visit a certain website again. These cookies may also store interests of the user that may be used for Range Measurement or marketing purposes.

  • First-party cookies: First-party cookies are cookies placed by us.

  • Third-party cookies: Third-party cookies are mainly used by advertisers (so-called third parties) in order to store user information.

  • Essential cookies: Cookies may be essential for the operation of a website (e.g. in order to store login data or other user information or for security purposes).

  • Statistics cookies, marketing cookies and personalization cookies: In addition, cookies are used for Range Measurement and for storing a user's interests or behavior (e.g. looking at certain contents, using certain functions, etc.) on individual websites in a user profile. These profiles are used to show contents to a user that are in accordance with this user’s potential interests. This process is called Tracking, i.e. tracking the user’s potential interests. We inform you separately in our privacy policy or by obtaining your consent if we use cookies or Tracking technologies.

Information on legal bases: The legal basis on which we process your Personal Data using cookies depends on the question of whether we ask you for your consent. If we do so and you give your consent to the use of cookies, the legal basis for the Processing of your Personal Data is your consent. Otherwise, the data we process using cookies are processed based on our legitimate interest (e.g. the economic operation and improvement of our Web Presence) or, if the use of cookies is required, in order to fulfil our contractual obligations.


General information on withdrawal of consent and objection (opt out):
Depending on whether your data are processed based on your consent or on a legal requirement, you will be able to withdraw your consent at any time or to object to the Processing of your data by cookie technologies (hereinafter collectively referred to as “opt out”). You may object by changing your browser settings, e.g. by deactivating cookies (which may, however, limit the functionality of our Web Presence). Any objection against the use of cookies for online marketing purposes may be made by using various services, including without limitation on the following websites for objections to Tracking: http://optout.aboutads.info and http://www.youronlinechoices.com/. In addition, you may obtain more information on objections from the information on the service providers and cookies we use.


Processing of data obtained through cookies based on your consent:
Before we process data obtained through cookies (or have such data processed), we ask the users for their consent, which they may withdraw at any time. Without such consent, we do not use cookies except for those that are required for the operation of our Web Presence. We use these cookies based on our legitimate interest and on the interest of our users in the functionality of our Web Presence.

  • Types of data we process: User data (e.g. websites users visited, contents they looked at and related access times), meta/communication data (device information, IP addresses).

  • Data Subjects: Users (e.g. visitors on our websites, users of web services).

  • Legal bases: Consent (Article 6(1)a) of the GDPR), legitimate interests (Article 6(1)f of the GDPR).


Contact

If and when you contact us, e.g. by using our contact form, via e-mail, telephone or social media, we process your data to the extent required in order to respond to your request and/or to take the measures you demanded.


Responses to requests in connection with contractual or pre-contractual relationships will be made in order to fulfill our contractual obligations or in order to respond to (pre-)contractual requests and otherwise based on the legitimate interests in the response to the request.

  • Types of data we process: Master data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), contents (e.g. entered text, photos, videos).

  • Data Subjects: Contact Person.

  • Purposes of Processing: Contact and communication.

  • Legal bases: Performance of contract and pre-contractual measures (Article 6(1)b of the GDPR), legitimate interests (Article 6(1)f of the GDPR).

Please also see the data privacy information on the handling of Personal Data of business contacts and customers at the following link: www.ebz-group.com/datenschutz/dse-businesscontacts


Suppliers’ self-declaration

If and when suppliers provide information on their business, we store Personal Data of contact persons of actual or potential suppliers (hereinafter referred to as "Contact Persons") to the extent required in order to initiate or manage the supplier relationship and any requested measures.


The information provided by such suppliers’ self-declarations will be processed in order to fulfill our contractual obligations or in order to respond to (pre-)contractual requests and otherwise based on the legitimate interests in the management of the supplier relationship.

  • Types of data we process: Master data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), contents (e.g. entered text, photos, videos).

  • Data Subjects: Contact Person.

  • Purposes of Processing: Management of supplier relationship.

  • Legal bases: Performance of contract and pre-contractual measures (Article 6(1)b of the GDPR), legitimate interests (Article 6(1)f of the GDPR).


