Privacy policy - JUNG Werbemittel & Verpackungslösungen

Welcome to the website of Jung since 1828 GmbH. Data protection and the protection of your personal rights are very important to us. On this page, we would like to inform you about what data Jung since 1828 GmbH processes and for what purposes. If you have any questions or suggestions regarding the privacy policy, please feel free to contact us.

1. Foreword and selected terminology

This privacy policy informs visitors and users of our website about the online data processing operations in which personal data is processed. It also provides information about our processing operations that do not primarily take place online.

GDPR is the abbreviation for the European General Data Protection Regulation.
FDA is the abbreviation for the Federal Data Protection Act in its current version.
Personal data is any information that can be used to identify a natural person (see Art. 4 (1) GDPR for definition). This includes, for example, names, email addresses, telephone numbers, but also data such as IP addresses or customer numbers.
The processing of personal data includes all operations, such as the collection, storage, transmission, archiving, or deletion of personal data (definition in Art. 4(2) GDPR).
The data subject within the meaning of data protection law is any natural person whose personal data is processed.
Further definitions of terms can be found in the General Data Protection Regulation, specifically in Article 4 of the GDPR (Definitions).

2. Responsible body and data protection officer

Responsible body

JUNG since 1828 GmbH & Co. KG
Maybachstr. 19
71634 Ludwigsburg
Telefon: 07141 6435-0
Telefax: 07141 6435-129
E-Mail: zentrale[at]jung-europe.de

Data officer

DSB External Data Protection Officer Stuttgart
Fabian Henkel
Diplom-Betriebswirt (FH)
Zertifizierter Datenschutzbeauftragter
Telefon: +49(0)176 32744172
E-Mail: info@externer-datenschutzbeauftragter-stuttgart.de
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de

3. Compact overview

The following content provides you with a brief overview of the processing of personal data. More detailed information can be found in the respective sections.

Security on our website

Our website has a TLS certificate, which is used to encrypt data transmission processes. This happens, for example, when you send us a message via the form. However, we would like to point out that 100% security in electronic data processing is not possible and that there is always a residual risk.

Data that you transmit to us

On this page, we process the data that you enter yourself, for example in a form. In this case, the purpose of the processing is determined by the type of form and by this privacy policy. If you send us a message by email or contact us in any other way, we will also process your data in accordance with the purpose of the contact.

Automatic server log files

On the other hand, our server automatically records all accesses and thus also IP addresses (log files). This serves to defend against attacks, analyze access figures, and ensure smooth operation.

Use of cookies

Cookies help us provide various services. You can find more detailed information about this in this privacy policy.

Analysis and tracking tools

In addition to pure server log files, which also provide us with information about page views, we use analysis tools. These tools give us detailed insights into the content visited on our site, the flow of behavior, and, for example, the country from which access took place. For such services to work, cookies must be set for the site visitor or scripts must be executed. If we currently use such services, we explicitly point this out in this privacy policy.

External plugins and content delivery networks

We use plugins and content delivery networks in some cases; well-known examples of such services would be the video service YouTube or the map service Google Maps. If such services are integrated via a website, access data is transmitted to the services. This usually includes your IP address and other metadata, such as the time and date of access. This is usually done by setting cookies. If we currently use such services, we will explicitly point this out in this privacy policy.

Newsletter / Direct marketing

Direct marketing to existing customers in the legitimate interest
We reserve the right to send our customers newsletters on the basis of Section 7 (3) UWG (German Unfair Competition Act) in conjunction with Article 6 (1) (f) GDPR. You can, of course, object to receiving direct marketing information at any time.

Direct marketing based on your consent
If you give us your consent, we will send you newsletters until you revoke your consent. You can revoke your consent at any time with future effect.

Other data recipients

Use of processors
We use processors in accordance with the provisions of Art. 28 GDPR, for example in the areas of IT services, web hosting, email hosting, or printing services. These processors process personal data for us in accordance with our instructions.

Use of non-specialist services
If necessary (for example, to execute a contract), we will pass on your data to banks, shipping service providers, our tax advisor, or lawyer, for example.

Legal obligations
In addition, in certain cases we are obliged to report to the competent authorities on the basis of the Money Laundering Act. Furthermore, we are subject to other legal obligations, such as commercial law or tax law, which require us to pass on certain data to tax authorities, for example.

