Name and contact of the controller pursuant to Article 4 (7) GDPR
Tel.: +49 (0) 7026 /9316-0
Fax: +49 (0) 7026 / 9316-90
external data protection officer
Tel.: +49 7476 4490428
Cookies also store settings to simplify the ordering process (e.g. to recall the content of a virtual shopping cart for use later on the website). Insofar as personal data is processed by some of the cookies implemented by us, this data is processed in accordance with either Art. 6(1)(b) GDPR (General Data Protection Regulation) for performance of the contract or Art. 6(1)(f) GDPR for protecting our legitimate interests by ensuring the best possible website functionality and effective design for a customer friendly experience when visiting the site.
We sometimes work with advertising partners who help us to make our online content more interesting for you. Cookies from partner companies (third party cookies) may sometimes be stored on your hard drive for this purpose when you visit our website. Where we cooperate with advertising partners as stated above, how these types of cookies are used and what information they gather is described individually and separately in the following paragraphs.
Update/change cookie consent
Server log files
The website provider gathers and stores information automatically in server log files, which your browser automatically sends to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Hostname of the computer accessing the website
- Date and time of the server request
- Quantity of data sent in bytes
- Your IP address (anonymised)
Please note that you can set your browser to inform you about the placing of cookies and you can decide individually whether to accept them, or can block acceptance of cookies for certain cases or generally. Each browser differs in terms of how cookies are managed. This is explained in the help menu of every browser, where you will find information on how to change your cookie settings. Use the following links to view this information for different browsers:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Please note that if you block cookies, this may restrict the functionality of our website.
If you send us an enquiry using the contact form, your details from this form, including the contact data that you have provided, will be stored by us for the purposes of processing your enquiry and in case of follow-up questions. This data will not be disclosed without your consent.
The data entered in the contact form will only be processed on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time.
An informal message to us by email is sufficient for this. The legality of the data processing procedures performed prior to withdrawal of consent shall remain unaffected.
We will continue to hold the data that you entered in the contact form until you ask us to erase it, withdraw your consent to the storage of the data, or until the purpose for the data storage no longer applies (e.g. the processing of your enquiry has been completed). This is without prejudice to any mandatory statutory regulations – in particular retention periods.
Enquiries by email, phone or fax
If you contact us by email, phone or fax, we will store and process your enquiry, including all associated personal data (name, enquiry), for the purposes of dealing with your request. This data will not be disclosed without your consent.
This data will be processed on the basis of Art. 6(1)(b) GDPR, insofar as your enquiry is related to the performance of a contract or is necessary in order to take steps prior to entering into a contract. In all other cases, the data will be processed on the basis of your consent (Art. 6(1)(a) GDPR) and/or our legitimate interests (Art. 6(1)(f) GDPR), since we have a legitimate interest in the effective processing of the enquiries submitted to us.
We will continue to hold the data that you sent to us in the form of contact enquiries until you ask us to erase it, withdraw your consent to the storage of the data, or until the purpose for the data storage no longer applies (e.g. the processing of your enquiry has been completed). This is without prejudice to any mandatory statutory regulations – in particular statutory retention periods.
Job applications using the online form
On our website, we offer job applicants the option of applying online using an application form. In order to be accepted into the application process, the applicant must include in the form all the personal data required for us to make a sound, informed judgement and selection.
The required information includes general personal data (name, address, contact phone number or electronic means of contact) and specific evidence of the qualifications necessary for a post. Health-related details may also be needed, insofar as these need to be taken into consideration with regard to labour and social welfare law in the interests of the applicant's social protection.
When the form is submitted, the applicant data is sent to us using state-of-the-art encryption, stored by us and assessed solely for the purpose of processing the application.
The legal basis for processing this data is Art. 6(1)(b) GDPR combined with paragraph 26(1) BDSG (German Federal Data Protection Act), under which the application process is deemed the initiation a contract of employment.
Insofar as applicants are requested to provide special categories of personal data (e.g. health data such as details of disabilities) as per Art. 9(1) GDPR, this data is processed in accordance with Art. 9(2)(b) GDPR, in order for us to be able to exercise rights in the field of employment and social security and social protection law and fulfil our obligations in this regard.
