Request now

PRIVACY POLICY

INTRODUCTION

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to briefly as “data”) that we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”)

The terms used are not gender-specific.

As of October 29, 2021.

Inhaltsübersicht

CONTROLLER

ETL Technologies GmbH
Bodeächer 1
5453 Remetschwil
Switzerland

Authorized representatives: Ibrahim Cordic.

Email address: info@etl-technologies.ch

CONTACT DATA PROTECTION OFFICER

Waldemar Hersacher
info@etl-prueftechnik.de

OVERVIEW OF PROCESSING

The following overview summarizes the types of processed data, the purposes of their processing, and refers to the data subjects.

Types of processed data

  • Event Data (Facebook) (“Event Data” is data that can be transmitted to Facebook, for example, via Facebook Pixel (via apps or other means) and relates to individuals or their actions; Data includes information about website visits, interactions with content, features, app installations, product purchases, etc.; Event Data is processed for the purpose of creating target audiences for content and advertising information (Custom Audiences); Event Data does not include actual content (such as written comments), login information, and contact information (so no names, email addresses, and phone numbers). Facebook deletes Event Data after a maximum of two years, along with the deletion of our Facebook account).
  • Inventory Data (e.g., names, addresses).
  • Applicant Data (e.g., personal information, postal and contact addresses, application documents, and the information contained therein, such as cover letters, resumes, certificates, as well as other information voluntarily provided by applicants regarding their person or qualifications).
  • Content Data (e.g., entries in online forms).
  • Contact Data (e.g., email, phone numbers).
  • Meta/Communication Data (e.g., device information, IP addresses).
  • Usage Data (e.g., visited websites, interest in content, access times).
  • Contract Data (e.g., contract subject, duration, customer category).
  • Payment Data (e.g., bank details, invoices, payment history).

Categories of data subjects

  • Employees (e.g., employees, applicants, former employees).
  • Applicants.
  • Business and contractual partners.
  • Prospects.
  • Communication partners.
  • Customers.
  • Users (e.g., website visitors, users of online services).

Purposes of processing

  • Assessment of creditworthiness and creditworthiness.
  • Providing our online offerings and user-friendliness.
  • Conversion measurement (measurement of the effectiveness of marketing measures).
  • Application process (establishment and possible later implementation as well as possible later termination of the employment relationship).
  • Office and organizational procedures.
  • Direct marketing (e.g., via email or postal).
  • Feedback (e.g., collecting feedback via online form).
  • Marketing.
  • Contact inquiries and communication.
  • Profiles with user-related information (creation of user profiles).
  • Remarketing.
  • Reach measurement (e.g., access statistics, detection of recurring visitors).
  • Security measures.
  • Provision of contractual services and customer service.
  • Management and response to inquiries.
  • Audience targeting (determination of target groups relevant for marketing purposes or other content output).

Automated decisions in individual cases

  • Credit report (decision based on a credit check).

Relevant legal bases

Below is an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1) a GDPR) – The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6(1) b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures requested by the data subject.
  • Legal obligation (Art. 6(1) c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1) f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  • Application process as pre-contractual or contractual relationship (Art. 9(2) lit. b GDPR) – Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR (e.g., health data, such as severely disabled status or ethnic origin) are requested from applicants as part of the application process, the processing is carried out in accordance with Art. 9(2) lit. b GDPR, in the case of protection of vital interests of applicants or other persons pursuant to Art. 9(2) lit. c GDPR, or for purposes of preventive healthcare or occupational medicine, for the assessment of the employee’s ability to work, for medical diagnostics, care, or treatment in the health or social sector, or for the management of systems and services in the health or social sector pursuant to Art. 9(2) lit. h GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Art. 9(2) lit. a GDPR.

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection in Germany apply. This includes in particular the Federal Data Protection Act (BDSG). The BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of employment relationships (§ 26 BDSG), especially with regard to the initiation, implementation, or termination of employment relationships as well as the consent of employees. In addition, data protection laws of the individual federal states may apply.

SECURITY MEASURES

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability, and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also consider the protection of personal data in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

SSL encryption (https): To protect your data transmitted via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

TRANSFER OF PERSONAL DATA

In the course of our processing of personal data, it may happen that the data is transferred to other entities, companies, legally independent organizational units, or individuals or disclosed to them. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data

Data transfer within the corporate group: We may transfer personal data to other companies within our corporate group or grant them access to this data. If this transfer is for administrative purposes, it is based on our legitimate business and economic interests, or it is carried out if it is necessary for the fulfillment of our contract-related obligations or if there is consent from the data subjects or a legal permission.

Data transfer within the organization: We may transfer personal data to other entities within our organization or grant them access to this data. If this transfer is for administrative purposes, it is based on our legitimate business and economic interests, or it is carried out if it is necessary for the fulfillment of our contract-related obligations or if there is consent from the data subjects or a legal permission.

Technical support of the website by:

bepixeld GmbH & Co. KG

Westerbachstraße 46

73230 Kirchheim

Phone: +49 711 4690977

Fax: +49 711 4690978

E-Mail: post@bepixeld.de

Web: https://www.bepixeld.de

DATA PROCESSING IN THIRD COUNTRIES

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if data processing takes place as part of the use of third-party services or the disclosure or transmission of data to other individuals, entities, or companies, this is only done in accordance with legal requirements.

Subject to explicit consent or contractually or legally required transmission, we only process or allow data processing in third countries with a recognized level of data protection, contractual obligations through the so-called standard protection clauses of the EU Commission, in the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

DELETION OF DATA

The data processed by us will be deleted in accordance with legal requirements as soon as the consents for processing are revoked or other permissions are no longer valid (e.g., when the purpose of processing this data has ceased or they are not necessary for the purpose).

If the data is not deleted because it is required for other and legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person.

In our privacy policy, we can provide users with additional information about deletion and retention of data specific to the respective processing processes.

USE OF COOKIES

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie primarily serves to store information about a user during or after their visit within an online offering. Stored information may include, for example, language settings on a website, login status, a shopping cart, or the location where a video was viewed. The term “cookies” also includes other technologies that fulfill the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as “user IDs”).

