Data Privacy Statement

We are very grateful for your interest in our company. Data protection is particularly important to the management of Dr.-Ing. Paul Christiani GmbH & Co. KG. As a basic principle, it is possible to use the websites of Dr.-Ing. Paul Christiani GmbH & Co. KG without disclosing personal data of any kind. However, if a data subject wishes to make use of particular services offered by our company through our website, this may require the processing of personal data. If the processingof personal data is necessary and there is no legal basis for such processing, we will always obtain the consent of the data subject. Personal data, such as the name, address, e-mail address or phone number of a data subject, is always processed in accordance with the General Data Protection Regulation and in line with the national provisions on data protection that apply to Dr.-Ing. Paul Christiani GmbH & Co. KG. With this Data Privacy Statement, our company aims to provide information to the public on the nature,scope and purpose of the personal data we collect, use and process. This Data Privacy Statement also informs data subjects about the rights that they hold. As the controller, Dr.-Ing. Paul Christiani GmbH & Co. KG has implemented numerous technical and organisational measures in order to ensure that the personal data processed via this website is afforded the most complete protection possible. Nevertheless, it is always possible for security gaps to exist in Internet-based data transmission, which means that it is not possible to ensure absolute protection. For this reason, all data subjects are free to send personal data to us via alternative methods, such as by telephone. 1. Definitions This Data Privacy Statement by Dr.-Ing. Paul Christiani GmbH & Co. KG is based on the terms that have been used by European regulators for the adoption of the General Data Protection Regulation (GDPR). Our Data Privacy Statement is intended to be simple to read and easy to understand both for the general public and for our customers and business partners. In order to ensure that this is the case, we would like to begin by explaining some of the terms we will be using. We use the following terms, amongst others, in this Data Privacy Statement: ·         a)  Personal Data Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. ·         b)  Data Subject A data subject is any identified or identifiable natural person whose personal data is processed bythe controller. ·         c)  Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

·         d)  Restriction of Processing Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future. ·         e)    Profiling Profiling means any form of automated processing of personal data comprising the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. ·         f)    Pseudonymisation Pseudonymisation means the processing of personal data such that the personal data can no longer be traced to a specific data subject without involving additional information, provided this additional information is kept separately and is subject to appropriate technical and organisationalmeasures that guarantee that the personal data cannot be assigned to an identified or identifiablenatural person. ·         g)  Controller Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. ·         h)  Processor Processor means a natural or legal person, public authority, agency or other body which processes data on behalf of the controller. ·         i)    Recipient Recipient means a natural or legal person, public authority, agency or another body to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients. ·         j)    Third Party Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. ·         k)  Consent Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes made by the data subject by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

2. Name and Address of the Controller

The controller in accordance with the General Data Protection Regulation, other data protection laws in the member states of the European Union and other provisions in force for the purposes of data protection is: Dr.-Ing. Paul Christiani GmbH & Co. KG Hermann-Hesse-Weg 2 78464 Konstanz Deutschland Tel.: 07531 5801-100 E-Mail: info@christiani-international.com Website: www.christiani-international.com

3. Name and Address of the Data Protection Officer

The data protection officer of the controller is: Herr Stefan Keller machCon Deutschland GmbH Robert-Bosch-Strasse 1 78234 Engen Germany Tel.: +49 1736356469 E-Mail: stefan.keller@machcon.com Website: machcon.com Each data subject can contact our data protection officer directly at any time for any questions and suggestions regarding data protection.

4. Cookies

The websites of Dr.-Ing. Paul Christiani GmbH & Co. KG use cookies. Cookies are text files inserted and stored on a computer system by an Internet browser.

Many websites and servers use cookies. Many cookies contain a cookie ID. A cookie ID is a unique identifier for a cookie. It consists of a sequence of characters, which enables websites andservers to be assigned to the specific Internet browser in which the cookie was saved. This enables websites and servers that have been visited to differentiate between the specific browser of the data subject and other Internet browsers with different cookies. A given Internet browser can be recognised and identified via the unique cookie ID.

