Version as of: 16/01/2025

General section

Introduction 

The protection of your personal data is essential to us. It concerns an important part of our development and sales activities. With the following Privacy Policy, we would like to inform you about the types of personal data (hereinafter referred to as “data”) that we process, the underlying purposes and to what extent this is performed.

Data controller

Website operator:
Jarltech Europe GmbH
Jarltech-Platz 1
D-61250 Usingen
Germany 

Tel: +49 (0) 6081 600-100
Fax: +49 (0) 6081 600-500

Managing Director:
Ulrich Spranger (authorised representative)
ulrich [dot] spranger [at] jarltech [dot] de 

The provider’s data protection officer is:
MFM Datenschutz-Consulting GmbH, represented by the Lawyers and Managing Directors, Florian Kaiser and Marc Schönberger 
Mainzer Landstraße 55
60329 Frankfurt am Main
Germany 

Commercial Register:
Bad Homburg v.d.H. HR-B 8433 

VAT ID:
DE 161 750 021 

WEEE ID:
DE 635 893 00 

ADEME personalised ID:
FR365870_01CEAO – Registration with CITEO for packaging 

Fiscal number:
003 236 56022 

Credit card payments are settled by:
Unzer Luxembourg S.A. société anonyme, 1, Place du Marché, L-6755 Grevenmacher, RCS Luxembourg: B 144133,
Board of Directors: Mirko Hüllemann, Jens Bader, André Munk, Commission de Surveillance du Secteur
Financier (CSSF) 283 rte. d´Arlon, L-1150 Luxembourg, CSSF: Z00000009, www.unzer.com 

Overview of data processing

Below, you will find an initial overview of the types of data processed along with the data subjects affected by this processing.

Types of data processed
We categorise the processed data into the following types:

1. Usage data: this includes, in particular, websites visited and content interests.
2. Metadata: this refers to the data generated during the communication process – such as IP addresses, browser identification and device details.
3. Content data: this refers to the data that is made available when using our services (texts, images, forms).
4. Contact details: this comprises e-mail addresses, telephone numbers and the postal address.
5. Contract data: this comprises e-mail addresses, telephone numbers and the postal address.
6. Inventory data: this is the existing core data such as names and addresses.
7. Geodata: this includes, for example, your own location or the location targeted within a route.
8. Payment data: data concerning payment methods.
9. Special personal data: “special personal data” refers to data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Categories of data subjects
We divide the data subjects affected by data processing into the following categories:

1. User: visitors to our websites and online services.
2. Applicants: people who apply to us.
3. Interested parties: persons who are interested in our services and contact us about them.
4. Communication partner: persons who establish communication with us.
5. Customers: persons who utilise our services as customers.
6. Contractual partners: persons with whom we have contractual relationships without them being customers.

Purposes for which the processing is performed
In general, personal data is processed for the following purposes:

1. Provision of our online services: we process data, in order to be able to provide our online offer in the first place.
2. Obtaining feedback: requesting and analysing feedback on services and performance.
3. Interest-based and behavioural (re-)marketing: marketing that is tailored to the interests of users, which – in turn – result from their behaviour.
4. Conversion measurement: measuring the efficacy of marketing measures
5. Security measures: measures to protect our technical infrastructure
6. Contact enquiries and communication: processing of contact enquiries etc.
7. Office organisation: measures for organising the office, e.g. scheduling, division of tasks, etc.
8. Direct marketing: direct marketing to customers, especially via individual letters by e-mail.
9. Provision of contractual services: processing of data to support the execution and initiation of contracts.
10. Improving the user-friendliness of our online offering: we process data, in order to improve the user-friendliness of our website. We achieve this, in particular, by analysing visits to our online offering.
11. Analysis of the behaviour of visitors to our online offering: analysing the pages accessed, e.g. by recording click paths and bounce rates.
12. Implementation of the employment relationship: data processing for the purpose of implementing, managing and terminating the employment relationship.
13. Implementation of the application procedure: in the case of an application procedure, the data processed within that procedure.

