Our website can be visited without the user actively providing any personal data. However, we automatically store access data (server log files) such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit or the name of the requested file, as well as the IP address of the terminal device used for a period of 7 days for security reasons, e.g. to detect attacks on our website. This data is not merged with other data sources. We process and use the data for the following purposes: provision of the website, prevention and detection of errors/malfunctions, and misuse of the website.

Data categories: Meta and communication data (e.g. IP address, date and time of access, time, type of HTTP request, website from which access is made (referrer URL), browser used and, if applicable, operating system of the accessing computer (user agent))

Purpose of the processing: Prevention and detection of errors/malfunctions, detection of misuse of the website

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR

Legitimate interests: Fraud prevention to detect misuse of the website

Required cookies (functionality, opt-out links, etc.)

In order to enable the use of the basic functions on our website and to provide the service requested by the user, we use so-called cookies on our website. Cookies are a standard Internet technology for storing and retrieving information for website users. Cookies represent information and/or data that can be stored on the user's end device, for example. With classic cookie technology, the user's browser is instructed to store certain information on the user's device when a specific website is accessed.

Strictly necessary cookies are used to provide a telemedia service expressly requested by the user, e.g:

- Cookies for error analysis and security purposes

- Cookies for storing logins

- Cookies for storing data in online forms if the form extends over several pages

- Cookies for saving (language) settings

- Cookies to store items placed in the shopping cart by users to complete the purchase

- Cookies for storing consent or revocation (opt-in, opt-out)

Some of the cookies used (so-called session cookies) are deleted after the end of the browser session, i.e. after closing the browser.

Cookies can be deleted by users afterwards in order to remove data that the website has stored on the user's computer.

The data processing described may also relate to information that is not personal but constitutes information within the meaning of the TTDSG. In these cases, too, this information may be necessary for the use of an expressly requested service and may therefore be stored in accordance with Section 25 TTDSG.

Opt-Out: Firefox:

https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome:

https://support.google.com/chrome/answer/95647?hl=de

Microsoft Edge:

https://support.microsoft.com/de-de/microsoft-edge/inprivate-browsen-in-microsoft-edge-cd2c9a48-0bc4-b98e-5e46-ac40c84e27e2

Opera:

https://help.opera.com/en/latest/security-and-privacy/

Safari

https://support.apple.com/de-de/HT201265

Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR in conjunction with § 25 para. 2 no. 2 TTDSG), consent (Art. 6 para. 1 lit. a) GDPR in conjunction with § 25 para. 1 TTDSG

Legitimate interests: Storage of opt-in preferences, ensuring the functionality of the website, maintaining user status across the entire website

Storage and processing of unnecessary information and data

Beyond the required scope, user data may be processed by means of cookies, similar technologies or application-related technologies, e.g. for the purpose of (cross-website) tracking or personalized advertising etc.. Data may be transmitted to third-party providers. The storage and further processing of user data that is not absolutely necessary to provide the telemedia service is then carried out on the basis of consent within the meaning of Art. 6 para. 1 lit. a) GDPR (if applicable in conjunction with § 25 para. 1 sentence 2 TTDSG).

Consent Management Platforms (consent management)

We use a consent management process on our website to store and manage the consent given by website visitors in a verifiable manner in accordance with data protection requirements. The consent management platform used helps us to recognize all cookies and tracking technologies and to control them based on the consent status. At the same time, visitors to our website can use the consent management service we have integrated to manage the consents and preferences given (optional setting of cookies and other technologies that are not required) or revoke consent at any time using the button.

The status of the consent is stored on the server and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or their device. The time of the declaration of consent is also recorded.

Data categories: Consent data (consent ID and number, time consent was given, opt-in or opt-out), meta and communication data (e.g. device information, IP addresses)

Purposes of processing: Fulfillment of accountability, consent management

Legal basis: Legal obligation (Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 GDPR)

Manage consent/revocation

Cookie Consent Tool Shopware

Recipient: Shopware AG Ebbinghoff 10, 48624 Schöppingen

Third country transfer: Does not take place.

