1. Introduction

Data protection is very important in our company.
In this policy we would like to inform you about how we collect and process your personal data, for what purposes, the legal bases on which this happens, and what rights you have in this context.

With each visit to our website, a series of general data and information is transmitted automatically. We only collect the general data and information that your browser transmits to our server. We collect data and information which is technically necessary for us to display our website to you and which is used for stability, security and danger prevention in the event of attacks on our information technology systems. The following data is collected in detail:

– IP address
– date and time the website was accessed
– browser types and versions used
– operating system used and its user interface
– website from which an accessing system accesses our website (so-called referrer) – sub-websites which are accessed via an accessing system on our website,
– internet service provider of the accessing system

The data collected in this context will be deleted after storage is no longer required for error analysis, or processing will be restricted if there are legal storage obligations. Legal basis for data processing in this context is Article 6 (1) s. 1 lit. f GDPR. In using this general data and information, we do not draw any conclusions about you as the data subject.

If a data subject uses special services provided by our company via our websites (e.g. contact form, registration for newsletter, etc.) it may be necessary to process other personal data. If there is no legal basis for this, we generally obtain the consent of the data subject.

When processing the personal data of data subjects, such as name, address, telephone number or email address, the requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-Neu) are always taken into account.

We have taken extensive technical and organisational measures to ensure the protection we provide in processing your personal data is as complete as possible. Since there can be gaps in the transmission of data over the internet, we cannot guarantee absolute protection. There is therefore the alternative to transmit personal data to us by email or by telephone for example.

2. Definitions

Our privacy policy contains terms that are based on the General Data Protection Regulation (GDPR). With the following definitions we would like to make this privacy policy simpler, more readable and easier to understand.

Personal data

Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject

This means any identified or identifiable natural person from whom the controller or processor processes personal data (e.g. customers, prospective buyers, business partners or other visitors to our websites).

Processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to any data subject.

Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or other law shall not be regarded as recipients.

Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent

Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Data controller

The controller in the sense of the General Data Protection Regulation as well as other valid data protection laws in the Member States of the European Union and other data protection provisions:

Extricom Extrusion GmbH Hoher Steg 10
74348 Lauffen am Neckar Tel.: +49 (0) 7133 97136 00 Email: info.extricom@cpm.net

Data protection officer

NeTec GmbH Christophstraße 28 70180 Stuttgart

extrusion.gdpr@cpm.net

4. Rights of data subjects

1.1 Right to confirmation

Every data subject shall have the right to obtain confirmation from the controller as to whether or not personal data are being processed. The contact person for this is the data protection officer or the controller.

1.2 Right of access

Every data subject shall have the right to access at the controller the stored personal data concerning him or her. In addition to the personal data itself, this access shall include the following further information:

  • the purpose of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be
  • stored, or, if not possible, the criteria used to determine that period;
    the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data are transferred to a third country or to an international organisation, the information shall include which appropriate safeguards for transmission are applied.

For this right of access, data subjects may contact the data protection officer or the controller to obtain the above information.

1.3 Right to rectification

Every data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

For this right of rectification, data subjects may contact the data protection officer or the controller.

1.4 Right to erasure (right to be forgotten)

Every data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, where no processing is required and where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
  • The personal data have been unlawfully processed.
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

For this right of rectification, data subjects may contact the data protection officer or the controller.

Where we have made the personal data public, we are obliged pursuant to Article 17(1) of the GDPR to erase the personal data. If processing is not necessary, taking account of available technology and the cost of implementation, we shall take reasonable steps to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of such personal data, or of copies or replications of those personal data.

1.5 Right to restriction of processing

Every data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject requests the restriction of use of the personal data instead of erasure of the data.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to processing pursuant to Article 21(1) of the GDPR, and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

For this right to restriction of processing, data subjects may contact the data protection officer or the controller.

1.6 Right to data portability

Every data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. They shall also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means.

Data subjects shall also have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

However, the right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

For this right of data portability, data subjects may contact the data protection officer or the controller.

1.7  Right to object

Every data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR. This shall include profiling based on those provisions.

We shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, we shall no longer process the personal data for such purposes.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

For this right to object, data subjects may contact the data protection officer or the controller.

1.8 Automated individual decision-making, including profiling

Every data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, and the decision.

(1) is not necessary for entering into, or the performance of, a contract between the data subject and the controller, or

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or

(3) is based on the data subject’s explicit consent.

We shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision,

if the decision

(1) is necessary for entering into, or the performance of, a contract between the data subject and the controller, or

(2) is based on the data subject’s explicit consent.

