Privacy policy

Thank you for visiting our website. We would like to inform you below about the processing of your personal data on our website.

Responsible party

Kendrion N.V.

Vesta Building - 5th floor Herikerbergweg 213

1101 CN Amsterdam The Netherlands

Telephone: +31 85 073 1500 info@kendrion.com

Data Protection Officer

DDSK GmbH

Dr.-Klein-Str. 29

88069 Tettnang

E-Mail: dataprotection.de@kendrion.com

Terms

The special terms used in this privacy policy are to be understood as legally defined in Art.4 GDPR.

The terms "user" and "website visitor" are used synonymously in our privacy policy. 

Recipient of data 

Recipients of data are named in our privacy policy under the respective category/heading. 

Categories of data subjects

The categories of data subjects are website visitors and other users of online services.

General information on data processing on the website

1. Automated data processing (log files etc.)

Our website can be visited without actively entering personal data. However, we automatically store access data (server log files), such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit or the name of the requested file, and for security reasons, e.g. to recognise attacks on our website, the IP address of the end device used for a period of 2 months[ES1]. This data is not merged with other data sources. We process and use the data for the following purposes: provision of the website, prevention and detection of errors/malfunctions, and misuse of the website.

Data categories: Meta and communication data (e.g. IP address, date and time of access, time, type of HTTP request, website from which access is made (referrer URL), browser used and, if applicable, operating system of the accessing computer (user agent))

Purpose of the processing: Prevention and detection of errors/malfunctions, detection of abuse of the website

Legal basis: Legitimate interest according to Art. 6 para. 1 lit. f) GDPR

Legitimate interests: Fraud prevention to detect abuse of the website

2. Required cookies (functionality, opt-out links, etc.)

We use cookies on our website to enable the use of the basic functions on our website and to provide the service requested by the user. Cookies are a standard Internet technology for storing and retrieving information for website users. Cookies represent information and/or data that can be stored on the user's end device, for example. With classic cookie technology, the user's browser is instructed to store certain information on the user's device when a specific website is accessed.

Strictly required cookies are used to provide a digital service expressly requested by the user, e.g:

• Cookies for error analysis and security purposes

• Cookies for storing logins 

• Cookies for storing data in online forms if the form extends over several pages

• Cookies for saving (language) settings

• Cookies to store articles in the shopping basket by users to complete the purchase 

• Cookies for storing consent or withdrawal (opt-in, opt-out)

Some of the cookies used (session cookies) are erased after the end of the browser session, i.e. after closing the browser. 

Cookies can be erased by users afterwards to remove data that the website has stored on the user's computer.

The data processing described may also relate to information that is not personal but constitutes information within the meaning of the TDDDG. In these cases, this information may be necessary for the use of an expressly requested service and may therefore be stored in accordance with § 25 TDDDG. 

Opt-Out:

Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome: https://support.google.com/chrome/answer/95647?hl=de

Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/inprivate-browsen-in-microsoft-edge-cd2c9a48-0bc4-b98e-5e46-ac40c84e27e2

Opera:  https://help.opera.com/en/latest/security-and-privacy/

Safari:  https://support.apple.com/de-de/HT201265 

Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR in conjunction with § 25 para. 2 no. 2 TDDDG), consent (Art. 6 para. 1 lit. a) GDPR in conjunction with § 25 para. 1 TDDDG

Legitimate interests: Storage of opt-in preferences, ensuring the functionality of the website, maintaining user status across the entire website

3. Storage and processing of not required information and data

Beyond the required scope, user data may be processed by cookies, similar technologies or application-related technologies, e.g. for the purpose of (cross-website) tracking or personalized advertising etc.. Data may be transmitted to third-party providers. The storage and further processing of user data that is not necessary to provide the digital service, is then carried out on the basis of consent within the meaning of Art. 6 para. 1 lit. a) GDPR (if applicable in conjunction with § 25 para. 1 sentence 2 TDDDG).

Consent management platforms (consent management)

We use a consent management procedure on our website in order to be able to store and manage the consent given by website visitors in a verifiable manner in accordance with data protection requirements.

The consent management platform used helps us to identify all cookies and tracking technologies and to control them based on the consent status. At the same time, visitors to our website can use the consent management service we have integrated to manage the consents and preferences granted (optional setting of cookies and other technologies that are not required) or revoke consent at any time using the button

The status of the consent is stored on the server and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or their device. The time of the declaration of consent is also recorded.