Investigation of criminal offenses
If necessary for the investigation of a criminal offense, we will disclose data to law enforcement authorities.

General information on deletion periods for personal data

We process the data for as long as is necessary for the respective purpose. Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are obliged to comply with statutory retention obligations. If data processing is based on your consent, we will delete your data after you revoke your consent.

Transfer of personal data to a third country

We try to use service providers and services from providers within the European Union wherever possible. Transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for order processing in accordance with Art. 28 GDPR, taking into account appropriate safeguards. In individual cases, we may use plugins or tools that are hosted in third countries, but we use them on the basis of our legitimate interests. In such cases, we will point this out if necessary.

Obligation to provide personal data

You are free to decide whether you wish to provide personal data for specific purposes on our website. The provision of personal data is contractually required for the initiation and execution of legal transactions.

4. Legal basis for the processing of personal data

The legal bases for the processing of personal data are exceptions that permit the processing of personal data. The essential legal bases are set out in particular in Art. 6 GDPR. The legal bases on which we process personal data are described in the individual processing operations in this privacy policy.

Consent given (Art. 6 para. 1 lit. a GDPR)

Consent is one of these legal bases and requires that the person giving consent does so in an informed manner and on a voluntary basis. Consent based on Art. 6 (1) (a) GDPR can be revoked at any time without giving reasons.

Contract-related data processing (Art. 6 para. 1 lit. b GDPR)

The processing of personal data for the purpose of initiating or executing contracts is also a legal basis and is defined in Art. 6 (1) (b) GDPR.

Legal obligation (Art. 6 para. 1 lit. c GDPR)

The exception to data processing based on a legal obligation can be found in Art. 6 (1) (c) GDPR. For example, we are obliged to comply with certain retention periods under commercial and tax law.

Legitimate interests (Art. 6(1)(f) GDPR)

The processing of personal data on the basis of a balancing of interests pursuant to Art. 6 (1) lit. f GDPR allows processing after careful consideration of financial or legal interests against the interests of the data subject that are worthy of protection.

5. Your rights under the General Data Protection Regulation

Every natural person has certain rights, which are defined in particular in Articles 15 to 21 and 77 of the GDPR. You have the following rights, which you can assert against us.

Right to withdraw consent granted in accordance with Art. 7 GDPR

You may revoke your consent at any time without giving reasons, with effect for the future.

Right to information pursuant to Art. 15 GDPR (restrictions pursuant to § 34 BDSG possible)

You have the right to request information about the data processed about you and the purposes of the processing at any time.

Right to rectification pursuant to Art. 16 GDPR

If you discover that we are processing incorrect or incomplete data about you, you have the right to request that it be corrected.

Right to erasure pursuant to Art. 17 GDPR (restrictions pursuant to § 35 BDSG possible)

You have the right to request the deletion of your personal data that we process at any time. If complete deletion is not possible, for example because we have to comply with legal retention obligations or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.

Right to restriction of processing pursuant to Article 18 GDPR

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the legal notice. The right to restrict processing applies in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data may – apart from its storage – only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Right to data portability pursuant to Art. 20 GDPR

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.

Right to object to certain processing operations and direct marketing pursuant to Art. 21 GDPR

If data processing is based on Art. 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection pursuant to Art. 21(1) GDPR).

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR in conjunction with § 19 BDSG

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

6. External hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host/hosts. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6 (1) (f) GDPR). Our host will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

We use the following hosting provider

Timme Hosting
Ovelgönner Weg 43
21335 Lüneburg

Order processing

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Website visitors are only processed in accordance with our instructions and in compliance with the GDPR.

7. Automatic server log files

Our web server automatically logs all accesses and thus also the IP addresses of visitors. This serves to defend against attacks, analyze access figures, and ensure smooth operation. We have a legitimate interest in doing so (Art. 6 lit. f GDPR).

In addition to the IP address, the server log usually records other metadata about the session. This data can be found below.

Date and time of access
Information about the browser type and version used
Details about the operating system used
Device (client)
Referrer URL (the page from which you accessed our website)
Hyperlinks accessed

We process this data only for the purposes mentioned above. We delete server log files after three months at the latest.

8. Use of cookies

Our website uses cookies to provide services and ensure full functionality. Cookies—small text files that are automatically stored in your browser or device—can have various functions and contain a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again.