For this right to automated decisions, data subjects may contact the data protection officer or the controller.

1.9 Right to withdraw data protection consent

Every data subject shall have the right to withdraw at any time, with effect for the future, any consent given for the processing of personal data.

For this right to withdraw data protection consent, data subjects may contact the data protection officer or the controller.

1.10 Right to lodge a complaint with a supervisory authority

Every data subject shall have the right to lodge a complaint with a supervisory authority. You can find your competent supervisory authority via this link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

The following supervisory authority is responsible for our company:

Data Protection Commissioner for Baden-Württemberg Königstraße 10a | 70173 Stuttgart
PO Box 10 29 32 | 70025 Stuttgart
Tel.: 0711 615541 0 | Fax: 0711 615541 15
poststelle@lfd.bwl.de | www.baden-wuerttemberg.datenschutz.de

5. Legal basis for processing

Personal data shall be processed on the following grounds:

  • Point a of Article 6(1) of the GDPR – There is consent for a specific processing purpose.
  • Point b of Article 6(1) of the GDPR – The purpose of the processing is to perform a contract (e.g. supply of goods or provision of a service) or the purpose is to implement a measure prior to entering into a contract (e.g. processing inquiries or compiling offers).
  • Point c of Article 6(1) of the GDPR – The processing of personal data is based on legal obligations (e.g. compliance with tax obligations).
  • Point d of Article 6(1) of the GDPR – The processing is necessary in order to protect the vital interests of natural persons (e.g. a visitor gets injured at the company and personal data has to be forwarded urgently to a doctor, a hospital or an other third party).
  • Point f of Article 6(1) of the GDPR – The processing is necessary to safeguard the legitimate interests of our company or a third party. According to Recital 47 sentence 2 of the GDPR, a legitimate interest could exist for example where the data subject is a client of the controller. However, the interests and the fundamental freedoms and rights of the data subjects may not be overriding.

Personal data may only be passed on to third parties if

(1)  this is necessary for the performance of a contract or to take steps prior to entering into a contract,
(2)  consent has been provided,
(3)  the controller has a legitimate interest, or
(4)  this is required by a different legal provision.

6. Legitimate interests in processing

If the processing of personal data is based on point f of Article 6(1) of the GDPR, the legitimate interest is the performance of our business activity for the benefit of our company and our employees as well as the protection of our services against misuse and the clarification thereof if required.

7. Storage period for personal data

The storage period for personal data is based on a) statutory retention periods or b) given consent. If these data are no longer required for the fulfilment of orders or for measures to be taken prior to entering into a contract, they shall be routinely erased after the reason for the storage ceases to exist.

8. Routine blocking and erasure of data

The personal data of data subjects are only stored for the period specified by the storage purpose or as is prescribed by overriding laws and regulations.

If a storage period prescribed by law or regulation expires, or if the underlying storage purpose no longer applies, the personal data shall be blocked or erased as a matter of routine in accordance with statutory regulations.

If the underlying purpose of the processing in accordance with point b of Article 6(1) of the GDPR is a measure prior to entering into a contract, the personal data of the

data subject shall be erased 24 months after the conclusion of said measure, provided that

  • there is no new legal basis stemming from a contractual relationship, or
  • there is no consent from the data subject to keep storing and processing the data, or
  • no other reasons oppose said erasure.

9. Provision of personal data

Personal data may be provided based on statutory provisions (e.g. tax law) or contractual agreements (e.g. contact data of contracting party), for example, personal data of the data subject are required to conclude a legally binding contract.

The consequence of not providing this data would be that the contract cannot be concluded with the data subject.

Our employees will gladly inform you before concluding the contract about the grounds on which data must be provided, and what consequences can be expected if this is not provided.

10. Collection of general data and information

Every time a visitor (natural person or automated system) visits our website, general data and information is collected and stored in log files on the server. This stored information includes

  1. used browser types/versions,
  2. operating system used by visitor,
  3. original website where the visitor came to our website from (“referrer”),
  4. sub-sites that are accessed,
  5. access dates / times,
  6. source IP address of visitor,
  7. ISP of visitor, and

11. further information that helps prevent and avert dangers in the event of an attack on our IT systems.

We use the collected information to

  1. present the content of web pages correctly,
  2. present content and any advertisements in an optimal manner,
  3. ensure our web pages always function flawlessly, and
  4. support investigations by law enforcement agencies of any cyber attacks.

