Privacy Policy

Neoperl Group AG, Pfeffingerstrasse 21, 4153 Reinach BL, Switzerland and its subsidiaries/fellow subsidiaries attach great importance to the protection of your personal data. We would like you to know when we store which data and how we use such data. We are subject to the provisions of the Swiss Federal Data Protection Act (Bundesgesetz über den Datenschutz, DSG) and/or – if we offer our goods and services in the EU/EEA area – the provisions of the European General Data Protection Regulation (GDPR). In order to ensure that these data protection provisions are being complied with by us and also by our external services providers, we have taken appropriate technical and organizational measures.

This Privacy Policy applies to our online offerings. These include websites, functions and content as well as external online presences, for instance our social media presence or any apps developed by us. At the same time, this Privacy Policy is intended to inform you about any further processing of your personal data, and our compliance with the information obligations we have towards you.

The terminology used in this Privacy Policy, such as controller (or in the Swiss DSG occasionally referred to as the “controller of the data file”) or personal data, is used in accordance with the applicable › definitions in the DSG and/or the GDPR as applicable. For reasons of easier readability and therefore also for purposes of a transparent provision of information, we have generally refrained from quoting individual articles, sections or similar.

name="media"

Controller

Controller for purposes of the DSG and/or the GDPR or other national data protection laws in EU member states as well as other data protection provisions is

Neoperl Group AG

Pfeffingerstrasse 21

4153 Reinach BL

Switzerland

Phone: +41 61 716 74 00

Fax: +41 61 716 74 09

E-mail: ch.infonet@neoperl.com

Website: › www.neoperl.com

name="media"

1. Data protection officer

The controller has appointed a data protection officer. His contact details are:

Michael Kranzer

Bechtle GmbH IT-Systemhaus Freiburg

Leinenweberstraße 1

79108 Freiburg im Breisgau

Germany

E-mail: ch.datenschutz@neoperl.com

For questions, suggestions or comments regarding data protection and in order to exercise your rights as set out below, please contact our data protection officer.

name="media"

2. General information regarding data processing

Scope of the processing of personal data

We use the personal data provided by you in order to respond to your queries, process your orders, deliver products, process payments or to give you access to certain information or offers (in particular on our Neoperl website and web shop or in our Neoperl apps).

Legal bases for the processing of personal data

Where the GDPR is applicable, the processing of personal data is generally not permitted unless there is statutory permission. We are obliged, in this regard, to inform you about the legal bases for the processing of the data. Where the DSG is applicable, the processing of personal data is allowed in principle, provided that the statutory principles of the DSG are complied with.

If we obtain your consent for the processing of personal data, such consent constitutes the legal basis.

If the processing of personal data is necessary for the performance of a contract, whose contracting party is you, the performance of the contract constitutes the legal basis. This also applies to any processing that is necessary in order to implement pre-contractual measures.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, this constitutes the legal basis.

In the event that interests which are essential for the life of the data subject or that of another natural person make the processing of personal data necessary, this constitutes the legal basis.

If the processing of personal data is necessary for purposes of safeguarding a legitimate interest of our company or of a third party, and if your interests or fundamental rights and freedoms do not override that interest, this constitutes the legal basis for the processing.

Children

Our offering is generally aimed at adults. People under the age of 16 must not transfer any personal data to us without the consent of their parents or legal guardians. We do not request or collect any personal data from children and young people and therefore also do not pass it on to third parties.

Deletion of data and storage time

As soon as the purpose for storing data ceases to apply, we will delete or block your personal data. Data may, however, be stored beyond such time period if this is required due to statutory provisions to which we are subject. This may, for instance, concern data that needs to be stored for commercial or tax-related reasons, such as delivery slips or invoice data.Your data will be blocked or deleted if the storage time prescribed by such provisions expires, unless a continued storage of the data is required for the conclusion or performance of a contract.

Sharing personal data with third parties

As a general rule, we will not share any personal data with third parties without your express consent. In the event that we do share your data with third parties, transmit it to them or grant them access to it in any other way in the context of the processing, this also occurs only on the basis of one of the aforementioned legal bases.

We transfer data, for instance, to payment providers or suppliers if this is necessary in order to fulfil the contract. If we are obliged to do so by statute or by court order, we have to transfer your data to the respective bodies entitled to such data.