The following cookie types and functions are distinguished:

  • – Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their browser.
  • – Persistent cookies: Persistent cookies remain stored even after the browser is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user revisits a website. User interests, which are used for measuring reach or for marketing purposes, can also be stored in such a cookie.
  • – First-party cookies: First-party cookies are set by us.
  • – Third-party cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • – Necessary (also: essential or strictly necessary) cookies: Cookies may be absolutely necessary for the operation of a website (e.g., to store logins or other user inputs or for security reasons).
  • – Statistics, marketing, and personalization cookies: Cookies are generally also used as part of reach measurement and, if user interests or behavior (e.g., viewing certain content, using features, etc.) are stored in a user profile on individual websites. Such profiles are used to display users content that corresponds to their potential interests. This process is also known as “tracking,” i.e., tracking the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or as part of obtaining consent.

Information on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this applies and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed using cookies will be based on our legitimate interests (e.g., in the efficient operation of our online offering and its improvement) or, if the use of cookies is necessary, to fulfill our contractual obligations.

Storage duration: Unless explicit information on the storage duration of permanent cookies is provided (e.g., as part of a so-called cookie opt-in), please assume that the storage duration can be up to two years.

General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke consent or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can initially declare your objection using the settings of your browser, e.g., by deactivating the use of cookies (which may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared using a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ In addition, you can receive further objection notices as part of the information about the services used and cookies.

Processing of cookie data based on consent: We use a cookie consent management process in which users’ consents to the use of cookies, or the processing and providers mentioned within the framework of the cookie consent management process, can be obtained, managed, and revoked by users. The consent declaration is stored to avoid having to repeat the query and to be able to prove the consent in accordance with legal obligations. Storage can be server-side and/or in a cookie (so-called opt-in cookie or with comparable technologies) to assign the consent to a user or their device. Subject to individual information about the providers of cookie management services, the following applies: The duration of the storage of the consent can be up to two years. In this case, a pseudonymous user identifier is created, and information about the time of consent, the scope of the consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and device used is stored.

  • Processed data types: Usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

BUSINESS SERVICES

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as “contractual partners”) within the framework of contractual and comparable legal relationships as well as associated measures and in the context of communication with contractual partners (or pre-contractually), e.g., to answer inquiries.

We process this data to fulfill our contractual obligations, to safeguard our rights, and for the purposes of the associated administrative tasks, as well as business organization. We only pass on the data of contractual partners within the framework of the applicable law to third parties insofar as this is necessary for the aforementioned purposes or for the fulfillment of legal obligations or with the consent of the persons concerned (e.g., to participating telecommunications, transport and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). The contractual partners will be informed about further processing forms, e.g., for the purposes of marketing, within the scope of this data protection declaration.

We inform contractual partners about which data is required for the aforementioned purposes before or as part of data collection, e.g., in online forms, by means of special markings (e.g., colors) or symbols (e.g., asterisks).

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., fundamentally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be kept for legal archiving reasons (e.g., for tax purposes, usually 10 years). Data disclosed to us as part of an order by the contractual partner will be deleted in accordance with the specifications of the order, generally after the end of the order.

If we use third-party providers or platforms to provide our services, the terms and privacy policies of the respective third-party providers or platforms apply in the relationship between users and the providers.

Customer Account: Contractual partners can create an account within our online offering (e.g., customer or user account, hereinafter referred to as “customer account”). If the registration of a customer account is required, contractual partners will be notified accordingly, as well as about the required information for registration. The customer accounts are not public and cannot be indexed by search engines. As part of the registration and subsequent logins and uses of the customer account, we store the IP addresses of the customers along with the access times to be able to prove the registration and prevent misuse of the customer account.

When customers have terminated their customer account, the data concerning the customer account will be deleted, subject to its retention being necessary for legal reasons. It is the responsibility of the customers to secure their data upon termination of the customer account.

Shop and E-Commerce: We process the data of our customers to enable them to select, purchase, or order the chosen products, goods, and related services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, freight, and shipping companies, to carry out the delivery, or execution towards our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required details are marked as such within the framework of the order, purchase, or comparable acquisition process and include the information required for delivery, provision, and billing, as well as contact information to be able to inquire about any queries.

Project and Development Services: We process the data of our customers and clients (hereinafter uniformly referred to as “customers”) to enable them to select, purchase, or commission the selected services or works and related activities, as well as their payment and provision or execution.

The required information is marked as such within the framework of the order, purchase, or comparable contract conclusion and includes the information required for service provision and billing, as well as contact information to be able to make inquiries if necessary. If we have access to information from end customers, employees, or other persons, we process this information in accordance with legal and contractual requirements.

Technical Services: We process the data of our customers and clients (hereinafter uniformly referred to as “customers”) to enable them to select, purchase, or commission the selected services or works and related activities, as well as their payment and provision or execution.

The required information is marked as such within the framework of the order, purchase, or comparable contract conclusion and includes the information required for service provision and billing, as well as contact information to be able to make inquiries if necessary. If we have access to information from end customers, employees, or other persons, we process this information in accordance with legal and contractual requirements.

Further Information on Commercial Services: We process the data of our customers and clients (hereinafter uniformly referred to as “customers”) to enable them to select, purchase, or commission the selected services or works and related activities, as well as their payment and delivery or execution.

  • Processed data types: Inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, phone numbers), contract data (e.g., subject matter of the contract, term, customer category), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Interested parties, business and contractual partners, customers.
  • Purposes of processing: Provision of contractual services and customer service, contact inquiries and communication, office and organizational procedures, administration and response to inquiries, security measures.
  • Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 sentence 1 lit. c. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

PROVIDERS AND SERVICES USED IN THE COURSE OF BUSINESS ACTIVITIES

In the course of our business activities, we use additional services, platforms, interfaces, or plugins from third-party providers (“services”) while complying with legal requirements, which may process user data. In this context, the data protection notices of the respective services apply in addition to our data protection notices.

Information on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed to fulfill our business services or, if it is not necessary for the performance of the contract, based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services).

  • Affected persons: Customers, interested parties, users (e.g., website visitors, users of online services), business and contractual partners.
  • Purposes of processing: Provision of contractual services and customer service.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

CREDIT CHECK

If we advance money or incur comparable economic risks (e.g., when ordering on account), we reserve the right to obtain an identity and credit check for the protection of legitimate interests using mathematical-statistical methods from specialized service companies (credit agencies).

