Metric
My Cart
Safe on the road.

 Your safety is important to us. 

Privacy Policy

1. Data protection at a glance

General information

The following information provides a simple overview of what happens with your personal data when you visit this website. Personal data is any data by which you can be personally identified. Detailed information on data protection can be found in our Privacy Policy below. The following information provides a simple overview of what happens with your personal data when you visit this website. Personal data is any data by which you can be personally identified. Detailed information on data protection can be found in our Privacy Policy below.

Data collection on this website

Who is responsible for data collection on this website?

Data is processed on this website by the website operator. You can find their contact details in the section "Note on the responsible body" in this Privacy Policy.

How do we collect your data?

Firstly, your data is collected by you providing it to us. This could, for example, be data you enter on a contact form.

Other data is collected either automatically by our IT systems or with your consent when you visit the website. This data is primarily technical data (such as the browser and operating system you are using or when you accessed the page). This data is collected automatically as soon as you visit this website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyse how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected or deleted. If you have given your consent to data processing, you may revoke this consent at any time. You also have the right to request that the processing of your personal data be restricted under certain circumstances. You also have the right to file a complaint with the competent regulatory authorities.

You can contact us at any time with regard to this and other questions on the subject of data protection.

Analytics and third-party tools

When visiting our website, your browsing behaviour may be statistically analysed. This occurs primarily through the use of so-called analytics.
Detailed information about these analysis programs can be found in the following Privacy Policy.

2. Hosting

We host the contents of our website with the following provider:

External hosting

This website is hosted externally. The personal data collected on this website is stored on the hoster's servers. This information is primarily IP addresses, contact requests, meta and communication data, contract data, contact details, names, instances of website access, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Article 6 (1)(b), GDPR) and in the interest of a secure, fast and efficient provision of our online service by a professional provider (Article 6 (1)(f) GDPR). If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) of the Telecommunication Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g., device fingerprinting) within the meaning of the Telecommunication Telemedia Data Protection Act (TTDSG). Consent can be revoked at any time.

Our hoster(s) will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding this data.

We use the following hoster(s):

T-Systems International GmbH Hahnstraße 43d
D-60528 Frankfurt am Main

Job processing

We have concluded a contract on order processing (AVV) for the use of the above service. This is a contract prescribed by data protection laws, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

3. General information and mandatory information Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information includes any data with which you could be personally identified. This Privacy Policy explains what information we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that the transfer of data on the internet (e.g., communication via email) may be subject to security gaps. Complete protection of data against access by third parties is not possible.

Notice concerning the data controller

The data controller for this website is:

VACOM Vakuum Komponenten & Messtechnik GmbH In den Brückenäckern 3
07751 Großlöbichau
Germany

Phone: +49 3641 8734 0
Email: info@vacom.de

The Data Controller is a physical or legal person who decides on the goals and methods of processing personal data (e.g., names, email addresses, etc.) either alone or in tandem with others.

Storage period

Unless a specific storage period is specified in this Privacy Policy, your personal data will remain with us until the purpose for the processing of data no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have any other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion takes place after these reasons no longer apply.

General information on the legal basis for the processing of data on this website

If you have consented to the processing of data, we will process your personal data on the basis of Art. 6 (1) (a) GDPR, or Art. 9 (2) (a) GDPR, if special data categories according to Art. 9 (1) GDPR are processed. In the event of explicit consent to the transfer personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or to accessing information on your end device (e.g., via device fingerprinting), then the processing of data will also be carried out on the basis of Section 25 (1) of the Telecommunication Telemedia Data Protection Act (TTDSG). Consent is revocable at any time. If your data is required to fulfil the contract or to carry out pre-contractual measures, then we process your data on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process your data if it is required to fulfil a legal obligation on the basis of Art. 6 (1) (c) GDPR. The processing of data can also be based on our legitimate interest according to Art. 6 (1) (f) GDPR. The following paragraphs of this Privacy Policy provide information on the relevant legal bases in each individual case.

Data Protection Officer

We have appointed a data protection officer.

