Privacy policy
When you visit our website, personal data is accessed (e.g. IP address) or information is stored (e.g. cookies). This may then involve further processing of data. This privacy policy explains how your personal data is used by us and what rights and options you have in this regard. It applies to all personal data that you provide to us or that is derived from such data as part of our business relationship with you or when you visit our websites.
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
milch & zucker GmbH is generally the controller of all personal data that you provide to us in connection with your visit to our websites and/or our business relationship.
You can contact us via social media websites or via functions on our websites in which social media sites are integrated. If you contact us via social media sites, you may authorise us to access certain information from your social media profile. You can determine the scope of this information yourself in the data protection settings on the respective platform.
CATEGORIES OF PERSONAL DATA WE COLLECT
In particular, we collect and process personal data that falls into the following categories
- Application data (see: Data protection information for the application);
- Contact information such as surname, first name, business address, business telephone number, business mobile phone number, business fax number and business email address, the unique identifier of your mobile device and the IP address of your computer when you use our websites;
- Payment details, such as data required to process payments and prevent fraud, including credit/debit card numbers, security codes and other billing information;
- Business information that is necessarily processed in a business or other contractual relationship with milch & zucker or voluntarily provided by you, such as orders placed, purchases, services and other business transactions, feedback on products and other information you provide to us;
- Information about your interests and other information obtained using the cookies described in the cookie notices, in particular your activities on our websites or when you use content available for download (e.g. registration to download software, ebooks, whitepapers) or other services we offer you online. This includes information about what content has been downloaded and how long and how often it has been clicked on or viewed;
- Information obtained from public sources, secure databases and credit reference agencies;
- Special categories of personal data.
PURPOSES OF USE OF YOUR PERSONAL DATA
We will only use your personal data for the following purposes (“Permitted Purposes”):
- The planning, execution, management and administration of our contractual relationship, e.g. by executing transactions and orders for products or services, processing payment transactions, undertaking accounting, auditing, billing and debt collection activities, arranging shipments and deliveries, providing services. It is assumed that these business relationships take place on a business-to-business basis;
- Maintaining and protecting the security of our websites and other systems that prevent and detect security risks, fraud or other criminal or malicious acts;
- ensuring compliance with legal obligations (e.g. accounting obligations), compliance audits or retention and record-keeping obligations
- settling disputes, enforcing our contractual agreements and the establishment, exercise or defence of legal claims
- ensuring compliance with legal obligations, e.g. the retention of sales documents for tax purposes or the sending of legally required notifications and other announcements.
If you have expressly given us your consent, we may also use your personal data for the following purposes:
- communicating with you through the channels you have authorised in order to keep you up to date with the latest announcements, special events and other information about milch & zucker products, technologies and services (including marketing-related newsletters);
- administering and conducting customer surveys, marketing campaigns, market analyses, competitions or other promotional activities or events;
- collecting information about your interests based on your activities when using our websites, products, content available for download or other services we offer you online. Based on this information (e.g. which content was downloaded and how long and how often it was clicked on or viewed), we create a user profile to make our communication and interaction with you more personal and to improve the quality (for example through newsletter tracking or website analyses). The background to our profiling activities is to recognise topics that could be useful or of interest to you and then provide you with information that is relevant to you. The algorithm used applies this pattern and automatically provides you with the appropriate content or information.
If you register for the newsletter offered on our website with regular information on our offers and services, we require your e-mail address as mandatory information. Additional data is provided in order to be able to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.
We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you our newsletter by email if you have expressly confirmed to us that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, wish to receive future newsletters. We base the processing of your data on your consent in accordance with Art. 6 para. 1 lit. a GDPR.
When you register for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address you used to register for the newsletter as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later date. You can unsubscribe from the newsletter at any time via the link included in every newsletter or by sending an email to our data protection officer. After cancellation, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the data collected or the continued processing is otherwise permitted by law.
We also process your data to analyse newsletter campaigns. For the analysis, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links have been clicked on. Conversion tracking can also be used to analyse whether a predefined action (e.g. ordering on our website) has taken place after clicking on the link in the newsletter. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This data is used exclusively to analyse newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
Our email newsletters are sent via our technical service provider HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild St, North Dock, Dublin, D01 R8H7 Dublin (“HubSpot”), to whom we pass on the data you provided when registering for the newsletter.