Statistical evaluations of information collected anonymously help us to constantly increase the level of protection with regard to processing personal data. We do not draw any conclusions about data subjects from the anonymous log files stored separately from the personal data of data subjects.

12. Cookies

We use cookies and similar technologies such as Pixel, HTML5 Storage or Local Shared Objects (collectively, “cookies”).

When using the website, cookies are stored on your end device (PC, smartphone, etc.). Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (here by us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective (e.g. shopping cart function in the web shop). They also serve to create statistical evaluations of the interests of our customers in order to adapt our offer accordingly.

This website uses various types of cookies, the scope and function of which are explained below:

» Technically necessary cookies (Type A)

» Functional and Performance Cookies (Type B)

» Cookies requiring consent (Type C)

1.11 Technically Required Cookies (Type A)

The technical provision of our website cannot be guaranteed without technically necessary cookies. They are therefore mandatory for the website to function properly.

Technically necessary cookies serve, for example, to ensure that you as a registered user always remain logged in when accessing various subpages of our website and do not have to re-enter your login data each time a new page is opened.

The use of technically necessary cookies on our website is possible without your consent. For this reason, technically required cookies cannot be individually deactivated or activated. However, you can deactivate cookies in your browser at any time (see below).

Legal basis for the use of technically required cookies is Art. 6 (1) 1 lit. b GDPR.

1.12 Functional and Performance Cookies (Type B)

Functional cookies make it possible to store information such as registered name or language selection and, based on this, to offer you improved and more personal functions. These cookies collect and store only anonymous information and cannot track your movements on other websites.

Performance cookies collect information about how our websites are used so that we can identify which parts of our website are most popular. As a result, we can improve the attractiveness, content and functionality of our website. These cookies help us, for example, to evaluate which subpages of our website are visited and which content users are particularly interested in. The IP address of your device transmitted for technical reasons is automatically anonymized and does not allow us to draw any conclusions about the individual user.

You can object to the use of functional and performance cookies at any time by adjusting your cookie settings accordingly.

The legal basis for the use of functional and performance cookies is Art. 6 (1)1 lit. f GDPR.

1.13 Cookies requiring consent (Type C)

Cookies that are not technically required (Type A) or are not functional or performance cookies (Type B) will be used as soon as you have given your consent. The legal basis in this context is Art. 6 (1) 1 lit. a GDPR.

Marketing cookies originate from external companies (third party cookies) and are used to collect information about the websites visited by the user and to create target group-oriented advertising for the user.

You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies and/or all cookies. Please note that the functionality of this website may be limited.

You can also manage cookies that are used for online advertising using tools such as the US-based https://www.aboutads.info/choices/ or the EU-based http://www.youronlinechoices.com/uk/your-ad-choices.

For further information on cookies used in context with this website, please refer to the “Cookie Table” below.

More information on types of Cookies used by Google: https://policies.google.com/technologies/types?hl=en-US

 

13. How to contact us via the website

When you contact us by e-mail or via a contact form, the data you provide will be stored by us to answer your questions. Data processing for the purpose of establishing contact with us takes place in accordance with Article 6 (1) s. 1 lit. a GDPR based on your voluntary consent or, in the case of a (pre-)contractual relationship with us, in accordance with Article 6 (1) s. 1 lit. b GDPR. The data arising in this in this context will be deleted after storage is no longer required to process your inquiry, or the processing will be restricted if there are legal storage obligations.

14. Webshop

If you wish to place an order in our web shop, it is necessary to create a customer account through which we can store personal data for later purchases. It is also necessary for the conclusion of a contract that you partially provide personal data which we need for the processing of your order. Required mandatory information is marked separately, further information is voluntary. We process the data provided by you in order to process your order. For this purpose, we can forward your payment data to our house bank or, in the case of credit card payments, to an external payment provider. The legal basis for this is Art. 6 (1) s. 1 lit. b GDPR.

We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you e-mails with technical information. The legal basis for this is Art. 6 (1) s.1 lit. f GDPR.
We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, after six months without logging into the customer account, we will restrict processing, i.e. your data will only be used to comply with legal obligations.

To prevent unauthorized access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.

15. Newsletter

With your consent, you can subscribe to our newsletter which informs you about our current interesting offers and news. To subscribe to our newsletter, we use the so- called double opt-in procedure. This means that after your registration we will send you an e-mail to the given e-mail address in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the dates of your registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

Your e-mail address is the only mandatory information for sending the newsletter. The indication of further, separately marked data is voluntary and will be used to address you personally. After your confirmation we save your e-mail address for the purpose of sending you the newsletter. The legal basis is Article 6 (1) s.1 lit. a GDPR.