On occasion, we use carefully selected external service providers in the processing of your data. If, in the context of what is known as commissioned data processing, data is transferred to service providers, this occurs on the basis of the provisions of the DSG and the GDPR. Our commissioned data processors have been carefully selected, are bound by our instructions and are checked at regular intervals. We only commission such data processors who provide sufficient guarantees that suitable technical and organisational measures are taken to ensure that the processing takes place in accordance with data protection requirements and safeguards the protection of your rights.

Data transfers to third countries

The DSG ensures a high level of data protection in Switzerland. The GDPR ensures a consistently high level of data protection within the European Union. Where possible, when selecting our service providers and cooperation partners we therefore rely on partners in Switzerland and the EU in the event that your personal data is to be processed. Only in exceptional cases will we allow your data to be processed outside of the European Union in the context of using third party services.

We may share your data with subsidiaries or fellow subsidiaries abroad if this is required for intra-group management purposes.

We will only allow your data to be processed in a third country if the special requirements of the DSG and the GDPR have been met. That means that your data may then only be processed on the basis of special guarantees. These guarantees include the EU Commission making an official decision that a third country has an adequate level of data protection in line with that of the EU, compliance with officially recognized special contractual clauses (known as standard contractual clauses) or other conventions between Switzerland and/or the EU and third countries.

Automated decision making

We refrain from using automated decision making processes or profiling (in Switzerland also referred as the processing of personality profiles).

name="media"

3. Rights of the data subject

If your personal data is processed, you are a data subject for purposes of the data protection laws (in Switzerland also referred to as the person affected). You have the following rights against us.

To exercise your rights, please contact our data protection officer.

Right to withdraw consent

If the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time. The withdrawal of your consent does not affect the lawfulness of any processing that has taken place until then.

Right of access

You have the right to ask us to confirm whether we are processing any personal data relating to you. If this is the case, you have the right to obtain details of the following information:

the purposes of the processing;

the categories of personal data that are being processed;

the recipients or categories of recipient to whom the personal data has been or will be disclosed;

where the GDPR is applicable, the envisaged period for which the personal data will be stored or, if actual details cannot be provided on this, the criteria used to determine that period;

where the GDPR is applicable, the existence of the right to request us to rectify or erase personal data or restrict our processing of personal data concerning you or to object to such processing;

where the GDPR is applicable, the right to lodge a complaint with a supervisory authority;

where the personal data is not collected from you, any available information as to its source;

the existence of automated decision making, including profiling, and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

You have the right to obtain information on whether your personal data is transferred to a third country or to an international organization. In this context you have the right to request information about the appropriate safeguards in connection with such transfer.

Within one month from receipt of your request for information, we will provide you with a copy of the personal data that is being processed. Where you make the request by electronic means and unless otherwise requested by you, we will provide the information to you in a commonly used electronic form.

Right to rectification

You have the right to require us to immediately rectify your personal data if it is incorrect. In due consideration of the purposes of the processing, you have the right to request completion of any incomplete personal data concerning you.

Right to erasure (“right to be forgotten”)

You have the right to require us to erase personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:

The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

You withdraw your consent on which the processing was based and there is no other legal basis for the processing.

You object to the processing and there are no overriding legitimate grounds for the processing.

Personal data has been unlawfully processed.

The personal data has to be erased to comply with a legal obligation in Union or Member State law.

The personal data has been collected in relation to the offer of information society services.

Where we have made personal data concerning you public and are obliged to erase it, taking account of available technology and the cost of implementation, we will take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

The right to erasure (“right to be forgotten”) does not apply insofar as the processing is required:

to exercise the right of freedom of expression and information;

to comply with a legal obligation to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

for reasons of public interest in the area of public health;

to achieve purposes in the public interest, scientific or historical research purposes or statistical purposes insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

to assert, exercise or defend legal claims.

Right to restriction of processing

You have the right to require us to restrict the processing of your personal data if one of the following conditions applies:

you contest the accuracy of the personal data concerning you, namely for a period that enables us to check the accuracy of the personal data;

the processing is unlawful and instead of the erasure of the personal data you require us to restrict its use;

we no longer need the personal data for the purposes of the processing, but you require it for the assertion, exercise or defense of legal claims; or

you have objected to the processing pending verification as to whether our legitimate reasons override yours.