The special data categories may alternatively or cumulatively be processed on the basis of Art. 9(1)(h) GDPR, if processing this data is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services.
If the applicant is not selected during the evaluation described above, or an applicant withdraws their application early, the applicant's data sent via the form shall be erased after no more than 6 months, following notification to this effect. This delay is calculated on the basis of our legitimate interest in answering any follow-up questions regarding the application and, where necessary, complying with our record-keeping obligations pursuant to the regulations on equal treatment of applicants.
In the case of a successful application, the data provided will be processed further on the basis of Art. 6(1)(b) GDPR combined with paragraph 26(1) BDSG (German Federal Data Protection Act) for the purposes of conducting the employment relationship.
Data processing for order handling
In order to process your order, we work with service providers who fully or partially assist us with the performance of closed contracts. If you commission us to perform a service or send goods, your personal data will be used without your separate consent only insofar as this data is required in order to provide the service or perform the contract. This applies in particular to the disclosure of your data to transport companies, credit institutions or others for provision of the service or contractual performance of the services used.
As part of contractual performance, the personal data gathered by us is disclosed to, for example, the transport company assigned with the delivery, insofar as this is necessary in order to deliver the goods. We will disclose your payment data to the assigned credit institution, insofar as this is necessary for processing the payment. The legal basis for disclosing this data is Art. 6(1)(b) GDPR.
We disclose customer accounts and personal data about customers if we are legally obliged to do so, or if the disclosure of this data is required in order implement our general terms of business or other agreements, or to protect our rights or the rights of other customers and those of third parties.
This website uses the YouTube embedding function for display and playback of videos offered by the provider "YouTube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Regardless of whether the embedded video is played back, a connection to the Google network is established when visiting this website, which may trigger further data processing beyond our control.
In the event that personal data is transferred to Google LLC. based in the United States, Google LLC. is certified under the US-European "Privacy Shield" data protection agreement, which guarantees compliance with the data protection level applicable in the EU. An up to date certificate can be viewed here: https://www.privacyshield.gov/list
Our social media presence
Data processing by social networks
We maintain publicly accessible profiles on social media. Details of the specific social networks we use are set out below.
Social networks such as Facebook, Google+, etc. are generally able to comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. "Like" buttons or banner ads). Visiting our social media pages triggers numerous processing operations relevant for data protection. Specifically:
If you visit our social media page when you are logged in to your social media account, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded even if you are not logged in or do not have an account with the social media portal in question. In this case, this data is collected using cookies stored on your device, for example, or by recording your IP address.
Using the data collected in this way, the operators of the social media portals are able to create user profiles containing your preferences and interests. By this means, you can be shown interest-based advertising both within and outside of the particular social media site. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged into or have previously logged into.
One of the aims of processing this information is to allow the social media platform to improve its advertising system, which it disseminates throughout its network. Another is to allow us as the operator of the social media page to obtain statistics, which are compiled based on the visits to our network page. The purpose of this is to manage the marketing of our activities. For example, it allows us to become acquainted with the profiles of visitors who like our social media page or use applications on the page, in order to provide them with more relevant content and develop functions that might be of more interest to them.
Our social media activity is designed to achieve the widest possible online presence. This is a legitimate interest under Art. 6(1)(f) GDPR. The analysis processes triggered by the social networks may have an alternative legal basis, which must be specified by the social network operators (e.g. consent within the meaning of Art. 6(1)(a) GDPR).
The controller and assertion of rights
If you visit one of our social media pages (e.g. Facebook), we and the operator of the social media platform are jointly responsible for the data processing operations triggered by your visit. In principle you can exercise your rights (information, rectification, erasure, restriction of processing, data portability and complaint) against us and against the operator of the relevant social media portal (e.g. Facebook).
Please note that despite our joint responsibility with the social media portal operators, we cannot fully control the data processing activities of the social media portals. Our options are largely based on the company policy of the provider in question.