Communication via messenger

We use messenger services for communication purposes and would like to ask you to please read the following information on the functionality of the messengers, on encryption, on the use of the communication meta data and on your rights to object.


You may also contact us by alternative means, e.g. telephone or e-mail. Please use the contact information we gave you or the contact information stipulated on our Web Presence.


If contents are subject to an end-to-end encryption (i.e. the contents of your messages and attachments) we would like to inform you that the contents of the communication, i.e. the contents of the message and attached pictures are encrypted end-to-end. This means that the contents of the message cannot be read, not even by the provider of the messenger service. Make sure you always use the most current version of the messenger with active encryption in order to guarantee that the contents of the messages are encrypted.


However, we would like to point out that while the providers of messenger services cannot read the contents of your messages, they may be able to obtain the information that Contact Persons communicate with us, the time of such communication and that these service providers process technical information on the devices used and, depending on the settings of your device, information on your location (so-called meta data).


Information on legal bases:
Provided we ask Contact Persons for their permission before communicating with them via messenger services, the legal basis for the Processing of their data is their consent. Otherwise, in case we do not ask for a consent and they contact us, we use messenger services to communicate with our contractual partners and for pre-contractual measures and, in case of other interested parties and contact persons, based on our legitimate interest in a fast and efficient communication and fulfilment of the Contact Persons' needs regarding the communication via messenger services. In addition, we would like to point out that the contact data you provided will not be used by us to initiate the use of messenger services without consent.


Withdrawal, objection and erasure:
You may withdraw your consent and object to the communication via messenger at any time. We erase messenger communications in accordance with our general erasure policies, i.e. as described above after the end of a contractual relationship, in accordance with archiving regulations, etc. and otherwise as soon as we can reasonably assume that we answered all questions, no reference to any previous conversation is to be expected and the erasure does not collide with statutory retention obligations.


Right to refer to other means of communication:
We would like to point out that – for security purposes - we reserve the right not to answer messenger requests, e.g. in case internal contract information must be treated confidentially or an answer via messenger would fail to fulfil formal requirements. In such cases, we will ask you to please use more appropriate means of communication.

  • Types of data we process: Contact data (e.g. e-mail, telephone numbers), user data (e.g. websites users visited, contents they looked at and related access times), meta/communication data (device information, IP addresses).

  • Data Subjects: Contact Person.

  • Purposes of Processing: Contacts and communication, direct marketing (e.g. via e-mail or mail).

  • Legal bases: Consent (Article 6(1)a) of the GDPR, legitimate interests (Article 6(1)f of the GDPR).

Services and service providers we use:

Provision of the Web Presence and web hosting

For a secure and efficient provision of our Web Presence, we use the services of several webhosting providers and provide our Web Presence from their servers (or from servers under their management). For these purposes, we may use infrastructure and platform services, computing capacity, storage space and data base services as well as security and technical maintenance services.


The data processed in connection with the hosting services may include without limitation any and all information relating to the users of our Web Presence that are collected in connection with the use thereof and related communication. This includes without limitation the IP address, which is necessary for the delivery of contents from websites to browsers and all entries made within our Web Presence or websites.


Collection of access data and log files:
We and/or our web hosting service providers collect data in relation to any access to the server (so-called server log files). The server log files may include without limitation address and name of the websites and files the user accessed, date and time of access, transferred data volumes, reports on successful access, browser type and version, the user's operating system, referring URL (web page that links to a page on your website) and usually the IP addresses and the requesting provider.


The server log files may be used for security purposes, e.g. in order to avoid server overload (including without limitation in case of malicious attacks, so-called DDoS attacks) and in order to ensure that servers are used to capacity and to guarantee their stability.

  • Types of data we process: Content data (e.g. entered texts, pictures, videos), user data (e.g. websites users visited, contents they looked at and related access times), meta/communication data (device information, IP addresses).

  • Data Subjects: Users (e.g. visitors on our websites, users of web services).

  • Legal bases: Legitimate interests (Article 6(1)f of the GDPR).