Data categories: Consent data (consent ID and number, time consent was given, opt-in or opt-out), meta and communication data (e.g. device information, IP addresses)

Purposes of the processing: Fulfilment of accountability, consent management

Legal bases: Legal obligation (Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 GDPR)

4. Consent management/revocation

Recipient: Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany

Third country transfer: Does not take place

Privacy policy: https://usercentrics.com/de/datenschutzerklaerung/

Manage consent/revoke consent

5. Hosting (incl. content delivery network)

Our website is hosted by an external service provider. Data of visitors to our website, in particular so-called log files, are stored on the servers of our service provider. By using a specialised service provider, we can provide our website efficiently. The hosting provider we use does not process the data for its own purposes.

We also use a so-called Content Delivery Network (CDN) in order to be able to provide the content of our website more quickly. For example, when website visitors access graphics, scripts or other content, these are provided quickly and optimised with the help of regionally and internationally distributed servers. When the files are retrieved, a connection is established to the servers of a CDN provider, whereby personal data of visitors to our website is processed, such as the IP address and browser data.

Data categories: User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses)

Purposes of the processing: Correct presentation and optimisation of the website, faster and location-independent accessibility of the website,

Legal bases: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: Avoidance of downtime, high scalability, reduction of the bounce rate on the bounce rate on the website

CloudFlare

Recipient: Cloudflare Inc, 101 Townsend St, San Francisco, California, USA 

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the Standard Contractual Clauses 

Privacy Policy: https://www.cloudflare.com/de-de/privacypolicy/

Website support and consulting, web agency

We have commissioned a web agency to provide support and advice for services and applications on our website. This agency supports us in all activities associated with the design and functionality of our website. In this context, the web agency selected by us receives the access data for our website in order to make necessary adjustments and changes, such as the design of forms or other programming activities.

The web agency also supports us in the maintenance and administration of our social media accounts, our content management system, our chatbot and our accounts with search engine providers.

Access to personal data, such as data from forms or log data of website visitors, cannot be ruled out. The web agency therefore works for us as a so-called contract processor and only acts on our instructions. Data is not processed for other purposes.

Data categories: Usage data (e.g. access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. email address), content data (e.g. text information), evaluation data from social media accounts (e.g. anonymised statistics)

Purposes of the processing: Support for web analysis and optimization, analysis of user behavior on the website (website interaction) for web optimization and reach measurement, checking the utilization of the website

Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: Support and assistance with website maintenance through high level expertise, efficiency through outsourcing.

Avenit

Recipient: avenit AG, Marlener Straße 2, 77656 Offenburg, Germany 

Third country transfer: Does not take place.

Privacy policy: https://www.avenit.de/de/datenschutz

Köhler & Partner

Recipient:  Brauerstraße 42, 21244 Buchholz i.d.N., Germany 

Third country transfer: Does not take place.

Privacy policy: https://www.koehler-partner.de/datenschutz

1. Content management system

We use a so-called Content Management System (CMS) TYPO3 for the processing, organisation and presentation of digital content on our website. The application is used web-based on the company's own servers.

With the help of the CMS, our website can be created, edited and managed and equipped with the necessary functions (e.g. forms, blogs, images and other digital content). In addition, the website designed by the CMS helps our website to be found more easily by users on the search engine results page (SERP).

However, the system offers security mechanisms that fulfil a similar protective function. These include

Access control & rights management: TYPO3 has a very fine-grained authorisation system for backend users and groups.

IP whitelist for backend login: Access to the backend is restricted to certain IP addresses, e.g. for admins.

Cross-site request forgery (CSRF) protection: TYPO3 uses tokens to protect against CSRF attacks.

Regular security updates: TYPO3 provides regular security updates which are always applied to the system in the latest version

In addition, we ensure that the CMS is regularly updated and patched to guarantee the security of our website, which is based on the CMS.

Data categories: Usage data (e.g. websites visited, access time), meta and communication data (e.g. device information, anonymised IP address), interaction data (interest in content, etc.)

Purposes of the processing: Creating, editing and managing page content, storing and archiving data archiving of data, creation of landing pages, statistics, reach measurement

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f)

Legitimate interests: Simple editing of content on the website without programming knowledge.