You can reach this person using the following contact details:

Telephone: +49 3641 8734 0

Email: datenschutz@vacom.de

Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection laws. When these tools are active, your personal data can be transferred to these third countries and processed there. We would like to point out that in these countries, no level of data protection comparable to that in the EU can be guaranteed. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. As such, it cannot be ruled out that US authorities (for example, intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You may withdraw your consent at any time. The legality of the data processing performed prior to your revocation of consent remains unaffected.

Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)

If data is processed on the basis of Art. 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons specific to your individual circumstances. This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims (objection under Article 21 (1) GDPR).

Your personal data will be processed in order to operate direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

Right to file complaints with the regulatory authorities

In the event of infringements of the GDPR, the persons concerned shall have the right to appeal to a supervisory authority, particularly in the member state of their habitual residence, workplace, or place of presumed infringement. Your right to appeal exists without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data which we process on the basis of your consent or in fulfilment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you request the direct transfer of data to another data controller, this will only occur if it is technically feasible.

Information, deletion, and correction

As permitted by law, you have the right to be provided with information free of charge at any time about your personal data that is stored as well as its origin, the recipient, and the purpose for which it has been processed. You also have the right to have this data corrected or deleted. You can contact us at any time about this and any other questions you may have on the subject of personal data.

Right to Restriction of Processing

You have the right to request that the processing of your personal data be restricted. You can contact us at any time to do this. The right to restrict processing exists in the following cases:

If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
 If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
If you lodge an objection pursuant to Art. 21 (1) GDPR, a balance must be made between your interests and ours. As long as it has not been ascertained whose interests prevail, you have the right to demand that the processing of your personal data be restricted.

Where the processing of your personal data has been restricted, such data – apart from being stored – may be processed only with your consent, or for the purpose of asserting, exercising, or defending or protecting the rights of another natural or legal person, or on the grounds of an important public interest of the European Union or of a Member State.

SSL and TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Encrypted payments on this website

If you enter into a contract which obliges you to send us your payment information (e.g., your account number for direct debits), we will require this data in order to process your payment.

Payment transactions using common means of payment (Visa/MasterCard, direct debits) are only made via encrypted SSL or TLS connections. You can recognise an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

In encrypted communication, any payment details you submit to us cannot be read by third parties.

Objection to advertising e-mails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. Website operators expressly reserve the right to take legal action in the event of the unsolicited sending of promotional material, for example spam emails.

4. Data collection on this Website

Cookies

Our websites use cookies. Cookies are small data packages and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies within websites (e.g., cookies for processing payment services).

Cookies perform various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to evaluate user behaviour or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process or to provide certain functions that you have requested (e.g., for the shopping basket function) or to enhance the website (e.g., cookies to measure web audience) (necessary cookies) are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the fault-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technology has been requested, processing takes place exclusively on the basis of this consent (Art. 6 (1) (a) GDPR and Section 25 (1) of the Telecommunication Telemedia Data Protection Act (TTDSG); consent is revocable at any time.

You can configure your browser to inform you about the use of cookies so that you can accept or reject cookies on an individual basis, to automatically accept cookies under certain conditions or always reject them, and to automatically delete cookies when you close your browser. Disabling cookies may limit your ability to use some of the functions of this website.

You can find out which cookies and services are used on this website in this privacy policy.

Consent with Cookiebot

Our website uses the consent technology of Cookiebot to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”).

When you enter our website, a connection is established to Cookiebot's servers in order to obtain your consents and other declarations regarding cookie use. Subsequently, Cookiebot saves a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention requirements remain unaffected.

The use of Cookiebot takes place in order to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 (1) (c) GDPR.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". This includes:

  • Browser type and browser version
  • Operating system used Referrer
  • URL Host name of the accessing computer
  • Time of server request IP address
     

This data will not be combined with data from other sources.

This data is collected on the basis of Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in the technically correct display and optimisation of its website; for this purpose, the server log files must be stored.

Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you have provided there, will be stored by us for the purpose of processing the enquiry, as well as in the event of follow-up enquiries. We do not pass on these data without your consent.