Marketing communication via e-mail, mail, fax or telephone


We process Personal Data for marketing communications via various channels, e.g. e-mail, telephone, mail or fax in accordance with statutory provisions.


The recipients are entitled to withdraw their consent or to object to such marketing communication at any time.


After such withdrawal or objection, we may store the data evidencing your consent for a period of up to 3 years based on our legitimate interest. The Processing of such data will be restricted to the purpose of a possible defense against claims. You may file an individual request to erase your data if you confirm that you gave your consent in the past.

  • Types of data we process: Master data (e.g. name, address); contact data (e.g. e-mail, telephone number);

  • Data Subjects: Contact Person.

  • Purposes of Processing: Direct marketing (e.g. via e-mail or mail).

  • Legal bases: Consent (Article 6(1)a) of the GDPR, legitimate interests (Article 6(1)f of the GDPR).


Sweepstakes and contests

We process Personal Data of participants in sweepstakes and contests in compliance with applicable data protection regulations to the extent they must be processed in order to offer, execute and realize the sweepstakes, the participants gave their consent or the Processing is in our legitimate interests (e.g. security of the sweepstakes or protection of our interests in avoiding misuse when IP addresses are collected in connection with sweepstake submissions).

If we publish submissions of participants in sweepstakes, e.g. in connection with a voting or presentation of the submissions or of the winners of or reports on the sweepstakes, we would like to point out that the names of the participants may be published, as well. The participants may object to the Processing of their data at any time.

Sweepstakes on online platforms or social networks such as Facebook or Instagram, hereinafter referred to as “Online Platform”, are additionally subject to the relevant platform’s Terms and Conditions of Use and Data Privacy. In these cases, we inform the participants that we are the Controllers of the data furnished by the participants and that any requests relating to the sweepstakes are to be directed to us.

The participants’ data will be erased immediately after the end of the sweepstakes or contests and as soon as the data are not required to inform the winners or to answer any questions related to the sweepstakes. As a general rule, the participants’ data will be erased 6 months after the end of the sweepstakes at the latest. The data of the winners may be kept for a longer period of time in order to answer questions related to the prizes or to give out the prizes. In this case, the retention period is subject to the type of sweepstake and may be up to 3 years for items or services, e.g. in case of warranty claims. In addition, the participants’ data may be stored for a longer period of time, e.g. in form of reports on the sweepstakes in online and offline media.

The Processing and retention period of data collected in relation to sweepstakes but for other purposes is subject to the related data protection information (e.g. for a newsletter subscription in connection with sweepstakes).

  • Types of data we process: Master data (e.g. names, addresses), contents (e.g. entered text, photos, videos).

  • Data Subjects: Participants in sweepstakes and contests.

  • Purposes of Processing: Execution of sweepstakes and contests.

  • Legal bases: Performance of contract and pre-contractual measures (Article 6(1)b of the GDPR).


Online marketing


We process Personal Data for online marketing purposes, which may include, without limitation, marketing advertising spaces or presentation of marketing and other contents (hereinafter collectively referred to as "Content") based on the users’ potential interests and the measurement of their efficiency.


For these purposes, we compile and store in a file (so-called cookie) so-called user profiles or use similar processes to store the information on the user relevant for the presentation of the above-stipulated Content. Such information may include without limitation contents viewed, websites visited, online networks used and Contact Persons and technical information such as type of browser, computer system and times of use. Location data may also be processed if users gave their consent thereto.


In addition, the users’ IP addresses will be stored. However, we use available IP Masking processes, i.e. pseudonymization by shortening the IP address in order to protect our users. For online marketing purposes, we do not store any plain user data such as e-mail addresses or names but rather pseudonyms. This means we as well as the providers of online marketing processes are not informed of the users’ actual identity but only of the information stored in the users’ profiles.


The information contained in the profiles are normally stored in cookies or similar processes. The cookies can be read by other websites that use the same online marketing process and may be analyzed in order to present contents or may be complemented with other data and stored on the server of the provider of the online marketing process.