Overview and explanation of the legal basis
In the following section, we would like to inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. In addition to the regulations of the GDPR, national regulations of the country of residence or domicile of the respective user may apply.

1. Legitimate interests (Art. 6 [1] Sentence 1 lit. f GDPR): processing is deemed necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data.
2. Contract fulfilment and pre-contractual enquiries (Art. 6 [1] Sentence 1 lit. b. GDPR): processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
3. Legal obligation (Art. 6 [1] Sentence 1 lit. c. GDPR): processing is necessary for compliance with a legal obligation to which the data controller is subject.
4. Protection of vital interests (Art. 6 [1] Sentence 1 lit. d. GDPR): processing is necessary, in order to protect the vital interests of the data subject or of another natural person.
5. Application procedure as a pre-contractual or contractual relationship (Art. 9 [1] Sentence 1 lit. b GDPR): (to the extent that special categories of personal data within the meaning of Art. 9 [1] GDPR [e.g. health data – such as severely disabled status or ethnic origin] are requested from applicants as part of the application procedure, in order that the data controller or the data subject can exercise the rights arising from employment law, as well as laws within the scope of social welfare and social protection, and fulfil their obligations in this regard, the respective processing shall be carried out in accordance with Art. 9 [2] lit. b. GDPR; in cases pertaining to the protection of vital interests of applicants or other persons pursuant to Art. 9 [2] lit. c. GDPR or for the purposes of preventive healthcare or occupational medicine, for the assessment of the employee’s fitness for work, for medical diagnosis, care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 [2] lit. h. GDPR. In cases involving the communication of special categories of data based on voluntary consent, their processing shall be performed on the basis of Art. 9 [2] lit. a. GDPR).
6. Data processing for the purposes of the employment relationship (Section 26 Federal Data Protection Act [BDSG]): we process (special) types of personal data in the employment relationship on the basis of the statutory provisions for the purpose of establishing, implementing and terminating the employment relationship.
7. Consent (if requested) (Art. 6 [1] Sentence 1 lit. a GDPR): the data subject has issued their consent to the processing of their personal data for one or more specific purposes.
8. Processing for the performance of a task performed in the public interest (Art. 6 [1] lit. e GDPR): to the extent that processing is necessary for the performance of a task carried out in the public interest, or in the exercising of official authority vested in the data controller.
9. Storage of information in the end user’s terminal equipment with the end user’s consent (Section 25 [1] Sentence 1 Telecommunications Digital Services Data Protection Act [TDDDG]): we use storage areas of our users’ terminal equipment for certain functions with their express and informed consent.
10. Storage of information in the end user’s terminal equipment due to necessity (Section 25 [2] No. 2 Telecommunications Digital Services Data Protection Act [TDDDG]): unless we have asked you for permission when you visit our website or use individual functions, we use the memory of your terminal equipment for the technical presentation and delivery of our telemedia service – if this is absolutely necessary from a technical standpoint.

Security measures
We take appropriate technical and organisational measures in accordance with prevailing legal requirements, taking into account the latest technological standards, the implementation costs and the nature, scope, circumstances and purposes of the respective processing operation, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk; Art. 32 GDPR. The security measures we have taken include the following, in particular.

• Secure Sockets Layer | Transport Layer Security (SSL): we use SSL / TLS for the encrypted transmission of data between the end devices of our visitors and our server. This significantly reduces the risk of unauthorised access to the transmitted data.

Transfer and disclosure of personal data to third parties
As part of our processing operations involving personal data, said data may be transferred to other bodies, companies, legally independent organisational units or persons or data may be disclosed to them. The recipients of this data may include, in particular:

• IT service providers: this includes service providers for the provision of hosting, mail services and server technology
• Payment service providers: service providers who co-operate with us to process payments.
• Shipping service providers: service providers who handle logistical tasks for us. These include parcel service providers, in particular.
• Public authorities: public authorities with which we exchange data, in order to fulfil a contract or for legal reasons.
  In such a case, we ensure the protection of personal data by concluding contracts or agreements with the respective third parties that serve to adequately protect the data. We carefully and conscientiously select third parties to whom we disclose data. To the extent that we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Data processing in third countries
If we process data in a third country, i.e. a country outside the European Union or the European Economic Area, or if the processing is performed by third parties outside this area, this processing is only carried out in accordance with the applicable legal provisions. Subject to the express consent of the data subjects or legally required transfers, we only process or have data processed in third countries with an appropriate level of protection. This includes, in particular, countries that process data on the basis of special guarantees – such as contractual obligations through so-called standard protection clauses established by the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR).