Cookies are stored on your device and transmitted to our site from there. As a user, you have full control over the use of cookies. You can specify in your browser settings whether and which cookies you allow. We recommend that you set your browser to notify you when a website wants to set cookies on your device. This gives you control over which cookies you want to allow. However, if you do not allow cookies, the functionality of websites may be limited.

Cookies are generally divided into non-persistent and persistent cookies. A further distinction is made between first-party cookies (which come directly from our web server) and third-party cookies (which are set on your device via third-party providers).

Cookie types by duration

Session Cookies
Session cookies are deleted at the latest when you leave our website and close your browser.

Persistente Cookies
These cookies remain stored even after you leave our website and close your browser. Persistent cookies can have different lifespans, ranging from one day to several years. These cookies can perform various functions, for example, your login details can be stored so that you are automatically logged in when you visit our website again. Other persistent cookies are used for analysis, tracking, and marketing purposes.

Cookie types by origin

We use both first-party cookies and third-party cookies. First-party cookies are cookies that originate directly from us. Third-party cookies are cookies that are placed via a third-party provider. We use various third-party cookies for analysis, tracking, and marketing purposes.

Cookie types by function

Technically required or necessary cookies
These cookies enable our website to function. Without technically necessary cookies, our site would be unusable or only usable to a very limited extent. For example, such cookies are used when you log in to our site or add a product to your shopping cart. In some cases, necessary cookies also serve security purposes.

Analysis and statistics cookies
Analytics cookies collect information about the behavior of website visitors, providing insight into how long they stay on the site and what information they access. Information is also collected about which website visitors come from, how many visitors the websites have, and how long users stay on the websites. The purpose of these cookies is to optimize our website based on the information collected.

Tracking and marketing cookies
Tracking and marketing cookies (also known as remarketing and retargeting cookies) enable analysis of browser behavior; they store information about which content has been visited or which products the user has searched for (tracking means monitoring in this sense). Based on these cookies, a user can also be identified across pages with the aim of displaying advertisements tailored to their interests.

Legal basis and information on setting your preferences

We use technically necessary cookies in the interest of a functional and stable website (Art. 6 para. 1 lit. f GDPR), and we only use other cookies with your consent (Art. 6 para. 1 lit. a GDPR). You can set your preferences regarding the selection of non-essential cookies at the beginning of your visit, and you can also adjust your preferences at any time.

The individual legal bases for the use of various tools that use cookies can be found in the relevant sections of our privacy policy.

9. Cookiebot Cookie Consent Management

We use Cookiebot consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in accordance with data protection regulations. This technology is provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”).

When you visit our website, a connection is established to Cookiebot’s servers in order to obtain your consent and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser to assign the consents you have given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.

We use Cookiebot on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) to obtain the legally required (Art. 6 (1) (c) GDPR) consent for the use of technically non-essential cookies and cookie-like technologies.

Order processing

10. Data processing in the context of communication and establishing contact

Message via contact form

You have the option of sending us messages via the contact form. In doing so, we process the data you enter in the data entry form. Mandatory fields are marked and must be filled in. The purpose of data processing is to process your request and, if necessary, to contact you afterwards. The legal basis for processing the data entered in the contact form is generally based on your consent (Art. 6 (1) (a) GDPR). You can revoke your consent at any time without giving reasons. In addition, we process your data for the initiation or execution of purchase contracts, for example if you ask us product-related questions (Art. 6 (1) (b) GDPR).

Communication by email

If you send us an email, we will process your data in accordance with the content and purpose of the message. As a rule, processing is carried out on the basis of pre-contractual measures or within the framework of the execution of a contractual relationship on the basis of Art. 6 (1) lit. b GDPR and Art. 6 (1) lit. f GDPR. It is in our legitimate interest to process your request quickly and efficiently.

Insofar as the message relates to a product or service, we generally process your data on the basis of our legitimate interests pursuant to Art. 6 (1) (b) GDPR.

Please note that we store all incoming emails in accordance with the principles of proper accounting for a period of ten years, beginning on the first day of the following year in which the message was received. If you request us to delete your data, we will restrict the processing of your data and only store it for the purpose of complying with retention periods in our legitimate interest.