This data is processed in accordance with Art. 6 (1)(b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 (1)(f) GDPR) or on your consent (Art. 6 (1)(a) GDPR) if this was requested; consent is revocable at any time.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage is no longer applicable (e.g., after processing your request). The mandatory provisions of law, with particular regard to data retention periods, remain unaffected.

Request by email, phone, or fax

If you contact us by email, phone or fax, your request, including all ensuing personal data (name, nature of enquiry), is stored, and processed by us for the purposes of processing your request. We do not pass on these data without your consent.

This data is processed in accordance with Art. 6 (1)(b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 (1)(f) GDPR) or on your consent (Art. 6 (1)(a) GDPR) if this was requested; consent is revocable at any time.

We will retain the data you provide on the contact form until its deletion is requested, your consent for storage is revoked, or the purpose for its storage is no longer applicable (e.g., after the handling of your enquiry has been completed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Registration on this website

You may register on this website in order to access additional functions offered here. The data entered will only be used for the purposes of using the site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

To inform you of important changes such as those within the scope of our site's offering or technical changes, we will use the email address specified during registration.

The data entered during registration is processed for the purposes of implementing the user relationship established by the registration and, if necessary, for initiating further contracts (Art. 6 (1)(b) GDPR).

The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

5. Analytics Tools and Advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that we can use to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not save any cookies, and does not carry out any independent analyses. It serves only the administration and display of the tools integrated through it. However, the Google Tag Manager records your IP address, which can also be transmitted to Google's parent company in the United States.

Google Tag Manager is used on the basis of Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on its website. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) of the Telecommunication Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g., device fingerprinting) within the meaning of the Telecommunication Telemedia Data Protection Act (TTDSG). Consent can be revoked at any time.

Google Analytics

This website uses Google Analytics, a web analysis service. The provider is Google Ireland Limited (hereinafter referred to as "Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. Here the website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to complement the data sets it collects and employs machine learning technologies in its data analysis.

Google Analytics uses technologies that enable the user to be recognised for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 para. 1 TTDSG. Consent can be revoked at any time.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
 https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

We have activated the IP anonymisation feature on this website. This means that your IP address will be truncated by Google within the member states of the European Union or other contracting states to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases, IP addresses are transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, compile reports regarding website activity, and provide other services to the website operator related to website and internet usage. The IP address provided by your browser in the framework of Google Analytics will not be combined with other data from Google.

Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about how Google Analytics handles user data, see Google's Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en.

Demographic features of Google Analytics

This website uses the “demographic features” function of Google Analytics to be able to show website visitors appropriate advertisements within the Google advertising network. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account, or you can generally forbid the collection of your data by Google Analytics as described in the section "Objection to data collection."

Job processing

We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-Commerce Measurement

This website uses the "E-Commerce Measurement" function of Google Analytics. With the help of E-commerce measurement, the website operator can analyse the buying behaviour of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID, which is assigned to the respective user or their device.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites if the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed on the basis of the the user data available at Google (such as for example location data and interests) (target group targeting). As a website operator, we can evaluate this data quantitatively, for example by carrying out an analysis of which search terms have led to the display of our advertisements and how many advertisements have resulted in the corresponding clicks.

The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 para. 1 TTDSG. Consent can be revoked at any time.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google Ads remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (hereinafter referred to as "Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Remarketing can be linked to the cross-device functions of Google. This allows advertising to be displayed based on your personal interests, identified from your previous usage and surfing behaviour on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).

If you have a Google account, you can object to personalised advertising at the following link:
 https://www.google.com/settings/ads/onweb/.

The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 para. 1 TTDSG. Consent can be revoked at any time.

Further information and the data protection provisions can be found in Google's data protection declaration at:
 https://policies.google.com/technologies/ads?hl=en.

Target group formation with customer matching

For target group formation, we use, among other things, the customer matching of Google Ads Remarketing. In this process, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they are shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

Google Conversion-Tracking

This website uses Google conversion tracking. The provider is Google Ireland Limited (hereinafter referred to as "Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, we and Google can recognise whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly often. This information is used to generate conversion statistics. We find out the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 para. 1 TTDSG. Consent can be revoked at any time.