General information on the deletion of data
The data processed by us shall be deleted in accordance with prevailing legal requirements as soon as the consent to its processing has been revoked or other authorisations (e.g. legitimate interests, legal obligations, etc.) no longer apply. Should the data not be deleted because it is required for other and legally permissible purposes, its processing shall be limited to these purposes. This means that the data shall be blocked and not processed for other purposes. This shall apply, for example, to data that must be stored for reasons of commercial or tax law, or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural person or legal entity. Further information on the deletion of personal data can be found under the individual points of this Privacy Policy.

Special section

Use of cookies
A “cookie” is a small text file that is stored on the visitor’s computer at the request of our systems and if the visitor’s browser is set to allow this. This contains a key and a value, and is used to identify the end device beyond a request-response cycle (perpetuation of the session). The cookie’s key and value are processed by the setting system for each request. Below you will find a list of the cookies we use and the associated information.

Technically necessary cookies
We transmit the request to set the following cookies to our visitors’ systems the first time they access a page.

If you do not agree to the above-mentioned cookies being set, you can configure your browser to refuse their installation. Under certain circumstances, this may result in our website no longer functioning properly.

Processed data types: usage data, meta and communication data
Data subjects: users of our website. 
Legal basis: the use of these cookies is absolutely essential for the website’s operation, and is based on our legitimate interest in the effective delivery of our online offer, Art. 6 (1) Sentence1 lit. f GDPR and Section 25 (2) No. 2 TTDSG.

Optional cookies
We only set the following cookies after the user has given us their consent to do so. The legal basis for the processing is the consent of the user (Art. 6 [1] Sentence 1 lit. a GDPR).

Processed data types: usage data, meta and communication data
Data subjects: users of our website.
Legal basis: consent of the user (Art. 6 [1] Sentence 1 lit. a GDPR).
Revocation: you can revoke your consent for the future by using the consent tool on this website.

Data processing (internal)
Eventio Event Management

ADV-contract

Information and Description

We use the Evenito service for the organisation of events. This allows us to accept event registrations, as well as to request additional information about the participants (i.e. allergies, special requests). We have an order processing agreement with the operator of Evenito AG.

Processed data: Special, person-related data, metadata, contact information

People concerned: Users, customers, contractual partners

Legal basis for processing: Legitimate interests, consent (where requested)

Legitimate interests:
 

• Enabling the operation of a website: Processing occurs based on our legitimate interest in being able to maintain a website.
• Optimisation of the user interface: Our legitimate interest for optimising our user interface and thereby the effective design of our services.
• Customer communication and support: Our legitimate interest in direct, simple communication with our (potential) customers; possibly also in an environment that they already use, as well as our legitimate interest in being able to provide customer-oriented support at this point.

Data processing by external service providers and processors
Evenito AG
Service provider information
Eventio AG; Evenito AG, Binzstrasse 23, 8045 Zürich, Switzerland, https://cdn.prod.website-files.com/664fa7893d12f8b0a1271d1b/668f99777f44d81d8dd950e3_202309_Privacy_policy_evenito_ENG.pdf 

This service provider may also process data outside the jurisdiction of the European Union. There is a decision on appropriateness by the EU Commission for data transfers to Switzerland at: https://datenschutz.hessen.de/sites/datenschutz.hessen.de/files/2022-11/schweiz_en.pdf

Google LLC
Google Tag Manager

Subsequent to approval

Function
Integration tools
We use external services to simplify the integration and handling of other solutions on our website.They are used either as part of our legitimate interest in the secure, uncomplicated integration of external resources, or with the consent of our users.