Communication by telephone or fax

Even if you contact us by telephone or fax, we process your data either for the purpose of initiating and executing contractual relationships (if the content is product- or service-related) and/or in our legitimate interest, analogous to contacting us by email. We do not record the content of conversations, but we may take notes for the purpose of processing your request. We store these until the purpose of the data processing has been achieved.

11. Information for applicants

Privacy policy Application process

If you apply for a position with us, whether for an advertised position or on your own initiative, we will process your data for the purpose of conducting the selection process. It is irrelevant to us whether you apply by mail, email, or, if available for the position in question, via an online form.

Scope and legal basis of processing

As a matter of principle, we only process the data that you have provided to us yourself as part of an application process. Additional sources may only be consulted after informing you and consulting with you. For example, whether we may contact a former employer. The legal basis for conducting an application process is Section 26 of the German Federal Data Protection Act (BDSG) in conjunction with Article 6(1)(b) of the GDPR (initiation of an employment contract). If you give us your consent to store your data for a longer period of time, this is done on the legal basis of Article 6(1)(a) of the GDPR.

Deletion periods for applicant data

We delete applicant data no later than 4 months after completion of the application process (once a candidate has been selected and all applicants have been informed of the outcome). The purpose of data processing generally ceases to exist once the selection process has been completed, but we have a legitimate interest (Art. 6 (1) (f) GDPR) in being able to defend ourselves against any claims made by rejected applicants. If you believe that your interests in immediate deletion outweigh this, you have the option of requesting us to do so. We will then review your request and provide you with feedback.

After the above-mentioned period has expired, your data will be deleted unless we need to defend ourselves in ongoing proceedings, for example, due to a lawsuit under the General Equal Treatment Act. In this case, we will delete your data after the proceedings have been concluded, provided that there are no legal retention periods.
If we are permitted to store your data for a longer period on the basis of your consent, we will delete your data if you request us to do so and revoke your consent. If necessary, we will also delete your data before you revoke your consent if it is foreseeable that no position will be available.

Inclusion in our applicant pool

If we are unable to offer you a position at this time, we may ask for your consent to continue storing your data. This is for the purpose of offering you a suitable position at a later date. The legal basis for processing your data in our applicant pool is your consent (Art. 6 para. 1 lit. a GDPR). You can, of course, revoke your consent at any time with effect for the future. If you do not revoke your consent yourself within a period of two years, we will delete your data from our applicant pool at the latest by then.

12. Direct marketing

Direct marketing to existing customers in the legitimate interest

We reserve the right to use the data collected in connection with a purchase contract or service contract for direct advertising by email or post in accordance with Section 7 (3) of the German Unfair Competition Act (UWG) if the customer does not object to or has not objected to such use. Direct advertising exclusively comprises offers for products or services similar to those already purchased by the user from us.

We use your data for up to three years after the last legal transaction for direct marketing purposes in our legitimate interest.

We have a legitimate economic interest (Art. 6 (1) (f) GDPR) in informing our customers about new products and improving our services. You can, of course, object to receiving direct marketing at any time. Please address your objection to the above-mentioned responsible body. You will also find information on how to object in every newsletter.

Direct marketing based on your consent

If you would like to subscribe to the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

We use CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze newsletter distribution. The data you enter for the purpose of receiving the newsletter (e.g., email address) is stored on CleverReach’s servers in Germany or Ireland.

Our newsletters sent with CleverReach enable us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients opened the newsletter message and how often which link in the newsletter was clicked. With the help of conversion tracking, we can also analyze whether a predefined action (e.g., purchase of a product on this website) took place after clicking on the link in the newsletter. For more information on data analysis by CleverReach newsletters, please visit: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of data processing operations that have already taken place remains unaffected by the revocation.

If you do not want CleverReach to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interests and our interests in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). There is no time limit for storage in the blacklist. You can object to the storage if your interests outweigh our legitimate interest.

For more details, please refer to CleverReach’s privacy policy at: https://www.cleverreach.com/de/datenschutz/.

Order processing

13. Audio and video conferences with MS Teams

We use Microsoft Teams for communication. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

Microsoft Teams processes all data that you provide/use to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants, and other “contextual information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data necessary for handling online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded, or otherwise made available within the tool, it will also be stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools, which we have listed below this text.