You can find more information on Google conversion tracking in Google's privacy policy:
 https://policies.google.com/privacy?hl=en.

6. Newsletter

Newsletter data

If you would like to receive our newsletter, we require a valid email address as well as information which allows us to verify that you are the owner of the email address provided and that you agree to receive this newsletter. Additional data is not collected or only collected on a voluntary basis. We use newsletter service providers to process the newsletter. They are described in the following section.

Brevo (previously Sendinblue)

This website uses Brevo (previously Sendinblue) to send newsletters. The provider is Sendinblue GmbH, Köpenicker Strasse 126, 10179 Berlin, Germany.

Brevo is a service which organises and analyses the distribution of newsletters. The data you enter for the purpose of receiving the newsletter will be stored on Brevos' servers in Germany.

Data analysis through Brevo

We use Brevo to analyse our newsletter campaigns. This is how we
 can see, for example, whether a newsletter message has been opened and which links have been clicked on. In this way, we can determine, among other things, which links have been clicked on most often.

In addition, we can see whether certain previously defined actions have been carried out after opening/clicking (conversion rate). This enables us to see, for example, whether you have made a purchase after clicking on the newsletter.

Brevo also allows us to subdivide ("cluster") the newsletter recipients according to different categories. For example, newsletter recipients can be subdivided according to gender, personal preference (e.g. vegetarian or non-vegetarian), or customer relationship (e.g. existing or potential customer). This allows us to adapt the newsletters to the respective target groups.

If you do not want any analysis performed by Brevo, you must unsubscribe from the newsletter. We provide a link to do this in every newsletter we send.

For detailed information on the functions of Brevo, please see the following link: https://www.brevo.com/en/newsletter-software/.

Legal basis

Data processing takes place on the basis of your consent given per Art. 6 (1) (a) GDPR). You may revoke your consent at any time. The legality of any data processing that has already been carried out remains unaffected.

Storage period

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data we have stored for other purposes shall remain unaffected by this.

After you have unsubscribed from the newsletter distribution list, your email address may be saved in a blacklist either with us or the newsletter service provider if this is necessary to prevent future mailings. The data from the blacklist is used solely for this purpose and is not combined with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest in accordance with Art. 6 (1)(f) of GDPR). Storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interests.

For more details, please refer to Brevos' privacy policy at: https://www.brevo.com/legal/privacypolicy/.

Job processing

We have concluded a contract on order processing (AVV) for the use of the above service. This is a contract prescribed by data protection laws, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

7. Plugins and Tools

Vimeo

This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our pages featuring a Vimeo plugin, a connection to the Vimeo servers is established. Here the Vimeo server is informed about which of our pages you have visited. Vimeo additionally obtains your IP address. This also applies if you are not logged in to Vimeo when you visit our website or do not have a Vimeo account. The information is transmitted to a Vimeo server in the US, where it is stored.

If you are logged in to your Vimeo account, Vimeo allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your Vimeo account.

Vimeo uses cookies or comparable recognition technologies (e.g., device fingerprinting) to recognise website visitors.

Vimeo is used in the interests of making our online presence more attractive. This constitutes a legitimate interest pursuant to Art. 6 (1) (f) GDPR. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) of the Telecommunication Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g., device fingerprinting) within the meaning of the Telecommunication Telemedia Data Protection Act (TTDSG). Consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests". You can find details here: https://vimeo.com/privacy.

Further information on the handling of user data can be found in Vimeo's privacy policy
 at: https://vimeo.com/privacy.

Google Maps

This site uses the Google Maps map service. The provider is Google Ireland Limited (hereinafter referred to as "Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the US and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our website and facilitates the location of the places we specify on the website. This constitutes a legitimate interest in accordance with Art. 6 (1) (f) GDPR. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) of the Telecommunication Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g., device fingerprinting) within the meaning of the Telecommunication Telemedia Data Protection Act (TTDSG). Consent can be revoked at any time.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
 https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For information on the handling of user data, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en.