Processed data: usage data, metadata

Data subjects: users

Legal basis for processing: legitimate interests, consent (if requested)

Legitimate interests:

• Freedom from maintenance: our legitimate interest in using low-maintenance or maintenance-free technology. This guarantees a consistently high level of security for the services;
• Development outsourcing: our legitimate interest in not having to develop all services ourselves, and instead using highly complex services operated by third parties;
• High availability: our legitimate interest in the use of a highly available service.

Domains affected: www.googletagmanager.com (incl. subdomains) 

YouTube

Subsequent to approval

Function
Video platform
We use external providers to display videos on our website. These are usually integrated into our site by means of a so-called “iframe”. The browser accesses the external page containing the video when our own page is loaded. We use these external providers on the basis of our legitimate interest in the simple integration of multimedia content into our website.

Processed data: usage data, metadata

Data subjects: users

Legal basis for processing: legitimate interests

Legitimate interests:

• Freedom from maintenance: our legitimate interest in using low-maintenance or maintenance-free technology. This guarantees a consistently high level of security for the services;
• Development outsourcing: our legitimate interest in not having to develop all services ourselves, and instead using highly complex services operated by third parties;
• High availability: our legitimate interest in the use of a highly available service.

Domains affected: jnn-pa.googleapis.com, googlevideo.com (incl. subdomains), www.youtube.com (incl. subdomains), www.youtube-nocookie.com, s.ytimg.com, i.ytimg.com (incl. subdomains) 

Google Analytics Subsequent to approval

Function
Web analysis
We use web analysis services to further improve our website, to understand the interests and expectations of our users, to recognise problems with click paths on our website and to evaluate the performance of individual pages and our website as a whole.

To this end, data is collected and processed regarding the user’s end device used, the pages accessed, the time spent on the respective pages, the origin of the users (referrer) and – as far as possible – their geographical position.

If we do this exclusively by analysing HTTP requests (see above), the processing is based on our legitimate interest. If we use additional services, this will only be done with your consent.

Processed data: usage data, metadata

Data subjects: users

Legal basis for processing: legitimate interests, consent (if requested)

Legitimate interests:

• Optimisation of user interface: our legitimate interest in the optimisation of our user interface and thus the effective conceptualisation of our services;
• Performance measurement: our legitimate interest in measuring the performance of our website and individual pages.

Domains affected: analytics.google.com, region1.analytics.google.com, www.google-analytics.com (incl. subdomains)

Provider information

Google LLC; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Subsidiary in the European Union: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy

This provider may process data outside the scope of the European Union.

So-called SCCs (standard contractual clauses) exist between the above-mentioned data controller and the operator

ISRG (Internet Security Research Group)
Let´s Encrypt

Information and description

As a free certification authority, Let’s Encrypt provides SSL certificates. The validity of such a certificate is limited in time before it has to be renewed. Such a certificate can also be recalled and “de-validated”.

“r3.o.lencr.org” is one of the security servers of the Let’s Encrypt organisation, which is used to publish data on revoked certificates.

We use this certificate check for your security. Your browser checks whether our certificate is still validated at the time the connection is established.

Function
Front-end security technology 
We use the best security solutions to protect our website (especially forms) and other parts of our infrastructure from unauthorised access, spam and automated access.

Processed data: usage data, metadata

Data subjects: users

Legal basis for processing: legitimate interests

Legitimate interests:

• Freedom from maintenance: our legitimate interest in using low-maintenance or maintenance-free technology. This guarantees a consistently high level of security for the services;
• Development outsourcing: our legitimate interest in not having to develop all services ourselves, and instead using highly complex services operated by third parties;
• Security: our legitimate interest in securing our services against unauthorised and malicious access.

