Privacy policy.

Contact

The responsible body for data processing on this website is:

Steinbach & Vollmann GmbH

Managing Directors Andreas Kupka, Dr Martin Meyer-Fackler

Parkstraße 11

42579 Heiligenhaus

Germany

Phone: +49 (0) 205614-0Email: impressum@stuv.de

The responsible body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Data protection officer

We have appointed a data protection officer.

LUTOP DATA COMPLIANCE GmbH

Marcel Paes

Heinrich-Held-Str. 33

45133 Essen

Phone: +49 (0) 20121969472Email: datenschutz@stuv.de

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?Data processing on this website is carried out by the website operator. Their contact details can be found in the section "Information about the responsible party" in this privacy policy.

How do we collect your data?Your data is collected when you provide it to us. This may include data that you enter in a contact form, for example.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This is primarily technical data (e.g. Internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyse your user behaviour. If contracts can be concluded or initiated via the website, the data transmitted will also be processed for contract offers, orders or other order enquiries.

What rights do you have regarding your data?You have the right to obtain information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time with future effect. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

Please feel free to contact us at any time if you have any further questions on this topic or on data protection in general.

Analysis tools and third-party tools

When you visit this website, your surfing behaviour may be statistically evaluated. This is mainly done using so-called analysis programmes.

Detailed information about these analysis programmes can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

External hostingThis website is hosted externally. The personal data collected on this website is stored on the servers of the host/hosts. This may include IP addresses, contact enquiries, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interests of secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfil their service obligations and will follow our instructions regarding this data.

We use the following host(s):

Internet Partner IPR GmbH

Lenneper Str. 47-49

42855 Remscheid

Order processingWe have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

3. General information and mandatory information

DataprotectionThe operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.

Information about the responsible bodyThe responsible body for data processing on this website is:

Steinbach & Vollmann GmbH

Managing Directors Andreas Kupka, Dr Martin Meyer-Fackler

Parkstraße 11

42579 Heiligenhaus

Germany

Phone: +49 (0) 205614-0Email: impressum@stuv.de

The responsible body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

StorageperiodUnless a more specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a legitimate request for erasure or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, the data will be deleted once these reasons no longer apply.

General information on the legal basis for data processing on this websiteIf you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, provided that special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g. via device fingerprinting), data processing will also be carried out on the basis of Section 25(1) TDDDG. Consent can be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The legal bases applicable in each individual case are set out in the following paragraphs of this privacy policy.

Data protectionofficerWe have appointed a data protection officer.

LUTOP DATA COMPLIANCE GmbH

Marcel Paes

Heinrich-Held-Str. 33

45133 Essen

Phone: +49 (0) 20121969472Email: datenschutz@stuv.de

Recipients of personaldataWe work with various external parties in the course of our business activities. This sometimes requires the transfer of personal data to these external parties. We only pass on personal data to external parties if this is necessary in the context of fulfilling a contract, if we are legally obliged to do so (e.g. passing on data to tax authorities), if we have a legitimate interest in passing on the data in accordance with Art. 6 para. 1 lit. f GDPR, or if another legal basis permits the transfer of data. When using contract processors, we only pass on personal data of our customers on the basis of a valid contract for order processing. In the event of joint processing, a contract for joint processing will be concluded.

Revocation of your consent to data processingMany data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)IF THE DATA PROCESSING IS BASED ON ART. 6 PAR. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING IS REQUIRED FOR THE ESTABLISHING, EXERCISING OR DEFENDING OF LEGAL CLAIMS OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Rightto lodge a complaintwith the competent supervisory authorityIn the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

Right to data portabilityYou have the right to request that data which we process on the basis of your consent or in fulfilment of a contract be handed over to you or to a third party in a standard, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Information, correction and deletionWithin the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients and the purpose of data processing and, if necessary, a right to correct or delete this data. You can contact us at any time if you have any questions about this or other issues relating to personal data.