By using cookies, Dr.-Ing. Paul Christiani GmbH & Co. KG can provide users of this website with more user-friendly services that would not be possible without the use of cookies. Cookies can be used to optimise the information and offers on our website in the interests of the visitor. As previously mentioned, cookies enable us to recognise visitors to our website. The purpose of recognising them is to make it easier for visitors to use our website. For example, visitors to a website that uses cookies do not need to enter their login details every time, becausethe website and the cookie stored on the visitor’s computer system do this for them. Another example is the cookie for a shopping basket in an online shop. An online shop remembers the items that a customer has added to their virtual shopping basket by means of a cookie. The data subject can prevent cookies being stored by our website at any time by adjusting the relevant setting in the Internet browser they use, thereby permanently objecting to cookies being inserted onto their computer. In addition, cookies that have already been stored can be deleted via your browser or other software at any time. This can be carried out in all commonly used Internet browsers. If a data subject disables cookies in the Internet browser used, it may not be possible to make full use of some functions on our website.

5. Collecting General Data and Information

Each time the Dr.-Ing. Paul Christiani GmbH & Co. KG website is accessed by a data subject or an automated system, the site collects a range of general data and information. This general dataand information is stored in server log files. The data that may be collected includes (1) the browser type and version used, (2) the operating system used by the system accessing the site, (3) the website via which the system accessing the site reaches our website (i.e. a referrer), (4) the sub-websites accessed on our website by a system accessing the site, (5) the date and time at which the site is accessed, (6) the Internet Protocol address (IP address), (7) the Internet service provider for the system accessing the site and (8) other similar data and information used for security purposes in the event of attacks on our IT systems. Dr.-Ing. Paul Christiani GmbH & Co. KG does not identify the data subject when using this general data and information. This data is instead required in order to (1) correctly provide the contents of our website, (2) optimise the contents of our website and our associated advertising, (3) guarantee the long-term functionality of our IT systems and the technology we use for our website and (4) provide law enforcement agencies with information required for criminal proceedings in the event of a cyberattack. This anonymously collected data and information is therefore evaluated by Dr.-Ing. Paul Christiani GmbH & Co. KG for statistical purposes as well as for the purpose of increasing data protection and the data security in our company, in order to ultimately ensure an ideal level of security for the personal data we process. The anonymous data from the server log files is stored separately from all personal data supplied by data subjects.

6. Registering on Our Website

The data subject has the option to register on the website of the controller by entering personal data. The personal data provided to the controller comes from the input field used for registration.The personal data entered by the data subject will only be collected and stored for internal use bythe controller and for their own purposes. The controller can arrange for transfer of the personal data to one or more processors, such as a parcel service provider, who likewise will only use that personal data for internal use that can be attributed to the controller.

Registering on the website of the controller also causes the IP address assigned by the Internet Service Provider (ISP) of the data subject and the date and time of registration to be stored. This data is only stored for the specific purpose of preventing misuse of our services and because this data can be used to investigate offences committed if necessary. In this respect, storage of the data is required for safeguarding the controller. This data will not be passed on to third parties unless there is a legal obligation to do so or if this is required in order to assist in law enforcement.
Registration of the data subject, with voluntary submission of personal data, is used by the controller to offer the data subject content or services that can only be offered to registered users due to the nature of the content or services involved. Registered persons have the option to amend the personal data submitted during registration at any time or have this data completely erased from the database of the controller.
The controller will inform every data subject of the personal data stored regarding that data subject upon request. In addition, the controller will rectify or delete the personal data upon request or instruction by the data subject, provided this does not contravene any statutory retention obligations. In this regard, all employees of the controller are available to the data subject as contact persons.

7. Subscribing to Our Newsletter

The website of Dr.-Ing. Paul Christiani GmbH & Co. KG provides visitors with the option to subscribe to the newsletter of our company. The personal data provided to the controller as part of ordering the newsletter comes from the input field used for this purpose. Dr.-Ing. Paul Christiani GmbH & Co. KG informs its customers and business partners of products and services offered by the company at regular intervals by means of a newsletter. Our company’s newsletter can only be received by a data subject if (1) the data subject has a valid e-mail address and (2) the data subject has registered to receive the newsletter. For legal reasons, a confirmation e-mail based on the double opt-in process will be sent to the e-mail address entered for the first time by the data subject for receipt of the newsletter. This confirmation e-mail is used to check whether the owner of that e-mail address has provided authorisation for receipt of the newsletter as a data subject. As part of registration for the newsletter, we also store the IP assigned by the Internet Service Provider (ISP) used by the computer of the data subject at the time of registration, as well as the date and time of registration. Collection of this data is required to identify (possible) misuse of the e-mail address of a data subject at a later time, and therefore acts as legal protection for the controller. The personal data collected upon registration for the newsletter is only used for sending our newsletter. In addition, subscribers to the newsletter are provided with information via e-mail if that information is required for operation of the newsletter service or registration for the newsletterservice, which may be necessary in the event of changes to the newsletter service or changes to the technical conditions. The personal data collected as part of the newsletter service is not shared with third parties. Subscription to our newsletter can be cancelled by the data subject at any time. Consent to storage of personal data provided to us by the data subject for the purposesof sending the newsletter can be withdrawn at any time. A link for withdrawing this consent is included in every newsletter. There is also the option to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller by other means.

