1. Basic information on data processing and legal foundations
1.1. This data protection policy clarifies the nature, scope and purpose of the processing of personal data within our online offering and websites, functions and contents associated with it (hereinafter referred to collectively as “online offering” or “website”). The data protection policy applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offering is run.
1.2. For the terminology used such as “personal data” or its “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Users’ personal data processed as part of this online offering include personal details (e.g. customer’s name and address, company name and telephone numbers), contractual data (e.g. selected subjects in the contact form), usage data (e.g. websites visited in our online offering) and content data (e.g. entries in contact form).
1.3. The term “users” comprises all categories of data processing relating to data subjects. They include our business partners, customers, potential customers and other visitors to our online offering. All terms employed such as “user” are to be understood as gender-neutral.
1.4. We only process users’ personal data in compliance with the relevant data protection provisions. This means user data will only be processed if this is allowed under the law, i.e. in particular if the data processing is required or prescribed in law to enable us to provide our contractual services (e.g. order processing) and online services, the user’s consent has been obtained, and on the basis of our legitimate interests (i.e. interest in the analysis, optimisation, cost-effective operation and security of our online offering as defined by Art. 6 (1) lit. f GDPR, particularly for the measurement of reach, preparation of profiles for advertising and marketing purposes as well as the collection of access data and use of services from third-party providers).
1.5. We point out that the legal foundation for the consents is provided by Art. 6 (1) lit. a and Art. 7 GDPR, for the processing required to provide our services and carry out contractual measures by Art. 6 (1) lit. b GDPR, for the processing required to meet our legal obligations by Art. 6 (1) lit. c GDPR and for the processing required to protect our legitimate interests by Art. 6 (1) lit. f GDPR.
2. Security measures
2.1. We implement state-of-the-art organisational, contractual and technical security measures to ensure that the regulations contained in data protection laws are observed and to protect the data processed by us against accidental or deliberate manipulation, loss, destruction or unauthorised access.
In particular, security measures include the encrypted transmission of data between your browser and our server.
3. Transmission of data to third parties and external providers
3.1. Data will only be transmitted to third parties in line with statutory requirements. We will only pass on users’ data to third parties if this is required, for example, on the basis of Art. 6 (1) lit. b GDPR for contractual purposes or on the basis of legitimate interests in accordance with Art. 6 (1) lit. f GDPR in the cost-effective, efficient running of our business operations.
3.2. If we use subcontractors to provide our services, we will make suitable technical arrangements and implement appropriate technical and organisational measures to provide for the protection of personal data in accordance with the relevant statutory regulations.
3.3. If contents, tools or other equipment are used under this data protection policy from other providers (hereinafter referred to collectively as “external providers”) whose registered head office is in a third country, it must be assumed that data will be transferred to the third countries of such external providers. Third countries are defined as countries in which the GDPR has no direct application, i.e. basically countries outside the EU or European Economic Area. Data are transferred to third countries if a suitable level of data protection, the user’s consent or other legal authorisation applies.
4. Call-back service
4.1. We process personal details (e.g. name and company name as well as telephone numbers) for the purpose of meeting our contractual obligations and services in accordance with Art. 6 (1) lit. b GDPR.
5.1. When they contact us (through a contact form or by email), users’ details will be processed in order to handle and deal with their enquiry in accordance with Art. 6 (1) lit. b GDPR.
6. Comments and posts
6.1. If users leave comments or other contributions, their IP address will be stored for 7 days on the basis of our legitimate interests as defined by Art. 6 (1) lit. f GDPR.
6.2. This is done for our security in case someone leaves illegal content in comments or posts (insults, forbidden political propaganda, etc.). In this case, we can ourselves be held liable for the comment or post and we therefore have an interest in the identity of the author.
7. Collection of access data and log files
7.1. On the basis of our legitimate interests as defined by Art. 6 (1) lit. f GDPR, we collect data every time the server hosting this service is accessed (so-called server log files). Access data include the name of the website visited, the file retrieved, the date and time of retrieval, the data volume transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (previously visited page), and the requesting provider.
7.2. For security reasons (e.g. to investigate abuse or fraud), log file information is stored for a maximum of 14 days and then deleted. Data which need to be retained for longer as evidence are not liable for deletion until the case in question has been conclusively investigated.
8. Cookies and measurement of reach
8.1. Cookies represent information transmitted by our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
8.2. We use “session cookies” which are only stored for the duration of the actual visit to our online offering (e.g. to store your login status or the shopping trolley function, thereby making our online offering usable in the first place). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offering and you log out or close the browser.
8.4. If users do not wish cookies to be stored on their computer, they will be asked to deactivate the corresponding option in their browser’s system settings. Any cookies saved can be deleted in the browser’s system settings. The refusal of cookies may lead to restrictions on the way in which this online offering works.
8.6. This website uses Borlabs Cookie which places a technically necessary cookie (borlabs cookie) to store your consent to cookies. Borlabs Cookie does not process any personal data whatever. The consents you have given on entering the website are stored in the borlabs cookie plugin. If you would like to revoke these consents, simply delete the cookie in your browser. When you enter the website again or reload it, you will be asked for your cookie consent again.