Purpose and legal basis

We use Microsoft Teams to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 (1) (b) GDPR). Furthermore, the use of these tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). If consent has been requested, the use of the relevant tools is based on this consent; consent can be revoked at any time with effect for the future.

Storage Period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Order processing

14. Analysis tools and advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It is used solely for the management and display of the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on its website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when data is processed in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables website operators to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used, and user origin. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the data sets collected and employs machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when data is processed in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Order processing

We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

15. Plugins and tools on our website

WPML plugin for multilingualism

We use the WPML plugin from OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong (hereinafter referred to as WPML). WPML is a multilingual plugin for WordPress. We use the WPML plugin to display our online presence in different languages. When you visit our online presence, our website sets a cookie on your device to save your selected language setting. No data is transferred to WMPL itself. Processing takes place locally on our server.

Further information on data processing by WPML can be found here: https://wpml.org/de/documentation-3/privacy-policy-and-gdpr-compliance/

We use the WMPL plugin on the basis of our legitimate interests in order to enable our visitors to easily select their language. The legal basis for this is Art. 6 (1) lit. f GDPR.

Information on the storage period of WMPL cookies can be found at: https://wpml.org/documentation/privacy-policy-and-DSGVO-compliance

Right to object and right to erasure
Information on how to object to the use of WPML cookies can be found here: https://wpml.org/de/documentation-3/privacy-policy-and-gdpr-compliance/

16. Our social media presence

Data processing by social networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks such as Facebook, Twitter, etc. can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media sites triggers numerous data processing operations that are relevant to data protection. Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection is carried out, for example, via cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of social media portals can create user profiles that store your preferences and interests. In this way, interest-based advertising can be displayed to you both within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Legal basis

Our social media presence is intended to ensure the most comprehensive presence possible on the internet. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).

Controller and assertion of rights

If you visit one of our social media presences (e.g. Facebook), we and the operator of the social media platform are jointly responsible for the data processing operations triggered by such a visit. You may generally assert your rights (access, rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint) both against us and against the operator of the respective social media platform (e.g. Facebook).

Please note that, despite the joint responsibility with the operators of the social media platforms, we do not have full influence over the data processing activities of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence is deleted from our systems as soon as you request its deletion, withdraw your consent to storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

We have no influence over the storage duration of your data that is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policies; see below).

Social networks in detail

Facebook

We maintain a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Meta”). According to Meta, the collected data is also transferred to the United States and other third countries.

We have entered into an agreement with Meta on joint processing (Controller Addendum). This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads. The data transfer to the USA is based on the European Commission’s standard contractual clauses. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. For details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Instagram

We maintain a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data transfer to the USA is based on the European Commission’s standard contractual clauses. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381. For details on how they handle your personal data, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875.

XING

We maintain a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how they handle your personal data, please refer to XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. The data transfer to the USA is based on the European Commission’s standard contractual clauses. You can find details here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. For details on how they handle your personal data, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

YouTube

We maintain a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube’s privacy policy:  https://policies.google.com/privacy?hl=de.

17. Additional privacy information for our business partners

Data categories and purposes of processing

We process personal data of our service providers and partners that we receive directly in the context of our business relationship. If we have received data from you, we generally process it only for the purposes for which we received or collected it.
As a rule, we process the following categories of data from you:

Address and/or company address
Telecommunication data
Email address
Company
Professional role and/or position
Bank account / other payment details
Data on the history of the business relationship

During the business initiation phase and throughout the business relationship, additional personal data may be generated, particularly through personal, telephone, or written contacts initiated by you or one of our employees, such as information about the contact channel, date, reason, and outcome; (electronic) copies of correspondence; as well as information about participation in direct marketing activities.

We also process personal data that we have lawfully obtained from publicly accessible sources (e.g., commercial and association registers, press, media, internet) and are permitted to process.

Processing data for other purposes is only considered if the necessary legal requirements pursuant to Art. 6(4) GDPR are met. Any information obligations under Art. 13(3) GDPR and Art. 14(4) GDPR will, of course, be observed in such cases.

Legal bases on which we process your data

Based on your consent (Art. 6(1)(a) GDPR)
We process personal data for one or more specific purposes if you have given us your consent to do so. If personal data is processed on the basis of your consent, you have the right to withdraw your consent at any time with effect for the future.