We process the information obtained from credit agencies about the statistical probability of a payment default as part of a reasonable discretionary decision about the establishment, implementation, and termination of the contractual relationship. In the event of a negative result of the credit check, we reserve the right to refuse payment on account or other prepayment.

The decision on whether we provide advance payment is made solely on the basis of an automated decision in individual cases in accordance with Art. 22 GDPR, which our software makes based on the information from the credit agency.

If we obtain explicit consent from contractual partners, the legal basis for the credit check and the transmission of customer data to the credit agencies is consent. If no consent is obtained, the credit check is based on our legitimate interests in the default security of our payment claims.

  • Processed data types: Inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, phone numbers), contract data (e.g., subject matter of the contract, term, customer category).
  • Affected persons: Customers, interested parties.
  • Purposes of processing: Assessment of creditworthiness and creditworthiness.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
  • Automated decisions in individual cases: Credit check (decision based on a credit check).

Services and service providers used:

PROVISION OF THE ONLINE OFFER AND WEB HOSTING

In order to be able to provide our online offering securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offering can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security and technical maintenance services.

The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer that arises during use and communication. This regularly includes the IP address, which is necessary to be able to deliver the content of online offerings to browsers, and all entries made within our online offering or on websites.

Email sending and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the sending of emails (e.g. the providers involved) as well as the contents of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. We ask you to note that emails on the Internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data about every access to the server (so-called server log files). The server log files include the address and name of the websites and files accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP address. Addresses and the requesting provider belong.

The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the utilization of the servers and their stability.

  • Types of data processed: content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Services and service providers used:

REGISTRATION, LOGIN AND ACCOUNT

Users can create a user account. As part of registration, users are provided with the required mandatory information and processed for the purpose of providing the user account on the basis of contractual fulfillment. The data processed includes, in particular, login information (username, password and an email address).

As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests and those of the users in protecting against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can be informed by email about processes that are relevant to their user account, such as technical changes.

Registration with pseudonyms: Users may use pseudonyms as usernames instead of real names.

Deletion of data after termination: If users have terminated their user account, their data with regard to the user account will be deleted, subject to a legal permission, obligation or consent of the user.

It is the users’ responsibility to back up their data before the end of the contract if the contract is terminated. We are entitled to irretrievably delete all user data stored during the term of the contract.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. entries in online forms), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: provision of contractual services and customer service, security measures, management and response to inquiries.
  • Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

CONTACT AND INQUIRY MANAGEMENT

When you contact us (e.g. via contact form, email, telephone or via social media) as well as within the framework of existing user and business relationships, the information provided by the inquiring person is processed to the extent that this is necessary to answer the contact request and any requested measures.

Answering contact inquiries and managing contact and inquiry data within the framework of contractual or pre-contractual relationships is carried out in order to fulfill our contractual obligations or to answer (pre-)contractual inquiries and otherwise on the basis of the legitimate interests in answering the inquiries and maintaining them User or business relationships.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. entries in online forms).
  • Affected persons: communication partners.
  • Purposes of processing: contact requests and communication.
  • Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

COMMUNICATION VIA MESSENGER

We use messengers for communication purposes and therefore ask that you please note the following information on the functionality of messengers, encryption, the use of communication metadata and your options for objection.

You can also contact us by alternative means, e.g. via telephone or email. Please use the contact options provided to you or the contact options provided within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption activated to ensure that the message content is encrypted.

However, we also point out to our communication partners that although the messenger providers cannot view the content, they can find out that and when communication partners communicate with us as well as technical information about the device used by the communication partner and, depending on the settings of their device, location information ( so-called metadata) are processed.

Notes on legal bases: If we ask communication partners for permission before communicating with them via Messenger, the legal basis for our processing of their data is their consent. Furthermore, if we do not ask for your consent and, for example, you contact us on your own initiative, we use Messenger in relation to our contractual partners as well as in the context of contract initiation as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests on fast and efficient communication and meeting the needs of our communication partner on communication via messenger. We would also like to point out that we will not transmit the contact details provided to us to Messenger for the first time without your consent.

Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via messenger, we delete the messages in accordance with our general deletion guidelines (i.e., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information from the communication partner. if no reference to a previous conversation is to be expected and deletion does not conflict with any legal retention requirements.

Reservation of reference to other communication channels: Finally, we would like to point out that, for reasons of your security, we reserve the right not to answer inquiries via messenger. This is the case if, for example, contractual details require special confidentiality or an answer via messenger does not meet the formal requirements. In such cases, we will refer you to more appropriate communication channels.

Skype end-to-end encryption requires it to be enabled (unless it is enabled by default).

  • Types of data processed: contact data (e.g. email, telephone numbers), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), content data (e.g. entries in online forms).
  • Affected persons: communication partners.
  • Purposes of processing: contact requests and communication, direct marketing (e.g. by email or post).
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Services and service providers used:

CHATBOTS AND CHAT FUNCTIONS

We offer online chats and chatbot functions (collectively referred to as “Chat Services”) as a means of communication. A chat is an online conversation that takes place with a certain degree of timeliness. A chatbot is software that answers users’ questions or informs them about messages. If you use our chat functions, we may process your personal data.

If you use our chat services within an online platform, your identification number will also be stored within the respective platform. We may also collect information about which users interact with our chat services and when. We also store the content of your conversations via the chat services and log registration and consent processes in order to be able to prove these in accordance with legal requirements.

We would like to point out to users that the respective platform provider can find out that and when users communicate with our chat services as well as technical information about the device used by the user and, depending on the settings of their device, location information (so-called metadata) for the purpose of optimizing may collect for the respective services and security purposes. The metadata of communication via chat services (i.e., for example, the information about who communicated with whom) could also be used by the respective platform providers in accordance with their regulations, to which we refer for further information, for marketing purposes or to display advertising tailored to users be used.

If users agree to activate information with regular messages to a chatbot, they have the option of unsubscribing from the information in the future at any time. The chatbot tells users how and with which terms they can unsubscribe from the messages. When you unsubscribe from chatbot messages, user data is deleted from the list of message recipients.

