Privacy policy
Welcome to our website! The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used. Personal data is individual information about the personal or factual circumstances of a specific or identifiable natural person (data subject), e.g. name, address, email addresses, user behaviour. This is therefore data with which we can identify you. In addition, you will occasionally also find information on data processing processes outside of this website (e.g. video conferences).
Responsible for data processing
Person responsible
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
WestWood® Kunststofftechnik GmbH
An der Wandlung 20
32469 Petershagen
Phone: +49 5702 8392-0
E-mail: info@westwood.de
Data protection officer
exkulpa gmbh
Waldfeuchter Str. 266
52525 Heinsberg
Phone: 02452 / 99 33 11
E-mail: datenschutz@westwood.de
General information
In addition to the data that you actively communicate to us on this site (e.g. via our contact form), we collect some technical data. This so-called metadata is automatically transmitted from your computer to our servers as soon as you enter our website (e.g. browser, operating system or time stamp). We use this data to ensure that our website is displayed correctly. We may also collect data via integrated third-party providers (e.g. for external media such as map services or analysis tools). We will inform you about the individual purposes and legal bases in the course of this privacy policy.
Storage duration
If no separate storage period is specified in this privacy policy, we will store your personal data for as long as the purpose of the data processing is given. If you contact us with a justified deletion request or revoke your consent, we will delete your data. Statutory retention obligations remain unaffected.
Legal basis for data processing
If you have consented to data processing, your personal data will be processed on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data are processed in accordance with Art. 9 para. 1 GDPR. If you expressly consent to the transfer of personal data to third countries, the data will also be processed in accordance with Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g. through device fingerprinting), data processing will also take place on the basis of Section 25 (1) TDDDG. Your consent can be revoked at any time. If your data is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures, we process your data in accordance with Art. 6 para. 1 lit. b GDPR. In addition, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. In the following sections of this privacy policy, you will be informed about the respective legal basis in individual cases.
Note on data transfer to third countries and US companies without DPF certification
Please note that we use tools from companies that are based in third countries or the USA that are unsafe under data protection law and that are not covered by the EU-US Data Protection Framework Agreement (DPF). When using these tools, your personal data may be transferred to these countries and processed there. Please note that a level of data protection comparable to that in the EU cannot be guaranteed in these unsafe third countries.
We would like to clarify that the USA generally offers a level of data protection comparable to that of the EU. The transfer of data to the USA is permitted if the recipient has a DPF certification or provides suitable additional guarantees. Information on data transfers to third countries, including data recipients, can be found in our privacy policy.
Automated decision making
Your personal data will not be processed for the purpose of automated decision-making.
Your rights
As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:
- Right to information: You have the right to request confirmation from us as to whether your personal data is being processed and, if this is the case, to receive further information about the processing and copies of the processed data (Art. 15 GDPR).
- Right to rectification: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed (Art. 16 GDPR).
- Right to erasure: You have the right to obtain the erasure of personal data concerning you without undue delay if the legal requirements are met, in particular if the data is no longer necessary for the purposes pursued and the processing is unlawful (Art. 17 GDPR).
- Right to restriction of processing: You have the right to demand that we restrict the processing of your personal data if the legal requirements are met, in particular if you dispute the accuracy of the data, the processing is unlawful and you refuse to delete it (Art. 18 GDPR).
- Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, where technically feasible (Art. 20 GDPR).
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR (Article 21 GDPR).
- Right to revoke consent given: You have the right to withdraw your consent to the processing of personal data at any time with effect for the future. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal (Art. 7 (3) GDPR).
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR).
Further data processing procedures
General information obligations
This information is intended for customers, interested parties, suppliers and employees. Your personal data will be processed by us for the following purposes:
- To fulfil our contractual obligations to you (Art. 6 para. 1 lit. b GDPR).
- For the fulfilment of pre-contractual obligations (Art. 6 para. 1 lit. b GDPR).
- To respond to enquiries (Art. 6 para. 1 lit. b GDPR).
- If you have given us your consent to process your personal data for specific purposes (e.g. to receive our newsletter), the data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR).
- To fulfil legal obligations to which our company is subject (Art. 6 para. 1 lit. c GDPR).
- Where necessary, we also process your data to safeguard our legitimate interests, in particular to assert legal claims and defend ourselves in legal disputes or to ensure IT security, to consult and exchange data with credit agencies to determine creditworthiness and default risks, for direct advertising and market research unless you have objected to the use of your data for this purpose, for measures for business management and further development of services and products, for measures to optimise products and sales, for risk management measures, for the prevention or investigation of criminal offences (Art. 6 para. 1 lit. f GDPR).