Hosting (incl. content delivery network)

Our website is hosted by an external service provider. Data of visitors to our website, in particular so-called log files, are stored on the servers of our service provider. By using a specialized service provider, we can provide our website efficiently. The hosting provider we use does not process the data for its own purposes.

We also use a so-called Content Delivery Network (CDN) in order to be able to provide the content of our website more quickly. For example, when website visitors access graphics, scripts or other content, these are provided quickly and optimized with the help of regionally and internationally distributed servers. When the files are retrieved, a connection is established to the servers of a CDN provider, whereby personal data of visitors to our website is processed, such as the IP address and browser data.

Data categories: User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses)

Purposes of the processing: Proper presentation and optimization of the website, faster and location-independent accessibility of the website,

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: Avoidance of downtime, high scalability, reduction of the bounce rate on the website

Google Static

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Based on the standard contractual clauses including additional measures and risk analysis for the third country transfer

Website support and consulting, web agency

We have commissioned a web agency to provide support and advice for services and applications on our website. This agency supports us in all activities related to the design and functionality of our website. In this context, the web agency selected by us receives the access data for our website in order to make necessary adjustments and changes, such as the design of forms or other programming activities.

Access to personal data, such as data from forms or log data of website visitors, cannot be ruled out. The web agency therefore acts as a so-called processor for us and only acts on our instructions. Data is not processed for any other purpose.

Data categories: Usage data (e.g. access times), Meta and communication data (e.g. device information, IP addresses), Contact data (e.g. e-mail address), Content data (e.g. text information)

Purposes of processing: Support for web analysis and optimization, analysis of user behavior on the website (website interaction) for web optimization and reach measurement, checking the utilization of the website

Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: Support and assistance with website maintenance through high level of technical expertise, efficiency through outsourcing

TWT On GmbH

Recipient: Peter Combüchen, Friedrich-Ebert-Straße 75, 51429 Bergisch Gladbach, Germany

Third country transfer: Does not take place.

Web analysis and optimization

We use procedures on our website to analyze user behavior and to measure reach. For this purpose, information about the behaviour, interests or demographic information of visitors is collected in order to determine whether and where our website needs to be optimized or adapted (e.g. forms on the website, improved placement of buttons or call-to-action buttons, etc.).

We can also measure the click and scroll behavior of website visitors. Among other things, this helps us to recognize at what time our website, its functions or content are most frequented.

The collection of this data is made possible by the use of certain technologies (e.g. cookies). These are stored on users' end devices as part of client-side tracking when they visit our website.

We take precautions to protect the identity of our website visitors. We do not process any clear data of website visitors for the purposes described.

Data categories: Usage data (e.g. websites visited, interest in content, access times), demographic characteristics (age, gender), meta and communication data (e.g. device information, IP addresses, location data)

Purposes of processing: Checking the status of target achievement (success control) of all online activities: Analysis of user behaviour on the website (website interaction) for web optimization and reach measurement, checking the utilization of the website

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Google Analytics

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Based on the standard contractual clauses including additional measures and risk analysis for the third country transfer.

Google Tag Manager

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Based on the standard contractual clauses including additional measures and risk analysis for the third country transfer

Google APIs

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Based on the standard contractual clauses including additional measures and risk analysis for the third country transfer

Online marketing

Search Engine Marketing (advertising in search engines)

We use search engine marketing methods. Search engine marketing includes all measures that are suitable for improving the visibility of our website in the organic or non-organic search results of search engines, increasing our reach and thus increasing traffic (visitor traffic) to our website. We can also use search engine marketing to generate new leads.

Search engine advertising can take place on various external platforms or websites. The advertising is shown to users in the form of text, display or video ads.

We first create a campaign for search engine advertising using our tracking tool and store various dimensions there that are to be recorded by the search engine provider selected by us, e.g. user location, device information and target groups (demographic characteristics). This enables us to gain further insights into the interests in our content/products and, if necessary, to recognize trends.