Where processing has been restricted in accordance with the aforementioned conditions, such personal data will, with the exception of storage, only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Where processing has been restricted in accordance with the aforementioned conditions, we will notify you before lifting the restriction.

Right to data portability

Where the GDPR is applicable, you have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from us, provided that the processing is based on consent or on a contract and is carried out by automated means.

In exercising the right to data portability you can have the personal data transmitted directly from us to another controller, where technically feasible. The exercise of the right to data portability does not affect the right to erasure (“right to be forgotten”). This right shall not apply to processing necessary for the performance of a task vested in us and carried out in the public interest or in the exercise of official authority.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data on the basis of a weighing up of interests. In this case we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the data is processed for reasons of asserting, exercising or defending legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

In the context of the use of information society services you may exercise your right to object by automated means using technical specifications.

Automated individual decision making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

is necessary for entering into, or performance of, a contract between you and us,

is authorized by Union law or Member State law to which we are subject and which lays down suitable measures to safeguard your rights and freedoms and your legitimate interests or

is based on your explicit consent.

We will implement suitable measures to safeguard your rights and freedoms and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

Where the GDPR is applicable, without prejudice to any other administrative or judicial remedy you have the right to lodge a complaint with a supervisory authority, in particular at your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of your personal data infringes data protection provisions. Where the Swiss DSG is applicable, you may report your concerns or incidents to the Swiss Federal Data Protection Commissioner. This person can then initiate an investigation of facts, make recommendations and, where required, take legal steps.

name="media"

4. Use of our online offerings

You are generally able to use our online offerings without disclosing your identity. In this section we will provide information to you as to when and in what connection we process data during the use of our online offerings, what offers of service providers and cooperation partners we have implemented, how these work and what happens to your data.

Data collection upon visits to our websites

If you use our websites purely for purposes of obtaining information, i.e. if you do not register for an offer, enter into a contract with us or otherwise disclose information to us, we will only collect personal data that your browser transmits to our server. When you access our websites, we will collect the following data which we require for technical reasons in order to display our websites and ensure that they are stable and secure:

IP address of the visitor

date and time of the request

requested content (specific page)

access status / http status code

data volume transmitted in each case

website from which the request originates

operating system of the visitor

language and version of the browser software.

This data is temporarily stored in our system log files for a period lasting no longer than ten days. Data may be stored for longer; in this case, however, the IP addresses will be truncated or distorted such that it is no longer possible to identify the accessing client. In this connection the log files will not be stored together with other personal data concerning you. The legal basis for these processing operations is our legitimate interest.

Given that the collection of the data is strictly required in order to display the websites, and the storage of the data in log files is strictly required for the operation of our websites and to ensure IT security, you have no right to object in this regard.

Customer account

Personal data is required for a customer account. Required data is marked with an asterisk (*) in the registration process. By registering, you consent to the use of this data for the purpose of managing your account. In order to process electronic payments, we may cooperate with electronic payment service providers and transfer your personal data for these processing purposes.

Payment service providers

In the context of the fulfilment of contracts we use payment service providers in order fulfil contracts. Apart from this, we use external payment service providers on the basis of our legitimate interests in order to offer our users an effective and secure payment method.

The data processed by our payment service providers includes inventory data, such as name and address, bank details including account numbers or credit card numbers, passwords, TANs and checksums as well as details relating to contracts, sums and recipients. These details are required in order to process the transactions. The data provided is, however, processed and stored by the payment service provider. That means we receive no account-related or credit card-related information, but only information containing a statement as to whether payment has or has not been made. In certain cases, payment service providers may transfer the data to credit agencies. Such data transfers are made for purposes of checking ID and credit history. In this regard, please refer to the general terms and conditions and privacy policies of the payment service providers.

The payment transactions are governed by the terms and conditions and privacy policies of the respective payment service provider, which can be accessed on the respective websites or transaction apps. Please also refer to these for further information and in order to assert rights to withdraw, rights of access and other data subject rights.

Delivery of goods

Your data will be passed on to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods.

Apps

Besides our internet presence, we also provide mobile apps for you to download to your mobile device. In the following, we provide information to you about the processing of personal data when using our apps. We do this to ensure that you are aware of how the services implemented as part of our offer work and what will happen to your data.