We use the aforementioned information to operate our chat services, e.g. to address users personally, to answer their inquiries, to transmit any requested content and also to improve our chat services (e.g. to enable chatbots to respond to frequently to “teach” questions asked or to recognize unanswered inquiries).

Notes on legal bases: We use the chat services on the basis of consent if we have previously obtained permission from users to process their data as part of our chat services (this applies to cases in which users have asked for consent e.g. so that a chatbot sends you regular messages). If we use chat services to answer user inquiries about our services or our company, this is for contractual and pre-contractual communication. Furthermore, we use chat services based on our legitimate interests in optimizing the chat services, their business efficiency and increasing the positive user experience.

Revocation, objection and deletion: You can revoke your consent at any time or object to the processing of your data as part of our chat services.

  • Types of data processed: contact data (e.g. email, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Affected persons: communication partners.
  • Purposes of processing: contact requests and communication, direct marketing (e.g. by email or post).
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 P. 1 lit. f. GDPR).

VIDEO CONFERENCES, ONLINE MEETINGS, WEBINARS AND SCREEN SHARING

We use platforms and applications from other providers (hereinafter referred to as “conference platforms”) for the purposes of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter referred to collectively as “conferences”). When selecting conference platforms and their services, we observe the legal requirements.

Data processed by conference platforms: As part of participation in a conference, the conference platforms process the following personal data of participants. The scope of processing depends, on the one hand, on what data is required as part of a specific conference (e.g. providing access data or real names) and what optional information is provided by the participants. In addition to processing to carry out the conference, the participants’ data can also be processed by the conference platforms for security purposes or service optimization. The data processed includes personal data (first name, last name), contact information (email address, telephone number), access data (access codes or passwords), profile pictures, information about professional status/function, the IP address of the Internet access, information about the participants’ end devices, their operating system, the browser and its technical and linguistic settings, information about the content of communication processes, i.e. entries in chats as well as audio and video data, as well as the use of other available functions (e.g. surveys). The content of communications is encrypted to the extent technically provided by the conference provider. If the participants are registered as users on the conference platforms, then further data can be processed in accordance with the agreement with the respective conference provider.

Logging and recordings: If text entries, participation results (e.g. from surveys) as well as video or audio recordings are logged, this will be transparently communicated to the participants in advance and they will be asked – if necessary – for consent.

Participants’ data protection measures: Please note the details of the processing of your data by the conference platforms in their data protection information and select the security and data protection settings that are optimal for you within the framework of the conference platforms’ settings. Please also ensure data and privacy protection in the background of your recording for the duration of a video conference (e.g. by informing roommates, locking doors and using, where technically possible, the function to obscure the background). Links to the conference rooms and access data may not be passed on to unauthorized third parties.

Notes on legal bases: If, in addition to the conference platforms, we also process users’ data and ask the users for their consent to the use of the conference platforms or certain functions (e.g. consent to a recording of conferences), the legal basis for the processing is this consent . Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g. in participant lists, in the case of processing the results of discussions, etc.). Furthermore, user data is processed based on our legitimate interests in efficient and secure communication with our communication partners.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device data). information, IP addresses).
  • Affected persons: communication partners, users (e.g. website visitors, users of online services).
  • Purposes of processing: provision of contractual services and customer service, contact requests and communication, office and organizational procedures.
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 P. 1 lit. f. GDPR).

Services and service providers used:

APPLICATION PROCESS

The application process requires that applicants provide us with the data required for their assessment and selection. The information required can be found in the job description or, in the case of online forms, in the information provided there.

Basically, the required information includes personal information such as name, address, contact details and evidence of the qualifications required for a position. Upon request, we will also be happy to provide information about what information is required.

If provided, applicants can submit their applications to us using an online form. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their applications via email. However, we ask you to note that emails on the Internet are generally not sent encrypted. As a rule, emails are encrypted in transit, but not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of the application between the sender and receipt on our server.

For the purposes of searching for applicants, submitting applications and selecting applicants, we may use applicant management and/or recruitment software and platforms and services from third-party providers in compliance with legal requirements.

Applicants are welcome to contact us about how to submit their application or send us the application by post.

Processing of special categories of data: If special categories of personal data within the meaning of Article 9 Para. 1 GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants as part of the application process, so that the person responsible or the person concerned can do so If he or she can exercise the rights arising from labor law and social security and social protection law and fulfill his or her obligations in this regard, their processing will take place in accordance with Article 9 Paragraph 2 Letter b. GDPR, in the case of protecting the vital interests of applicants or other persons in accordance with Art. 9 Para. 2 lit. c. GDPR or for the purposes of health care or occupational medicine, for assessing the employee’s ability to work, for medical diagnostics, for care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Art. 9 Paragraph 2 Letter h. GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing takes place on the basis of Article 9 Paragraph 2 Letter a. GDPR.

Deletion of data: If the application is successful, the data provided by the applicants can be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant’s data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. The deletion will take place, subject to a justified revocation by the applicant, at the latest after a period of six months has elapsed, so that we can answer any follow-up questions about the application and fulfill our obligations to provide proof under the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

Admission to an applicant pool: Admission to an applicant pool, if offered, is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the ongoing application process and that they can revoke their consent at any time in the future.

  • Types of data processed: Applicant data (e.g. personal details, postal and contact addresses, the documents associated with the application and the information contained therein, such as cover letters, CVs, certificates and other personal information provided voluntarily by applicants). or qualification).
  • Affected persons: Applicants.
  • Purposes of processing: Application process (justification and possible subsequent implementation as well as possible later termination of the employment relationship).
  • Legal basis: Application process as a pre-contractual or contractual relationship (Art. 9 Para. 2 lit. b GDPR).

Services and service providers used:

CLOUD SERVICES

We use software services accessible via the Internet and running on the servers of their providers (so-called “cloud services”, also referred to as “Software as a Service”) for the following purposes: document storage and management, calendar management, emailing, spreadsheets and presentations, exchanging documents, content and information with specific recipients or publishing web pages, forms or other content and information, as well as chatting and participating in audio and video conferences.