TYPO3

Manufacturer: TYPO3 GmbH, Emanuel-Leutze-Str. 11, 40547 Düsseldorf Germany

Data transmission: Does not take place.

Web analysis and optimisation

We use procedures on our website to analyse user behaviour and measure reach. For this purpose, information about the behaviour, interests or demographic information of visitors is collected in order to determine whether and where our website needs to be optimised or adapted (e.g. forms on the website, improved placement of buttons or call-to-action buttons, etc.).

We can also measure the click and scroll behaviour of website visitors. Among other things, this helps us to recognise at what time our website, its functions or content are most frequented.

The collection of this data is made possible by the use of certain technologies (e.g. cookies). These are stored on users' end devices as part of client-side tracking when they visit our website.

We take precautions to protect the identity of our website visitors. We do not process any clear data of website visitors for the purposes described.

Website visitors are assigned an ID (identification code) when they visit our website so that they can be recognised when they return. The IDs and associated information are stored in user profiles. In addition, the IP addresses of website visitors are anonymised and the storage duration of cookies is reduced.

Data categories: Usage data (e.g. websites visited, interest in content, access times), demographic characteristics (age, gender), meta and communication data (e.g. device information, anonymised IP addresses, location data), contact data (e.g. email address), content data (e.g. text details)

Purposes of processing: Checking the status of target achievement (performance review) of all online activities: Analysis of user behaviour on the website (website interaction) for web optimisation and reach measurement, checking the utilisation of the website, lead evaluation, sales increase, budget control

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

1. Microsoft Advertising Web Analytics / Microsoft Clarity

Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the standard contractual clauses

Privacy policy: https://privacy.microsoft.com/de-de/privacystatement

2. Content Square

Recipient: Content Square Scon AS, 53 Beach St, New York, NY 10013 

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the Standard Contractual Clauses

Privacy Policy: https://contentsquare.com/privacy-center/user-privacy-policy/

3. LinkedIn Insight Tag

Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland 

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the Standard Contractual Clauses 

Privacy Policy: https://de.linkedin.com/legal/privacy/eu

4. Leadinfo

Recipient:  Leadinfo B.V., Rivium Quadrant 141, 2909LC Capelle aan den IJssel, Netherlands 

Third country transfer: Does not take place.

Privacy policy: https://www.leadinfo.com/de/rechtliches/datenschutz/

5. Snowplow

Recipient: Snowplow Analytics Limited, 17 Bevis Marks, Floor 6, London, EC3A7LN, United Kingdom

Third country transfer: On the basis of the adequacy decision of the European Commission for the United Kingdom 

Privacy Policy: https://www.leadinfo.com/de/rechtliches/datenschutz/

6. Google Analytics

Recipient:Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland 

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of 

Standard Contractual Clauses 

Privacy Policy: https://policies.google.com/privacy

Opt-out link:

OprOur: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Online marketing

1. Search engine marketing (advertising in search engines)

We use search engine marketing methods. Search engine marketing includes all measures that are suitable for improving the visibility of our website in the organic or non-organic search results of search engines, increasing our reach and thus increasing traffic (visitor traffic) to our website. We can also use search engine marketing to generate new leads. The search engine provider buys us ad space on the search engine results page or on websites of the search engine provider's partners.

The adverts can therefore be placed on various external platforms or websites. The adverts are shown to users in the form of text, display or video ads.

Using our tracking tool, we first create a campaign for search engine advertising and store various dimensions there that are to be recorded by the search engine provider selected by us, e.g. user location, device information and target groups (demographic characteristics). This enables us to gain further insights into the interests in our content/products and, if necessary, to recognise trends.

The process is implemented using a cookie or similar technology. When a visitor visits our website or searches for a specific keyword within the search engine used (e.g. Google), a cookie or similar technology is set on the website visitor's end device. This data can be, for example, user locations and device information, which is transmitted to the search engine provider's server. The search engine provider aggregates this data and makes it available to us automatically in the form of a statistical analysis via a dashboard in our account with the search engine provider.

The statistics provide us with information about which of our adverts were clicked on, how often and at what prices, and whether our marketing measures led to a so-called event (e.g. downloading a PDF or playing a video) or a conversion (e.g. purchase of a product or registration on our website). The evaluation serves to analyse the success of our online activities. Because every click on an advert incurs costs for us, these clicks on external platforms and websites are recorded using our tracking tool. The recording serves to monitor the budget and success. We cannot identify individual users on the basis of this information.