8. Newsletter-Tracking

The newsletter of Dr.-Ing. Paul Christiani GmbH & Co. KG contains tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails sent in HTML format to enable recording of a logfile and log file analysis. This enables statistical evaluation of the success or failure of online marketing campaigns to be carried out. The embedded tracking pixel enables Dr.-Ing. Paul Christiani GmbH & Co. KG to detect if and when an e-mail has been opened by a data subject and what links contained within the e-mail were selected by the data subject. This personal data collected via the tracking pixels included in the newsletters is stored and evaluated by the controller in order to optimise sending of the newsletter and adjust the content offuture newsletters to better suit the interests of the data subject. This personal data is not passed on to third parties. Data subjects are entitled to withdraw the declaration of consent made separately via the double opt-in process at any time. Following withdrawal of the declaration of consent, this personal data will be erased by the controller. Cancelling receipt of the newsletter is automatically considered by Dr.-Ing. Paul Christiani GmbH & Co. KG to constitute withdrawal of that declaration of consent.

9. Options for Getting in Touch via the Website

In accordance with statutory provisions, the website of Dr.-Ing. Paul Christiani GmbH & Co. KG contains details that enable quick electronic contact with our company as well as direct communication with us, which also includes a general e-mail address. If a data subject contacts the controller by e-mail or using a contact form, the personal data supplied by the data subject is stored automatically. Personal data supplied voluntarily by a data subject to the controller in this way is stored for the purpose of processing and/or getting in touch with the data subject. This personal data is not shared with third parties.

10. Subscription to Comments on the Blog on the Website

In general, third parties can subscribe to any comments left on the Dr.-Ing. Paul Christiani GmbH & Co. KG blog. In particular, it is possible for a commentator to subscribe to subsequent comments made on their comment on a specific blog entry. If a data subject chooses the option to subscribe to comments, the controller will send an automatic confirmation e-mail in order to check using a double opt-in process whether the owner of the specified e-mail address has actually decided to select that option. The option to subscribe to comments can be cancelled at any time.

11. Routine Erasure and Restriction of Processing of Personal Data

The controller processes and stores personal data only for as long as necessary in order to fulfil the purpose for which it is stored, or in the event that this is provided for in legislation or regulations by the European regulator or other legislator under whose jurisdiction the controller lies.

If the purpose of storage no longer applies or a storage period prescribed by the European regulator or other competent legislator expires, the personal data is, routinely and in accordance with the statutory requirements, either erased or processing thereof is restricted.12. Rights of Data Subjects·a) Right to Confirmation

12. Rights of Data Subjects

·         a)  Right to Confirmation Every data subject has the right, conferred by the European regulator, to obtain from the controller confirmation as to whether or not personal data concerning them is being processed. If a data subject wishes to exercise this right to confirmation, they may contact an employee of the controller at any time for this purpose. ·         b)  Right of Access Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to obtain information regarding the personal data stored concerning their person and receive a copy of this information, free of charge. In addition, the European regulator has provided data subjects with the right to obtain the following information:

  • The purposes of processing
  • The categories of personal data being processed
  • The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
  • If possible, the planned duration of storage of this data or, if this is not possible, the criteria for defining this duration
  • The existence of any right to rectification, erasure or restriction of processing of the personal data relating to the data subjects by the controller or any right to object to this processing
  • The right to lodge a complaint with a supervisory authority
  • If the personal data has not been collected from the data subject: All available informationconcerning the origin of the data
  • The existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and, in such cases, meaningful information regarding the logicinvolved as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject has the right of access to information regarding whether personal data has been transferred to a third country or an international organisation. If this is the case, thedata subject also has the right of access to information about the appropriate safeguards taken inrelation to the transfer. ·         c)  Right to Rectification

Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to demand rectification of incorrect personal data concerning them without delay. Furthermore, the data subject has the right to have incomplete personal data completed ‒ including by means of a supplementary statement ‒ taking into account the purposes of the processing.
If a data subject wishes to exercise this right to rectification, they may contact an employee of the controller at any time for this purpose

·         d)  Right to Erasure (Right to be Forgotten) Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to demand that the controller erase personal data concerning them without delay, insofar as one of the following grounds applies and processing is not necessary:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • The data subject withdraws consent on which the processing was based in accordance with Article 6(1a) or Article 9(2a) GDPR, and there is no other legal ground for the processing.
  • The data subject objects to the processing in accordance with Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Article 21(2) GDPR.
  • The personal data has been unlawfully processed
  • The erasure of personal data is required in order to meet a legal obligation under Union orMember State law to which the controller is subject.
  • The personal data has been collected in relation to the offer of information society services in accordance with Article 8(1) GDPR.

Provided that one of the above grounds applies and a data subject wishes to arrange for erasure of the personal data stored by Dr.-Ing. Paul Christiani GmbH & Co. KG, they can contact an employee of the controller at any time for this purpose. The employee of Dr.-Ing. Paul Christiani GmbH & Co. KG will arrange for the erasure demand to be complied with without delay. If the personal data has been disclosed by Dr.-Ing. Paul Christiani GmbH & Co. KG and our company is obliged as the controller to erase the personal data in accordance with Article 17(1) GDPR, Dr.-Ing. Paul Christiani GmbH & Co. KG will take appropriate measures, including those of a technical nature and taking into account the available technology and costs of implementation, to make other parties responsible for processing the disclosed personal data aware that the data subject has demanded from these responsible parties the erasure of all links to this personal data or copies or replicas thereof, insofar as the processing thereof is not necessary. The employee of Dr.-Ing. Paul Christiani GmbH & Co. KG will arrange for the necessary steps to be taken on a case-by-case basis. ·         e)  Right to Restriction of Processing Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to demand that the controller restrict the processing of their personal data in the event that one of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal dataand requests the restriction of its use instead.
  • The controller no longer needs the personal data for the purposes of processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to processing in accordance with Article 21(1) GDPR and itis not yet clear whether the legitimate grounds of the controller override those of the data subject.

Provided that one of the above requirements applies and a data subject wishes to demand restriction of personal data stored by Dr.-Ing. Paul Christiani GmbH & Co. KG, they can contact an employee of the controller at any time for this purpose. The employee of Dr.-Ing. Paul Christiani GmbH & Co. KG will arrange for the restriction of processing. ·         f)    Right to Data Portability Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to obtain the personal data in question, provided to a controller by the data subject, in a structured, commonly used and machine-readable format. They also have the right to transmit the data to another controller without hindrance from the controller to which the personal data has been provided, provided that the processing is based on consent in accordance with Article 6(1a) or Article 9(2a) GDPR or on a contract in accordance with Article 6(1b) GDPR and the processing is carried out by automated means, provided that the processingis not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, in exercising their right to data portability in accordance with Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, if this is technically feasible and provided that this does not adversely affect the rights and freedoms of others. The data subject may contact an employee of Dr.-Ing. Paul Christiani GmbH & Co. KG at any time in order to exercise their right to data portability. ·         g)  Right to Object Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6(1e) or Article 6(1f) GDPR. This includes profiling based on these provisions.

Dr.-Ing. Paul Christiani GmbH & Co. KG will cease processing the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or where the processing is used forthe establishment, exercise or defence of legal claims.
In cases where Dr.-Ing. Paul Christiani GmbH & Co. KG processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing. This includes profiling, to the extent that it is related to such direct marketing. If the data subject makes an objection to Dr.-Ing. Paul Christiani GmbH & Co. KG concerning processing for direct marketing purposes, Dr.-Ing. Paul Christiani GmbH & Co. KG will cease to process the personal data for such purposes.
In addition, the data subject has the right to object, on grounds relating to their particular situation, to processing of personal data concerning them by Dr.-Ing. Paul Christiani GmbH & Co.KG for scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.
The data subject may contact any employee of Dr.-Ing. Paul Christiani GmbH & Co. KG or another employee directly to exercise their right to object. In the context of the use of information society services, and irrespective of Directive 2002/58/EC, the data subject may also exercise their right to object by automated means using technical specifications.