8. eCommerce and payment providers

Processing customer and contract data

We collect, process, and use personal customer and contractual data for the purpose of establishing, defining the content of and amending our contractual relationships. We collect, process, and use your personal data about the use of this website (usage data) only to the extent required to enable you to access our service or to invoice you for this. The legal basis for this is Art. 6 (1) (b) GDPR.

The customer data collected will be deleted after the completion of the order or termination of the business relationship and expiry of any existing statutory retention periods. Statutory retention periods remain unaffected.

Data transmitted when entering into a contract for online shops, retailers, and dispatch

When you order goods from us, we pass on your personal data to the transport company entrusted with the delivery and to the payment service provider entrusted with the payment processing. Only data that is required by the respective service provider to fulfil its task is released. The legal basis for this is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfil contractual obligation or to undertake measures leading to such a contract. If you have given your consent pursuant to Art. 6 (1) (a), we will pass on your e-mail address to the transport company responsible for the delivery so that they can inform you by e-mail about the shipping status of your order; you can revoke this consent at any time.

Data transmission when entering into a contract for services and digital content

We transmit personally identifiable data to third parties only to the extent required to fulfil the terms of your contract with us, for example, to banks entrusted to process your payments.

Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The basis for data processing is the Art. 6 (1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Payment services

We include payment services from third party companies on our website. If you purchase something from us, your payment data (e.g., name, payment amount, account details, credit card number) will be processed by the payment service provider for processing the payment. The respective contract and data protection provisions of the respective provider apply to these transactions. The payment service providers are used on the basis of Art. 6 (1) (b) of the GDPR (contract execution) and in the interest of a payment process that is as smooth, convenient, and secure as possible (Art. 6 (1)(f) GDPR). If your consent is requested for certain actions, Art. 6 (1) (a) of the GDPR is the legal basis for the processing of data; consent is revocable at any time for the future.

We use the following payment services/payment service providers on this website:

PayOne

The provider of this payment service is PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (hereinafter referred to as “PayOne”). For details, please refer to PayOne's privacy policy: https://www.payone.com/DE-en/data-protection-regulations.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as “Mastercard”).

Mastercard may transfer data to its parent company in the United States. Data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here: https://www.mastercard.us/en-us/vision/corp-responsibility/commitment-to-privacy/privacy.html  and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as “VISA”).

The UK is considered a safe third country under data protection law. This means that the UK has a level of data protection equivalent to that in the European Union.

VISA may transfer data to its parent company in the USA. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://usa.visa.com/legal/global-privacy-notice.html.

Further information can be found in the Privacy Policy of VISA: https://usa.visa.com/legal/privacy-policy.html.

9. Whistleblower channel

As part of the implementation of the Whistleblower Protection Act (HinSchG), we have set up a whistleblower channel, the use of which involves the processing of personal data. The following categories of data subjects and types of personal data are processed.

Whistleblower

Name and contact information, relationship to the client and other general personal data, if the whistleblower chooses not to submit a report anonymously. 
Depending on the scope of the information about themselves, the processing may also include the following types of special categories of personal data:
Information about racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health information and about sexual relationships or sexual orientation.
In addition, metadata such as the IP address, data of the system or browser used by you are processed with each report.

Registered person

Name, contact information, title, relationship to the client, information about serious matters, criminal offenses or suspicion thereof, information about sanctions and other general personal information reported by the whistleblower.
If the whistleblower provides information about racial and ethnic origin, political beliefs, religious or philosophical beliefs, trade union membership, health information and about sexual relationships or sexual orientation, this will also be processed.

Purposes of data processing

As part of a report, personal data is processed for the purpose of implementing the provisions of the HinSchG. This includes confirming receipt of a report to the whistleblower, checking whether the reported violation falls within the scope of the HinSchG, maintaining contact with the whistleblower, checking the validity of the report and taking appropriate follow-up measures in accordance with Section 18 HinSchG. In addition, the data is processed for the purpose of legally required documentation. 
Metadata is also used to determine the browser language you are using in order to display the whistleblowing channel in your language.