When an app is downloaded, the required information is transferred to the respective app store; namely, in particular, the user name, email address, customer number at the app store and the individual device ID. We have no influence over such data processing; this is the responsibility of the respective app store. We only process data required for the app to be downloaded to your device.

Usage data

When our apps are used, app usage data is generated. This usage data serves as the basis for anonymous statistical evaluations, so that trends can be identified and used to improve the offer accordingly. In general, we process this data to facilitate the usability of the functions provided and to ensure the security and stability of the app.

When using an app for the first time, you will be informed about the processing of your personal data within that app. If we need your consent for data processing, we will ask you to voluntarily give this consent when you use an app for the first time. If you wish to revoke your consent thereafter, you can do so whenever you wish from within the actual app.The legal basis for such processing is either our legitimate interest or your voluntarily given consent.

Crash reports

In order to improve the stability and reliability of our apps, we rely on anonymized crash reports.

iOS apps: If you have voluntarily and expressly consented to the transmission of a crash report in the app settings, anonymous information regarding the crash will be transmitted to our service provider’s servers and stored therein for purposes of analysis. Crash reports do not contain any personal information. In iOS these consist of a stack trace, some device information (no serial number or similar), the app version, the time stamp of the crash, and the list of software libraries stored in the memory. No processor register content or log files are contained therein.

Android apps: If, when configuring your mobile device, you voluntarily and expressly consent to the general transmission of crash reports to Google, following a crash of the app, information (status of the app at the time of the crash, stack trace, manufacturer and operating system of the mobile phone, last log notices) will be transferred to Google and stored for purposes of analysis. This information does not contain any personal data.

Push notifications

Push notifications are sent with the help of a pseudonymized push token provided by your operating system or the push service in question. Neither we nor our contractual partners are able to deduce personal data via the push token or link it to the mobile device.

Push notifications are sent on the basis of your consent. You may revoke your consent at any time by disabling the “receive push notifications” function in the app settings or deactivating the receipt of push notifications in the settings of the operating system.

Neoperl EasyMatch

When using this app, your entries in the decision tree as well as the version number of the app will be processed. Further, your information regarding your smartphone (model/version, operating system and language selected) will be processed.

When using “EasyMatch”, the photographs you have taken of the aerators and your comments will be processed. In addition, the time and the result of the measurement will be processed. A push token and a reference ID of the status of the decision tree will be generated.

name="media"

5. Data processing when visiting our websites / use of cookies

General information on the use of cookies

When you use our websites, cookies will be stored on your device in addition to the aforementioned data. Cookies are small text packages that may be sent by a website to the browser, and stored and returned by it. Cookies can be used to store various details, which are read by the entity that has placed the cookie. They typically contain a characteristic string (ID) which allows unambiguous identification of the browser in the event of renewed access to the website or a change of page. They are primarily used to make our online offerings more user friendly and more effective overall.

The user data collected in cookies is pseudonymized through technical means, which typically makes it impossible to link the data to the accessing user. If identifiability is possible, for instance in the case of a login cookie whose session ID is necessarily linked to the account of the user, we will notify you at the appropriate time.

We use different types of cookies:

“Session cookies” are cookies that are deleted after you leave our website and close the browser. Such cookies are used to store, for instance, language settings or the content of a shopping basket.

“Permanent cookies” remain stored even after the browser has been closed. This allows, for instance, the storage of the login status or any search terms entered. We use such cookies, inter alia, to measure reach or for marketing purposes. Permanent cookies are automatically deleted after a defined period of time, which may differ depending on the cookie. You may, however, delete such cookies at any time, inter alia with the help of your browser.

Besides “first party cookies”, which we use in our capacity as data controller, we also use “third party cookies” offered by other providers.

In our capacity as controller we set “first party cookies”. The legal basis for this processing of your personal data in this respect is our legitimate interest.

External service providers who carry out web tracking or reach measurements for us, for instance, may also set cookies. The legal basis for this processing of your personal data is your consent.

name="media"

6. Information regarding data processing by third parties

LiveChat

On this website, with your consent we use a live-chat system with technology of the company LiveChat Inc. This allows you to enter into direct online communications with us and for us to support you as swiftly as possible if you have any questions. Cookies are also used to operate the chat function.