Within this framework, personal data can be processed and stored on the providers’ servers, provided that they are part of communication processes with us or are otherwise processed by us as set out in this data protection declaration. This data may include, in particular, user master data and contact details, data on processes, contracts, other processes and their content. The cloud service providers also process usage data and metadata, which they use for security purposes and service optimization.

If we use cloud services to provide forms or other documents and content to other users or publicly accessible websites, the providers may set cookies on the users’ devices for the purposes of web analysis or to remember user settings (e.g. in the case of media control). remember, save.

Notes on legal bases: If we ask for consent to use the cloud services, the legal basis for processing is consent. Furthermore, their use can be part of our (pre-)contractual services, provided the use of the cloud services has been agreed within this framework. Otherwise, user data will be processed based on our legitimate interests (i.e. interest in efficient and secure administration and collaboration processes).

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device data). information, IP addresses).
  • Affected persons: customers, employees (e.g. employees, applicants, former employees), interested parties, communication partners.
  • Purposes of processing: Office and organizational procedures.
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 P. 1 lit. f. GDPR).

Services and service providers used:

NEWSLETTER AND ELECTRONIC NOTIFICATIONS

We only send newsletters, emails and other electronic notifications (hereinafter “newsletter”) with the consent of the recipient or legal permission. If the contents are specifically described when registering for the newsletter, they are decisive for the user’s consent. Our newsletters also contain information about our services and us.

In order to register for our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name so that you can be addressed personally in the newsletter, or other information if this is necessary for the purposes of the newsletter.

Double opt-in process: Registration for our newsletter generally takes place using a so-called double opt-in process. This means that after registering you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can log in with someone else’s email address. Registrations for the newsletter are logged in order to be able to provide evidence of the registration process in accordance with legal requirements. This includes storing the registration and confirmation times as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

Deletion and restriction of processing: We can store the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the event of obligations to permanently observe contradictions, we reserve the right to store the email address in a blacklist (so-called “blocklist”) solely for this purpose.

The registration process is recorded on the basis of our legitimate interests for the purpose of providing evidence of its proper execution. If we commission a service provider to send emails, this is based on our legitimate interests in an efficient and secure shipping system.

Notes on legal bases: The newsletter is sent on the basis of the consent of the recipient or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of advertising to existing customers. If we commission a service provider to send emails, this is done on the basis of our legitimate interests. The registration process is recorded based on our legitimate interests to demonstrate that it was carried out in accordance with the law.

Content: Information about us, our services, promotions and offers.

Measurement of opening and click rates: The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from their server. As part of this retrieval, technical information is initially collected, such as information about the browser and your system, as well as your IP address and the time of retrieval.

This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their access locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until it is deleted. The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The measurement of the opening rates and click rates as well as the storage of the measurement results in the users’ profiles and their further processing are based on the users’ consent.

Separate revocation of the success measurement is unfortunately not possible; in this case, the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted.

  • Processed data types: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), meta/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times).
  • Affected individuals: Communication partners.
  • Purposes of processing: Direct marketing (e.g., by email or postal mail).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • Objection possibility (Opt-Out): You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or you can use one of the contact options provided above, preferably email, for this purpose.

ADVERTISING COMMUNICATION VIA EMAIL, MAIL, FAX, OR PHONE

We process personal data for the purpose of advertising communication, which can take place through various channels such as email, telephone, mail, or fax, in accordance with legal requirements.

Recipients have the right to revoke granted consents at any time or to object to advertising communication at any time.

After revocation or objection, we may store the data necessary to prove consent for up to three years based on our legitimate interests before deleting it. The processing of this data is limited to the purpose of possible legal defense. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed simultaneously.

  • Processed data types: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers).
  • Affected individuals: Communication partners.
  • Purposes of processing: Direct marketing (e.g., by email or postal mail).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

SURVEYS AND INTERVIEWS

The surveys and questionnaires conducted by us (hereinafter “surveys”) are evaluated anonymously. Processing of personal data only occurs to the extent necessary for the provision and technical implementation of the surveys (e.g., processing of the IP address to display the survey in the user’s browser or, with the user’s consent, using a temporary cookie (session cookie) to enable the resumption of the survey).

Notes on legal bases: If we request participants to consent to the processing of their data, this legal basis constitutes the processing; otherwise, the processing of participant data is based on our legitimate interests in conducting an objective survey.

  • Processed data types: Contact details (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact inquiries and communication, direct marketing (e.g., via email or postal mail).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

WEB ANALYSIS, MONITORING, AND OPTIMIZATION

Web analysis (also referred to as “reach measurement”) serves to evaluate the visitor traffic of our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. Through reach analysis, we can, for example, identify the times when our online offering or its functions or content are most frequently used or invite reuse. Likewise, we can understand which areas need optimization.

In addition to web analysis, we can also use testing procedures to, for example, test and optimize different versions of our online offering or its components.

For these purposes, so-called user profiles can be created and stored in a file (so-called “cookie”) or similar procedures with the same purpose can be used. This information may include, for example, viewed content, visited websites, and elements used there, as well as technical details such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data, these may also be processed depending on the provider.

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, within the scope of web analysis, A/B testing, and optimization, no clear user data (such as email addresses or names) is stored, but pseudonyms. That is, neither we nor the providers of the software used know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g., visited websites, interest in content, access times), Meta/communication data (e.g., device information, IP addresses).
  • Concerned individuals: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, detection of recurring visitors), profiles with user-related information (creation of user profiles).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6(1) a GDPR), Legitimate interests (Art. 6(1) f GDPR).

Deployed services and service providers:

ONLINE MARKETING

We process personal data for online marketing purposes, including the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on potential user interests, as well as measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, by means of which information relevant to the user for the display of the aforementioned content is stored. This information may include, for example, viewed content, visited websites, used online networks, as well as communication partners and technical information such as the used browser, the used computer system, and information about usage times. If users have consented to the collection of their location data, this data can also be processed.

The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect the users. In general, within the online marketing process, clear data of users (such as email addresses or names) is not stored, but pseudonyms. That is, neither we nor the providers of the online marketing procedures know the actual identity of the users, only the information stored in their profiles.