Right to restriction of processingYou have the right to request the restriction of the processing of your personal data. You can contact us at any time to exercise this right. The right to restriction of processing applies in the following cases:

If you dispute the accuracy of your personal data stored by us, we will generally need time to verify this. For the duration of the verification, you have the right to request that the processing of your personal data be restricted.
If your personal data has been/is being processed unlawfully, you can request restriction of data processing instead of erasure.
If we no longer need your personal data, but you require it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

SSL or TLS encryptionFor security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Objection to advertising emailsWe hereby object to the use of contact data published within the scope of the imprint obligation for the purpose of sending unsolicited advertising and information materials. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example via spam emails.

4. Data collection on this website

CookiesOur websites use so-called "cookies". Cookies are small data packets and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies may be used to evaluate user behaviour or for advertising purposes.

Cookies that are necessary for the electronic communication process, for the provision of certain functions you have requested (e.g. for the shopping basket function) or for the optimisation of the website (e.g. cookies for measuring the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and similar recognition technologies has been requested, processing will take place exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time.

You can set your browser to inform you about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this privacy policy.

Server log filesThe provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version
operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data is not combined with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.

Contact formIf you send us enquiries using the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for which it was collected no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Enquiries by email, telephone or faxIf you contact us by email, telephone or fax, your enquiry, including all personal data arising from it (name, enquiry), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you send us via contact enquiries will remain with us until you request its deletion, revoke your consent to its storage or the purpose for which it was stored no longer applies (e.g. after your enquiry has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Communication via WhatsAppWe use the instant messaging service WhatsApp, among other things, to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from accessing the content of communications. However, WhatsApp does have access to metadata generated during the communication process (e.g. sender, recipient and time). We also point out that WhatsApp, according to its own statement, shares personal data of its users with its parent company Meta, which is based in the USA. Further details on data processing can be found in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in communicating with customers, interested parties and other business and contractual partners as quickly and effectively as possible (Art. 6 para. 1 lit. f GDPR). If consent has been requested, data processing will only take place on the basis of this consent; this consent can be revoked at any time with future effect.

The content of communications exchanged between you and us on WhatsApp will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies (e.g. after your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/7735.

We use WhatsApp in the "WhatsApp Business" version.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.whatsapp.com/legal/business-data-transferaddendum.

We have set up our WhatsApp accounts so that there is no automatic data synchronisation with the address book on the smartphones used.

We have concluded a contract for order processing (AVV) with the above-mentioned provider.

CalendlyYou can schedule appointments with us on our website. We use the Calendly tool to book appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter referred to as "Calendly").

To book an appointment, enter the requested data and your preferred date and time in the mask provided. The data you enter will be used for planning, carrying out and, if necessary, following up on the appointment. The appointment data is stored for us on Calendly's servers. You can view their privacy policy here: https://calendly.com/privacy.

The data you enter will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in making it as easy as possible to arrange appointments with interested parties and customers. If consent has been requested, processing will take place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://calendly.com/pages/dpa.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6050.

PipedriveWe use Pipedrive to manage customer data. The provider is Pipedrive GmbH, Mustamäe tee 3a, 10615 Tallinn, Estonia (hereinafter referred to as "Pipedrive").

Pipedrive is a CRM system that enables us, among other things, to manage existing and potential customers and customer contacts and to organise sales and communication processes. The use of the CRM system also enables us to analyse our customer-related processes. Customer data is stored on Pipedrive's servers.

Details about Pipedrive's features can be found here: https://www.pipedrive.com/de.

The use of Pipedrive is based on Art. 6 para. 1 lit. f GDPR. The

website operator has a legitimate interest in the most efficient customer management and customer communication possible. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

For details, please refer to Pipedrive's privacy policy: https://www.pipedrive.com/de/privacy.

Registration on this websiteYou can register on this website to use additional features on the site. We only use the data you enter for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

For important changes, such as changes to the scope of the offer or technically necessary changes, we will use the email address provided during registration to inform you accordingly.

The data entered during registration will be processed for the purpose of fulfilling the user relationship established by the registration and, if applicable, for initiating further contracts (Art. 6 para. 1 lit. b GDPR).

The data collected during registration will be stored by us for as long as you are registered on this website and will be deleted thereafter. Statutory retention periods remain unaffected.