The legal basis for the processing of your personal data is your voluntary consent. We will delete the processed data as soon as it is no longer required.

Google AnalyticsIf you have given your consent, this website uses Google Analytics, a web analysis service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter referred to as Google). This allows us to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse a user's activities across devices.

Scope of processing

Google Analytics uses cookies that enable an analysis of your use of the website. The information gathered by the cookies about your usage of this website will generally be transferred to a Google server in the US and stored there.

In Google Analytics 4, IP address anonymisation is activated by default. IP anonymisation means your IP address will be truncated by Google within Member States of the European Union or other parties to the Agreement on the European Economic Area. In exceptional cases only, the full IP address is transferred to a Google server in the US and truncated there. According to Google, the IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.

However, we would like point out here that Google generally processes data for its own purposes, in particular also for the purpose of providing its web analysis and tracking service. Within the scope of Google Analytics, further usage data is collected that is to be assessed as personal data, such as identification features of the individual users, which also allow a link to an existing Google account, for example.

During your visit to the website, your user behaviour is recorded in the form of events. Events can be:

Pages you visit

First visit to the website

Start of the session

Your "click path" – interaction with the website

Scrolls (whenever a user scrolls to the end of the page (90 %))

Clicks on external links

Internal searches

Interaction with videos

File downloads

Adverts seen/clicked on

Language setting

Also recorded:

Your approximate location (region)

Your IP address (in truncated form)

Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)

Your internet provider

Purposes of processing

On our behalf, Google will use this information to evaluate your use of the website and compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.

Demographic characteristics

We use the "demographic characteristics" function of Google Analytics to be able to display suitable adverts to website visitors within the Google advertising network. This allows reports to be created that contain statements about the age, gender and interests of website visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be assigned to a specific person.

Signals

We use Google Signals. This allows Google Analytics to capture additional information about users who have activated personalised adverts (interests and demographics), and adverts can be delivered to these users in cross-device remarketing campaigns.

User ID

We use the user ID function. With the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse users' behaviour across multiple devices.

Third country transfer

Where data is processed outside the EU/EEA and Switzerland and there is no level of data protection corresponding to the European standard, we have concluded › EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, US. The transfer of data to the US and access by US authorities to the data stored by Google cannot be ruled out. The US is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to legal remedies against access by authorities.

Recipients/categories of recipient

Recipients of the data are/could be

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR)

Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, US

Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, US

Duration of data storage

Please refer to our cookie management tool for information about the length of time cookies will be stored on your device.

The data sent to us and linked to cookies, user ID or similar, or advertising ID will be automatically deleted after 14 months. The data whose retention time has expired will be deleted automatically once a month.

Legal basis

The legal basis for the use of Google Analytics is your voluntary consent.

Withdrawing consent

You can withdraw your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Google reCAPTCHA

In order to protect our websites against spam, we use the reCAPTCHA service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland in places where you can enter data. A question is used to establish whether it was a human who entered data or whether the data was entered improperly by automated, electronic means. The reCAPTCHA service includes IP addresses and any other data required by Google to operate the reCAPTCHA service being sent to Google. Your input will be sent to Google for these purposes and used there. Google will, however, first truncate your IP address within member states of the European Union or other parties to the Agreement on the European Economic Area. In exceptional cases only, the full IP address is transferred to a Google server in the U.S. and shortened there. On behalf of the operator of this website, Google will use this information to analyze your usage of this service. The IP address transferred by your browser as part of reCAPTCHA will not be combined with other Google data.

Links to third party websites

This Privacy Policy does not apply to external links which are available to you within the scope of our website. When we provide such links, we endeavor to ensure that they also comply with our data protection and security standards. However, we have no influence over other providers' compliance with data protection and security regulations. Please therefore also read the privacy policies set out on the websites of other providers.

Online services on social media

We offer online services on various platforms in order to provide information to you and to make contact with you.

We have no influence over the processing of personal data by the respective platform operator. Typically, when visiting our offers on social media platforms, the platform operator will store cookies in your browser, which are used to store your user behavior and your interests for purposes of market research and advertising.