We also use HubSpot for our own marketing activities. We use this integrated software solution for our own marketing, lead generation and customer service purposes. This includes email marketing, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms. HubSpot uses cookies, small text files that are stored locally in the cache of your web browser on your end device and enable us to analyse your use of the website. HubSpot analyses the information collected (e.g. IP address, geographical location, type of browser, duration of the visit and pages accessed) on our behalf so that we can generate reports on the visit and the pages visited. Information collected by HubSpot and the content of our website is stored on the servers of HubSpot’s service providers. If you have given your consent to this in accordance with Art. 6 para. 1, sentence 1 lit. a GDPR, the processing on this website is carried out for the purpose of website analysis.
Since personal data may be transferred to the parent company HubSpot Inc. in the USA both when registering for the newsletter and as part of our own marketing activities, we will obtain your consent to the data transfer to the USA in advance via the cookie manager (Art. 49 para. 1, sentence 1 lit. a GDPR). There is currently an adequacy decision by the EU Commission for the USA. Hubspot is also certified in accordance with the EU_US Data Privacy Framework (DPF). In addition, we have agreed standard data protection clauses with HubSpot in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. The corresponding data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The data will be deleted no later than 13 months after collection. You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies through your browser settings. You can object to the processing of your personal data at any time with effect for the future by sending an email to datenschutz@milchundzucker.de.
In accordance with the General Data Protection Regulation (GDPR), you have the right to object to the processing of your personal data. Please refer to the subsection “Your personal rights” for a detailed explanation of your rights and how to assert them.
We only make use of marketing-related types of communication (e.g. newsletters, promotional emails and telephone calls) if you have previously consented to such use and you have the option to withdraw your consent at any time if you no longer wish to receive marketing-related types of communication from us.
We will not use your personal data to make automated decisions about you or to create profiles other than those described above.
If the data processing takes place in the EU or you are based in the EU, the legal bases for processing your personal data are set out in Article 6 of the General Data Protection Regulation (“GDPR”). Depending on which of the above purposes we use your personal data for, the processing is necessary either to fulfil a contract or other business agreement with milch & zucker or to comply with our legal obligations or to protect our legitimate interests. However, this is only the case if your interests or fundamental rights do not take precedence over our interests. Furthermore, processing may also be based on your consent if you have expressly given it to us.
USE AND COLLECTION OF YOUR PERSONAL DATA
We will usually collect your personal data directly from you, for example when you visit our website, communicate with us about our products and services, place an order, sign up for our newsletter or participate in our customer surveys. We do not receive any personal data from third parties, unless you have utilised the services of a recruitment agency. If this is the case, you will be informed of this if legally required.
WHERE WE PROCESS YOUR PERSONAL DATA
As part of our business activities, we may also transfer your personal data to recipients in other countries, including countries outside the European Economic Area (“third countries”), where data is not protected by law to the same extent as under the laws in Europe. When we do this, we comply with applicable data protection requirements and take appropriate security measures to ensure that your personal data is protected and secure. This is usually done through data transfer agreements based on the European Commission’s current standard contractual clauses. If you would like more information about these security measures, you can contact us at any time using the contact details below.
PROTECTION OF YOUR PERSONAL DATA
To protect your personal data, we maintain physical, electronic and procedural security measures in accordance with the recognised state of the art and legal data protection requirements. These security measures include the implementation of certain technologies and procedures, such as secure servers, firewalls and SSL encryption. We comply at all times with applicable laws and regulations relating to the confidentiality and security of personal data.
DISCLOSURE OF YOUR PERSONAL DATA
We assure you that we will not sell or otherwise disclose your personal data for commercial purposes.
We only pass on your personal data to third parties in the following cases:
- We may engage service providers (so-called processors) to process personal data for the permitted purposes on our behalf and solely on our instructions. However, milch & zucker retains full control over your personal data even in these cases and remains fully responsible for its protection. milch & zucker naturally ensures that in cases where processors are engaged, the processors also observe and comply with the appropriate security measures required by applicable law to protect your personal data.
- If this is necessary to fulfil a legal obligation or for the establishment, exercise or defence of claims, to courts, law enforcement authorities, supervisory authorities or lawyers.
- To credit reference agencies and other companies in the context of credit decisions, solely for the prevention of fraud and for debt collection.