5. Analysis tools and advertising

Google TagManagerWe use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies or perform independent analyses. It is used solely to manage and display the tools integrated via it. However, Google Tag Manager does record your IP address, which may be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on its website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Google AnalyticsThis website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data is assigned to the user's respective end device. It is not assigned to a user ID.

Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the data sets collected and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisationGoogle Analytics IP anonymisation is enabled. This means that your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser within the frame of Google Analytics is not merged with other data from Google.

BrowserpluginYou can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order processingWe have concluded a contract with Google for order processing and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

HotjarThis website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool for analysing your user behaviour on this website. With Hotjar, we can record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you have remained with the mouse pointer on a specific spot. Hotjar uses this information to create so-called heat maps, which can be used to determine which areas of the website are preferred by website visitors.

Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).

In addition, Hotjar can be used to obtain direct feedback from website visitors. This feature serves to improve the website operator's web offerings.

Hotjar uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting).

If consent has been obtained, the above-mentioned service will be used exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. Consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

Deactivating HotjarIf you wish to deactivate data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/.

Please note that Hotjar must be deactivated separately for each browser and each device.

For more information about Hotjar and the data it collects, please refer to Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy.

6. Newsletter

Newsletter dataIf you would like to receive the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

BrevoThis website uses Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo is a service that can be used to organise and analyse the sending of newsletters, among other things. The data you enter for the purpose of receiving the newsletter will be stored on the servers of Sendinblue GmbH in Germany.

Data analysis by BrevoBrevo enables us to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. This allows us to determine which links are clicked on particularly often, among other things.

We can also see whether certain predefined actions were performed after opening/clicking (conversion rate). This allows us to see, for example, whether you made a purchase after clicking on the newsletter.

Brevo also allows us to divide newsletter recipients into different categories ("clusters"). Newsletter recipients can be divided according to age, gender or place of residence, for example. This allows us to tailor the newsletter better to the respective target groups.

If you do not want Brevo to analyse your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

For detailed information on the functions of Brevo, please refer to the following link: https://www.brevo.com/de/newsletter-software/.

Legal basisData processing is carried out on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage periodThe data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This is in both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to storage if your interests outweigh our legitimate interest.

For further details, please refer to Brevo's privacy policy at: https://www.brevo.com/de/datenschutzuebersicht/ and https://www.brevo.com/de/legal/privacypolicy/.

7. Plugins and tools

YouTube with enhanced dataprotectionThis website incorporates videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these websites that has YouTube embedded, a connection to YouTube's servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in extended data protection mode. According to YouTube, videos played in extended data protection mode are not used to personalise your browsing experience on YouTube. Ads played in extended data protection mode are also not personalised. No cookies are set in extended data protection mode. Instead, however, so-called local storage elements are stored in the user's browser, which, similar to cookies, contain personal data and can be used for recognition purposes. Details on extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.

If applicable, further data processing operations may be triggered after a YouTube video has been activated, over which we have no influence.

YouTube is used in the interest of an appealing presentation of our online content. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

Google Fonts (local hosting)This website uses Google Fonts, which are provided by Google, to ensure consistent font display. Google Fonts are installed locally. No connection to Google servers is established.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google MapsThis site uses the Google Maps map service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. This service allows us to embed map material on our website.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of displaying fonts uniformly. When you access Google Maps, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

We use Google Maps in the interests of presenting our online offerings in an appealing manner and making it easy to find the locations we specify on our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how user data is handled, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google reCAPTCHAWe use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

ReCAPTCHA is used to check whether the data entered on this website (e.g. in a contact form) is entered by a human or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, length of time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of data is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from misuse through automated spying and spam. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to Google's privacy policy and terms of use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

LeadinfoWe have integrated Leadinfo into this website. The provider is Leadinfo / Team.Blue GmbH, Bunsenstr. 19, 40215 Düsseldorf (hereinafter referred to as "Leadinfo").

Leadinfo enables us to record visits to our website by employees of other companies. For this purpose, the IP address of the website visitor is compared with the company IP addresses stored in Leadinfo's company database. If this is the IP address of a company, the visit and user behaviour are recorded. IP addresses that are not stored in Leadinfo's database are deleted immediately, so that visits to the website by private individuals are ignored by Leadinfo.