Note:

Website visitor data (e.g. name and e-mail address) can be assigned directly if they are logged into their account with the search engine provider. If assignment via the profile is not desired, the website visitor must log out of the search engine provider before visiting our website.

Data categories: User and interaction data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, anonymized IP addresses), contact data (e.g. email addresses)

Purposes of processing: Increase in sales and reach, conversion measurement, target group formation, identification of trends for the development of marketing strategies

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Google DoubleKlick

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Third country transfer: Based on the standard contractual clauses including additional measures and risk analysis for the third country transfer.

Plugins and integrated third-party content

Our website includes functions and elements that are obtained from third-party providers. These are, for example, videos, presentations, buttons, map services (maps) or contributions (hereinafter referred to as content). If this third-party content is accessed by website visitors (e.g. click, play, etc.), information and data are collected and linked to the website visitor's end device in the form of cookies or other technologies (e.g. pixels, Java Script commands or web assembly) and transmitted to the server of the third-party provider used.

Without this processing operation, it is not possible to load and display this third-party content.

In order to protect the personal data of website visitors, we have taken protective measures to prevent the automatic transmission of this data to the third-party provider. This data is only transmitted when users actively use the buttons and click on the third-party content.

Data categories: Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, anonymized IP address)

Purposes of processing: Sharing posts and content, interest- and behavior-based marketing, evaluation of statistics, cross-device tracking, increasing the reach of advertisements in social media

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Google Fonts

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Based on the standard contractual clauses including additional measures and risk analysis for the third country transfer.

Google Maps

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Based on the standard contractual clauses including additional measures and risk analysis for the third country transfer.

Youtube[AA1] [AA2] [AA3]

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Based on the standard contractual clauses including additional measures and risk analysis for the third country transfer.

Facebook

Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Based on the standard contractual clauses including additional measures and risk analysis for the third country transfer.

Instagram

Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Based on the standard contractual clauses including additional measures and risk analysis for the third country transfer.

Internal area and digital services

Registration

We offer the option of creating a user account on our website. As part of the registration process, we collect the necessary data from interested visitors that we need to provide a user account and the associated functions.

To protect the use of the internal area, we collect the IP address and the time of access to prevent misuse of a user account and unauthorized use. We do not pass this data on to third parties unless this is necessary to pursue our claims or we are legally obliged to do so.

In addition, we have set up the so-called double opt-in procedure for first-time registration. When users register for the first time, they receive a confirmation link from us to the e-mail address (user name) they have provided, which must be confirmed separately by the user within a certain period of time. In this way, we ensure that registration actually takes place at the user's request and that misuse is avoided.

Protected login area

To protect the user accounts from unauthorized access, logging in to the user account requires another measure in addition to entering the password, e.g. entering a code sent to a mobile device (so-called multi-factor authentication). In this way, we ensure that misuse of the login process is avoided.

Data categories: Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), login data (user name and password), possibly other content data (e.g. text input), meta and communication data (e.g. device information, IP addresses), usage data (e.g. access times)

Purposes of the processing: Contract fulfillment, customer loyalty

Legal basis: Contract initiation and execution (Art. 6 para. 1 lit. b) GDPR), consent (Art. 6 para. 1 lit. a) GDPR)

Contact us

We offer website visitors the opportunity to contact us directly or to obtain information via various contact options. We use a management tool/our CRM system to process corresponding inquiries in order to have an overview of contacts made with us.

If you contact us, we process the data of the person making the inquiry to the extent necessary to answer or process the inquiry. The data processed may vary depending on how we are contacted.

Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of processing: Processing of inquiries

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), fulfillment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR)

Zendesk

Recipient: Zendesk Inc, 989 Makret Street #300, San Fancisco, USA

Further mandatory information on data processing

Data transmission

We transfer the personal data of website visitors for internal purposes (e.g. for internal administration or to the HR department in order to comply with legal or contractual obligations). The internal data transfer or disclosure of data takes place to the extent necessary in compliance with the relevant data protection regulations.