You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can cancel your consent by clicking on the link provided in every newsletter e-mail. We use the e-mail marketing software ConstantContact to send the newsletter. ConstantContact processes our customer data according to instructions, on our behalf and has committed itself to a trusting handling of your data.

16. Data protection for applications

We collect and process the personal data of applicants for the purpose of processing the application process. Processing can also be carried out electronically, in particular if applicants submit application documents electronically, by e-mail or via the online application form. If Extricom Extrusion GmbH concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. The legal basis in this context is Art. 88 GDPR, § 26 BDSG (German Data Protection Law). If no employment contract is concluded with the applicant, the application documents will be automatically deleted after notification of the rejection decision, provided that there no other legitimate interests to prevent deletion. Another legitimate interest is, for example, the burden of proof in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG).

Applicant pool

If we cannot offer you a position within a certain application process, but would like to inform you later about vacancies, you can agree to participate in the applicant pool. Your application data will then be processed – with your revocable consent at any time – for a further 36 months. The legal basis is Article 6 (1) s. 1 lit. a GDPR.

17. Integration of third-party services and content

Based on our legitimate interests and as part of our online offering we use content or services from third-party providers to integrate their content and services, such as videos, fonts or navigation maps (hereinafter referred to as “content”).

This means the third-party providers of this content must see the IP address of the visitor, since without the IP address they would not be able to send the content to the visitor’s browser. The IP address is required to present this content.

We strive only to use content where the given provider uses the IP address exclusively to distribute this content.

18. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics in turn, which enable an analysis of the use of the website by you. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. Google Analytics is configured in such a way that your IP address is transmitted to Google anonymously (“_anonymizeIp”). As a result, Google’s IP addresses are further processed in abbreviated form within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Provided as the data collected about you is related to a person, this is immediately excluded. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In exceptional cases where personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. On our behalf as the operator of this website, Google will use the information collected to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.

We use Google Analytics to analyze and improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Article 6 (1) s. 1 lit. f GDPR.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as Google from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User Conditions: https://www.google.com/analytics/terms/us.html, Privacy Policy Overview: https://www.google.com/intl/de/analyt-ics/learn/privacy.html, as well as the Privacy Policy: https://www.google.de/intl/de/policies/privacy

19. Google AdSense

This website uses the online advertising service Google AdSense, through which advertising tailored to your interests can be presented to you. We thus follow your interest in displaying advertisements that may be of interest to you in order to make our website more interesting to you. For this purpose, statistical information about you is collected which is processed by our advertising partners. These advertisements can be identified by the reference “Google advertisements” in the respective advertisement.

By visiting our website, Google receives the information that you have visited our website. Google uses a web beacon to set a cookie on your computer. The general data and information (IP address, browser, etc.) described above in these data protection instructions are transmitted. We have no influence on the data collected, nor are we aware of the full extent of the data collection and the storage period. Your data will be transferred to the USA and evaluated there. If you are logged in with your Google account, your data can be directly assigned to it. If you do not wish to be assigned to your Google profile, you must log out. It is possible that this data is passed on to contract partners of Google to third parties and authorities. This website does not serve any third-party ads through Google AdSense.

You can prevent the installation of Google AdSense cookies in various ways: a) by setting your browser software accordingly, in particular by suppressing third party cookies, you will not receive any ads from third parties; b) by deactivating Google’s interest-related ads via the link http://www.google.en/ads/preferences, where this setting is deleted when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the About Ads self-regulatory campaign via the link http://www.aboutads.info/choices, where this setting is deleted when you delete your cookies; d) by permanently disabling it in your Firefox, Internet Explorer, or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to make full use of all the functions of this offer.

Further information on the purpose and scope of data collection and processing as well as further information on your rights in this respect and setting options to protect your privacy can be obtained from Google Inc. 1600 Amphitheater Parkway, Mountainview, California 94043, USA; Privacy policy for advertising: http://www.google.de/intl/de/policies/technologies/ads. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

20. Google Conversion

We use the services of Google Adwords to draw attention to our services with the help of advertising material (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. In doing so, we pursue the interest of showing you advertising that is of interest to you, of making our website more interesting for you and of achieving a fair calculation of advertising costs.

These advertising media are delivered by Google via so-called “Ad Servers”. We use ad server cookies for this purpose, which can be used to measure certain parameters such as the display of ads or clicks by users. If you access our website via a Google advertisement, Google Adwords stores a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are stored as analysis values.