- In addition, your personal data may also be shared with third parties if we sell or buy any part of our business or assets, in which case we may disclose personal data to the prospective buyer or seller of such business or assets, including their professional advisers.
- If all or substantially all of milch & zucker’s assets are acquired by a third party, in which case personal data held by us about customers and other contacts may be one of the transferred assets.
In all other cases, we will only pass on or disclose your personal data if you request us to do so, if we are obliged to do so under applicable law or due to a court or official order, or if we suspect fraudulent acts or a criminal offence.
YOUR DATA PROTECTION RIGHTS
RETENTION PERIOD OF PERSONAL DATA
We will retain your personal data for as long as necessary to provide the services, products or information you have requested and to manage your relationship with us. If you have asked us not to contact you, we will retain this information until your request has been fulfilled. In addition, we are required by applicable law to retain certain of your personal data for a certain period of time (e.g. in connection with business transactions). Your personal data will be deleted immediately if it is no longer required for these purposes.
YOUR PERSONAL RIGHTS
If the data processing takes place in the EU or you are based in the EU, you can request access to your personal data or its rectification or erasure or restriction of its processing, subject to certain legal conditions. You can also object to processing or request the transfer of data. In particular, you are entitled to request a copy of the personal data we have stored about you. If you make this request more than once, we may charge a reasonable fee for this. Details of your data protection rights can be found in Articles 15-22 GDPR. As we want to ensure that your personal data is accurate and up to date, you can also ask us to correct or remove any information that you believe is inaccurate.
We assure you that we will respect and observe your rights to information, access, rectification, erasure or restriction, portability, objection and rights in relation to automated decision-making and profiling when using your personal data at all times. We therefore also take all possible measures to ensure that the personal data we collect is accurate and up to date. Notwithstanding this, you have the following rights:
a) Right to confirmation
You have the right to request confirmation from us as to whether your personal data is being processed. If you wish to exercise this right, you can contact our data protection officer at any time.
b) Right to information
You have the right to obtain information
- about the purposes of processing,
- the categories of personal data being processed
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, and the appropriate safeguards pursuant to Art. 46 GDPR to ensure an adequate level of protection
- if possible, the planned storage period or, if this is not possible, the criteria for determining this period
- the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing
- the existence of a right to lodge a complaint with a supervisory authority
- the origin of the data if it was not collected from you,
- where applicable, the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You also have the right to receive information from us at any time free of charge about the personal data stored about you and a copy of this information.
If you wish to exercise this right, you can contact our data protection officer at any time.
c) Right to rectification
You have the right to obtain from us the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If you wish to exercise this right, you can contact our data protection officer at any time.
d) Right to cancellation
You have the right to demand that we erase the personal data concerning you without undue delay. We are also obliged to delete personal data immediately if one of the following reasons applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
- You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
- The personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
If one of the above-mentioned reasons applies and you wish to have personal data stored by us deleted, you can contact our data protection officer at any time.
e) Right to be forgotten
If we have made the personal data public and one of the above-mentioned reasons for deletion applies, we must take appropriate measures, taking into account the circumstances, to inform all other data controllers that all links to this personal data or copies or replications of the personal data must be deleted.
f) Right to restriction of processing
You have the right to obtain from us restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
- the processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead
- we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims
- you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons asserted by us outweigh your rights.
You can contact our data protection officer at any time to request the restriction of processing.
g) Right to data portability
If we process your personal data, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
- the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR
- the processing is carried out by automated means.
When exercising your right to data portability pursuant to Art. 20 (1) GDPR, you have the right to obtain that your personal data be transferred directly by us to another controller, insofar as this is technically feasible and does not adversely affect the rights and freedoms of other persons.
To assert this right to data portability, you can contact our data protection officer at any time.
h) Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) and (f) GDPR or Article 89(1) GDPR. This also applies to profiling based on these provisions.
In the event of an objection, milch & zucker will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
milch & zucker does not process personal data for direct marketing purposes. Such processing is also not intended. If milch & zucker processes personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.
i) Automated decisions in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This right does not apply if the decision
- is necessary for the conclusion or fulfilment of a contract between us
- is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is made with your express consent.
If the decision is necessary for the conclusion or fulfilment of a contract between us or if it is made with your express consent, we will take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to state your own position and to challenge the decision.