Domains affected: r3.o.lencr.org, r10.o.lencr.org, r11.o.lencr.org 

Provider information
ISRG (Internet Security Research Group); 548 Market St PMB 77519 San Francisco CA 94104-5401 USA,https://letsencrypt.org/privacy/

This provider may process data outside the scope of the European Union. Let’s Encrypt is a free, automated and open certification authority for SSL certificates – among other things – which increase the security of the website through encryption. An SSL certificate is used to transfer the website data securely when it is called up by the browser. SSL stands for “Secure Sockets Layer”. This means that there is a protocol between the web server and the client (user) that encrypts the data

LinkedIn Corp.
LinkedIn Marketing

Subsequent to approval

Information and description
LinkedIn Marketing is a (re)marketing network that delivers targeted advertising via the social network bearing the same name.

Function
Marketing
We process personal data for online marketing purposes. This includes, in particular, the presentation of advertising content that corresponds to the potential interests of the user.

We use the “Google Ads” advertising network for this purpose. To this end, so-called user profiles are created and assigned to the user’s end device by means of a cookie (see above).

These cookies can later be read and analysed on websites that use the same marketing provider.

In particular, data – such as websites visited, content viewed and online networks used – may be used for profiling purposes. However, it is also possible to record communication partners and – if the user allows this – the user’s location.

The user’s IP addresses are also stored, whereby IP masking is applied.

Processed data:  usage data, metadata, geodata

Data subjects: users

Legal basis for processing: consent (where requested)

Domains affected: snap.licdn.com, www.linkedin.com, px.ads.linkedin.com

Provider information 
LinkedIn Corp; For the EU: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland Parent company: LinkedIn Corp. 605 W Maude Ave, Sunnyvale, CA 94085, USA, https://www.linkedin.com/legal/privacy-policy

External platforms
Social media

In order to be able to communicate effectively with our (potential) customers and other interested parties, and to offer them an obvious point of contact and information, we maintain a presence on a number of social media platforms. We would like to draw your attention to the fact that when using social media, data may be processed outside the European Union, which may result in risks for the user with regard to the enforcement of their rights.

Social media platforms regularly analyse the behaviour of their users for marketing purposes. In doing so, they create extensive profiles concerning the interests and usage behaviour of their users, in order to display personalised advertising. By setting cookies and integrating them on third-party sites, information can also be collected that goes beyond the direct use of the social network. 
In particular, information may also be collected about the end device used, the Internet connection (IP address) and, if applicable, the user’s location.

We would like to point out that only the providers of these networks have access to the data collected about the user; a request for information should, therefore, be addressed to them to ensure maximum efficacy. Details and further data protection information on the social networks used can be found below.

Facebook
We have a presence on the social network, Facebook.

We would like to point out that you use this Facebook page and its functions within the scope of your own responsibility. This shall apply, in particular, to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information provided on this page on our website.

When you visit our Facebook page, Facebook collects – among other things – 
your IP address and other information that is stored on your PC in the form of cookies. 
This information is used to provide us, as the operator of the Facebook pages, with 
statistical information about the use of the Facebook page. Facebook provides more information on this at the following URL: 
http://https://facebook.com/legal/terms/page_controller_addendum

The data collected about you in this context is processed by Facebook Ltd., and may be transferred to countries outside the European Union. As to what information Facebook receives and how it is used is described by Facebook in general terms in its data usage guidelines. There, you will also find information on how to contact Facebook and the settings options for adverts. The data usage guidelines are available at the following URL: 
http://facebook.com/about/privacy 
You can find Facebook’s complete data policy here:
https://facebook.com/privacy/policy/

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union.

If you visit one of our social media sites (e.g. Facebook), you trigger the processing of your personal data during such a visit.

In such a case, we shall be jointly responsible with the operator of the respective social network for the data processing operations within the meaning of Art. 26 GDPR, provided that we actually make a joint decision with the operator of the social network regarding the data processing, and we also have an influence on the data processing itself.

Wherever possible, we have concluded agreements with the operators of the social networks on joint responsibility in accordance with Art. 26 GDPR, in particular, the so-called “Page Controller Addendums” of Facebook Ireland Ltd.

You may assert your rights (right of disclosure pursuant to Art. 15 GDPR, right to rectification pursuant to Art. 16 GDPR, right to deletion pursuant to Art. 17 GDPR, right to the restriction of processing pursuant to Art. 18 GDPR, right to data portability pursuant to Art. 20 GDPR and right to lodge a complaint pursuant to Art. 77 GDPR) both against us and against the operator of the respective social network (e.g. Facebook).