The use of Leadinfo is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in recording visits to our website and the behaviour of users. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further details can be found in the provider's privacy policy at https://www.leadinfo.com/de/datenschutz/.

8. Own services

Handling of applicant dataWe offer you the opportunity to apply for a position with us (e.g. by email, post or via our online application form). Below, we provide information about the scope, purpose and use of your personal data collected within the frame of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated as strictly confidential.

Scope and purpose of data collectionIf you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes made in the context of job interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Article 6(1)(b) of the GDPR (general contract initiation) and – if you have given your consent – Article 6(1)(a) of the GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If your application is successful, the data you submit will be stored in our data processing systems for the purpose of implementing the employment relationship in accordance with Section 26 of the German Federal Data Protection Act (BDSG) and Article 6(1)(b) of the GDPR.

Data retention period

If we are unable to offer you a position, you decline a job offer or withdraw your application, we reserve the right to store the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular for verification purposes in the event of a legal dispute. If it is apparent that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

Data may also be stored for longer if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the applicant poolIf we do not offer you a position, we may include you in our applicant pool. If you are included, all documents and information from your application will be transferred to the applicant pool so that we can contact you if a suitable vacancy arises.

You'll only be added to the applicant pool if you give us your explicit consent (Art. 6 para. 1 lit. a GDPR). The provision of consent is voluntary and is not related to the current application process. The data subject may revoke their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, unless there are legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

Last update: 12/2024

Privacy Policy.

Contact

The data processing controller on this website is:

Steinbach & Vollmann GmbH Managing Directors Andreas Kupka, Dr Martin Meyer-Fackler

Parkstraße 11

42579 Heiligenhaus

Germany

Phone: +49 (0) 2056 14-0

Email: impressum@stuv.de

The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, e-mail addresses, etc.).

External hosting

We have appointed a data protection officer.

LUTOP DATA COMPLIANCE GmbH

Marcel Paes

Heinrich-Held-Str. 33

45133 Essen

Phone: +49 (0) 201 21969472

Email: datenschutz@stuv.de

1. An overview of data protection

General information

The following information will provide you with an easy-to-navigate overview of what will happen to your personal data when you visit this website. The term "personal data" comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.

Data recording on this website

Who is responsible for recording data on this website (i.e., the "controller")?The data on this website is processed by the operator of the website, whose contact information is available under section "Information about the responsible party (referred to as the "controller" in the GDPR)" in this Privacy Policy.

How do we record your data?We collect your data as a result of your sharing of your data with us. This may, for instance, be information you enter into our contact form.

Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.

What are the purposes we use your data for?A portion of the information is generated to guarantee the error-free provision of the website. Other data may be used to analyse your user patterns. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders or other order enquiries.

What rights do you have as far as your information is concerned?You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data be rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall apply to all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. Please do not hesitate to contact us at any time if you have questions about this or any other data protection-related issues. Analysis tools and tools provided by third parties There is a possibility that your browsing patterns will be statistically analysed when you visit this website. Such analyses are performed primarily with what we refer to as analysis programmes. For detailed information about these analysis programmes, please consult our Data Protection Declaration below.

2. Hosting

We host the content of our website with the following provider:

ExternalHostingThis website is hosted externally. Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a website.

The external hosting serves the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

We are using the following host(s):

Internet Partner IPR GmbH

Lenneper Str. 47-49

42855 Remscheid

DataprocessingWe have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

3. General information and mandatory information

DataprotectionThe operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.

Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.

We hereby advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.

Information about the responsible party (referred to as the "controller" in the GDPR)The data processing controller on this website is:

Steinbach & Vollmann GmbH

Managing Directors Andreas Kupka, Dr Martin Meyer-Fackler

Parkstraße 11

42579 Heiligenhaus

Germany

Phone: +49 (0) 2056 14-0

Email: impressum@stuv.de

StoragedurationUnless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

General information on the legal basis for the data processing on thiswebsiteIf you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR, if special categories of data are processed according to Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1)(a) GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TDDDG. The consent can be revoked at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the fulfilment of a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

Designation of a data protectionofficerWe have appointed a data protection officer.