To exercise this right, you can contact our data protection officer at any time.
j) Right to revoke consent under data protection law
You have the right to withdraw any consent given in the past to the processing of your personal data at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. If you withdraw your consent, we may only continue to process your personal data if there is another legal basis for doing so.
If you wish to exercise your right to withdraw your consent, you can contact our data protection officer at any time.
HOW TO ASSERT YOUR RIGHTS
If you wish to exercise any of the above rights, please send us a description of the personal data concerned, stating your name. We may ask you to provide proof of your identity in order to protect your personal data from unauthorised access. We will process your request carefully and discuss with you how best to fulfil it.
If you have any concerns about how we handle your personal data, or if you wish to complain about our handling of your personal data, please contact our Data Protection Officer.
If you are not satisfied with our response or believe that we are not processing your personal data in accordance with applicable law, you can lodge a complaint with the supervisory authority responsible for data protection.
CHANGES TO THIS STATEMENT
This Privacy Policy was drafted in July 2023. We may amend or supplement the statement from time to time to take account of legal changes. We therefore recommend that you check the statement again from time to time. In such cases, changes to the privacy policy apply from the date on which they were published on our website.
DATA PROTECTION CONTACTS / CONTACT PERSONS
You can contact our data protection officer as follows
By post to Friedrich-List-Straße 23, 35598 Gießen
by e-mail to datenschutz (at) milchundzucker.de
by telephone to +49/(0)641/30020519
via the website: https://www.milchundzucker.de/datenschutz
For complaints regarding our processing of personal data in Germany, you can contact the Hessian Commissioner for Data Protection and Freedom of Information in the following way:
By post to Gustav-Stresemann-Ring 1, 65189 Wiesbaden
by e-mail to poststelle (at) datenschutz.hessen.de
by telephone to +49/(0)611/14080
via the website: https://datenschutz.hessen.de/
If necessary, you can also lodge a complaint with another supervisory authority in the European Union.
General contact milch & zucker
info (at) milchundzucker.de
DATA COLLECTION ON THIS WEBSITE
Consent with Borlabs Cookie
Our website uses Borlabs Cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document them in accordance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, in which the consent you have given or the revocation of this consent is stored. This data is not passed on to the provider of Borlabs Cookie.
The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
ANALYSIS TOOLS & MARKETING
Matomo
This website uses the open source web analysis service Matomo.
With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
This analysis tool is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
IP anonymisation
We use IP anonymisation for the analysis with Matomo. This means that your IP address is shortened before it is analysed so that it can no longer be clearly assigned to you.
Cookie-less analysis
We have configured Matomo so that it does not store any cookies in your browser.
Hosting
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display adverts in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted adverts can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can recognise whether the user has carried out certain actions. For example, we can analyse which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our adverts and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
You can find more information about Google Conversion Tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
LinkedIn Insight Tag
This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Data processing by LinkedIn Insight Tag
With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyse the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that we can use to display targeted advertising to visitors to our website outside the website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.
LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. Details can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.
Legal basis
If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. Consent can be revoked at any time. If consent has not been obtained, this service is used on the basis of Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in effective advertising measures including social media.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5448.
Objection to the use of LinkedIn Insight Tag
You can object to the analysis of user behaviour and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
PLUGINS & TOOLS
YouTube with extended data protection
This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of these websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalise browsing on YouTube. Ads that are played in extended data protection mode are also not personalised. No cookies are set in extended data protection mode. Instead, however, so-called local storage elements are stored in the user’s browser, which contain personal data similar to cookies and can be used to recognise the user. Details on the extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.
After activating a YouTube video, further data processing operations may be triggered over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
Hubspot CRM
We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).
Hubspot CRM enables us, among other things, to provide pages for our website (content management) or to integrate content elements such as forms on pages and to collect and analyse website statistics. HubSpot CRM also enables us to manage existing and potential customers and customer contacts. With the help of the Hubspot CRM, we are able to record, sort and analyse customer interactions via email, social media or telephone across various channels. The personal data collected in this way can be analysed and used for communication with potential customers or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyse the user behaviour of our contacts on our website.
The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Details can be found in Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.hubspot.de/data-privacy/privacy-shield.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TN8pAAG&status=Active
Order processing
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.