Legal basis

Data processing is carried out on the basis of Art. 6 Para. 1 S. lit. c) GDPR i.V.m. § 10 HinSchG, Art. 6 para. 1 sentence 1 lit. f) insofar as the processing serves our legitimate interests. For data processing of special categories of personal data in accordance with Art. 9 GDPR, this is carried out on the basis of Art. 9 para. 2 lit. g) GDPR in conjunction with § 10 HinSchG.

Legitimate interests

Detection and rectification of legal violations and abuses, the health of our employees and the prevention of criminal offenses.

Significant public interest

Avoidance of significant risks to the public interest through violations that could create serious risks to the public interest.

Whistleblower Software ApS

We use the software of Whistleblower Software ApS, Kannikegade 4, 1, DK-8000 Aarhus C, Denmark to implement the whistleblower channel.

PRILUTIONS Rechtsanwaltsgesellschaft mbH

Reports via the whistleblower channel are processed and answered by PRILUTIONS Rechtsanwaltsgesellschaft mbH, An der Sulze 41, 99090 Erfurt.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service and for support by the above-mentioned law firm. This is a contract prescribed by data protection law, which ensures that personal data in the context of whistleblower reports is only processed in accordance with instructions and in compliance with the GDPR.

Storage duration

Metadata is deleted immediately after a report. Other personal data will be deleted within the legally prescribed retention periods three years after completion of the respective procedure, unless longer storage is necessary to fulfill the requirements of the Whistleblower Protection Act or another legal provision. This extended storage period ends at the latest when it is no longer necessary or proportionate.

10. Own services

Handling applicant data

We offer you the opportunity to apply for positions with us (e.g., by email, post or via the online application form). In the following, we will inform you as to the scope, purpose and use of your personal data collected during the application process. We ensure that the collection, processing, and use of your data is carried out in accordance with applicable data protection law and all other legal provisions and that your data is treated with strict confidentiality.

Scope and purpose of data collection

If you send us an application, we process your related personal data (e.g., contact and communication data, application documents, notes from job interviews etc.) insofar as this is necessary to decide on whether or not to establish an employment relationship. The legal basis for this is Article 26 of the Federal Data Protection Act (BDSG) in accordance with German law (initiation of an employment relationship), Art. 6 (1) (b) GDPR (general contract initiation) and – if you have provided consent – Art. 6 (1) (a) GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to individuals involved in processing your application.

For internal processing, we use the cloud-based service P&I LogaHR. The provider of this service is P&I Personal & Informatik AG, Kreuzberger Ring 56, 65205 Wiesbaden. Further information can be found in P&I AG's privacy policy: www.pi-ag.com/datenschutz/.

If your application is successful, the data you submit will be stored in our data processing systems on the basis of Section 26 of the Federal Data Protection Act (BDSG) and Art. 6 (1)(b) GDPR for the purpose of implementing the employment relationship.

Data retention period

If we are unable to offer you a position, you reject an offer of a position or withdraw your application, we reserve the right to store the data you have transmitted based on our legitimate interests (Art. 6 (1)(f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data is then deleted, and the physical application documents destroyed. In particular, data is stored for evidence purposes in the event of a legal dispute. If the data will be foreseeably required after the six-month period has expired (e.g., due to an impending or pending legal dispute), deletion will only take place if the purpose of further storage is no longer applicable.

A longer storage period may also take place if you have given your consent (Art. 6 (1) (a) GDPR or if there are legal retention requirements which prevent deletion.

Admission to the applicant pool

If we do not make you a job offer, you may be able to join our applicant pool. In case of admission, all documents and information from the application will be transferred to the applicant pool in order to contact you in case of suitable vacancies.

Admission to the applicant pool is based exclusively on your express consent (Art. 6 (1) (a) GDPR). The submission agreement is voluntary and has no relation to the ongoing application procedure. Data subjects can withdraw their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, provided there are no legal reasons for storage.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.