LUTOP DATA COMPLIANCE GmbH

Marcel Paes

Heinrich-Held-Str. 33

45133 Essen, Germany

Phone: +49 (0) 201 21969472

Email: datenschutz@stuv.de

Recipients of personaldataIn the scope of our business activities, we cooperate with various external parties. In some cases, this also requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is required as part of the fulfilment of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6 (1)(f) GDPR, or if another legal basis permits the disclosure of this data. When using processors, we only disclose personal data of our customers on the basis of a valid contract on data processing. In the case of joint processing, a joint processing agreement is concluded.

Revocation of your consent to the processing of dataA wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authorityIn the event of violations of the GDPR, data subjects are entitled to lodge a complaint with a supervisory authority, in particular in the Member State where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to lodge a complaint is effective regardless of any other administrative or court proceedings available as legal remedies.

Right to dataportabilityYou have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

Information about, rectification and eradication ofdataWithin the scope of the applicable statutory provisions, you have the right to demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data at any time. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.

Right to demand processingrestrictionsYou have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:

In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.

If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data instead of demanding the eradication of this data.

If we no longer need your personal data and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.

If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.

SSL and/or TLSencryptionFor security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognise an encrypted connection by checking whether the address line of the browser switches from "http://" to "https://" and also by the appearance of the lock icon in the browser line.

If SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Rejection of unsolicited emails

We hereby object to the use of contact information published in conjunction with the mandatory information to be provided in our Site Notice to send us promotional and information material that we have not expressly requested. The operators of this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of promotional information, for instance via SPAM messages.

4. Recording of data on this website

CookiesOur websites and pages use what the industry refers to as "cookies." Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.

Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies into websites (e.g., cookies for handling payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of these cookies (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyse user behaviour or for promotional purposes.

Cookies, which are required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the optimisation (required cookies) of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of required cookies to ensure the technically error-free and optimised provision of the operator's services. If your consent to the storage of cookies and similar recognition technologies has been requested, the processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TDDDG); this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

You can find out which cookies and services are used on this website in this privacy policy.

Server logfilesThe provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser automatically communicates to us. The information comprises:

The type and version of browser used

The operating system used

Referrer URL

The hostname of the accessing computer

The time of the server inquiry

The IP address

These data are not merged with other data sources.

This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error-free depiction and the optimisation of the operator's website. In order to achieve this, server log files must be recorded.

ContactformIf you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; consent can be revoked at any time.

The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g., after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions, in particular retention periods.

Request by e-mail, telephone, or

fax

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request.

We do not pass these data on without your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfilment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored ceases to apply (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Communication viaWhatsAppFor communication with our customers and other third parties, one of the services we use is the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The communication is encrypted end-to-end (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp does gain access to metadata created during the communication process (for example, sender, recipient, and time). We would also like to point out that WhatsApp has stated that it shares personal data of its users with its U.S.-based parent company Meta. Further details on data processing can be found in the WhatsApp privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in communicating as quickly and effectively as possible with customers, interested parties and other business and contractual partners (Art. 6(1)(f) GDPR). If corresponding consent has been requested, data processing is carried out exclusively on the basis of the consent; this consent may be revoked at any time with effect for the future.

The communication content exchanged between you and us on WhatsApp remains with us until you request us to delete it, revoke your consent to storage or the purpose for which the data is stored ceases to apply (e.g. after your request has been processed). Mandatory legal provisions, in particular retention periods, remain unaffected.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/7735.

We use WhatsApp in the "WhatsApp Business" version.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.whatsapp.com/legal/businessdata-transfer-addendum?lang=en.

We have set up our WhatsApp accounts in such a way that there is no automatic synchronisation of data with the address book on the smartphones in use.

We have concluded a data processing agreement (DPA) with the above-mentioned provider.

Pipedrive

We use Pipedrive to manage customer data. The provider is Pipedrive GmbH, Mustamäe tee 3a, 10615 Tallinn, Estonia (hereinafter "Pipedrive").