Categories of recipients of the personal data
Within our company, only those employees who absolutely need the data to fulfil their tasks have access to it (need-to-know principle). Individual processes and services are carried out by carefully selected service providers based within the EEA and commissioned in accordance with data protection regulations. If service providers commissioned by us are given access to personal data when carrying out your services, order processing contracts have been concluded with them in accordance with Art. 28 para. 3 GDPR.
Duration of data storage
The data processed by us is stored for the duration of the existence and processing of the contractual relationship and in compliance with statutory retention periods. These are in particular commercial and tax retention obligations under the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular retention and documentation periods are up to ten years. If there is no contractual relationship, we only process the data for as long as required for the specific purpose.
Cookies
Cookies are small text files that are stored by your browser on your end device in order to save certain information during your use of the website. Cookies enable us to improve various aspects of our website and make your visit more convenient.
There are different types of cookies that serve different purposes. Temporary cookies, also known as session cookies, are only stored for the duration of your use of the website and are automatically deleted when you close your browser. Persistent cookies, on the other hand, remain stored on your end device for a longer period of time and enable us to recognise you and your preferences on repeat visits to the website.
Cookies can also be divided into first-party cookies and third-party cookies. First-party cookies are set by our website, while third-party cookies are set by other websites or service providers whose content is integrated on our website, such as plugins or analysis tools.
The use of cookies serves various purposes, for example to ensure the functionality of the website, to save user settings, to compile anonymous statistics on user behaviour or to display personalised content and advertising. The legal basis for the use of cookies varies depending on the purpose of the cookies. In some cases, the setting of cookies is based on your legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to make our website functional and user-friendly. As the website operator, we have a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of our services. If we obtain your consent for the use of cookies, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG. Your consent can be revoked at any time.
Data processing in detail
Below we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. Automated decision-making in individual cases, including profiling, does not take place.
Provision of the website
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which the access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR for the purpose of providing the website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
We use the following hoster:
IOK GmbH & Co KG
Brockweg 17
33415 Verl
Contact form
Type and scope of processing
If you send us enquiries (e.g. via contact form, e-mail or telephone), we store all the data that results from this (e.g. name, e-mail address, subject of the enquiry, etc.). We need this data to process your enquiry and to be able to answer any follow-up questions. We will not pass on this data without your consent.
Purpose and legal basis
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if you have previously given it.
Storage duration
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.
Specialist processor mediation
If you use our online tool for specialist processing, we will forward your details from the form, including your e-mail address and telephone number, to the selected specialist processors for the purpose of preparing an offer.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
We will retain the data you provide on the form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected. For information on data processing by the specialised processor, please refer to the data protection provisions of the respective provider.
Contact form for applicants
Type and scope of processing
We collect and process the personal data of applicants. Corresponding data processing may also be carried out electronically, for example when applicants send us application documents by e-mail or via a web form on our website. On our website, we offer you the opportunity to send us applications for advertised vacancies by e-mail.
Purpose and legal basis
We process the personal data of applicants in accordance with the legal requirements for the purpose of initiating an employment relationship (Art. 6 para. 1 lit. b GDPR). You are not obliged to provide us with this data. However, we cannot carry out an application process with you without this data.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Art. 6 para. 1 lit. b GDPR and, if you provide us with special categories of personal data such as health information, on the basis of Art. 9 para. 2 lit. b for the purpose of implementing the employment relationship.
We also use the services of the professional networks LinkedIn and XING to contact potential applicants. In this respect, the operators of the networks act as processors for us in accordance with our instructions. The legal basis for data processing when approaching potential applicants on our behalf is Art. 6 para. 1 lit. f GDPR (our legitimate interests). If you send us your application as a result of such an approach, we process your data for the purpose of initiating an employment relationship as described above on the basis of Art. 6 para. 1 lit. b GDPR.
Storage duration
Your data will be stored for a period of 6 months after the end of the application process. This is done to protect our legitimate interests in order to check whether we need the data for the defence of any claims in connection with the application process. We are then obliged to delete or anonymise your data. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical analyses (e.g. proportion of women or men in applications, number of applications per period, etc.).