Note: Website visitor data (e.g. name and email address) can be assigned directly if they are logged into their account with the search engine provider. If an assignment via the profile is not desired, the website visitor must log out of the search engine provider before visiting our website.

Data categories: User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), location data, contact data, content data

Purposes of the processing: Marketing (partly also interest-based and behavioural), conversion measurement, target group formation, click tracking, development of marketing strategies and increasing the efficiency of campaigns

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Leadinfo / leadREBEL

Recipient: Leadinfo B.V.,Rivium Quadrant 141;2909LC Capelle aan den IJssel, Netherlands

Third country transfer: Does not take place 

Privacy policy: https://leadrebel.io/de/privacy

Google Ads & Google Double Click

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Third country transfer:  Participant of the EU-US Data Privacy Framework and on the basis of Standard Contractual Clauses 

Privacy Policy: https://policies.google.com/privacy?hl=en-US

2. Presence on social media

We maintain company profiles on social networks and career platforms in order to increase our visibility among potential customers and interested parties and to make our company visible to the public.

Social networks help us to increase our reach and actively promote interaction and communication with users. Social media activity and communication is very important in attracting new customers and employees. Social media and the website can be used to share relevant information about our company, publish events and communicate important short-term announcements and job postings. They also help us to communicate quickly and easily with users.

Social media platform operators create user profiles based on the usage behaviour of users, such as the indication of interests (likes, shares). These are used to customise advertisements to the interests of target groups. When users are active on social media channels, cookies or other technologies are regularly stored on users' end devices, in some cases regardless of whether they are registered users of the social network.

Insights (statistics)

The data analysed by the social media platform operators is provided to us in the form of anonymised statistics, which means that it no longer contains any personal data of users. We can use the statistics to recognise, for example, how often and at what time our social media profile was visited. It is currently not possible for fan page operators to switch off this function. We therefore have no influence on the extent to which data is processed by social media platforms.

Social media messenger

In connection with the use of social media, we may use the associated messengers to communicate easily with users. The security of individual services may depend on the user's account settings. Even in the case of end-to-end encryption, the social media platform operator can draw conclusions about the fact that and when users communicate with us. Location data can also be collected.

Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This may result in risks for users because it makes it more difficult to enforce their rights.

Categories of data: User names (e.g. surname, first name), contact details (e.g. email address), content data (e.g. text data, photographs, videos), usage and interaction data (e.g. websites visited, interests, likes, shares, access times), meta and communication data (e.g. device information, IP address, location data if applicable)

Purposes of processing: Increasing reach, raising awareness, rapid networking

Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR), consent (Art. 6 para. 1 lit. para. 1 lit. a) GDPR)

Legitimate interests: Interaction and communication on social media presence, profit increase, insights into target groups

Facebook

Recipient: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the standard contractual clauses

Data protection: https://www.facebook.com/privacy/explanation and 

 www.facebook.com/legal/terms/page_controller_addendum

Opt-out link: https://www.facebook.com/settings?tab=ads
 

YouTube

Service used:

Recipient:  Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland 

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of standard contractual clauses

Data protection: https://policies.google.com/privacy?hl=de&gl=de
 

Xing

Recipient:  New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany 

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of Standard contractual clauses

Data protection: https://privacy.xing.com/de/datenschutzerklaerung
 

LinkedIn

Recipient: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the Standard Contractual Clauses 

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

3. Social media marketing

We use our social media channels to advertise our products and services. Our aim is to reach a broad community that we cannot reach via traditional advertising channels, e.g. offline marketing (e.g. flyers). Social media advertising is shown to users in the form of text, display or video adverts on their social media channels.
 

Targeting

Within our social media channels, we use so-called targeting methods to track specific user activities (interactions) to ensure that our adverts are delivered to specific target groups. We use the procedures and technologies of various social media providers. One common technology is the pixel.

We install this pixel in the source code of our website. This ensures that the navigation of users is recorded. When users interact with our website or our adverts on social media, the pixel records the people and the actions they take (e.g. clicks on adverts, bounces on websites) and saves which pages and sub-pages have been accessed.