In exceptional cases, plain data may be allocated to the profiles, e.g. if users are members of a social network and we use such network's online marketing processes and the network connects the user profiles with the information provided. Please note that users may make additional agreements with the providers upon registration, e.g. by giving or refusing to give their consent.


Generally, we are only granted access to summary information on the success of our advertisements. However, we may use so-called Conversion Measurements to verify which of our online marketing processes led to a so-called conversion, i.e. to the conclusion of a contract. Conversion Measurement will only be used to analyze the success of our marketing campaigns.


Unless otherwise stated, please assume that we store our cookies for a period of 2 years.


Information on legal bases:
Provided we ask for the users’ consent to the use of third-party providers, the legal bases for the Processing of their data is their consent; otherwise, the user data will be processed based on our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). Please refer to the information on the use of cookies contained in this privacy policy.

  • Types of data we process: User data (e.g. websites users visited, contents they looked at and related access times), meta/communication data (device information, IP addresses).

  • Data Subjects: Users (e.g. visitors on our websites, users of web services), interested parties.

  • Purposes of Processing: Tracking (e.g. interest-/behavior-related Profiling, use of cookies), Remarketing, Conversion Tracking, Interest-Based and Behavior-Related Marketing, Profiling (preparation of user profiles), Conversion Measurement (measurement of the efficiency of marketing measures), Range Measurement (e.g. access statistics, recognition of returning visitors).

  • Protection measures: IP Masking (pseudonymization of IP address).

  • Legal bases: Consent (Article 6(1)a) of the GDPR, legitimate interests (Article 6(1)f of the GDPR).

  • Objection (opt out): Please refer to the relevant provider’s data protection statements and related objection processes (so-called opt out). If no specific opt-out option is stated, you may deactivate cookies in your browser settings. However, this might restrict the functions of our Web Presence. Therefore, we recommend the following additional opt-out choices offered for the stated territories:
    a) Europe: https://www.youronlinechoices.eu.
    b) Canada: https://www.youradchoices.ca/choices.          
    c) USA: https://www.aboutads.info/choices.
    d) For all territories: http://optout.aboutads.info.

Services and service providers we use:



Social network presences


We maintain web presences in social networks in order to communicate with users who are active in such networks and to offer information about our company.


We would like to point out that user data may be processed in countries that are not members of the European Union. This might create certain risks for the users, because the protection of their rights may be more difficult. US providers that are certified according to the Privacy Shield or that otherwise guarantee a comparable level of data protection undertake to comply with EU data protection standards.


In addition, user data in social networks are normally processed for market research and advertising purposes so that user profiles can be compiled based on the user behavior and resulting interests. These user profiles can be used in order to place advertisements within and outside these networks that might correspond to these users’ interests. For these purposes, cookies are stored on the users’ computers, which store the users’ behavior and interests. In addition, user profiles may also contain data that are independent of the devices used by such user (including without limitation if the users are members of the platform and logged in to their accounts).


For more detailed information on the forms of Processing and opt-out options, please refer to the data policies and information of the operators of the relevant networks.


Requests for information and assertion of Data Subjects' rights should be directed to the providers. Only the providers have access to the user data and are able to take required measures and to provide related information. Please do not hesitate to contact us if you need any assistance.

  • Types of data we process: Master data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entered texts, pictures, videos), user data (e.g. websites users visited, contents they looked at and related access times), meta/communication data (device information, IP addresses).

  • Data Subjects: Users (e.g. visitors on our websites, users of web services).

  • Purposes of Processing: Contact requests and communication, Tracking (e.g. interest-related/behavior-related Profiling, use of cookies), Remarketing, Range Measurement (e.g. access statistics, recognition of returning visitors).

  • Legal bases: Legitimate interests (Article 6(1)f of the GDPR).

Services and service providers we use:

Use of Recruitment Services

In compliance with statutory provisions, we may use HR management and/or recruitment software and platforms and services from third-party providers for recruitment and application purposes and the selection of applicants (hereinafter referred to as “Recruitment Services”).