If it is evident that further storage of the data after the 6-month period is necessary to safeguard our legitimate interests (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies. The legal basis for this further data storage is our legitimate interests in the assertion, exercise or defence of civil law claims (Art. 6 para. 1 lit. f GDPR in conjunction with Art. 24 para. 1 no. 2 GDPR). § Section 24 para. 1 no. 2 BDSG or, insofar as special categories of personal data are stored, Art. 9 para. 2 lit. f GDPR in conjunction with Section 24 para. 2 BDSG). § Section 24 para. 2 BDSG).
Inclusion in the applicant pool
As part of the application process, we offer applicants the opportunity to be included in our "talent pool" for a period of 24 months on the basis of consent within the meaning of Art. 6 para. 1 lit. a, Art. 9 para. 2 lit. a GDPR. If you have provided special categories of personal data in your application, such as health information, your consent also extends to this data. You are not obliged to provide us with your application data for our talent pool. However, we will not be able to consider you for future vacancies without this data unless you submit a new application to us.
Consent to the inclusion of application data in the talent pool is voluntary and can be revoked at any time for the future. The withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal.
Your application documents will be deleted from the talent pool at the latest after expiry of the storage period or in the event of cancellation or acceptance of a job offer by one of the companies responsible for the talent pool.
If you receive an offer of employment with us during the application process and accept it, we or this company will store the personal data collected during the application process for the purpose of implementing the employment relationship. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR or, if you provide us with special categories of personal data such as health information, Art. 9 para. 2 lit. b GDPR.
Applicant management via perbit (myjobboard.de)
We use the personnel administration and applicant management software myjobboard to present job vacancies on our website and to enable online applications. The provider of myjobboard is perbit Software GmbH, Siemensstraße 31, 48341 Altenberge, Germany. In this context, perbit Software GmbH is our processor in accordance with Art. 28 GDPR. The basis for the processing is an order processing contract between us as the controller and the provider. Further information on data processing can be found in the privacy policy of perbit Software GmbH at https://perbit.com/datenschutz/.
Presence on social media platforms
We operate public profiles in various social networks on our website. You can find more detailed information on the social networks we use in the relevant sections of our privacy policy.
Social networks such as Facebook, Twitter etc. can comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. This allows interest-based advertising to be displayed to you within and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in.
Please note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal basis for data processing
The purpose of our social media presence is to ensure the widest possible presence on the internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Responsible party and assertion of rights
When you visit our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).
Despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
Duration of data storage
The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. via their privacy policy, see below).
Facebook page
Our company has a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Meta). According to Meta, the data collected is also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view the agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
The company is certified according to the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For more information, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/.
Instagram page
Our company has a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The company is certified according to the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
Further information on the handling of your personal data can be found in Instagram's privacy policy: https://help.instagram.com/519522125107875.
LinkedIn page
Our company has a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
The company is certified according to the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Further information on the handling of your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
XING page
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
Video conferencing
Data processing
We use online conferencing tools to communicate with our customers. The tools we use in detail are listed below. If you communicate with us via video or audio conference, your personal data will be collected and processed by us and the provider of the respective tool.
The tools collect the data you provide, including your email address and telephone number. They also process the duration of the conference, when you attended the conference, number of participants and other metadata.
In addition, the provider of the tool processes all technical data required to organise the conference. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If you share content on this service, it will be stored on the provider's servers. This includes cloud recordings, chat messages, voice messages, photos and videos that you have shared while using this service.
Please note that we do not have full control over the data processing operations of the tools used. For more information on data processing by the conference tools, please refer to the privacy policies of the tools used.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If you have previously given your consent to data processing, your data will be processed solely on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
Storage duration
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used
We use the following tools for video conferencing:
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
The company is certified according to the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.microsoft.com/de-de/privacystatement.
Order processing
In order to ensure that personal data is processed in accordance with our instructions and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider. The data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
Cookiebot
Our website uses Cookiebot's consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as "Cookiebot").
When you enter our website, a connection is established to the Cookiebot servers in order to obtain your consent and other declarations regarding the use of cookies. A cookie is set in your browser in order to be able to assign and document your consent or revocation. This data is stored until you delete the cookie, request us to delete the data or the purpose for the data processing no longer applies. Statutory retention obligations remain unaffected.
Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
Order processing
In order to ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider.
Google Ads
We use Google Ads services and functions on this website, which are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Type and scope of data processing
With the help of Google Ads, we can display online adverts in the Google search engine or on other websites when users search for certain terms. In addition, adverts can be shown to specific target groups on the basis of user data. For example, the adverts are targeted to the interests and location of users. We analyse this user data and the number of clicks in order to measure the success of our advertisements.