Products and services viewed but not purchased from our ads are analysed using the technologies used. This is used to display real-time and behaviour-based advertising to potential customers on various social media platforms. We can determine the success of our adverts using summarised data that is made available to us by the social media provider (so-called conversion measurement). This allows us to track whether a marketing measure has led to a so-called event (e.g. downloading a pdf or playing a video) or a conversion (e.g. purchase of a product or registration on our website). The evaluation is provided to us in the form of statistics via our tracking tool and serves to analyse the success of our online activities (success control).
 

Retargeting

Lists of company names are uploaded to the social media platform in order to display certain social ads again to known corporate customers. Depending on the advert, certain roles and sectors are selected.

The process used serves as a reminder tool to bring customers back to our website and encourage them to complete an action (known as a conversion), thereby increasing our sales and brand awareness.

Data categories: Usage and interaction data (e.g. websites visited, interests times), meta and communication data (e.g. device information, IP address, location data if applicable)

Purposes of processing: Expansion of reach, reach analysis and statistical evaluations

Legal basis: Legitimate interest (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: Strengthening the brand and publicising the products. No personal data in direct processing.

LinkedIn Ads

Recipient: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the Standard Contractual Clauses 

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

4. Plugins and integrated third-party content

Our website includes functions and elements that are obtained from third-party providers. These are, for example, videos, presentations, buttons, map services (maps), online tools for the visual presentation of financial data, stock market figures and company news or contributions (hereinafter referred to as content). If this third-party content is accessed by website visitors (e.g. click, play, etc.), information and data are collected and linked to the website visitor's end device in the form of cookies or other technologies (e.g. pixels, Java Script commands or web assembly) and transmitted to the server of the third-party provider used. The third-party provider thereby receives usage and interaction data from the website visitor and makes this available to us in the form of statistics via a dashboard. The statistics we receive do not contain any clear user data.

Without this processing operation, it is not possible to load and display this third-party content.

In order to protect the personal data of website visitors, we have taken protective measures to prevent the automatic transmission of this data to the third-party provider. This data is only transmitted when users actively use the buttons and click on the third-party content.

Data categories: Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, anonymised IP address)

Purposes of processing: Sharing posts and content, interest- and behaviour-based marketing, evaluation of marketing, analysing statistics, cross-device tracking, increasing reach in social media

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: For security, access control, provision of information, transparent, current and functional investor relations communication

Google Recaptcha

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Legal basis

Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the Standard Contractual Clauses 

Privacy Policy: https://policies.google.com/privacy?hl=en-US

Euroland IR

Recipient: Eurolandcom AB Kronhusgatan 2D, Gothenburg, 41113, Sweden 

Third country transfer: Does not take place.

Privacy policy: https://www.euroland.com/legal/privacy/?lang=en-GB

Affiliate marketing (with tracking)

We participate in a so-called affiliate programme and advertise our products and services in the form of advertisements (texts, banners) on websites of our advertising partners (so-called affiliate partners). This helps us to increase our sales beyond our website and generate more reach.

The partner tracking code may contain various tracking technologies (e.g. URL tracking, session tracking, cookie or pixel tracking). The tracking code is set when the website visitor clicks on the advert and performs an action (conversion) on our website, e.g. purchase or click.

Data categories: Usage data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address), conversion data (e.g. clicks, purchases, payment information), possibly user data (e.g. master data, address data)

Purposes of the processing: Generating profits, expanding reach, analysing reach and statistical analyses,

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Google AdSense

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of Standard Contractual Clauses 

Privacy Policy: https://policies.google.com/privacy?hl=en-US

Survey services with data transfer

We conduct surveys and polls (hereinafter "surveys") on our website from time to time. This helps us to improve our services and to better meet the needs of our customers. For this purpose, it is not necessary to be able to trace whether we can assign feedback to a specific person. Before evaluating the user survey, the data that we process for the provision and technical implementation of our surveys is anonymised. Participation in the survey is voluntary.

Data categories: Meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times), master data (e.g. name, address), contact data (e.g. email address, telephone number)

Purposes of processing: Marketing, customer retention and new customer acquisition, improvement and optimisation of the offer

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

1. Microsoft Forms

Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399,

USA

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the

standard contractual clauses

Privacy policy: https://www.microsoft.com/de-de/privacy/privacystatement

2. Hubspot & Hubspot Forms

Recipient: HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the Standard Contractual Clauses 

Privacy Policy: https://legal.hubspot.com/de/privacy-policy

Newsletter and broad communication (with tracking)

On our website, users have the option of subscribing to our newsletter or any notifications via various channels (hereinafter referred to as newsletter). We only send newsletters in accordance with the statutory provisions to recipients who have consented to receiving the newsletter. We use a selected service provider to send our newsletter.