The information in the profiles is usually stored in cookies or similar procedures. These cookies can generally also be read on other websites that use the same online marketing procedure, analyzed for the purpose of displaying content, supplemented with additional data, and stored on the server of the online marketing service provider.

In exceptional cases, clear data can be assigned to the profiles. This is the case, for example, when users are members of a social network whose online marketing procedures we use, and the network connects the users’ profiles with the aforementioned information. Please note that users can make additional agreements with the providers, for example, by consenting during registration.

We generally only have access to summarized information about the success of our advertisements. However, within the so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract conclusion with us. The conversion measurement is used solely for the analysis of the success of our marketing measures.

Unless otherwise stated, please assume that the cookies used are stored for a period of two years.

Information on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

We use the “Google Marketing Platform” (and services such as “Google Ad Manager”) to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). The Google Marketing Platform stands out because ads are displayed in real-time based on the presumed interests of users. This allows us to display ads for and within our online offer in a more targeted manner, showing users only ads that potentially match their interests. If, for example, a user is shown ads for products they have shown interest in on other online platforms, this is referred to as “remarketing.”

With the help of the Facebook pixel (or similar functions, for transmitting event data or contact information via interfaces in apps), Facebook is able to determine the visitors to our online offer as a target group for displaying ads (so-called “Facebook Ads”). Accordingly, we use the Facebook pixel to display the Facebook Ads we place only to users on Facebook and within the services of Facebook-cooperating partners (the so-called “Audience Network” https://www.facebook.com/audiencenetwork/) who have shown an interest in our online offer or who have certain characteristics (e.g., interest in specific topics or products, evident from the visited websites) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook Ads correspond to the potential interests of users and do not appear annoying. Using the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes, by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion tracking”).

We, together with Facebook Ireland Ltd., are jointly responsible for the collection or receipt in the context of transmission (but not the further processing) of “event data” that Facebook collects or receives through the Facebook pixel and similar functions (e.g., interfaces) executed on our online offer, for the following purposes, jointly responsible: a) Display of content and advertising information that corresponds to the presumed interests of users; b) Delivery of commercial and transaction-related messages (e.g., addressing users via Facebook Messenger); c) Improvement of ad delivery and personalization of features and content (e.g., improving recognition of which content or advertising information presumably corresponds to the interests of users). We have concluded a special agreement with Facebook (“Addendum for Controllers,” https://www.facebook.com/legal/controller_addendum), which regulates, among other things, the security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms), and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can direct inquiries or deletion requests directly to Facebook). Note: If Facebook provides us with metrics, analyses, and reports (which are aggregated, i.e., do not contain information about individual users and are anonymous to us), this processing does not take place within the scope of joint responsibility, but based on an order processing agreement (“Data Processing Terms,” https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and with regard to processing in the USA, based on standard contractual clauses (“Facebook EU Data Transfer Addendum,” https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (especially regarding information, deletion, objection, and complaint to the competent supervisory authority) are not limited by the agreements with Facebook.

  • Processed data types: Usage data (e.g., visited websites, interest in content, access times), Meta/communication data (e.g., device information, IP addresses), Event data (Facebook) (“Event data” are data that can be transmitted to Facebook by us via Facebook Pixel (via apps or other means) and relate to individuals or their actions; The data includes information about website visits, interactions with content, features, app installations, product purchases, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event data does not include the actual content (such as written comments), login information, and contact information (i.e., no names, email addresses, and phone numbers). Facebook deletes event data after a maximum of two years, and the target groups formed from them are deleted with the deletion of our Facebook account).
  • Affected individuals: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Marketing, Profiles with user-related information (creation of user profiles), Remarketing, Target group formation (determination of target groups relevant for marketing purposes or other content delivery), Conversion measurement (measurement of the effectiveness of marketing measures), Target group formation.
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • Objection option (Opt-Out): We refer to the data protection notices of the respective providers and the objection options (so-called “Opt-Out”) specified for the providers. If no explicit opt-out option has been specified, there is the possibility to disable cookies in your browser settings. However, this may restrict functions of our online offering. We therefore recommend the following opt-out options, which are summarized for respective regions: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-region: https://optout.aboutads.info.

Services and service providers used:

SOCIAL MEDIA PRESENCES (SOCIAL MEDIA

We maintain online presences within social networks and process user data in this context to communicate with users active on those platforms or to provide information about us.

Please note that user data may be processed outside the European Union in this context. This may pose risks for users, as, for example, the enforcement of user rights could be more challenging.

Furthermore, user data within social networks is typically processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and resulting interests. These user profiles can then be used to display advertisements within and outside the networks that presumably correspond to the users’ interests. For these purposes, cookies are usually stored on users’ computers, containing information about user behavior and interests. Additionally, data may be stored in user profiles independently of the devices used by the users (especially when users are members of the respective platforms and are logged in).

For a detailed presentation of the respective processing methods and options for objection (opt-out), we refer to the data protection statements and information provided by the operators of the respective networks.

Also, in the case of information requests and asserting data subject rights, we would like to point out that these are most effectively addressed directly with the providers. Only the providers have access to the users’ data and can take direct measures and provide information. If you still need assistance, you can contact us.

Facebook Pages: We, together with Facebook Ireland Ltd., are responsible for the collection (but not the further processing) of data from visitors to our Facebook page (so-called “Fanpage”). This data includes information about the types of content users view or interact with, or actions they take (see “Things You and Others Do and Provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How Do We Use This Information?”, Facebook also collects and uses information to provide analytics services, known as “Page Insights,” for page operators to gain insights into how people interact with their pages and associated content. We have entered into a specific agreement with Facebook (“Page Insights Information,” https://www.facebook.com/legal/terms/page_controller_addendum), which particularly regulates the security measures Facebook must observe, and in which Facebook has committed to fulfilling data subjects’ rights (i.e., users can address inquiries or deletion requests directly to Facebook). The rights of users (especially regarding information, deletion, objection, and complaints to the relevant supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Page Insights Information” (https://www.facebook.com/legal/terms/information_about_page_insights_data).