Data processing for the performance of contracts (Art. 6(1)(b) GDPR)
We process personal data for the fulfillment of contracts. Contract fulfillment includes, for example, the conclusion, execution, and termination of a contract. In addition, we process personal data that is necessary for carrying out pre-contractual measures, such as the initiation of a contract, and which is done at your request.

Data processing based on a legal obligation (Art. 6(1)(c) GDPR)
Like any company, we must comply with retention and other documentation obligations, which may also involve documents containing personal information. To the extent we process data for these purposes, the processing is carried out based on a legal obligation.

Data processing based on a balancing of interests (Art. 6(1)(f) GDPR)
If we process data based on a balancing of interests, you as the data subject have the right to object to the processing of personal data, taking into account the provisions of Art. 21 GDPR. Where the specific purpose allows, we process your data in a pseudonymized or anonymized form.

Other recipients of your data

Disclosure to processors within the framework of Art. 28 GDPR
Processors engaged by us (Art. 28 GDPR), particularly in the areas of IT services and, for example, printing services, process your data on our instructions. When we commission service providers to fulfill our tasks, we always comply with data protection regulations; in particular, disclosure only occurs after concluding contracts for data processing. We are happy to inform you about the processors we use.

For the execution of a contractual relationship
If necessary for the execution of the contract with you, we may, for example, disclose your data to our bank for payment processing or to shipping service providers, such as Deutsche Post, DHL, UPS, GSL, DPD, or other occasion-specific providers.

Disclosure based on a legal obligation
If a legal or regulatory obligation exists, we disclose your data to public authorities or institutions (e.g., authorities in the context of law enforcement).

Other entities, provided you have given us consent
If you have given explicit consent, we may also disclose your data to other entities. However, this only occurs within the limits of verifiable consent provided by you.

Information on retention periods for personal data

Principle of purpose limitation and compliance with statutory retention periods
We process data as long as it is necessary for the respective purpose. Where required, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract.

Furthermore, like any company, we are obliged to comply with statutory retention periods, for example those arising from commercial and tax law. Where statutory retention obligations exist, the relevant personal data is stored for the duration of the retention period. The storage period is also determined by statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), generally amount to three years, but in certain cases can extend up to thirty years. After the retention period expires, it is reviewed whether further processing is necessary. If no further necessity exists, the data is deleted.

As a rule, such retention periods in the context of legal transactions (pursuant to §147 AO / §257 HGB / §14b UStG) are 10 years, starting with the year following the legal transaction.

Concrete example
If you provide us with your contact details, for example via email, telephone, or by handing over your business card, we store this data on the basis of pre-contractual measures (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR) to ensure smooth and targeted communication. If no legal transaction takes place, we delete your data upon your request or if no further contact occurs within a period of three years. If you enter into a legal transaction with us (Art. 6(1)(b) GDPR), we store your data for ten years in accordance with commercial and tax law requirements. After this period, we review whether the data can be deleted and, if applicable, proceed with its deletion.

Emails and business letters
We archive all of our email correspondence for ten years. When you send us an email, your data and the entire email content are stored accordingly for 10 years. Most emails are considered business letters, and in addition, emails may contain information relevant for tax purposes. We consider the effort of reviewing each individual email in detail disproportionate to the benefit and the legitimate interests of the sender. Of course, you can request deletion at any time, and we will conduct an individual case review. We will inform you of the outcome, which may result in deletion or restriction of processing, depending on the content of the correspondence.

Withdrawal of your consent
If we process your data based on your consent (Art. 6(1)(a) GDPR), we will delete it upon your withdrawal. This does not apply if there are legitimate interests that oppose complete deletion. For example, we generally retain the consent declaration for up to three years after receiving your withdrawal based on our legitimate interest (Art. 6(1)(f) GDPR). We retain the consent solely under restricted processing to be able to defend ourselves in the event of a dispute.

Legal or contractual obligation to provide personal data

Providing personal data is generally necessary for the initiation, conclusion, execution, and termination of a contract. If you do not provide the required personal data, it is not possible for us to conclude or fulfill a contract with you.

Transfer to a third country

Your personal data is generally processed by us in data centers located in the Federal Republic of Germany or the European Union. A transfer to a third country only takes place if you have given us your consent or if we have concluded a contract for data processing pursuant to Art. 28 GDPR, taking into account appropriate safeguards or other suitable guarantees.