These cookies allow Google to recognize your Internet browser. If a user visits certain pages of an AdWords customer’s website and the cookie stored on his computer has not yet expired, Google and the customer may recognize that the user clicked on the ad and was directed to that page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Adwords customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating AdWords Conversion, Google receives the information that you have called up the corresponding part of our Internet presence or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for the provider to find out and store your IP address.

You can prevent participation in this tracking procedure in various ways: a) by making the appropriate settings in your browser soft-ware, in particular by suppressing third party cookies to prevent you from receiving advertisements from third parties; b) by deactivating cookies for conversion tracking by setting your browser to block cookies from the “www.googleadservices.com” domain, https://www.google.de/settings/ads, whereby this setting is deleted when you delete your cookies; c) by disabling the interest-based ads of the providers that are part of the “About Ads” self-regulatory campaign via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies; d) by permanently disabling it in your Firefox, Internet Explorer or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin. note that in this case you may not be able to make full use of all the functions of this offer.

You can find further information on data protection at Google here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/us.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.net-workadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

21. Google Remarketing

We use the Google Remarketing application. This is a process with which we would like to address you again. Through this application, you can be shown our advertisements after visiting our website during your further Internet use. This is done by means of cookies stored in your browser, which are used by Google to record and evaluate your usage behavior when you visit various websites. This allows Google to determine your previous visit to our website. According to Google’s own statements, the data collected during remarketing is not merged with your personal data, which may be stored by Google. According to Google, pseudonymization is used in particular for remarketing.

You can prevent participation in this tracking procedure in various ways: a) by setting your browser software accordingly, in particular by suppressing third party cookies to prevent you from receiving advertisements from third parties; b) by installing the plug- in provided by Google under the following link: https://www.google.com/settings/ads/plugin; c) by deactivating the interest-related ads of the providers that are part of the self-regulation campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting is deleted if you delete your cookies; d) by permanently deactivating your Firefox, Internet Explorer or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin, e) by means of the corresponding cookie setting. We would like to point out that in this case you may not be able to use all functions of this website.

Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/us.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

22. Social Media

This Privacy Notice does not apply to activities on social networking sites or other websites that you may access through the social media plug-ins or links on our websites. Please check the websites of these providers for their privacy policies.

Use of social media plug-ins

We currently use the following social media plug-ins: Xing, LinkedIn, YouTube. We use the so-called “Shariff” solution. This means that when you visit our website, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the mark on the box above his initial letter or the logo. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have called up the corresponding website of our online service. In addition, the general data and information (IP address, browser, etc.) described above in this data protection notice are transmitted. In the case of Xing, the IP address is anonymized immediately after collection.

By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box. We have no influence on the collected data and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also do not have any information on the deletion of the collected data by the plug-in provider.

The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for users who are not logged in) in or-der to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins, we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and communicates it publicly to your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this will enable you to avoid being assigned to your profile by the plug-in provider.

Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the following data protection declarations of these providers. There you will also find further information on your rights in this regard and setting options to protect your privacy.

Addresses of the respective plug-in providers and URL with their data protection information:
-Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy. -LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
– de.youtube.com is provided by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; https://policies.google.com/privacy?hl=en&gl=en

23. YouTube Videos

We have included YouTube videos in our online offering, which are stored at YouTube.com and can be played directly from our website. These are all in “extended data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos does the subsequent data transfer take place, on which we have no influence.

When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. YouTube also receives the general data and information (IP address, browser, etc.) described above in this privacy policy. This occurs regardless of whether YouTube provides a user account that you are logged in to or whether there is no user account. If you are logged in at Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for advertising, market research and/or the design of its web pages to meet your needs. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

Further information on the purpose and scope of data collection and processing by YouTube can be found in YouTube’s Privacy Policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and has adopted the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Please also refer to our Cookie Policy for more detailed information on the cookies used when using social media.

24. Data security for processing

The content of our website is made available via SSL-encrypted connections (Secure Socket Layer), which can be recognised in the address line of the browser as follows: “https://”.

We have implemented appropriate technical and organisational measures to protect personal data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. These measures are applied based on point f of Article 6(1) and Article 32 of the GDPR.

25. Changes to privacy policy

We reserve the right to make changes/add to this privacy policy.

This may be necessary, for example, if the legal situation changes, amendments are made to data processing or if formal revisions are necessary.

Data subjects must provide their consent if the changes affect existing contractual relationships or the consent of data subjects.

Visitors to our web pages are requested to keep themselves informed about the latest privacy policy.