If your data is processed outside the EU/EEA, in so-called third countries (e.g. USA), we ensure that this is done in accordance with the requirements of Art. 44 et seq. GDPR. We take additional measures to ensure the highest possible level of protection for the personal data of data subjects. The guarantee applicable to the transfer to third countries is specified in our privacy policy for the respective recipients.

We are a global company with headquarters in Germany. The data of website visitors is stored in our centralized customer database in Germany in compliance with the relevant data protection regulations and is processed in this context throughout the Group for internal administrative purposes. Processing beyond administrative purposes does not take place.

Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: So-called. Small group privilege, centralized management and administration within the company to exploit synergy effects, cost savings, increased effectiveness

Recipient: https://www.erwinhymergroup.com/de/unternehmen/ueber-die-erwin-hymer-group

Order processing

Recipients used may act for us as so-called processors. We have concluded so-called "order processing contracts" with them in accordance with Art. 28 para. 3 GDPR. This means that the processors may only process your personal data in a way that we have explicitly instructed them to do so. Processors take adequate technical and organizational measures to process your data securely and in accordance with our instructions.

Storage duration

We store the data of visitors for as long as this is necessary for the provision of our services or if this has been provided for by the European legislator or another legislator in laws or regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been fulfilled, with the exception of data that we must continue to store in order to fulfill legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).

Storage duration for required cookies: After the end of the session.

Storage duration for non-essential cookies/technologies:

After expiry of 7 days and with revocation by the data subject

Automated decision-making (including profiling)

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

Legal basis

The relevant legal bases are primarily derived from the GDPR. These are supplemented by national laws of the member states and may apply together with or in addition to the GDPR.

Consent: Art. 6 para.1 lit. a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.

Performance of a contract: Art. 6 para. 1 lit. b) GDPR serves as the legal basis for processing operations necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Legal obligation: Art. 6 para. 1 lit. c) GDPR serves as the legal basis for processing operations which are necessary for compliance with a legal obligation.

Vital interests: Art. 6 para. 1 lit. d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.

Public interest: Art. 6 para. 1 lit. e) GDPR serves as the legal basis for processing operations that are necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Legitimate interest: Art. 6 para. 1 lit. f) GDPR serves as the legal basis for processing that is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Rights of data subjects

Right to information: Pursuant to Art. 15 GDPR, data subjects have the right to request confirmation as to whether we are processing data concerning them. They can request information about this data as well as the further information listed in Art. 15 para. 1 GDPR and a copy of their data.

Right to rectification: Pursuant to Art. 16 GDPR, data subjects have the right to request the rectification or completion of data concerning them and processed by us.

Right to erasure: Data subjects have the right pursuant to Art. 17 GDPR to demand the erasure of data concerning them without undue delay. Alternatively, they can request that we restrict the processing of their data in accordance with Art. 18 GDPR.

Right to data portability: Pursuant to Art. 20 GDPR, data subjects have the right to request the provision of the data they have provided to us and to request its transfer to another controller.

Right to lodge a complaint: Data subjects also have the right to lodge a complaint with the supervisory authority responsible for them in accordance with Art. 77 GDPR.

Right to object: If personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR, data subjects have the right to object to the processing of their personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from their particular situation or the objection is directed against direct advertising. In the latter case, data subjects have a general right to object, which is implemented by us without specifying a particular situation.

Revocation

Some data processing operations are only possible with the express consent of the data subject. You have the option of revoking any consent you have already given at any time without giving reasons. All you need to do is send an informal email to: datenschutz@erwinhymergroup.com. Consent to data processing operations on our website can be adjusted and revoked directly in our Consent Manager. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

External links

Our website contains links to the online offerings of other providers. We would like to point out that we have no influence on the content of the linked websites and the compliance with data protection regulations by their providers.

Changes

We reserve the right to adapt the data protection information on our website at any time in the event of changes and in compliance with the applicable data protection regulations so that it complies with data protection requirements.

This privacy policy was created by

DDSK GmbH

www.ddsk.de