To subscribe to our newsletter, you must provide an e-mail address. We may also collect additional data, such as the name, in order to personalise our newsletter.

Our newsletter is only sent after the double opt-in procedure has been completed. If website visitors decide to subscribe to our newsletter, they will receive a confirmation e-mail, which serves to prevent the misuse of false e-mail addresses and to prevent the newsletter from being sent by a simple, possibly inadvertent click. The subscription to our newsletter can be cancelled at any time for the future. An unsubscribe link (opt-out link) is included at the end of each newsletter.

We are also obliged to provide proof that our subscribers actually wanted to receive the newsletter. For this purpose, we collect and store the IP address and the time of subscription and cancellation.

Our newsletters are designed in such a way that it is possible for us to gain insights into improvements, target groups or the reading behaviour of our subscribers. This is made possible by a so-called web beacon or tracking pixel, which reacts to interactions with the newsletter, for example whether links are clicked on, whether the newsletter is opened at all or at what time the newsletter is read. We can assign this information to individual subscribers for technical reasons.

Data categories: Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times)

Purposes of processing: marketing, customer retention and new customer acquisition, analysing and evaluating the success of the campaign

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

1. Hubspot & Hubspot Forms

Recipient: HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA 

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the Standard Contractual Clauses 

Privacy Policy: https://legal.hubspot.com/de/privacy-policy
 

2. Intuit Mailchimp

Recipient: Intuit Mailchimp, 405 N Angier Ave. NE, Atlanta, GA 30308 USA 

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of standard contractual clauses

Privacy policy: https://www.intuit.com/privacy/statement/data-privacy-certification/

Advertising communication

We also use data provided to us, which we have received e.g. in the context of an order or commissioning of a service etc., for advertising purposes, in particular to inform you on various channels about news from us or from our product portfolio. Advertising on our part takes place within the framework of the legal requirements and - if necessary - after obtaining consent. If the recipients of our advertising do not wish to receive it, they can inform us of this at any time and object or withdraw their consent. 

The unsubscribe button in our email can be used for this purpose. Only those users who have not objected to receiving our advertising in advance will receive it.

We have commissioned a service provider to send the advertising messages. This service provider acts exclusively on our instructions. The data is not processed for purposes other than sending.

Data categories: Master data (e.g. name, address), contact data (e.g. e-mail address, address, telephone number if applicable)

Purposes of processing: Direct marketing

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: Retention of existing and acquisition of new contacts or contractual partners, information about similar goods and services

Credit assessment

If we provide or render services in advance, we reserve the right to carry out an identity or credit check. For this purpose, we make use of special service providers who regularly provide an assessment of the risk we may face using mathematical-statistical procedures.

Based on the results provided to us by the respective service provider, we decide at our discretion whether and, if so, how we wish to establish, implement or terminate a contractual relationship with the users. In the event of a negative credit report, we reserve the right to refuse certain types of payment or other types of advance payment. The decision as to whether we make advance payment is made automatically on the basis of the result determined by our respective service provider.

Data categories: Master data (e.g. name, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail address, telephone number), contract data (e.g. subject matter of contract, term), creditworthiness data (incl. scoring values)

Purposes of processing: Avoidance of payment defaults and reduction of the default rate of payments, reduction of our credit risk

Legal bases: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: Economic protection, protection against payment defaults, reduction of creditor risk, realisation of profits

SCHUFA

Service used: SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany

Third country transfer: Does not take place

Data protection: https://www.schufa.de/global/datenschutz-dsgvo/index.jsp

Verband der Vereine Creditreform e.V.

Service used: Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss Germany

Third country transfer: Does not take place

Data protection: https://www.creditreform.de/datenschutz

Digital services

1. Contact us

We offer website visitors the opportunity to contact us directly or to obtain information via various contact options. We use a management tool/our CRM system to process corresponding enquiries in order to have an overview of contacts made with us.