This section describes the Processing of Personal Data provided by applicants and potential applicants in connection with Recruitment Services. For our data protection information regarding our recruitment processes, please read the Privacy policy applicable to applicants at: https://www.ebz-group.com/dse-bewerber


Should you file your information as an applicant using Recruitment Services of a social network, please also read the data protection information in “Presences in social networks”.

  • Types of data we process: Master data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entered texts, pictures, videos), applicant data (e.g. Personal Data, mail and contact address, documents related to the application and the contents thereof, such as cover letter, curriculum vitae, references and certificates and any other information provided by the applicant related to a certain position or otherwise voluntarily provided regarding the applicant’s person or qualification), user data (e.g. websites users visited, contents they looked at and related access times), meta/communication data (device information, IP addresses).

  • Data Subjects: Applicants, potential applicants

  • Purposes of Processing: Recruitment, applicant management

  • Legal bases: Legitimate interests (Article 6(1)f of the GDPR).


Services and service providers we use:

Plugins, integrated functions and contents

We integrate function and content elements into our Web Presence that we obtain from the servers of the relevant providers (hereinafter referred to as “Third-Party Providers”). Such elements may include without limitation charts, videos, social media buttons or posts (hereinafter referred to as “Content”).


This integration is always subject to the proviso that the Third-Party Providers of the Content process the users’ IP addresses, as they cannot send the contents to the browser without the IP address. This means the IP address is required for the presentation of such Content or functions. We do our utmost to only use Contents from providers that use the IP address for the delivery of the Contents and for no other purposes. In addition, Third-Party Providers may use so-called pixel tags (invisible gifs, also called “web beacons”) for statistics or marketing purposes. The pixel tags are used to analyze information such as traffic on the individual pages of this website. In addition, the information may be stored in anonymized form in a cookie on the user’s device and may contain (without limitation) technical information on the browser and operating system, referring websites, access times and other information on the use of our Web Presence and may be connected with this type of information from other sources.


Information on legal bases:
Provided we ask for the users’ consent to the use of Third-Party Providers, the legal basis for the Processing of their data is their consent; otherwise, the user data will be processed based on our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). Please refer to the information on the use of cookies contained in this privacy policy.

  • Types of data we process: User data (e.g. websites users visited, contents they looked at and related access times), meta/communication data (device information, IP addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entered texts, pictures, videos).

  • Data Subjects: Users (e.g. visitors on our websites, users of web services), Contact Persons.

  • Purposes of Processing: Provision of our Web Presence and user friendliness, contractual services, contact and communication, direct marketing (e.g. via e-mail or mail), Tracking (e.g. interest-related/behavior-related Profiling, use of cookies), Interest-Based and Behavior-Related Marketing, Profiling (creation of user profiles).

  • Legal bases: Legitimate interests (Article 6(1)f of the GDPR), Consent (Article 6(1)a of the GDPR).

Services and service providers we use:

Erasure of data

We erase all processed data in accordance with legal provisions as soon as the consent, based on which we process the data, is withdrawn or otherwise the authorization to process these data ceases to exist (e.g. if the purpose for which the data were processed ceases to exist of if the data are not required for the purpose).


The Processing of data that were not erased because they are required for other legally admissible purposes will be restricted to these purposes. This means these data will be blocked and not processed for any other purpose. This applies, without limitation, to data that must be kept for commercial or tax law reasons or for the assertion, execution or defense of legal claims or for the protection of the rights of another natural or legal person.


For more information on the erasure of Personal Data, please refer to the other data privacy statements contained in this privacy policy.



Change and update of the privacy policy

Please refer to the contents of this privacy policy in regular intervals, as we will adapt it to any required changes of our data processing activities. We will inform you of any action that you are required to take (e.g. giving your consent) or if any individual information is to be provided to you.


Please note that any addresses and contact information of companies and organizations we state in this privacy policy might change over time, so please check these contact data before using them.



Rights of Data Subjects


In accordance with the GDPR, Data Subjects have various rights, including without limitation based on Articles 15 through 18 and on Article 21 of the GDPR.


Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the Processing of your Personal Data which is based on Article 6(1)e or f of the GDPR, including Profiling based on those provisions. Where your Personal Data are processed for direct marketing purposes, you have the right to object at any time to the Processing of your Personal Data for such marketing, which includes Profiling to the extent it is related to such direct marketing;

  • Right to withdraw your consent: You are entitled to withdraw your consent to the Processing of your Personal Data at any time.

  • Right of access: You have the right to demand confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the Personal Data and additional information and a copy of these data based on statutory provisions.

  • Right to rectification: In accordance with statutory provisions, you have the right to demand the rectification of inaccurate Personal Data or to have incomplete Personal Data completed.

  • Right to erasure and to restriction of Processing: In accordance with statutory provisions, you have the right to demand that your Personal Data be erased without delay and/or to demand restriction of Processing of your Personal Data.

  • Right to portability: In accordance with statutory provisions you have the right to receive the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to demand transmission of those data to another Controller.

  • Right to lodge a complaint with a supervisory authority: In accordance with statutory provisions, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you believe that the Processing of Personal Data relating to you infringes the regulations contained in the GDPR.



Definitions of terms


This section contains an overview of the terms used in this privacy policy. Many of these terms are taken from and defined in the GDPR, including without limitation in Article 4 thereof. The legal definitions are binding. The descriptions hereinafter are mainly for comprehension purposes. The terms are listed in alphabetical order.

  • Conversion Tracking: "Conversion Tracking” means a process by which the effectiveness of marketing measures can be measured. For this purpose, a cookie will be stored on the devices of the users of the websites on which these marketing measures are taken and this cookie is then retrieved and analyzed. This helps us to understand whether the ads we placed on other websites were successful or not.

  • IP Masking: "IP Masking" describes a method based on which the last byte, i.e. the last two digits, of an IP address is erased so that the IP address cannot be used to identify a person. This means IP Masking is a means for pseudonymized Processing, including without limitation for online marketing purposes.

  • Interest-Based and Behavior-Related Marketing: Interest-Based and/or Behavior-Related Marketing means that the potential interests of users in ads and other contents are predetermined as accurately as possible based on information of their behavior (e.g. the websites they visit and dwell time, purchase behavior or interaction with other users) that is stored in a so-called profile. Usually, cookies are used for these purposes.

  • Conversion Measurement: "Conversion Measurement” means a process by which the effectiveness of marketing measures can be measured. For this purpose, a cookie will be stored on the device of the users of the websites on which these marketing measures are taken and this cookie is then retrieved and analyzed. This helps us to understand if the ads we placed on other websites were successful or not.

  • Personal Data: “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “Data Subject”). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • Profiling: “Profiling” means any type of automated Processing of Personal Data where these Personal Data are used in order to analyze, evaluate or predict certain personal aspects relating to a natural person (e.g. the interest in certain contents or products, click behavior on a website or their location) (depending on the type of Profiling this includes without limitation the age, sex, location data, movement data, interaction with websites and their contents, purchase behavior, social interaction with other people). Cookies and web beacons are often used for Profiling purposes.

  • Range Measurement: Range Measurement, also called web analytics, is used to analyze the stream of visitors to a Web Presence and may also cover the behavior or interests of these visitors in certain information such as the contents of a website. Range Measurement enables operators of a website to determine the times people visit their website and the contents they are interested in in order to adapt the contents of a website to their visitors' needs. Pseudonymized cookies and web beacons are often used for Range Measurement purposes in order to recognize returning visitors and receive exact analyses regarding the use of a Web Presence.

  • Remarketing: “Remarketing” or “Retargeting” means to show ads for products to users based on these users’ previous internet actions.

  • Tracking: “Tracking” means analyzing user behavior on two or more Web Presences. Generally, information on user behavior or interest is stored in cookies or on servers of providers of Tracking technologies (so-called Profiling). This information can be used to show ads to users that are likely to correspond to their interests.

  • Controller: ”Controller” means the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

  • Processing: “Processing” means any operation or set of operations which is performed on Personal Data, whether or not by automated means. This term is very comprehensive and covers any handling of data, including without limitation collection, analysis, storage, transmission or erasure.