The platform operators use those user profiles which are generated – usually across devices – in order to show you personalized advertising. Data processing may affect persons who are not registered as a user with the platform in question. In certain cases your data will be processed outside of Switzerland or the European Union, which may impede the assertion of your rights. In selecting such platforms, however, we look at whether the operators undertake to comply with the high data protection levels applicable in Switzerland and the EU.

When visiting one of our social media offerings, your personal data will be processed on the basis of our legitimate interest in maintaining a diverse public image for our company and in using effective means of information and communication with you.

You may obtain detailed information regarding data processing in connection with the use of our offering on these platforms, rights to object and the exercise of rights of access to information in the privacy policy of the platform operator in question.

- Facebook

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, IrelandThe basis of the processing is an › agreement regarding the joint processing of personal data in accordance with the GDPR.

› Privacy policy of the provider

- YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

› Privacy policy of the provider

- Twitter

Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, U.S.

› Privacy policy of the provider

- LinkedIn

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

› Privacy policy of the provider

name="media"

7. Newsletter

We offer you the opportunity to subscribe to our free email newsletter. We will only send this newsletter with your consent. When you subscribe to a newsletter, the data provided in the form (name and email address) will be transmitted to us and stored for as long as the subscription to the newsletter is active.

Your consent to the processing of your data for purposes of sending the newsletter will be obtained and you will be referred to this Privacy Policy. The registration procedure is based on a “double-opt-in process”.

After you have subscribed to the newsletter, you will receive an email asking you to click on a link in order to confirm your subscription. This allows us to prevent unauthorized third parties subscribing under your email address.

We keep a record of the subscription process, for purposes of providing evidence of our compliance with legal requirements. This involves storing the IP address of the accessing device, as well as the subscription date and time. The data provided by you will be stored while the newsletter subscription is active.

You may terminate the subscription at any time. For these purposes each newsletter contains a link to unsubscribe. This also allows you to revoke your consent. The legal basis for the processing of your data is your voluntary consent to the receipt of the newsletter.

If you purchase goods or services from us and provide us with your email address as part of this process, we reserve the right to use it in order to send newsletters containing direct marketing materials for similar goods or services provided by us. This is done for purposes of our legitimate interest of promoting our goods and services to our customers, which prevail when weighing up the various interests. You may object to this use of your data at any time by sending a message to the point of contact set out below or via the unsubscribe link in the promotional email, without incurring any transmission costs other than in accordance with the base tariffs.

name="media"

8. Enquiries sent to us

If you send us an enquiry – for instance by using the contact form or chat function – your personal data will be processed in order to respond to your enquiry:

to process the enquiry you have transmitted in the contact form

to process your service enquiry

to process your return

to handle queries raised by telephone and in writing (email)

to provide information about products and services

We will not use your data for any automated decision-making processes or for profiling.

name="media"

9. Applications

When applying to us, the data provided by you – for example your contact details and qualifications – will only be used to process the application procedure.

Your data will be passed on internally to the relevant department managers. We will process your personal data for purposes of your job application to the extent that this is necessary for a decision to be made regarding the conclusion of an employment relationship.

In addition, we may process personal data concerning you to the extent that this is required to defend against any legal claims asserted in the context of the application procedure.

Your data will generally be deleted 3 months after the application procedure has ended, unless there are agreements to the contrary in place with the applicant (see, inter alia, admission to the pool of applicants). If your application results in the conclusion of an employment contract, the data will be included in your personnel file.

For how long will your data be stored?

We will store your personal data for as long as this is required to arrive at a decision regarding your application. If no employment relationship is entered into between you and us, we may continue to store the data insofar as this is necessary to defend against any legal claims. The application documents will be deleted two months after the rejection has been communicated, unless a longer storage time is required due to legal disputes.

Admission to the pool of applicants

In the event that we currently do not have any open positions available that match your application – for instance in the event of an unsolicited application – we are happy to admit your application to our pool of applicants. This does, however, require your consent which we will request in such a case.

If we do not use your application documents in the pool of applicants within one year, we will automatically delete your application documents.

No automated decision making

There will be no automated decision making in individual cases; this means that the decision regarding your application will not be solely based on automated processing.

name="media"

10. Amendments

This Privacy Policy will be amended from time to time. These amendments will be made, for instance, if there are changes due to technical developments, legal provisions or other influences.

Last updated: May 2022

The original text was written in German. In the event of legal disputes, the German version shall apply.

name="media"