·         h)    Automated Decision-making on a Case-by-case Basis, Including Profiling Every data subject affected by the processing of personal data has the right, conferred by the European regulator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This does not apply if the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the data controller, or (2) is authorised by European Unionor member state statutory provisions to which the controller is subject and which also lay down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (3) is based on the data subject’s explicit consent. If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the data controller or (2) is made with the data subject’s explicit consent, Dr.-Ing. Paul Christiani GmbH & Co. KG will take suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision. If the data subject wishes to exercise their rights with regard to automated decision-making, they may contact an employee of the controller responsible for the data processing at any time for this purpose. ·         i)    Right to Withdraw Consent Under Data Protection Law Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to withdraw consent for the processing of their personal data at any time. If the data subject wishes to exercise their right to withdraw consent, they may contact an employee of the controller responsible for the data processing at any time for this purpose.

13. Data Protection for Applications and Application Procedures

The controller collects and processes the personal data of job applicants for the purposes of managing the application process. This processing may also be performed electronically. This is the case in particular if an applicant sends such application documents to the controller via electronic means, for example by e-mail or using an online form on the website. If the controller concludes an employment contract with an applicant, the data transmitted for the purposes of establishing the employment relationship is stored in accordance with legal regulations. If an employment contract is not concluded between the controller and the applicant, the application is erased two months after the applicant is notified of rejection, provided erasure does not conflict with other legitimate interests on the part of the controller. An example of a legitimate interest in this sense is a burden of proof in legal proceedings in accordance with the German General Act on Equal Treatment (AGG).

14. Data Protection Provisions Concerning Use by econda

The controller has integrated components provided by econda on this website. Econda is a web analytics service. Web analytics refers to the collection, compilation and evaluation of data concerning the behaviour of visitors to websites. A web analytics service collects data about the site from which a data subject is linked to a certain website (the referrer), which sub-pages on thewebsite are accessed and how often and for how long sub-pages are viewed, among other data. Web analytics is predominantly used to optimise a website and to create a cost/benefit analysis ofInternet advertising. The operating company of econda is econda GmbH, Zimmerstrasse 6, 76137 Karlsruhe, Germany. Econda inserts a cookie onto the data subject’s IT system. The definition of cookies is given above. Each time an individual page is accessed on this website ‒ which is operated by the controller responsible for the data processing and onto which an econda component has been integrated ‒ the relevant econda component automatically causes the Internet browser on the data subject’s IT system to transfer data to econda for marketing and optimisation purposes. As part of this technical process, econda receives information about data used as part of creating pseudonymised usage profiles. The usage profile compiled by this process is used for analysis of the behaviour of the data subject who has accessed the controller’s website and is evaluated for the purposes of improving and optimising the website. The data recorded via the econda component will not be used to identify the data subject without separate and explicit consent given by the data subject. This data is not combined with personal data or other data containing the same pseudonym. The data subject can prevent the insertion of cookies by our website, as set out above, at any time by adjusting the relevant setting in the Internet browser they use, thereby objecting to cookies being inserted on their computer in all cases. Changing the settings of the browser used in this way would also prevent econda from inserting a cookie onto the data subject’s IT system. In addition, cookies that have already been inserted by econda can be deleted via the browser or other software at any time. The data subject also has the option to object to collection of the data concerning use of this website generated by the econda cookie and the processing of that data by econda, and can prevent this from taking place. To do so, the data subject must press the Submit button at the linkhttps://www.econda.de/en/data-storage-opt-out/, which will insert the Opt-Out cookie. The Opt-Out cookie inserted as a result of making the objection is stored on the IT system used by the data subject. If cookies are erased on the data subject’s system following the objection, the data subject must access this link again and insert a new Opt-Out cookie. However, it is possible that inserting the Opt-Out cookie may result in the data subject no longer being able to use all features of the controller’s websites. The applicable econda data protection provisions can be found at https://www.econda.de/en/data-protection/.