Please note that, despite our joint responsibility with the operators of social networks in accordance with Art. 26 GDPR, we do not enjoy comprehensive influence on the data processing of the individual social networks. The company policy of the respective provider has a significant influence on the options at our disposal.

In the event of the assertion of data subject rights, we could only forward these requests to the operator of the social network.

Facebook does not conclusively (and clearly) state how it uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, and we are not aware of this.

When you access a Facebook page, the IP address assigned to your end device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (for example, as part of the “login notification” function); Facebook may thus be able to assign IP addresses to individual users.

If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your end device. This may enable Facebook to understand that you have visited this page and how you have used it (e.g. through a referrer header).

If you want to prevent Facebook from drawing these conclusions or wish to prevent Facebook from assigning the visit to our Facebook presence to your profile, you can use a private window of your browser, for example, as no cookies are set in this window.

As the provider of the information service, we do not collect or process any other data from your use of our service. You can find the current version of this Privacy Policy under “Data Policy” on our Facebook page.

Provider information 
Meta Platforms Ireland Limited, Meta Platforms Ireland Limited 4 Grand Canal Square Dublin 2 Ireland Company registration number: 462932, http://facebook.com/about/privacy

Subsidiary of:

Meta Platforms, Inc.
One Hacker Way
Menlo Park, CA 94025
USA

Use
We use this platform to fulfil the following functions.

Social media
In order to be able to communicate effectively with our (potential) customers and other interested parties, and to offer them an obvious point of contact and information, we maintain a presence on a number of social media platforms.

Our website may display elements which, when clicked, lead users to the respective presence on social media (icon links etc.).

Processed data: usage data, metadata, content data, contact data, inventory data, geodata

Data subjects: users, communication partners

Legal basis for processing: legitimate interests

Legitimate interests:

• Customer communication and support: our legitimate interest in direct, straightforward communication with our (potential) customers; possibly also in an environment they already use, as well as our legitimate interest in being able to offer customer-oriented support at this point.

LinkedIn
We have a presence on the social network LinkedIn, which is used, in particular, for professional networking.

We would like to point out that you use this LinkedIn page and its functions within the scope of your own responsibility. This shall apply, in particular, to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information provided on this page on our website.

When you visit our LinkedIn page, LinkedIn collects – among other things – 
your IP address and other information that is stored on your PC in the form of cookies. 
LinkedIn provides more information on this point at the following URL: 
https://linkedin.com/legal/privacy-policy?

Provider information
LinkedIn Corp., Für die EU: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland Mutterunternehmen: LinkedIn Corp. 605 W Maude Ave, Sunnyvale, CA 94085, USA, https://www.linkedin.com/legal/privacy-policy

Use
We use this platform to fulfil the following functions.

Social media
In order to be able to communicate effectively with our (potential) customers and other interested parties, and to offer them an obvious point of contact and information, we maintain a presence on a number of social media platforms.

Our website may display elements which, when clicked, lead users to the respective presence on social media (icon links etc.).

Processed data: usage data, metadata, content data, contact data, inventory data, geodata

Data subjects: users, communication partners

Legal basis for processing: legitimate interests

Legitimate interests: 

• Customer communication and support: our legitimate interest in direct, straightforward communication with our (potential) customers; possibly also in an environment they already use, as well as our legitimate interest in being able to offer customer-oriented support at this point.