If contact is made, we process the data of the person making the enquiry to the extent necessary for responding to or processing the enquiry. The data processed may vary depending on how we are contacted.

Data categories: Master data (e.g. name, address), contact data (e.g. e-mail address, address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of processing: Processing of enquiries

Legal bases: Consent (Art. 6 para. 1 lit. a) GDPR), fulfilment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR)

Hubspot & Hubspot Forms

Recipient: HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA 

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the Standard Contractual Clauses 

Privacy Policy: https://legal.hubspot.com/de/privacy-policy

Chatbots

We offer users the opportunity to contact us via a chat function when visiting the website. We use a so-called chatbot for this purpose. A chatbot is a software or cloud service that functions as a text or voice-based dialogue system and is installed on our website.

The use of the chatbot requires users to give their consent to the processing of their data for the purpose of answering enquiries via the chatbot. Consent also includes the transfer of data to the chatbot provider associated with the use of the chatbot.

Chatbot with artificial intelligence (natural language processing method)

The chatbot we use is based on artificial intelligence. The chatbot learns the ongoing dialogue through the requests made by users via the input masks and helps to continuously develop the database that the chatbot accesses.

Thanks to the database integrated into the chatbot, which consists of a set of questions and pre-formulated answers, our chatbot can automatically find out the intention of the respective user, put it into context and is also able to answer more complex enquiries. To make this possible, the data that is collected and processed as part of the user's enquiry is also used to improve the quality of the chatbot's answers. The chatbot helps us to process user enquiries in real time in order to achieve a high level of efficiency and customer satisfaction when processing enquiries.

Personal data is processed when the tool provided by us is actively used. The data processed may vary and depends on the information provided by the user via the chat function.

Statistics and customer insights

The chatbot provides us with anonymous statistics via the dashboard, which tells us how quickly and satisfying enquiries were answered, and which questions, topics and concerns are particularly relevant. The statistics cannot be assigned to a specific user or person at any time.

Data categories: Content data (e.g. text entries), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP addresses), possibly master data (e.g. name, address), possibly contact data (e.g. email address)

Purposes of processing: Automation of customer communication for the efficient processing of enquiries, increasing customer satisfaction through quick responses, improving customer service, saving time and costs, relieving employees, constant availability

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Kenni AI / ChatVusyon

Recipient: avenit AG, Marlener Straße 2, 77656 Offenburg, Germany Transfer to third countries:   Does not take place.

Privacy policy: https://chatvusyon.ai/datenschutz-chatbot

2. Online meetings

We make use of the option to hold online meetings. For this purpose, we use the services of other providers, which we have carefully selected. When such services are actively used, data of the communication participants is processed and stored on the servers of the third-party providers used, insofar as this data is necessary for the communication process. When selecting providers, we ensure that communication via the selected services is end-to-end encrypted.

Data categories: Master data (e.g. surname, first name), contact data (e.g. e-mail address), content data (e.g. text entries), meta and communication data (e.g. device information, IP addresses)

Purposes of the processing: Processing enquiries, increasing efficiency, promoting cross-company and cross-location cooperation

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Microsoft Teams

Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399,USA

Third country transfer: Participant of the EU-US Data Privacy Framework and on the basis of the standard contractual clauses

Privacy policy: https://privacy.microsoft.com/de-de/privacystatement

Further mandatory information on data processing

1. Data transfer

We transfer the personal data of website visitors for internal purposes (e.g. for internal administration or to the HR department in order to fulfil legal or contractual obligations). The internal data transfer or disclosure of data takes place to the extent necessary in compliance with the relevant data protection regulations.

It may be necessary for us to disclose personal data for the performance of contracts or to fulfil a legal obligation. If we are not provided with the necessary data in this respect, it may not be possible to conclude the contract with the data subject.

If your data is processed outside the EU/EEA, in so-called third countries (e.g. USA), we ensure that this is done in accordance with the requirements of Art. 44 et seq. GDPR. We take additional measures to ensure the highest possible level of protection for the personal data of data subjects. The guarantee applicable to the transfer to third countries is specified in our privacy policy for the respective recipients.

In the event that we transfer data to a country outside the EEA for processing within the Group, we ensure that the processing is legally permissible in the manner we intend. For this case, we have concluded Standard Contractual Clauses including a separate   regulation   of   suitable   technical   and   organisational   measures