15. Data Protection Provisions Concerning Use by Google Analytics (with Anonymisation Function)

The controller has integrated the Google Analytics (with anonymisation function) component onto this website. Google Analytics is a web analytics service. Web analytics refers to the collection, compilation and evaluation of data concerning the behaviour of visitors to websites. A web analytics service collects data about the site from which a data subject is linked to a certain website (the referrer), which sub-pages on the website are accessed and how often and for how long sub-pages are viewed, among other data. Web analytics is predominantly used to optimise awebsite and to create a cost/benefit analysis of Internet advertising.
The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
The controller uses the extension “_gat._anonymizeIp” for web analytics via Google Analytics. This extension is used by Google to shorten and anonymise the IP address of the data subject’s Internet connection when our website is accessed from a member state of the European Union orother states party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information they obtain to evaluate use of our website in order to compile online reports showing activity on our website and in order to provide additional services relating to the use of our website, among other uses.
Google Analytics places a cookie on the data subject’s IT system. The definition of cookies is given above. By placing this cookie, Google is able to analyse the use of our website. Each time an individual page is accessed on this website ‒ which is operated by the controller responsible for the data processing and onto which a Google Analytics component has been integrated ‒ the relevant Google Analytics component automatically causes the Internet browser on the data subject’s IT system to transfer data to Google for online analysis purposes. As part of this technical process, Google receives information about personal data such as the IP address of thedata subject, which Google uses to trace the origin of visitors and clicks and subsequently facilitate commission billing, among other uses.
Cookies are used to store personal information, such as the time of access, location from which access originated and the regularity of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google in the USA. This personal data is stored by Google in the USA. Under certain circumstances, Google may share this personal data, collected using the aforementioned technical process, with third parties.
The data subject can prevent the insertion of cookies by our website, as set out above, at any time by adjusting the relevant setting in the Internet browser they use, thereby objecting to cookies being inserted on their computer in all cases. Changing the settings of the browser used in this way would also prevent Google from inserting a cookie on the data subject’s IT system. In addition, a cookie already inserted by Google Analytics can be deleted via an Internet browser or other software at any time.

The data subject also has the option to object to collection of the data concerning use of this website generated by Google Analytics and the processing of that data by Google, and can prevent this from taking place. To do so, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics, via JavaScript, that no data or information concerning visits to websites is permitted to be transferred to Google Analytics. The installation of this browser add-on is interpreted as an objection by Google. If the data subject’s IT system is later erased, formatted or reinstalled, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. In the event that the browser add-on is uninstalled or deactivated by the data subject orsomeone else within their sphere of influence, there is the option to reinstall or reactivate the browser add-on.

Additional information and the applicable Google Privacy Policy can be accessed at https://policies.google.com/privacy and https://www.google.com/analytics/terms/gb.html. Google Analytics is explained in more detail at the following link: https://www.google.com/intl/en_uk/analytics/.

16. Data Protection Provisions Concerning Use by Google Remarketing

The controller has integrated Google Remarketing services onto this website. Google Remarketing is a function of Google AdWords that enables a company to display advertisements to Internet users who have previously visited the company’s website. Integration of Google Remarketing therefore enables a company to create user-specific advertisements and thus display advertisements to Internet users that are relevant to their interests.
The operating company of Google Remarketing is Google Ireland Limited, Gordon House, BarrowStreet, Dublin, D04 E5W5, Ireland.
The purpose of Google Remarketing is to display advertisements that are relevant to users’ interests. Google Remarketing enables us to display advertisements via the Google advertisement network or on other websites that are tailored to the individual needs and interests of Internet users.
Google Remarketing places a cookie on the data subject’s IT system. The definition of cookies is given above. By placing this cookie, Google is able to recognise a visitor to our website when thatuser subsequently accesses websites that are also members of the Google advertising network. Each time a website into which Google Remarketing is integrated is accessed, the data subject’s Internet browser automatically identifies itself to Google. As part of this technical process, Googlereceives information about personal data, such as the user’s IP address or surfing behaviour, which Google will use to display advertisements relevant to the user, among other things.
These cookies store personal information, such as websites visited by the data subject. Each time our website is visited, personal data, including the IP address of the Internet connection used by the data subject, is therefore transferred to Google in the USA. This personal data is stored by Google in the USA. Under certain circumstances, Google may share this personal data,collected using the aforementioned technical process, with third parties.
The data subject can prevent the insertion of cookies by our website, as set out above, at any time by adjusting the relevant setting in the Internet browser they use, thereby objecting to cookies being inserted on their computer in all cases. Changing the settings of the browser used in this way would also prevent Google from inserting a cookie on the data subject’s IT system. In addition, a cookie already inserted by Google Analytics can be deleted via an Internet browser or other software at any time.
The data subject also has the option to object to interest-based advertisement by Google. To do so, the data subject must access the link www.google.com/settings/ads from every Internet browser they use and select the settings they wish to use there.
Additional information and the applicable Google Privacy Policy can be accessed at https://policies.google.com/privacy.