Pipedrive is a CRM system and enables us, among other things, to manage existing and potential customers and customer contacts and to organise sales and communication processes. The use of the CRM system also enables us to analyse our customer-related processes. The customer data is stored on Pipedrive's servers.

Details on the functions of Pipedrive can be found here: https://www.pipedrive.com/de.

Pipedrive is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Details can be found in Pipedrive's privacy policy: https://www.pipedrive.com/de/privacy.

Registration on thiswebsiteYou have the option to register on this website to be able to use additional website functions. We shall use the data you enter only for the purpose of using the respective offer or service you have registered for. The required information we request at the time of registration must be entered in full. Otherwise, we shall reject the registration.

To notify you of any important changes to the scope of our portfolio or in the event of technical modifications, we shall use the email address provided during the registration process.

The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 (1)(b) GDPR).

The data recorded during the registration process shall be stored by us as long as you are registered on this website. Subsequently, such data shall be deleted. This shall be without prejudice to mandatory statutory retention obligations.

5. Analyse tools and advertising

Google TagManagerWe use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

GoogleAnalyticsThis website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the operating system used and the user's origin. This data is assigned to the respective end device of the user. An assignment to a user ID does not take place.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modelling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make it possible to recognise users for the purpose of analysing their behaviour patterns (e.g. cookies or device fingerprinting). The information about website use recorded by Google is usually transferred to a Google server in the United States, where it is stored.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IPanonymisationGoogle Analytics IP anonymisation is active. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google's servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google will use this information to analyse your use of this website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser in conjunction with Google Analytics will not be merged with other data held by Google.

Browserplug-inYou can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about how Google Analytics handles user data, please consult Google's Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.

Contract dataprocessingWe have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.

HotjarThis website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool used to analyse your user patterns on this website. Hotjar allows us to record your mouse and scroll movements as well as your clicks, for example. During this process, Hotjar also has the capability to determine how long your cursor remained in a certain position. Based on this information, Hotjar compiles so-called heat maps, which make it possible to determine which parts of the website the website visitor reviews with preference.

We are also able to determine how long you have stayed on a page of this website and when you left. We can also determine at which point you suspended making entries into a contact form (so-called conversion funnels).

Furthermore, Hotjar can be deployed to obtain direct feedback from website visitors. This function aims at the improvement of the website offerings of the website operator.

Hotjar uses technologies that make it possible to recognise the user for the purpose of analysing user patterns (e.g. cookies or the deployment of device fingerprinting).

If your approval (consent) has been obtained, the use of the aforementioned service shall occur on the basis of Art. 6(1)(a) GDPR and § 25 TDDDG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of Art. 6(1)(f) GDPR; the website operator has a legitimate interest in the analysis of user patterns to optimise both the web presentation and the operator's advertising activities.

Deactivation ofHotjarIf you would like to deactivate the recording of data by Hotjar, please click on the link below and follow the instructions provided under the link: https://www.hotjar.com/policies/do-not-track/.

Please keep in mind that you will have to separately deactivate Hotjar for every browser and every device.

For more detailed information about Hotjar and the data to be recorded, please consult the Data Privacy Declaration of Hotjar under the following link: https://www.hotjar.com/privacy.

6. Newsletter

NewsletterdataIf you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.

BrevoThis website uses Brevo for sending newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo services can, among other things, be used to organise and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter are archived on servers of Sendinblue GmbH in Germany.

Data analysis by Brevo

Brevo enables us to analyse our newsletter campaigns. For instance, it allows us to see whether a newsletter message has been opened and, if so, which links may have been clicked. This enables us to determine which links drew an extraordinary number of clicks.

Moreover, we are also able to see whether once the e-mail was opened or a link was clicked, any previously defined actions were taken (conversion rate). This allows us to determine whether you have made a purchase after clicking on the newsletter.

Brevo also enables us to divide the subscribers to our newsletter into various categories (i.e., to "cluster" recipients). For instance, newsletter recipients can be categorised based on age, gender, or place of residence. This enables us to tailor our newsletter more effectively to the needs of the respective target groups. If you do not want to permit an analysis by Brevo, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.

For detailed information on the functions of Brevo, please follow this link: https://www.brevo.com/de/newsletter-software/.