Instagram
We operate a page on the social network, Instagram. 
We would like to point out that you use this Instagram page and its functions within the scope of your own responsibility. This applies, in particular, to the use of interactive functions (e.g. commenting or rating). 
When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. 
This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. The data collected about you in this context will be processed by Instagram Inc., and may be transferred to countries outside the European Union. 
As to what information Instagram receives and how it is used is described in general terms in Instagram’s privacy policy. There, you will also find information about contact options for Instagram and other options for making settings regarding the display of targeted advertising. 
https://help.instagram.com/519522125107875

Instagram does not conclusively (and clearly) state how Instagram uses the data from visits to Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Instagram stores this data and whether data from a visit to the Instagram page is passed on to third parties, and we are not aware of this. 
When you access an Instagram page, the IP address assigned to your device is transmitted to Instagram. According to Instagram, this IP address is anonymised – after processing – (for “German” IP addresses) and deleted after 90 days. 
Instagram also stores information about the end devices of its users (for example, as part of the “login notification” function); Instagram may thus be able to assign IP addresses to individual users. If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is stored on your end device. This enables Instagram to understand that you have visited this page and how you have used it. This also applies to all other Instagram pages. 
Instagram may also be able to assign the visit to our website to your profile, for example, by reading the so-called “referrer header”. If you wish to avoid this, you must adjust the cookie settings of your browser or delete the corresponding cookies of the provider. Alternatively, you can increase protection against tracking by using a private window in your browser. 
As the provider of the information service, we do not collect or process any other data from your use of our service.You can find the current version of this privacy policy under “Data policy” on the respective Instagram page.

Provider information
Meta Platforms Ireland Limited, Meta Platforms Ireland Limited 4 Grand Canal Square Dublin 2 Ireland Company registration number: 462932, http://facebook.com/about/privacy

Subsidiary of:

Meta Platforms, Inc.
One Hacker Way
Menlo Park, CA 94025
USA

Use
We use this platform to fulfil the following functions.

Social media
In order to be able to communicate effectively with our (potential) customers and other interested parties, and to offer them an obvious point of contact and information, we maintain a presence on a number of social media platforms.

Our website may display elements which, when clicked, lead users to the respective presence on social media (icon links etc.).

Processed data: usage data, metadata, content data, contact data, inventory data, geodata

Data subjects: users, communication partners

Legal basis for processing: legitimate interests

Legitimate interests:

• Customer communication and support: our legitimate interest in direct, straightforward communication with our (potential) customers; possibly also in an environment they already use, as well as our legitimate interest in being able to offer customer-oriented support at this point.

Rights of the data subjects
The data subjects are entitled to rights, about which we would like to inform you below.

• Right to lodge an objection (Art. 21 GDPR): you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on lit. e or f of Art. 6 (1) GDPR – including profiling based on those provisions. Should your personal data be processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right to the disclosure of information (Art. 15 GDPR): you have the right to request confirmation as to whether the data in question is being processed and for information about this data, as well as for further information and a copy of the data in accordance with the legal requirements.
• Right to rectification (Art. 16 GDPR): in accordance with prevailing legal requirements, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
• Right to deletion and restriction of processing (Art. 17, 18 GDPR): in accordance with prevailing legal requirements, you have the right to demand that data concerning you be deleted immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the legal requirements.
• Right to data portability (Art. 20 GDPR): you have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request its transmission to another data controller.
• Lodge a complaint with a supervisory authority (Art. 77 GDPR): you also have the right, in accordance with the statutory provisions, to lodge a complaint with a supervisory authority, in particular, in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
• Right to withdraw consent (Art. 7 [3] GDPR): you have the right to withdraw your consent from the data controller at any time.

Glossary
Below you will find a list with explanations of the most frequently used terms in this context.

Personal data
“Personal data” denotes any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 No. 1 GDPR)

Processing
“Processing” denotes any operation (or set of operations) performed on personal data (or on sets of personal data) – whether or not by automated means – such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise rendering available, alignment or combination, restriction, erasure or destruction (cf. Art. 4 No. 2 GDPR).

Data controller
“Data controller” refers to the natural person or legal entity, public authority, agency or other body which – either alone or jointly with others – determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by Union or Member State law (cf. Art. 4 No. 7 GDPR).

Processor
“Processor” is a natural person or legal entity, public authority, agency or other body which processes personal data on behalf of the data controller (cf. Art. 4 No. 8 GDPR).

Click tracking
“Click tracking” allows us to track whether (and on which button) a user has clicked, where this click has led the user and, if applicable, from which page of the online offer the click originated.