Legal basis
Whenusing Google Ads, we rely on Art. 6 para. 1 lit. f GDPR as the legal basis, as we have a legitimate interest in analysing the use of our website in order to successfully market our services and products.
The company is certified according to the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards.
The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at https://policies.google.com/privacy/frameworks and
https://privacy.google.com/businesses/controllerterms/mccs/.
Google Analytics
We use Google Analytics services and functions on this website, offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Type and scope of data processing
With the help of Google Analytics, we as website operators can determine how our website is used. As part of the analysis, we learn how often our website is accessed, how long visitors stay on the site and which devices or systems they use to access the website. We can also track your mouse movements and clicks. Google Analytics uses machine learning and other technologies to analyse and supplement your data. The data collected is usually processed on Google servers in the USA.
Legal basis
When using Google Analytics, we rely on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with §25 para. 1 TDDDG. You can revoke your consent at any time.
The company is certified according to the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards.
The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at https://privacy.google.com/businesses/controllerterms/mccs/.
Order processing
In order to ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider.
Storage duration
Google stores data linked to cookies, user IDs or advertising IDs for two months, after which they are anonymised or deleted. Further information on the storage period or deletion of your data can be found at https://support.google.com/analytics/answer/7667196?hl=de.
Google DoubleClick
We use Google DoubleClick services and functions on this website, offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Type and scope of data processing
Google DoubleClick allows us to show targeted adverts in Google applications that match users' interests. In order to offer relevant advertising, Google DoubleClick must identify users and associate their visits to websites, clicks and other information with their user behaviour. For this purpose, Google DoubleClick uses cookies and technologies to recognise users and creates pseudonymised user profiles based on the data collected.
You can deactivate this personalised advertising in your personal Google account at https://policies.google.com/technologies/ads and
https://adssettings.google.com/authenticated to deactivate this personalised advertising.
Legal basis
Whenusing Google DoubleClick, we refer to Art. 6 para. 1 lit. f GDPR as the legal basis, as we have a legitimate interest in analysing the use of our website. This enables us to optimise our online presence and offers for you. If you have previously given your consent to data processing by Google DoubleClick on this website, the processing of your data takes place on the legal basis of Art. 6 para. 1 lit. a GDPR in conjunction with §25 para. 1 TDDDG. You can revoke your consent at any time.
The company is certified according to the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards.
Google Tag Manager
We use Google Tag Manager services and functions on this website, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to use other tools on our website. It does not create any user profiles, it does not store any cookies and it does not carry out any independent analyses. However, your IP address is recorded and may be transmitted to the USA. The Google Tag Manager itself is only used to manage these tools that are integrated via it.
When using Google Tag Manager on this website, we rely on Art. 6 para. 1 lit. f GDPR as the legal basis, as we have a legitimate interest in implementing and directing tracking tools on this website quickly and easily. If you have previously given your consent to data processing on this website by Google Tag Manager, the processing of your data takes place solely on the legal basis of Art. 6 para. 1 lit. a GDPR § 25 para. 1 TDDDG. You can revoke your consent at any time.
The company is certified according to the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards.
Hotjar Behaviour Analytics
Our website uses services and functions of Hotjar, an analysis tool of Hotjar Limited, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta Europe.
Type and scope of data processing
With the help of Hotjar, we are able to analyse user behaviour on our website. This analysis records which mouse actions you perform, how long you look at certain content and other interactions. Hotjar then creates "heat maps" that show us which areas of the website are most frequently visited by visitors.
Hotjar also provides us with information about how long you spend on a page, when you left it and when you cancelled your entries in a contact form. As a visitor to our website, you also have the opportunity to provide direct feedback on the website. Hotjar uses technologies (such as cookies or fingerprinting systems) to recognise website visitors on repeat visits.
Legal basis
The processing of personal data is carried out on the basis of Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in analysing website usage in order to optimise our online presence and offers. If you have given your consent to data processing by Hotjar on this website, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can revoke your consent at any time.
Deactivating Hotjar
Ifyou do not want Hotjar to process your personal data, you can deactivate tracking. Please note that this must be done separately for each browser or end device. You can find detailed instructions on how to do this at https://www.hotjar.com/opt-out. Further information on the processing of your user data can be found in Hotjar's privacy policy at https://www.hotjar.com/privacy.
Order processing
In order toensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have concluded an order processing contract (AVV) with Hotjar.