  • Processed Data Types: Contact data (e.g., email, phone numbers), content data (e.g., inputs in online forms), usage data (e.g., visited web pages, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Contact inquiries and communication, feedback (e.g., collecting feedback via online form), marketing.
  • Legal Basis: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Services and Service Providers Used:

PLUGINS AND EMBEDDED FUNCTIONS AS WELL AS CONTENT

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or maps (hereinafter collectively referred to as “content”).

The integration always assumes that the third-party providers of these contents process the users’ IP addresses because, without the IP address, they could not send the contents to their browsers. The IP address is thus necessary for the display of these contents or functions. We strive to use only such contents whose respective providers use the IP address solely for delivering the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Through “pixel tags,” information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on users’ devices and may include technical information about the browser and operating system, referring websites, visit times, as well as other details about the use of our online offering, and may be linked with such information from other sources.

Information on Legal Bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., the interest in efficient, economical, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Together with Facebook Ireland Ltd., we are jointly responsible for the collection or receipt, as part of a transmission (but not for further processing), of “Event Data” that Facebook collects through Facebook Social Plugins (and embedding functions for content) executed on our online platform or received as part of a transmission for the following purposes: a) Display of content and advertising information that corresponds to the presumed interests of users; b) Delivery of commercial and transaction-related messages (e.g., addressing users via Facebook Messenger); c) Improvement of ad delivery and personalization of features and content (e.g., improving the identification of content or advertising information presumed to match the interests of users). We have entered into a specific agreement with Facebook (“Controller Addendum,” https://www.facebook.com/legal/controller_addendum), which regulates, among other things, the security measures Facebook must adhere to (https://www.facebook.com/legal/terms/data_security_terms), and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can address inquiries or deletion requests directly to Facebook). Note: If Facebook provides us with metrics, analyses, and reports (which are aggregated, i.e., do not contain information about individual users and are anonymous to us), this processing does not occur within the scope of joint responsibility but is based on a data processing agreement (“Data Processing Terms,” https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and, regarding processing in the USA, on the basis of standard contractual clauses (“Facebook EU Data Transfer Addendum,” https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (especially regarding information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.

Instagram plugins and content: Together with Facebook Ireland Ltd., we are jointly responsible for the collection or receipt, as part of a transmission (but not for further processing), of “Event Data” that Facebook collects through Instagram functions (e.g., embedding functions for content) executed on our online platform or received as part of a transmission for the following purposes: a) Display of content and advertising information that corresponds to the presumed interests of users; b) Delivery of commercial and transaction-related messages (e.g., addressing users via Facebook Messenger); c) Improvement of ad delivery and personalization of features and content (e.g., improving the identification of content or advertising information presumed to match the interests of users). We have entered into a specific agreement with Facebook (“Controller Addendum,” https://www.facebook.com/legal/controller_addendum), which regulates, among other things, the security measures Facebook must adhere to (https://www.facebook.com/legal/terms/data_security_terms), and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can address inquiries or deletion requests directly to Facebook). Note: If Facebook provides us with metrics, analyses, and reports (which are aggregated, i.e., do not contain information about individual users and are anonymous to us), this processing does not occur within the scope of joint responsibility but is based on a data processing agreement (“Data Processing Terms,” https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and, regarding processing in the USA, on the basis of standard contractual clauses (“Facebook EU Data Transfer Addendum,” https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (especially regarding information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.

  • Processed data types: Usage data (e.g., visited websites, interest in content, access times), Meta-/communication data (e.g., device information, IP addresses), Event data (Facebook) (“Event data” refers to data that can be transmitted to Facebook by us via Facebook Pixel (via apps or other means) and relates to individuals or their actions; the data includes information about visits to websites, interactions with content, features, app installations, product purchases, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event data does not include the actual content (such as written comments), login information, and contact information (i.e., no names, email addresses, and phone numbers). Event data is deleted by Facebook after a maximum of two years, and the target groups formed from them are deleted with the deletion of our Facebook account), Inventory data (e.g., names, addresses), Contact data (e.g., email, phone numbers), Content data (e.g., entries in online forms).
  • Affected individuals: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online services and user-friendliness, provision of contractual services and customer service, marketing, profiles with user-related information (creation of user profiles).
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR), consent (Art. 6(1) sentence 1 lit. a GDPR), contract performance and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR).

Used services and service providers:

  • Facebook Plugins and Content:
    Facebook Social Plugins and content – This may include content such as images, videos, or texts and buttons through which users can share content of this online offering within Facebook. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy.
  • Font Awesome: Presentation of fonts and symbols; Service provider: Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, MA 02140, USA; Website: https://fontawesome.com/; Privacy Policy: https://fontawesome.com/privacy.
  • Google Fonts: We integrate the fonts (“Google Fonts”) from the provider Google, with user data used solely for the purpose of displaying fonts in the users’ browsers. The integration is based on our legitimate interests in a technically secure, maintenance-free, and efficient use of fonts, their consistent presentation, and considering possible license restrictions for their integration. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy.
  • Google Maps: We integrate the maps of the “Google Maps” service provided by Google. The processed data may include IP addresses and location data of users, which, however, are not collected without their consent (usually within the settings of their mobile devices); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform; Privacy Policy: https://policies.google.com/privacy; Opt-out option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying ads: https://adssettings.google.com/authenticated.
  • Google Maps APIs and SDKs: Interfaces to Google’s mapping and location services, allowing, for example, the enhancement of address entries, location determinations, distance calculations, or the provision of additional information about locations; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform; Privacy Policy: https://policies.google.com/privacy.
  • Instagram Plugins and Content: Instagram Plugins and Content – This may include content such as images, videos, or texts, and buttons that allow users to share content from this online offering within Instagram. Service provider: https://www.instagram.com, Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
  • LinkedIn Plugins and Content: LinkedIn Plugins and Content – This may include content such as images, videos, or texts, and buttons that allow users to share content from this online offering within LinkedIn. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • reCAPTCHA: We integrate the “reCAPTCHA” function to determine whether inputs (e.g., in online forms) are made by humans and not automatically acting machines (so-called “bots”). The processed data may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keyboard inputs, dwell time on websites, previously visited websites, interactions with reCAPTCHA on other websites, possibly cookies, and results of manual recognition processes (e.g., answering posed questions or selecting objects in images). Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.google.com/recaptcha/; Privacy Policy: https://policies.google.com/privacy; Opt-out option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying ads: https://adssettings.google.com/authenticated.
  • Typekit Fonts by Adobe: We integrate the fonts (“Typekit fonts”) provided by Adobe, with user data used solely for the purpose of displaying fonts in users’ browsers. The integration is based on our legitimate interests in a technically secure, maintenance-free, and efficient use of fonts, their consistent presentation, and considering possible licensing restrictions for their integration. Service provider: Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland; Website: https://www.adobe.com/de; Privacy Policy: https://www.adobe.com/de/privacy.html.
  • YouTube Videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Opt-out option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying ads: https://adssettings.google.com/authenticated.
  • Xing Plugins and Buttons: Xing Plugins and Buttons – This may include content such as images, videos, or texts, and buttons that allow users to share content from this online offering within Xing. Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.com; Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