17. Data Protection Provisions Concerning Use by Google AdWords

The controller has integrated Google AdWords onto this website. Google AdWords is a service for Internet advertisement that enables advertisers to place advertisements in the search engine results of Google as well as in the Google ad network. Google AdWords enables an advertiser to define certain keywords in advance, whereby an advertisement is only displayed in search engine results if the user accesses a search result relevant to the keyword using the search engine. In the Google ad network, advertisements are displayed via an automatic algorithm and distributed on websites relevant to the topic, taking into consideration the previously defined keywords.
The operating company of Google AdWords is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
The purpose of Google AdWords is to advertise our website by displaying advertisements relevant to users’ interests on websites of third-party companies and in search engine results in the Google search engine, as well as displaying third-party advertisements on our website.
If a data subject accesses our website via a Google advertisement, a conversion cookie is placedby Google on the data subject’s IT system. The definition of cookies is given above. A conversioncookie expires after thirty days, and is not used to identify the data subject. Provided that it has not expired, the conversion cookie will track whether certain sub-pages, such as the shopping basket of an online shop system, have been accessed on our website. The conversion cookie enables both us and Google to track whether a data subject who has accessed our website via an AdWords advertisement has generated sales, i.e. whether they have completed or cancelled apurchase of goods.
The data and information collected by use of the conversion cookie is used by Google to create visitor statistics for our website. These visitor statistics are used by us in turn to determine the total number of visitors we have gained via AdWords advertisements, and therefore to determine the success or failure of the relevant AdWords advertisement and to optimise our AdWords advertisements in future. Neither our company nor other advertising customers of Google AdWords receive information from Google that could be used to identify the data subject.
These conversion cookies store personal information, such as websites visited by the data subject. Each time our website is visited, personal data, including the IP address of the Internet connection used by the data subject, is therefore transferred to Google in the USA. This personal data is stored by Google in the USA. Under certain circumstances, Google may share this personal data, collected using the aforementioned technical process, with third parties.
The data subject can prevent the insertion of cookies by our website, as set out above, at any time by adjusting the relevant setting in the Internet browser they use, thereby objecting to cookies being inserted on their computer in all cases. Changing the settings of the browser used in this way would also prevent Google from inserting a conversion cookie on the data subject’s IT system. In addition, a cookie already inserted by Google AdWords can be deleted via an Internet browser or other software at any time.
The data subject also has the option to object to interest-based advertisement by Google. To do so, the data subject must access the link www.google.com/settings/ads from every Internet browser they use and select the settings they wish to use there.
Additional information and the applicable Google Privacy Policy can be accessed at https://policies.google.com/privacy.

18. Data Protection Provisions Concerning Use by LinkedIn

The controller has integrated components provided by the LinkedIn Corporation onto this website.LinkedIn is a web-based social network that enables users to connect with existing business contacts and make new business contacts. More than 400 million registered persons use LinkedIn in more than 200 countries. This means that LinkedIn is currently the largest platform forbusiness contacts and one of the most frequently visited websites in the world.
The operating company of LinkedIn is the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. Data protection issues outside of the USA are the responsibility of LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Every time our website, which is equipped with a LinkedIn component (LinkedIn plug-in), is accessed, this component causes the browser used by the data subject to download a corresponding image of the LinkedIn component. Additional information regarding the LinkedIn plug-in can be found at https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn receives information about which specific sub-pages on our website are visited by the data subject.
If the data subject is logged in to LinkedIn at the same time, LinkedIn identifies which specific sub-pages are visited by the data subject, both each time our website is accessed by the data subject and throughout the duration of each visit to our website. This information is collected by the LinkedIn component and assigned to the data subject’s LinkedIn account by LinkedIn. If the data subject clicks on a LinkedIn button integrated onto our website, LinkedIn assigns this information to the data subject’s personal LinkedIn user account and stores that personal data.
LinkedIn always receives a notification via the LinkedIn component that the data subject has visited our website if the data subject is also logged in to LinkedIn at the time of access; this occurs regardless of whether the data subject clicks on the LinkedIn component or not. If the datasubject does not wish for this information to be transferred to LinkedIn in this way, they can prevent such transfers by logging out of their LinkedIn account before accessing our website.
LinkedIn provides the option to unsubscribe from e-mail messages, SMS messages and targeted ads and to manage advertisement settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, who may place cookies. These cookies can be denied at https://www.linkedin.com/legal/cookie-policy. The applicable LinkedIn Privacy Policy can be found at https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy can be found at https://www.linkedin.com/legal/cookie-policy.