Duration of storage
The data we collect directly through our social media presence will be deleted from our systems as soon as the purpose for the data storage no longer exists, if you ask us to erase this data, if you withdraw your consent to the storage of the data, or the purpose for the data storage no longer applies. Cookies stored on your device will remain there until you delete them. This is without prejudice to any mandatory statutory regulations – in particular retention periods.
Specific social networks
We have a Facebook profile. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.
We have concluded an agreement with Facebook regarding joint responsibility for the processing of data (Controller Addendum). This agreement defines which data processing operations we or Facebook are responsible for when you visit our Facebook Fan Page. You can read this agreement by clicking on this link:
You can customise your advertising settings yourself in your user account. Click on the following link and log in: www.facebook.com/settings
Link to information about Page Insights data:
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US Privacy Shield. LinkedIn uses advertising cookies.
Under the settings for advertising preferences, LinkedIn users can control the extent to which their user behaviour can be recorded during their visit to our LinkedIn page.
Processing of information by the cookies used by LinkedIn can also be disabled if cookies from third parties or from LinkedIn are blocked by your own browser settings.
To disable the LinkedIn advertising cookies, use the following link:
Google APIs / Google Hosted Libraries
We use Google Hosted Libraries on our website. Google Hosted Libraries is a service by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
The connection to the library takes place via an interface ("API") to Google services. Through this connection to the library, Google may collect and process information (including personal data). In so doing, the possibility that Google could transfer the information to a server in a third country cannot be excluded.
Specifically, the following personal data is processed by Google Hosted Libraries:
- Log data (particularly the IP address)
- Information about location
- Unique application numbers
- Cookies and similar technologies
If you are logged into your Google account, depending on your account settings, Google may be able to add the processed information to your account and treat it as personal data. You can prevent direct addition of this data by logging out of your Google account or changing the corresponding settings in your Google account. You can also prevent the installation of any cookies that Google places using the corresponding settings in your browser.
Details about the terms for Google Hosted Libraries can be found under: developers.google.com/speed/libraries/terms
Technical information about Google Hosted Libraries can be found under: developers.google.com/speed/libraries/
Google may place cookies on your device for the use of Google Hosted Libraries. Google claims to use these cookies solely for reasons of security and prevention of misuse.
Our aim in integrating Google Hosted Libraries is to integrate the libraries needed for optimal functionality of the site.
The legal basis for the processing of personal data described here is Art. 6(1)(f) GDPR. Our legitimate interest required for this is the major benefit derived from the integration of Google Hosted Libraries. Integrating the libraries via Google enables us to reduce our maintenance costs, the loading time of the website, and the server and traffic loads. Google also has a legitimate interest in the (personal) data it gathers in order to improve its own services.
Integration of Google Maps
(1) On this website, we use Google Maps. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.
(2) When you visit the website, Google is informed that you have called up the corresponding subpage of our website. In addition, the data referred to in paragraph 3 of this policy will be transmitted. This occurs regardless of whether Google provides a user account that you are logged into, or whether you do not have a user account. If you are logged into Google, your data will be directly associated with your account. If you do not wish to be associated with your profile on Google, you should log out before activating the button. Google stores your data as user profiles and uses it for the purposes of advertising, market research and/or customisation of its website. This kind of analysis takes place in particular (including for users who are not logged in) in order to show you targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; you would have to contact Google to exercise this right.
(3) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the privacy policies of the provider. These will also give you further information about your rights in this regard and setting options to protect your privacy: https://policies.google.com/privacy?hl=en. Google also processes your personal data in the USA and complies with the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework
We use Bootstrap technology on our web pages for state-of-the-art design and presentation of the content on different devices. The provider is StackPath, LLC, 2021 McKinney Avenue, Suite 1100 Dallas, Texas 75201. To increase the loading speed of our web pages, we use the BootstrapCDN (Content Delivery Network) from MaxCDN to supply libraries (collections of technical instructions) to your browser. The service is integrated for the optimisation of our web pages in our own interest, as per Art. 6(1)(f) GDPR.
It is highly likely that you have already downloaded one of these libraries when visiting another BootstrapCDN website. In this case, your browser can refer back to the stored copy in your cache. If your browser has not stored a copy in the cache or downloaded the file from BootstrapCDN for another reason, your IP address will be sent to the provider MaxCDN while connecting to the BootstrapCDN server.
Further information on data protection at StackPath, LLC. can be found at: https://www.stackpath.com/legal/master-service-agreement/#pp
For the exceptional cases in which personal data is transferred to the USA, StackPath (BootstrapCDN) complies with the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
Rights of the data subject
Under the applicable data protection law, you have data subject rights vis-à-vis the controller with regard to the processing of your personal data (right of access to information and right of intervention), as detailed below:
- Right of access to information as per Art. 15 GDPR: You have in particular a right of access to information about your personal data processed by us, the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory authority, where the personal data is not collected from you, any available information as to its source, the existence of automated decision making, including profiling, and if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you, and your right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer of your data to a third country.
- Right to rectification as per Art. 16 GDPR: You have the right to immediate rectification of inaccurate personal data concerning you, and to completion of your personal data stored by us, should it be incomplete.
- Right to erasure as per Art. 17 GDPR: You have the right to demand erasure of your personal data where the grounds in Art. 17(1) GDPR apply. However, this right shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defence of legal claims.
- Right to restriction of processing as per Art. 18 GDPR: You have the right to demand restriction of processing of your personal data where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data; if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead; if we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; if you have objected to processing for reasons relating to your specific situation, pending verification as to whether our legitimate grounds override yours.
- Right to notification as per Art. 19 GDPR: If you have asserted the right to rectification or erasure of personal data or restriction of processing vis-à-vis the controller, the latter is obliged to communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability as per Art. 20 GDPR: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit this data to another controller, where technically feasible.
- Right to withdraw consent as per Art. 7(3) GDPR: You have the right to withdraw your consent to the processing of your data at any time with future effect. If you withdraw your consent, we will erase the data concerned without delay, unless a legal basis can be supported for further processing without consent. The withdrawal of consent shall not affect the legality of processing carried out between the giving of consent and withdrawal.
- Right to lodge a complaint as per Art. 77 GDPR: If you believe that the processing of the personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
This website uses SSL encryption for reasons of security and to prevent the transfer of confidential content, such as the enquiries you submit to us as the operators of the website. An encrypted link can be identified by the fact that the browser address bar switches from "http://" to "https://" and the padlock symbol appears in your browser bar. When SSL encryption is activated, the data you transfer to us cannot be read by third parties.
Right of access to information, erasure, blocking
Data protection officer:
We implement a wide range of security measures as per Art. 32 GDPR (technical and organisational measures) to protect your personal data. If you contact us by email, please note that the confidentiality of the information you send is not guaranteed. The content of the emails may under certain circumstances be seen by third parties. We therefore recommend that you send us confidential information by post.
Objection to marketing emails
We hereby object to the use of contact data, published as part of our obligation to provide a legal notice, for the sending of marketing and information material not explicitly requested. The operators of the sites expressly reserve the right to take legal steps in the event of unsolicited sending of marketing material, such as spam emails.
Right to object
If, as part of a weighing up of interests, we process your personal data on the basis of our overriding interest, you have the right to object to this processing at any time with future effect, on grounds relating to your particular situation.
If you exercise your right to object, we shall cease to process the data concerned. However, we reserve the right to process this data further if we can provide compelling reasons for processing it which override your interests, basic rights and basic freedoms, or if the processing is for the establishment, exercise or defence of legal claims.
If we process your personal data for direct marketing purposes, you shall have the right to object to the processing of personal data concerning yourself for such marketing at any time. You can exercise your right to object as described above.
If you exercise your right to object, we shall cease to process the data concerned for direct marketing purposes.
Duration of storage of personal data
The duration of the storage of personal data is determined by the respective legal retention period (e.g. commercial and tax retention periods). After expiry of this period, the corresponding data will be routinely erased, provided it is no longer necessary for the performance or initiation of the contract and/or there is no longer any legitimate interest on our part in further storage.