LegalbasisThe data is processed based on your consent (Art. 6(1)(a) GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

Periodo di conservazione

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

For more details, please consult the Data Protection Regulations of Brevo at: https://www.brevo.com/de/datenschutzuebersicht/ and https://www.brevo.com/de/legal/privacypolicy/.

7. Plug-ins and tools

YouTube with expanded data protectionintegrationThis website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these websites on which YouTube is integrated, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalise browsing on YouTube. Ads that are played in extended data protection mode are also not personalised. No cookies are set in extended data protection mode. Instead, so-called local storage elements are stored in the user's browser, which contain personal data similar to cookies and can be used for recognition. Details on the extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.

After activating a YouTube video, further data processing operations may be triggered over which we have no influence.

The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy at: https://policies.google.com/privacy?hl=en.

Google Fonts (local embedding)This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google's servers will not be established in conjunction with this application.

For more information on Google Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google's Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

Google MapsThis website uses the mapping service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With the means of this service, we can integrate map material on our website.

To enable the use of Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google's servers in the United States, where it is archived. The operator of this website has no control over the data transfer. If Google Maps has been activated, Google has the option of using Google Fonts for the purpose of uniform font display. When you access Google Maps, your browser will load the required web fonts into your browser cache to display text and fonts correctly.

We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on the handling of user data, please review Google's Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

Google reCAPTCHAWe use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyses the behaviour of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.

Data is stored and analysed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting the operator's websites against abusive automated spying and against SPAM. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time. For more information about Google reCAPTCHA, please refer to the Google Data Privacy Declaration and Terms of Use under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

LeadinfoWe have integrated Leadinfo on this website. The provider is Leadinfo / Team.Blue GmbH, Bunsenstr. 19, 40215 Düsseldorf (hereinafter referred to as "Leadinfo").

Leadinfo enables us to record visits to our website by members of other companies. For this purpose, the IP address of the website visitor is compared with the company IP addresses stored in Leadinfo's company database. If this is the IP address of a company, this visit and the user behaviour will be recorded. IP addresses that are not in Leadinfo's database are deleted immediately, meaning that website visits by private individuals are ignored by Leadinfo.

Leadinfo is used on the basis of Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in recording company visits to our website and their user behaviour. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further details can be found in the provider's privacy policy at https://www.leadinfo.com/de/datenschutz/.

8. Services personalizados

Handling applicantdataWe offer website visitors the opportunity to submit job applications to us (e.g., via e-mail, via postal services or by submitting the online job application form). Below, we will brief you on the scope, purpose and use of the personal data collected from you in conjunction with the application process. We assure you that the collection, processing and use of your data will occur in compliance with the applicable data privacy rights and all other statutory provisions and that your data will always be treated as strictly confidential.

Scope and purpose of the collection of dataIf you submit a job application to us, we will process any personal data (e.g., contact and communications data, application documents, notes taken during job interviews, etc.), if they are required to make a decision concerning the establishment or an employment relationship. The legal grounds for the aforementioned are § 26 BDSG according to German law (negotiation of an employment relationship), Art. 6(1)(b) GDPR (general contract negotiations) and – provided you have given us your consent – Art. 6(1)(a) GDPR. You may revoke any consent given at any time. Within our company, your personal data will only be shared with individuals who are involved in the processing of your job application.

If your job application results in your recruitment, the data you have submitted will be archived on the grounds of § 26 BDSG and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship in our data processing system.

Periodo di archiviazione dei dati

If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the application procedure (rejection or withdrawal of the application). Afterwards, the data will be deleted and the physical application documents will be destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g., due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your agreement (Article 6(1)(a) GDPR) or if statutory data retention requirements preclude deletion.

Admission to the applicant poolIf we do not make you a job offer, you may be able to join our applicant pool. In case of admission, all documents and information from the application will be transferred to the applicant pool in order to contact you in case of suitable vacancies. Admission to the applicant pool is based exclusively on your express agreement (Art. 6(1)(a) GDPR). The submission agreement is voluntary and has no relation to the ongoing application procedure. The data subject may revoke their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, provided there are no legal reasons for storage.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.

Last update: 12/2024