19. Data Protection Provisions Concerning Use by YouTube

The controller has integrated YouTube components onto this website. YouTube is an Internet video portal that enables video publishers to upload video clips free of charge, and enables other users to view, evaluate and comment on those videos, likewise free of charge. YouTube enables publication of all types of videos, which is why complete films and television programmes as well as music videos, trailers or videos made by users themselves can be accessed via the web portal.
The operating company of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

Each time an individual page is accessed on this website ‒ which is operated by the controller responsible for the data processing and onto which a YouTube component (YouTube video) has been integrated ‒ the relevant YouTube component automatically causes the Internet browser onthe data subject’s IT system to download an image of the corresponding YouTube component from YouTube. Additional information regarding YouTube can be found at https://www.youtube.com/yt/about/. As part of this technical process, YouTube and Google receive information about which specific sub-pages on our website are visited by the data subject.

If the data subject is logged in to YouTube at the same time, YouTube will detect the specific sub-page visited by the data subject when a sub-page containing a YouTube video is accessed. This information is collected by YouTube and Google and assigned to the data subject’s YouTube account.
YouTube and Google always receive a notification via the YouTube component that the data subject has visited our website if the data subject is also logged in to YouTube at the time of access; this occurs regardless of whether the data subject clicks on the YouTube video or not. If the data subject does not wish for this information to be transferred to YouTube and Google in this way, they can prevent such transfers by logging out of their YouTube account before accessing our website.
The privacy policy published by YouTube, available at https://www.google.com/policies/privacy/, contains information about the collection, processing and use of personal data by YouTube and Google.

20. Legal Basis for Processing

Article 6(1a) GDPR provides our company with a legal basis for processing operations, where we must gain consent for a specific purpose of processing. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, which is the case for processing operations required for delivery of goods or providing any other service or return service, for example, this processing is based on Article 6(1b) GDPR. The same applies to those processing operations necessary for the performance of measures prior to the conclusion of a contract, such as in the case of enquiries concerning our products or services. If our company is subject to a legal obligation under which it is necessary to process personal data, such as compliance with tax obligations, this processing is based on Article 6(1c) GDPR. In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor to our company were injured and it became necessary to provide their name, age, health insurance information or other essential information to a doctor, hospital or other third parties. In this case, processing would be based on Article 6(1d) GDPR. Lastly, processing operations may be based on Article 6(1f) GDPR. This legal basis provides grounds for processing operations not covered by any of the aforementioned legal bases, if the processing is necessary to protect the legitimate interests of our company or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are therefore permitted to carry out such processing operations in particular, because they have been specifically referenced by European legislators. The European legislators have taken the view that a legitimate interest can be assumed if the data subject is a customer of the controller (Recital 47(2) GDPR).

21. Legitimate Interest in Processing Pursued by the Controller or a Third Party

If the processing of personal data is based on Article 6(1f) GDPR, our legitimate interest is the execution of our business operations for the benefit of all our employees and shareholders.

22. Duration over which the Personal Data is Stored

The criterion for the duration of storage of personal data is the applicable legal retention period. At the end of this period, the relevant data will be routinely deleted, provided it is no longer required for contract fulfilment or contract initiation.

23. Statutory or Contractual Provisions for Providing Personal Data; Requirement for Conclusion of Contract; Obligation of the Data Subject to Provide the Personal Data; Possible Consequences of Failure to Provide

We hereby inform you that the provision of personal data is to some extent required by law (e.g. tax regulations) or may arise from contractual provisions (e.g. information regarding the contractual partner). In some cases, it may be necessary for conclusion of a contract that a data subject provides us with personal data that will then need to be processed by us. The data subject is, for instance, obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract cannot be concluded with the data subject. Prior to the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis of whether provision of personal data is legally or contractually required or necessary for conclusion of the contract, whether an obligation exists to provide the personal data, and the consequences of failing to provide the personal data.

24. Existence of Automatic Decision-making

As a responsible company, we do not use automatic decision-making or profiling.

Date: August 2020

Cookie configuration