MANAGEMENT, ORGANIZATION, AND TOOLS

We use services, platforms, and software from other providers (hereinafter referred to as “third-party providers”) for the purposes of organization, administration, planning, and provision of our services. When selecting third-party providers and their services, we adhere to legal requirements.

Within this framework, personal data may be processed and stored on the servers of third-party providers. Various data may be affected, which we process in accordance with this privacy policy. This may include, in particular, master data and contact details of users, data on transactions, contracts, other processes, and their contents.

If users are referred to third-party providers or their software or platforms in the context of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. Therefore, we kindly ask you to consider the privacy policies of the respective third-party providers.

Legal Basis Information: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent (Art. 6(1)(a) GDPR). Additionally, their use may be part of our (pre)contractual services if the use of third-party providers has been agreed upon within this framework. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Processed Data Types: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data Subjects: Communication partners, users (e.g., website visitors, users of online services).
  • Purposes of Processing: Contact inquiries and communication.
  • Legal Bases: Consent (Art. 6(1)(a) GDPR), Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Services and Service Providers Used:

CHANGE AND UPDATE OF THE PRIVACY POLICY

We ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time, and we ask you to check the information before contacting.

RIGHTS OF DATA SUBJECTS

As data subjects under the GDPR, you have various rights, particularly from Art. 15 to 21 GDPR:

  • Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time.
  • Right to Information: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and additional information as per legal requirements.
  • Right to Rectification: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you.
  • Right to Erasure and Restriction of Processing: You have the right, under the legal requirements, to demand the immediate erasure of data concerning you or, alternatively, a restriction of the processing according to legal requirements.
  • Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format or to request its transmission to another controller in accordance with legal requirements.
  • Complaint to Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Supervisory authority responsible for us:

Dr. Stefan Brink
PO Box 10 29 32
70025 Stuttgart

DEFINITIONS OF TERMS

This section provides an overview of the terms used in this data protection declaration. Many of the terms are taken from the law and are defined primarily in Article 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily to provide understanding. The terms are sorted alphabetically.

  • Credit information: Automated decisions are based on automatic data processing without human intervention (e.g. in the case of an automatic rejection of a purchase on account, an online credit application or an online application process without any human intervention). According to Art. 22 GDPR, such automated decisions are only permitted if those affected consent, if they are necessary for the fulfillment of the contract or if national laws permit these decisions.
  • IP masking: “IP masking” is a method in which the last octet, i.e. the last two numbers of an IP address, is deleted so that the IP address can no longer be used to uniquely identify a person. Therefore, IP masking is a means of pseudonymizing processing procedures, especially in online marketing
  • Conversion measurement: Conversion measurement (also known as “visit action evaluation”) is a procedure that can be used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users’ devices within the websites on which the marketing measures take place and then accessed again on the target website. For example, we can understand whether the advertisements we placed on other websites were successful.
  • Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features, which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
  • Profiles with user-related information: The processing of “profiles with user-related information”, or “profiles” for short, includes any type of automated processing of personal data, which consists in the use of these personal data to identify certain personal aspects relating to a natural person (depending on the type of profile creation, different information regarding demographics, behavior and interests, such as interaction with websites and their content, etc.) can be analyzed, evaluated or predicted (e.g. interests in certain content or products, click behavior on a website or location). Cookies and web beacons are often used for profiling purposes.
  • Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can include the behavior or interests of visitors in certain information, such as the content of websites. With the help of reach analysis, website owners can, for example, identify at what time visitors visit their website and what content they are interested in. This allows you, for example, to better adapt the content of the website to the needs of your visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyzes of the use of an online offering.
  • Remarketing: “Remarketing” or “retargeting” is used when, for example, for advertising purposes, it is noted which products a user was interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements.
  • Controller: The “controller” is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
  • Processing: “Processing” means any operation or series of operations carried out on personal data, whether or not by automated means. The term is wide-ranging and includes practically every handling of data, be it collecting, evaluating, storing, transmitting or deleting.
  • Target group formation: Target group formation (or “custom audiences”) is when target groups are determined for advertising purposes, e.g. display of advertisements. For example, based on a user’s interest in certain products or topics on the Internet, it can be concluded that this user is interested in advertisements for similar products or the online shop in which he viewed the products. “Lookalike audiences” (or similar target groups) are when the content deemed suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are usually used for the purpose of forming custom audiences and lookalike audiences.

ETL Technologies GmbH

We are ETL Technologies, your Swiss experts for high-voltage testing and electrical safety solutions. With a foundation of tradition and innovation, we shape the future of testing technologies.

Address:

Bodeächer 1
5453 Remetschwil

Online Shop:
etl-prueftechnik.de

Email: info@etl-technologies.ch
Phone: +41 56 485 89 89

MENU

Products:

Series 400 – Modular Test Systems
Series 36 – Individual Test Devices
Applications, Test Benches & Test Facilities
Testing Accessories

Tests:

High Voltage Testing
Insulation Testing
Protective Earth Conductor Testing
Leakage Current Testing

Standards:

Luminaire Testing Standard EN 60598
Machine Safety according to EN 60204
Low Voltage Switchgear according to EN 61439
Medical Devices according to EN 60601 & EN 62353
Device Testing SNR 462638 – SNG 482638 – EN 50678 – EN 50699

LEGAL

Terms and Conditions
Privacy Policy
Imprint
EU Cookie Policy

Language switcher: