Skip to content

Privacy policy

Protecting your personal data is a central concern of the HOMAG Group.

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the HOMAG Group AG. The use of the Internet pages of the HOMAG Group AG is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the HOMAG Group AG. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, the HOMAG Group AG has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

With the following privacy policy we would like to inform you which types of your personal data (hereinafter also abbreviated as "data") we process for which purposes and in which scope. The privacy statement applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

Name and Address of the controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

HOMAG Group AG
Homagstr. 3-5
72296 Schopfloch
Germany
Phone: +49 7443 130 0
Email: info@homag.com
Website: www.homag.com

Name and Address of the Data Protection Officer

The Data Protection Officer of the controller is:

Data Protection Officer
Norbert Mensak
HOMAG Group AG
Homagstr. 3-5
72296 Schopfloch
Germany
Phone: +49 7443 13 2405
Email: norbert.mensak@homag.com
Website: www.homag.com

Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

Kontaktdaten Datenschutzbeauftragter/Contact Details Data Protection Officer:

HOMAG Kantentechnik GmbH
Data Protection Officer
Weststraße 2
32657  Lemgo
datenschutz-lemgo@homag.com

Kontaktdaten Datenschutzbeauftragter/Contact Details Data Protection Officer:

HOMAG Plattenaufteiltechnik GmbH
Data Protection Officer
Holzmastr. 3
75365  Calw-Holzbronn 
datenschutz-holzbronn@homag.com

Norbert Mensak
Data Protection Officer
Telefon: +49 7443 13 2405
norbert.mensak@homag.com

Kontaktdaten Datenschutzbeauftragter/Contact Details Data Protection Officer:

HOMAG Automation GmbH
Data Protection Officer
Ligmatechstr. 1
09638 Lichtenberg
datenschutz@homag-automation.com

Norbert Mensak
Data Protection Officer
Telefon: +49 7443 13 2405
norbert.mensak@homag.com

Datenschutzbeauftragter/Contact Details Data Protection Officer:

HOMAG Bohrsysteme GmbH
Data Protection Officer
Benzstraße 10-16
33442 Herzebrock-Clarholz
datenschutz-herzebrock@homag.com

Kontaktdaten Datenschutzbeauftragter/Contact Details Data Protection Officer:

WEINMANN Holzbausystemtechnik GmbH
Data Protection Officer
Forchenstr. 50
72813 St. Johann
datenschutz@weinmann-partner.de

Yanik Kiermeier
Managing Director
2 Gambas Crescent
#08-17 Nordcom ll
Singapore 757044
Tel.: +65 63698183
Yanik.Kiermeier@homag.com

HOMAG Asia External Data Protection Notice

Thorsten Kubatzki
Managing Director / Geschäftsführer
4894 Oberhofen am Irrsee
Österreich
Tel.: +43 6213 20202-0
Thorsten.Kubatzki@homag.com

You can contact us through our privacy policy officer with requests or enquiries as follows:

privacy@homag.com.au
Phone: +61 2 8865 2700By 
Fax: +61 2 8865 2798
Privacy Officer
HOMAG Australia Pty Ltd
P.O. Box 4187
Marayong NSW 2148

Ross Campbell 
Managing Director
6-8 Tasha Place, Kings Park
NSW 2148 Sydney
Tel.: +61 2 8865 2700
sales-australia@homag.com
ross.campbell@homag.com.au

Mary Ablamowicz
Assistant Controller/HR Manager
HOMAG Canada Inc.
5090 Edwards Blvd.
Mississauga, ON L5T 2W3
(905) 670-1700 ext. 2603
mary.ablamowicz@homag-canada.ca

Kirsten Hess Jakobsen 
HR Manager
Hjaltevej 12, 8464 Galten
Tel.: +45 86 94 60 00
kirstenhess.jakobsen@homag.com

Thorsten Linke
Managing Director / Geschäftsführer
Polig. Ind. LLinars Park 
C\ De la Química, 27-30
08450 LLinars del Vallés (Barcelona)
Tel.: +34 937017100
Thorsten.Linke@homag.com

Joël Durr
Managing Director / Geschäftsführer
1 rue de Madrid 
67300 Schiltigheim
Tel.: +33 3 90 22 09 20
joel.durr@homag.com

Venkataramana Gorti
Managing Director / Geschäftsführer
Plot No.285, Rajdhani Industrial Park
Road No.7, KIADB 4th Phase,
Dabaspet Industrial Area
Billenkote Village
Bengaluru – 562 111
INDIA
Tel.: +91 8069495656
info-india@homag.com

Martha Brambilla
Managing Director / Geschäftsführer
Via Vivaldi 16 
20833 Giussano – MB 
Italien
Tel.: +39 0362 868 200
Martha.Brambilla@homag.com

Udo Mauerer
Naoshi Suzuki
Managing Director / Geschäftsführer
Higashiosaka-shi 
5780981 Osaka Pref. 
Japan
Tel.: +81 729 603560 
Fax: +81 729 603562
sales-japan@homag.com

Joanna Panek
HR Business Partner / Kadry
Tel.: +48 61 647 45 82
joanna.panek@homag.com

ul. Prądzyńskiego 24
63-000 Środa Wielkopolska

 

Andreas Kofel
Managing Director / Geschäftsführer
Haldenstrasse 6
8181 Höri
Tel.: +41 44 8725188
andreas.kofel@homag-schweiz.ch

Mathias Runk
Data Protection Officer
Av. Ibirama, 450 06785-300 
Taboao da Serra – SP
Brasil
Tel.: +55 11 4138 90 00
vendas@homag.com.br

Simon Brooks 
Managing Director / Geschäftsführer
10c Sills Road
Willow Farm Business Park
Derby, DE74 2US
United Kingdom
Tel.: +44 1332 856500 
info-uk@homag.com

Jason Pan
Marketing
685 Fangta North Road
Songjiang District
Shanghai, China
Tel: +86 21 6427 3895
jun.pan@homag.com.cn

René Schwalm
Managing Director / Geschäftsführer
Southern Industrial Zone, bul. "Kuklensko Shose" 60
4004 Plovdiv
Bulgaria

Rene.Schwalm@homag.com
Tel. +49 7443 13-2569

Overview of processing operations

The following table summarises the types of data processed, the purposes for which they are processed and the concerned data subjects.

Categories of Processed Data

Categories of Data Subjects

Purposes of Processing

Automated Individual Decision-Making

Legal Bases for the Processing

In the following, you will find an overview of the legal basis of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions of your or our country of residence or domicile may apply. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

In addition to the data protection regulations of the General Data Protection Regulation, national regulations apply to data protection in Germany. This includes in particular the Law on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated individual decision-making, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, execution or termination of employment relationships as well as the consent of employees. Furthermore, data protection laws of the individual federal states may apply.

Security Precautions

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing and separation of the data. In addition, we have established procedures to ensure that data subjects' rights are respected, that data is erased, and that we are prepared to respond to data threats rapidly. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and service providers, in accordance with the principle of privacy by design and privacy by default.

Masking of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not necessary, the IP address is shortened (also referred to as "IP masking"). In this process, the last two digits or the last part of the IP address after a full stop are removed or replaced by wildcards. The masking of the IP address is intended to prevent the identification of a person by means of their IP address or to make such identification significantly more difficult.

SSL encryption (https): In order to protect your data transmitted via our online services in the best possible way, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Transmission of Personal Data

In the context of our processing of personal data, it may happen that the data is transferred to other places, companies or persons or that it is disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are embedded in a website. In such a case, the legal requirements will be respected and in particular corresponding contracts or agreements, which serve the protection of your data, will be concluded with the recipients of your data.

Data Transmission within the Group of Companies: We may transfer personal data to other companies within our group of companies or otherwise grant them access to this data. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate business and economic interests or otherwise, if it is necessary to fulfill our contractual obligations or if the consent of the data subjects or otherwise a legal permission is present.

Joint CRM system that we operate as Joint Controller

The companies of the Dürr Group - which include the HOMAG Group - operate a joint customer database (CRM system) and to this extent act as Joint Controllers within the meaning of Art. 26 DSGVO (also referred to as Joint Controllers).     
You can view the companies of the Dürr Group here https://www.durr-group.com/fileadmin/durr-group.com/Home/duerr-privacy-notice.pdf. In principle, the data is stored for as long as is necessary for the purpose of collection or required by law, or if we have a legitimate interest in storing it, for example legal enforcement.     
If this involves transferring data to Dürr companies outside the EEA, we rely on the standard contractual clauses of the EU Commission. We also refer to the explanations on "Data Processing in Third Countries".    
The CRM system is provided by Salesforce. The storage location is the EU. A transfer of data to companies of the Salesforce Group outside the EEA is not excluded (see details on Salesforce below).      
Internally, we have distributed responsibilities in a contract as follows: Data subjects can contact all jointly responsible parties to exercise data subject rights (see details on data subject rights under "Data subject rights").     
The Dürr Group company to which you have provided your data will nevertheless act as your first point of contact. Responsible for the information obligations under Art. 13 f. DSGVO is Dürr Systems AG, which is the lead operator of the CRM system. The jointly responsible parties are responsible for fulfilling the required notification obligations and maintaining documentation within the scope of their area of activity, for obligating employees to confidentiality and informing them of their obligations under data protection law, and for ensuring technical and organizational security in data processing.  

Service provider: salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 München, Germany; Website:https://www.salesforce.comPrivacy Policy: https://www.salesforce.com/company/privacy/Data Processing Agreement: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdfStandard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/scc-amendment.pdfFurther Information: Data Protection Impact Assessments & Salesforce Services: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Privacy/dpia-and-salesforce-services.pdf.

International data transfers

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third party services or disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.

Subject to express consent or transfer required by contract or law, we process or have processed the data only in third countries with a recognised level of data protection, on the basis of special guarantees, such as a contractual obligation through so-called standard protection clauses of the EU Commission or if certifications or binding internal data protection regulations justify the processing (Article 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place within the scope of using services of third parties or the disclosure or transmission of data to other persons, bodies or companies, this only occurs in compliance with legal requirements.

Subject to explicit consent or contractually or legally required transmission (see Art. 49 GDPR), we process or have the data processed only in third countries with a recognized level of data protection (Art. 45 GDPR), when contractual obligations are observed and adhered to by so-called standard protection clauses of the EU Commission (Art. 46 GDPR) or when certifications or binding internal data protection regulations exist (see Art. 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

EU-US Trans-Atlantic Data Privacy Framework: Within the context of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA as secure within the adequacy decision of 10th July 2023. The list of certified companies as well as additional information about the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you which of our service providers are certified under the Data Privacy Framework as part of our data protection notices.

Erasure of data

The data processed by us will be erased in accordance with the statutory provisions as soon as their processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or they are not required for the purpose).

If the data is not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data will be restricted and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or for which storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

In the context of our information on data processing, we may provide users with further information on the deletion and retention of data that is specific to the respective processing operation.

Use of Cookies

Cookies are small text files or other data records that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the contents accessed or the functions used. Cookies can also be used for various purposes, e.g. for purposes of functionality, security and convenience of online offers as well as the creation of analyses of visitor flows.

Information on consent: We use cookies in accordance with the statutory provisions. Therefore, we obtain prior consent from users, except when it is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is strictly necessary in order to provide an information society service explicitly requested by the subscriber or user. The revocable consent will be clearly communicated to the user and will contain the information on the respective cookie use.

Information on legal bases under data protection law: The legal basis under data protection law on which we process users' personal data with the use of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in a business operation of our online services and improvement of its usability) or, if this is done in the context of the fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. For which purposes the cookies are processed by us, we do clarify in the course of this privacy policy or in the context of our consent and processing procedures.

Retention period: With regard to the retention period, a distinction is drawn between the following types of cookies:

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also file an objection to processing in accordance with the legal requirements in Art. 21 DSGVO (further information on objection is provided as part of this privacy policy).  Users can also declare their objection by means of the settings of their browser, e.g. by deactivating the use of cookies (whereby this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes, can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, users can receive further objection notices from us at appropriate points as part of the information on the service providers and cookies used.

Cookie Settings/ Opt-Out:

You can change your cookie settings at any time.

Further information on processing methods, procedures and services used:

You can change your cookie settings at any time.

Cookies

CookieTechnologyDescription
PHPSESSID  
be_typo_user  
phpMyAdmin  
fe_typo_user
Typo3Essential:  
These cookies are necessary for the operation of the website
_ym  
_isad  
_ym  
_visorc  
_44039124  
i  
yabs-sid  
yandexuid  
ymex  
yuidss
YandexAnalytics:  
These cookies make it possible to analyze your use of this website by assigning your device a unique, randomly generated ID, which we use to recognize your device the next time you visit us. (For further details and opt-out options see data protection declaration)
cc_essential  
cc_functional  
cc_analytics  
cc_marketing
Cookie ConsentEssential:  
Your consent to which cookies you accept will be saved as a cookie.
JSESSIONID  
acceleratorSecureGUID  
anonymous-consents  
homagstorefrontRememberMe  
ROUTE  
anonymous-consents  
cookie-notification  
ShopEssential:  
shop.homag.com  
These cookies are necessary for the operation of the website
homag-de-cart  
homag-en-cart
ShopFunctional:  
shop.homag.com  
These cookies are used to improve the user experience in our shop
last-activity  
last-visit  
np_notices displayed
ForumFunctional:  
forum.homag.com  
These cookies are used to improve the user experience in our forum
OptanonconsentCookie-Compliance-Tool (OneTrust)Essential:  
This cookie is set by OneTrust's cookie compliance solution. It stores information about the categories of cookies that the website uses and whether visitors have given or withdrawn their consent to the use of each category.
eupubconsentCookie-Compliance-Tool (OneTrust)Essential:  
This cookie is set on all pages by the cookie compliance tool OneTrust. It stores the information whether a user rejects cookies, so that the query is not displayed again on every page
Name of cookieType of cookieName of applicationPurpose of cookieStorage duration
LSKey-c$CookieConsentPolicyRequiredPardot WebshopUsed to apply the end user’s cookie settings determined by our client service program. Salesforce Lightning uses LSKey[<namespace>] as a prefix.1 year
OidRequiredPardot WebshopUsed to direct a user to the correct Salesforce organization and to help the user with the next login.2 years
clientSrcRequiredPardot WebshopUsed for security purposes.Until the end of the session
SidRequiredPardot WebshopUsed to validate the user’s session.Until the end of the session
InstRequiredPardot WebshopUsed to direct requests to an instance when bookmarks and hard-coded URLs send requests to another instance. This type of forwarding can take place after an organizational migration, a division, or a URL update.Until the end of the session
pctrkRequiredPardot WebshopUsed to distinguish guest users from one another. No user information is stored.1 year
force-proxy-streamRequiredPardot WebshopEnsures that client requests reach the same proxy hosts and that content from the cache is very likely to be accessed.1 hour
BrowserId_secRequiredPardot WebshopUsed for security purposes. Makes it possible to track several login attempts from the same browser in order to identify threads and malicious players (HTTPS).1 year
CookieConsentPolicyRequiredPardot WebshopUsed to implement the end user’s cookie settings determined by our client service program.1 year
force-streamRequiredPardot WebshopUsed to direct server requests for sticky sessions.1 year
sid_ClientRequiredPardot WebshopUsed to validate orgid and userid on the client side.Until the end of the session
RRetURLRequiredPardot WebshopUsed for “Login as” to return to the original page.Until the end of the session
BrowserIdRequiredPardot WebshopUsed for security purposes. Makes it possible to track several login attempts from the same browser in order to identify threads and malicious players (HTTPS).1 year
sfdc-streamRequiredPardot WebshopUsed to transfer server requests correctly within the Salesforce infrastructure for sticky sessions.1 hour
RSIDRequiredPardot WebshopUsed to allow an admin user to log in as one of their organization’s users.Until the end of the session
renderCtxRequiredPardot WebshopUsed to store site parameters in the session for reuse via requests from an individual client for functional and performance reasons.Until the end of the session
visitor_id<accountid>AnalysisPardot SalesforceThe visitor cookie contains a unique visitor ID and a unique identifier for your account. For example, the cookie named visitor_id12345 stores the visitor ID 1010101010. The account identifier 12345 ensures that the visitor is tracked via the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is stored for visitors by the Pardot tracking code.180 days
pi_opt_in<accountid>RequiredPardot SalesforceIf the opt-in settings for tracking are activated, the pi_opt_in cookie is stored with an “or” value if the visitor decides for or against tracking. When a visitor logs in, the value is set to “true” and the visitor is given a cookie and is tracked. When the visitor logs out or ignores the opt-in banner, the value of the opt-in cookie is set to “false.” The visitor cookie is deactivated, and the visitor is not tracked.180 days
visitor_id<accountid>-hashAnalysisPardot SalesforceThe visitor hash cookie contains an account ID and stores a unique hash. For example, the cookie named visitor_id12345-Hash stores the hash "855c3697d9979e78ac404c4ba2c66533” and the account ID is 12345. This cookie is a security measure to prevent malicious users from pretending to be visitors to Pardot and from accessing information about potential customers.180 days
lpv<accountid>AnalysisPardot SalesforceThis LPV cookie is stored to prevent Pardot from tracking several page calls for a single asset during a 30-minute session. For example, if a visitor reloads a destination page several times during a period of 30 minutes, this cookie prevents every reload of the page from being tracked as a page call.Until the end of the session
PardotRequiredPardot SalesforceA session cookie with the name pardot is stored in your browser while you are logged into Pardot as a user or when a visitor accesses a form, a destination page, or a page with a Pardot tracking code. The cookie identifies an active session and is not used for tracking.Until the end of the session
x-ms-cpim-adminFunctionalityAzure ADContains cross-client data on the user’s membership: Clients that a user belongs to and the level of membership (“admin” or “user”).End of the browser session
x-ms-cpim-sliceFunctionalityAzure ADFor transferring requests to the corresponding production instance.End of the browser session
x-ms-cpim-transFunctionalityAzure ADFor tracking transactions (number of authentication requests to Azure AD B2C) and the current transaction.End of the browser session
x-ms-cpim-sso:{Id}FunctionalityAzure ADFor managing the session with single sign-on (SSO). This cookie is set to persistent if persistent is activated.End of the browser session
x-ms-cpim-cache:{id}_nFunctionalityAzure ADFor managing the request status.End of the browser session, successful authentication
x-ms-cpim-csrfFunctionalityAzure ADToken for cross-site request forgery (CSRF) to protect against CSRF attacks.End of the browser session
x-ms-cpim-dcFunctionalityAzure ADFor Azure AD B2C network routing.End of the browser session
x-ms-cpim-ctxFunctionalityAzure ADContextEnd of the browser session
x-ms-cpim-rpFunctionalityAzure ADFor storing membership data for the resource provider client.End of the browser session
x-ms-cpim-rcFunctionalityAzure ADFor storing the relay cookie.End of the browser session
ComponentDefStorage__MUTEX_X,  
GlobalValueProviders__MUTEX_X,  
GlobalValueProviders__MUTEX_Y
Marketingshop.homag.comUsed to track users on several websites to display relevant advertising based on the user’s preferences.Persistent
cc_youtubeTechnically requiredYouTubePart of the two-click solution for the GDPR-compliant use of plugins; used for the recording and recognition of those users who have given their consent to the transfer of data via the plugin concerned.6 months
IDEMarketingGoogleAdsContains a randomly generated user ID. Using this ID, Google can recognize the user on different websites across different domains and display personalized ads.1 year
test_cookieMarketingGoogleAdsContains a randomly generated user ID. Using this ID, Google can recognize the user on different websites across different domains and display personalized ads.15 minutes
_gcl_awMarketingGoogleAdsThis cookie is set when a user accesses the website by clicking a Google advertisement. It contains information about which advertisement was clicked, enabling successes such as orders or contact requests to be assigned to the advertisement.90 days
_gcl_auMarketingGoogleAdsGoogle AdSense uses this cookie to adjust the advertising efficiency on websites that use its services (the cookie contains a randomly generated user ID).3 months
NIDMarketingGoogleAdsUsed to adapt advertising to Google searches. The cookie includes a unique ID that enables Google to collect users’ personal settings for advertising purposes.6 months
1P_JARMarketingGoogleAdsThis cookie collects statistics on website use and measures conversions. The cookie is also used to display relevant ads to users.30 days
OTZMarketingGoogleAdsUsed to support Google’s advertising services.1 month
DVMarketingGoogleAdsUsed to support Google’s advertising services.1 day
_gcl_gsMarketingGoogleAdsThis cookie is set when a user clicks on a Google ad to access the website. It contains information about which ad was clicked, so that achieved successes, such as orders or contact requests, can be attributed to the ad.90 days
ORA_FND_SESSION__FTechnically requiredOracle CloudThis is a session cookie set by Oracle Cloud or middleware for tracking web sessions and routing traffic to the right servers.End of browser session
ORA_FND_SESSION__GSI_FTechnically requiredOracle CloudThis is a session cookie set by Oracle Cloud or middleware for tracking web sessions and routing traffic to the right servers.End of browser session
ORA_FUSION_PREFSTechnically requiredOracle CloudThis is a session cookie set by Oracle Cloud or middleware for tracking web sessions and routing traffic to the right servers.End of browser session
JSESSIONIDTechnically requiredOracle CloudThis is a session cookie set by Oracle Cloud or middleware for tracking web sessions and routing traffic to the right servers.End of browser session
OAMAuthnHintCookieTechnically requiredOracle CloudThis is a session cookie set by Oracle Cloud or middleware for tracking web sessions and routing traffic to the right servers.End of browser session
OAM_REQ_0Technically requiredOracle CloudThis cookie is set by Oracle Cloud or middleware to track career site resource access. This cookie is secure and http only.End of browser session
OAM_REQ_COUNTTechnically requiredOracle CloudThis cookie is set by Oracle Cloud or middleware to track career site resource access. This cookie is secure and http only.End of browser session
OAM_REQ_1Technically requiredOracle CloudThis cookie is set by Oracle Cloud or middleware to track career site resource access. This cookie is secure and http only.End of browser session
ECID-ContextTechnically requiredOracle CloudThis cookie indicates execution context for http calls between career site and core product.End of browser session
_cookieAcceptAnalyticsCookiebanner OracleThis cookie is used for user tracking purposes. It indicates whether the user accepted nonessential cookies.90 days
ORA_CX_USERID - GUIDAnalyticsOracle CloudThis cookie is used for user tracking purposes. It holds the user ID.90 days
ORA_CANDIDATE_NUMBERAnalyticsOracle CloudThis cookie is used for user tracking purposes. It holds the candidate number.90 days
ORA_CX_SITE_LANGFunctionalityOracle CloudThis cookie is used to store the candidate language preference. Next time the candidate visits the career site that it will be loaded in the user preferred language.7 days
ORA_CX_DEVICEIDFunctionalityOracle CloudThis cookie is used for the Keep Me Signed In feature. It's used to recognize the device used by the candidate to allow automated verification of candidate when Keep Me Signed In option was selected in the past on the same device. This cookie isn't tied to the cookie consent.3 months
ORA_FPCAnalyticsOracle CloudThis cookie is used for user tracking purposes.1 year
ORA_EVENTAnalyticsOracle CloudThis cookie is used for user tracking purposes.End of browser session
verificationTokenAnalyticsOracle CloudStores the token needed for session persistence in the partner assessment flow.4 hours
idsrv.sessionTechnically required StreamboxyImplementation LoginEnd of the browser session
idsrv.externalTechnically required StreamboxyImplementation LoginEnd of the browser session
.AspNetCore.Correlation.<sessionid></sessionid>Technically required StreamboxyImplementation LoginAfter successful login
.AspNetCore.Identity.ApplicationTechnically required StreamboxyImplementation LoginEnd of the browser session
.AspNetCore.OpenIdConnect.Nonce.<sessionid></sessionid>Technically required StreamboxyImplementation LoginAfter successful login
_pk_id.<websiteID>.<domainHash>AnalysisPiwik PROThis cookie matches all activities of one user with a specific user ID. The ID is randomly generated during a user's first visit to our website and does not allow us to identify the individual.13 months
_pk_ses.<websiteID>.<domainHash>AnalysisPiwik PROThis cookie indicates an active session of the visitor.30 minutes
stg_last_interactionAnalysisPiwik PROIndicates whether the user's last session is still current or a new session has been startet1 year
stg_returning_visitorAnalysisPiwik PROIndicates whether the user is already visiting the website in which case he is a "returning visitor"1 year
li_fat_idMarketingLinkedInThis cookie is an indirect identifier for members that is used for conversion tracking, retargeting, and analyses.30 days
lidcMarketingLinkedInThis cookie facilitates data center selection.24 hours
bcookieMarketingLinkedInBrowser identifier2 years
UserMatchHistoryMarketingLinkedInThis cookie synchronizes the IDs of LinkedIn ads.30 days
li_giantMarketingLinkedInIndirect identifier for groups of LinkedIn members that is used for conversion tracking.7 days
BizographicsOptOutMarketingLinkedInThis cookie is used to determine the opt-out status for third-party tracking.10 years
langMarketingLinkedInThis cookie saves a user’s language setting to ensure that LinkedIn.com is displayed in the language the user selected in their settings.Session
li_gcMarketingLinkedInThis cookie saves the visitors’ consent to the use of nonessential cookies.6 months
li_mcMarketingLinkedInThis cookie is used as a temporary cache to avoid database queries concerning a member’s consent to the use of nonessential cookies. It is also used to provide consent information on the customer side to enforce the consent on the customer side.6 months
liapMarketingLinkedInDomains use this cookie without the “www” addition to indicate a member’s login status.1 year
sdscMarketingLinkedInThis is a signed context cookie for the data service. It is used for data base routing and is intended to ensure consistency across data bases in the event of changes. This ensures that user inputs are available to the sending user immediately after submission.Session
AnalyticsSyncHistoryMarketingLinkedInThis cookie saves the time when synchronization with the “lms_analytics cookie” took place.30 days
lms_adsMarketingLinkedInThis cookie identifies logged-off LinkedIn members for LinkedIn ads.30 days
lms_analyticsMarketingLinkedInThis cookie identifies logged-off LinkedIn members for analytical purposes.30 days
bscookieMarketingLinkedInThis cookie remembers the status of the two-factor authentication of a logged-in user.1 year
li_sugrMarketingLinkedInCollects data about the behavior and interaction of visitors. This is used to otimize the website and make advertising on the website more relevant.90 days
__cf_bmRequiredMonotypeThis cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.1 day
_fbpMarketingFacebookUsed by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.3 months
cookie_optinRequiredTypo3Contains the selected tracking opt-in settings.1 year

Business services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") within the context of contractual and comparable legal relationships as well as associated actions and communication with the contractual partners or pre-contractually, e.g. to answer inquiries.

We process this data in order to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purpose of administrative tasks associated with these obligations and company organization. Furthermore, we process the data on the basis of our legitimate interests in proper and economical business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the scope of this privacy policy.

Which data are necessary for the aforementioned purposes, we inform the contracting partners before or in the context of the data collection, e.g. in online forms by special marking (e.g. colors), and/or symbols (e.g. asterisks or the like), or personally.

We delete the data after expiry of statutory warranty and comparable obligations, i.e. in principle after expiry of 4 years, unless the data is stored in a customer account or must be kept for legal reasons of archiving (e.g., as a rule 10 years for tax purposes). In the case of data disclosed to us by the contractual partner within the context of an assignment, we delete the data in accordance with the specifications of the assignment, in general after the end of the assignment.

If we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms shall apply in the relationship between the users and the providers.

Customer Account

Contractual partners can create a customer or user account. If the registration of a customer account is required, contractual partnerswill be informed of this as well as of the details required for registration. The customer accounts are not public and cannot be indexed by search engines. In the course of registration and subsequent registration and use of the customer account, we store the IP addresses of the contractual partners along with the access times, in order to be able to prove the registration and prevent any misuse of the customer account.

If customers have terminated their customer account, their data will be deleted with regard to the customer account, subject to their retention is required for legal reasons. It is the responsibility of the customer to secure their data upon termination of the customer account.

Online Shop and E-Commerce

We process the data of our customers in order to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery, or performance of other services. If necessary for the execution of an order, we use service providers, in particular postal, freight and shipping companies, in order to carry out the delivery or execution to our customers. For the processing of payment transactions we use the services of banks and payment service providers. The required details are identified as such in the course of the ordering or comparable purchasing process and include the details required for delivery, or other way of making the product available and invoicing as well as contact information in order to be able to hold any consultation.

Consulting

We process the data of our clients, clients as well as interested parties and other clients or contractual partners (uniformly referred to as "clients") in order to provide them with our consulting services. The data processed, the type, scope and purpose of the processing and the necessity of its processing are determined by the underlying contractual and client relationship.

Insofar as it is necessary for the fulfilment of our contract, for the protection of vital interests or by law, or with the consent of the client, we disclose or transfer the client's data to third parties or agents, such as authorities, courts, subcontractors or in the field of IT, office or comparable services, taking into account the professional requirements.

Project and Development Services

We process the data of our customers and clients (hereinafter uniformly referred to as "customers") in order to enable them to select, acquire or commission the selected services or works as well as associated activities and to pay for and make available such services or works or to perform such services or works.

The required information is indicated as such within the framework of the conclusion of the agreement, order or equivalent contract and includes the information required for the provision of services and invoicing as well as contact information in order to be able to hold any consultations. Insofar as we gain access to the information of end customers, employees or other persons, we process it in accordance with the legal and contractual requirements.

Software and Platform Services

We process the data of our users, registered and any test users (hereinafter uniformly referred to as "users") in order to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our offer and to develop it further. The required details are identified as such within the context of the conclusion of the agreement, order or comparable contract and include the details required for the provision of services and invoicing as well as contact information in order to be able to hold any further consultations.

Technical and Engineering services

We process the data of our customers and clients (hereinafter uniformly referred to as "customers") in order to enable them to select, acquire or commission the selected services or works as well as associated activities and to pay for and make available such services or works or to perform such services or works.

The required information is indicated as such within the framework of the conclusion of the agreement, order or equivalent contract and includes the information required for the provision of services and invoicing as well as contact information in order to be able to hold any consultations. Insofar as we gain access to the information of end customers, employees or other persons, we process it in accordance with the legal and contractual requirements.

Consulting

Insofar as it is necessary for our contractual performance or required by law, or if the consent of the customer has been obtained, we disclose or transfer the customer's data to third parties or agents, such as authorities, courts or in the field of IT, office or comparable services, in compliance with the contractual and legal requirements.

Credit Assessment

Insofar as we make advance payments or enter into comparable economic risks (e.g. when ordering on account), we reserve the right to obtain identity and credit information from specialised service providers (credit agencies) for the purpose of assessing the credit risk on the basis of mathematical-statistical procedures in order to safeguard legitimate interests.

We process the information received from credit agencies on the statistical probability of non-payment as part of an appropriate discretionary decision on the establishment, execution and termination of the contractual relationship. In the event of a negative result of the credit assessment, we reserve the right to refuse payment on account or any other advance payment.

In accordance with Article 22 GDPR, the decision as to whether we will provide goods or services prior to payment is made solely on the basis of an automated decision in the individual case, which our software makes on the basis of the information provided by the credit agency.

If we obtain the express consent of contractual partners, the legal basis for the credit information and the transmission of the customer's data to the credit agencies is consent. If no consent is obtained, the credit rating will be based on our legitimate interests in the security of our payment claims.

Further information on processing methods, procedures and services used:

Provision of online services and web hosting

In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers they manage) the online services can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.

The data processed within the framework of the provision of the hosting services may include all information relating to the users of our online services that is collected in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online services to browsers, and all entries made within our online services or from websites.

Further information on processing methods, procedures and services used:

Special Notes on Applications (Apps)

We process the data of the users of our application to the extent necessary to provide the users with the application and its functionalities, to monitor its security and to develop it further. Furthermore, we may contact users in compliance with the statutory provisions if communication is necessary for the purposes of administration or use of the application. In addition, we refer to the data protection information in this privacy policy with regard to the processing of user data.

Legal basis: The processing of data necessary for the provision of the functionalities of the application serves to fulfil contractual obligations. This also applies if the provision of the functions requires user authorisation (e.g. release of device functions). If the processing of data is not necessary for the provision of the functionalities of the application, but serves the security of the application or our business interests (e.g. collection of data for the purpose of optimising the application or security purposes), it is carried out on the basis of our legitimate interests. If users are expressly requested to give their consent to the processing of their data, the data covered by the consent is processed on the basis of the consent.

Further information on processing methods, procedures and services used:

Purchase of applications via Appstores

The purchase of our apps is done via special online platforms operated by other service providers (so-called "appstores"). In this context, the data protection notices of the respective appstores apply in addition to our data protection notices. This applies in particular with regard to the methods used on the platforms for webanalytics and for interest-related marketing as well as possible costs.

Further information on processing methods, procedures and services used:

Registration, Login and User Account

Users can create a user account. Within the scope of registration, the required mandatory information is communicated to the users and processed for the purposes of providing the user account on the basis of contractual fulfilment of obligations. The processed data includes in particular the login information (name, password and an e-mail address).

Within the scope of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users may be informed by e-mail of information relevant to their user account, such as technical changes.

Further information on processing methods, procedures and services used:

Community Functions

The community functions provided by us allow users to engage in conversations and other forms of interaction with each other. Please note that the use of the community functions is only permitted in compliance with the applicable legal situation, our terms and guidelines and the rights of other users and third parties.

Further information on processing methods, procedures and services used:

Single Sign-on Authentication

Single Sign-On" or "Single Sign-On Authentication or Logon" are procedures that allow users to log in to our online services using a user account with a provider of Single Sign-On services (e.g. a social network). The prerequisite for Single Sign-On Authentication is that users are registered with the respective Single Sign-On provider and enter the required access data in the online form provided for this purpose, or are already logged in with the Single Sign-On provider and confirm the Single Sign-On login via the button.

Authentication takes place directly with the respective single sign-on provider. Within the scope of such authentication, we receive a user ID with the information that the user is logged in with the respective single sign-on provider under this user ID and an ID that cannot be used for other purposes (so-called "user handle"). Whether we receive further data depends solely on the single sign-on procedure used, the data releases selected as part of authentication and also which data users have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the user's choice, there can be different data, usually the e-mail address and the user name. The password entered by the single sign-on provider as part of the single sign-on procedure is neither visible to us nor is it stored by us.

Users are requested to note that their data stored with us can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actual. If, for example, the e-mail addresses of users change, users must change these manually in their user account with us.

We can use single sign-on authentication, provided that it has been agreed with users in the context of pre-fulfillment or fulfilment of the contract, in the context of consent processing and otherwise use it on the basis of our legitimate interests and the interests of users in an effective and secure authentication system.

Should users decide to no longer want to use the link of their user account with the Single Sign-On provider for the Single Sign-On procedure, they must remove this link within their user account with the Single Sign-On provider. If users wish to delete their data from us, they must cancel their registration with us.

Further information on processing methods, procedures and services used:

Contact and Inquiry Management

When contacting us (e.g. via contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

The response to the contact inquiries as well as the management of contact and inquiry data in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries and maintaining user or business relationships.

Further information on processing methods, procedures and services used:

Communication via Messenger

We use messenger services for communication purposes and therefore ask you to observe the following information regarding the functionality of the messenger services, encryption, use of the metadata of the communication and your objection options.

You can also contact us by alternative means, e.g. telephone or e-mail. Please use the contact options provided to you or use the contact options provided within our online services.

In the case of encryption of content (i.e. the content of your message and attachments), we point out that the communication content (i.e. the content of the message and attachments) is encrypted end-to-end. This means that the content of the messages is not visible, not even by the messenger service providers themselves. You should always use a current version of the messenger service with activated encryption, so that the encryption of the message contents is guaranteed.

However, we would like to point out to our communication partners that although messenger service providers do not see the content, they can find out that and when communication partners communicate with us and process technical information on the communication partner's device used and, depending on the settings of their device, also location information (so-called metadata).

Information on Legal basis: If we ask communication partners for permission before communicating with them via messenger services, the legal basis of our processing of their data is their consent. Otherwise, if we do not request consent and you contact us, for example, voluntarily, we use messenger services in our dealings with our contractual partners and as part of the contract initiation process as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners for communication via messenger services. We would also like to point out that we do not transmit the contact data provided to us to the messenger service providers for the first time without your consent.

Withdrawal, objection and deletion: You can withdraw your consent or object to communication with us via messenger services at any time. In the case of communication via messenger services, we delete the messages in accordance with our general data retention policy (i.e. as described above after the end of contractual relationships, archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information provided by the communication partners, if no reference to a previous conversation is to be expected and there are no legal obligations to store the messages to prevent their deletion.

Reservation of reference to other means of communication: Finally, we would like to point out that we reserve the right, for reasons of your safety, not to answer inquiries about messenger services. This is the case if, for example, internal contractual matters require special secrecy or if an answer via the messenger services does not meet the formal requirements. In such cases we refer you to more appropriate communication channels.

Further information on processing methods, procedures and services used:

Video Conferences, Online Meetings, Webinars and Screen-Sharing

We use platforms and applications of other providers (hereinafter referred to as "Conference Platforms") for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as "Conference"). When using the Conference Platforms and their services, we comply with the legal requirements.

Data processed by Conference Platforms: In the course of participation in a Conference, the Data of the participants listed below are processed. The scope of the processing depends, on the one hand, on which data is requested in the context of a specific Conference (e.g., provision of access data or clear names) and which optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, participants' Data may also be processed by the Conference Platforms for security purposes or service optimization. The processed Date includes personal information (first name, last name), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of the internet access, information on the participants' end devices, their operating system, the browser and its technical and linguistic settings, information on the content-related communication processes, i.e. entries in chats and audio and video data, as well as the use of other available functions (e.g. surveys). The content of communications is encrypted to the extent technically provided by the conference providers. If participants are registered as users with the Conference Platforms, then further data may be processed in accordance with the agreement with the respective Conference Provider.

Logging and recording: If text entries, participation results (e.g. from surveys) as well as video or audio recordings are recorded, this will be transparently communicated to the participants in advance and they will be asked - if necessary - for their consent.

Data protection measures of the participants: Please refer to the data privacy information of the Conference Platforms for details on the processing of your data and select the optimum security and data privacy settings for you within the framework of the settings of the conference platforms. Furthermore, please ensure data and privacy protection in the background of your recording for the duration of a Conference (e.g., by notifying roommates, locking doors, and using the background masking function, if technically possible). Links to the conference rooms as well as access data, should not be passed on to unauthorized third parties.

Notes on legal bases: Insofar as, in addition to the Conference Platforms, we also process users' data and ask users for their consent to use contents from the Conferences or certain functions (e.g. consent to a recording of Conferences), the legal basis of the processing is this consent. Furthermore, our processing may be necessary for the fulfillment of our contractual obligations (e.g. in participant lists, in the case of reprocessing of Conference results, etc.). Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

Further information on processing methods, procedures and services used:

Use of online platforms for listing and sales purposes

We offer our services on online platforms operated by other service providers. In addition to our privacy policy, the privacy policies of the respective platforms apply. This is particularly true with regard to the payment process and the methods used on the platforms for performance measuring and behaviour-related marketing.

Further information on processing methods, procedures and services used:

Job Application Process

The application process requires applicants to provide us with the data necessary for their assessment and selection. The information required can be found in the job description or, in the case of online forms, in the information contained therein.

In principle, the required information includes personal information such as name, address, a contact option and proof of the qualifications required for a particular employment. Upon request, we will be happy to provide you with additional information.

If made available, applicants can submit their applications via an online form. The data will be transmitted to us encrypted according to the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted during transport, but not on the servers from which they are sent and received. We can therefore accept no responsibility for the transmission path of the application between the sender and the reception on our server. For the purposes of searching for applicants, submitting applications and selecting applicants, we may make use of the applicant management and recruitment software, platforms and services of third-party providers in compliance with legal requirements. Applicants are welcome to contact us about how to submit their application or send it to us by regular mail.

Processing of special categories of data: To the extent that special categories of personal data (Article 9(1) GDPR, e.g., health data, such as disability status or ethnic origin) are requested from applicants during the application process, their processing is carried out so that the controller or the data subject can exercise rights arising from employment law and the law of social security and social protection, in the case of protection of vital interests of the applicants or other persons, or for purposes of preventive or occupational medicine, for the assessment of the employee's work ability, for medical diagnosis, for the provision or treatment in the health or social sector, or for the management of systems and services in the health or social sector.

Ereasure of data: In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, to which applicants are entitled at any time. Subject to a justified revocation by the applicant, the deletion will take place at the latest after the expiry of a period of six months, so that we can answer any follow-up questions regarding the application and comply with our duty of proof under the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.

Admission to a talent pool - Admission to a talent pool, if offered, is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the current application process and that they can revoke their consent at any time for the future.

Duration of data retention in the applicant pool in months:

3

Further information on processing methods, procedures and services used:

Cloud Services

We use Internet-accessible software services (so-called "cloud services", also referred to as "Software as a Service") provided on the servers of its providers for the following purposes: document storage and administration, calendar management, e-mail delivery, spreadsheets and presentations, exchange of documents, content and information with specific recipients or publication of websites, forms or other content and information, as well as chats and participation in audio and video conferences.

Within this framework, personal data may be processed and stored on the provider's servers insofar as this data is part of communication processes with us or is otherwise processed by us in accordance with this privacy policy. This data may include in particular master data and contact data of data subjects, data on processes, contracts, other proceedings and their contents. Cloud service providers also process usage data and metadata that they use for security and service optimization purposes.

If we use cloud services to provide documents and content to other users or publicly accessible websites, forms, etc., providers may store cookies on users' devices for web analysis or to remember user settings (e.g. in the case of media control).

Information on legal basis - If we ask for permission to use cloud services, the legal basis for processing data is consent. Furthermore, their use can be a component of our (pre)contractual services, provided that the use of cloud services has been agreed in this context. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in efficient and secure administrative and collaboration processes).

Further information on processing methods, procedures and services used:

Newsletter and Electronic Communications

We send newsletters, e-mails and other electronic communications (hereinafter referred to as "newsletters") only with the consent of the recipient or a legal permission. Insofar as the contents of the newsletter are specifically described within the framework of registration, they are decisive for the consent of the user. Otherwise, our newsletters contain information about our services and us.

In order to subscribe to our newsletters, it is generally sufficient to enter your e-mail address. We may, however, ask you to provide a name for the purpose of contacting you personally in the newsletter or to provide further information if this is required for the purposes of the newsletter.

Double opt-in procedure: The registration to our newsletter takes place in general in a so-called Double-Opt-In procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can register with external e-mail addresses.

The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation times as well as the IP address. Likewise the changes of your data stored with the dispatch service provider are logged.

Deletion and restriction of processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the case of an obligation to permanently observe an objection, we reserve the right to store the e-mail address solely for this purpose in a blocklist.

Information on legal bases: The sending of the newsletter is based on the consent of the recipients or, if consent is not required, on the basis of our legitimate interests in direct marketing. Insofar as we engage a service provider for sending e-mails, this is done on the basis of our legitimate interests in efficient and secure dispatch. The registration procedure is recorded on the basis of our legitimate interests for the purpose of demonstrating that it has been conducted in accordance with the law.

Contents:

Information about us, our services, promotions and offers.

Further information on processing methods, procedures and services used:

Commercial communication by E-Mail, Postal Mail, Fax or Telephone

We process personal data for the purposes of promotional communication, which may be carried out via various channels, such as e-mail, telephone, post or fax, in accordance with the legal requirements.

The recipients have the right to withdraw their consent at any time or to object to the advertising communication at any time.

After withdrawal or objection, we may store the data required to prove consent for up to three years on the basis of our legitimate interests before we delete them. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is affirmed.

Sweepstakes and Contests

We process the personal data of participants in We process personal data of participants in competitions, contents, raffles, prize-draws or sweepstakes (hereinafter referred to as "competitions") only in compliance with the relevant data protection regulations and if the processing is contractually necessary for the provision, execution and handling of the competition, the participants have consented to the processing or the processing serves our legitimate interests (e.g. in the security of the competition or the protection of our interests against misuse by possible recording of IP addresses when submitting entries to the competition.

In the event that entries are published as part of the competitions (e.g. as part of a vote or presentation of the competition entries, or the winner or reporting on the competition), we would like to point out that the names of participants may also be published in this context. The participants can object to this at any time.

If the competitions take place within an online platform or a social network (e.g. Facebook or Instagram, hereinafter referred to as "online platform"), the usage and data protection provisions of the respective online platforms also apply. In such cases, we would like to point out that we are responsible for the information provided by the participants as part of the competition and that we must be contacted with regard to the competitions.

The data of the participants will be deleted as soon as the competition has ended and the data is no longer required to inform the winners or because questions about the competition can be expected. In general, the data of the participants will be deleted at the latest 6 months after the end of the competition. Winners' data can be retained for a longer period of time, e.g. in order to answer questions about the prizes or to fulfil the prizes; in this case, the retention period depends on the type of prize and is up to three years for items or services, e.g. in order to be able to process warranty claims. Furthermore, the participants' data may be stored for longer, e.g. in the form of coverage of the competition in online and offline media.

Insofar as data was collected for other purposes as part of the competition, its processing and storage period shall be governed by the privacy information for this use (e.g. in the case of registration for a newsletter as part of a competition).

Surveys and Questionnaires

The surveys and questionnaires ("surveys") carried out by us are evaluated anonymously. Personal data is only processed insofar as this is necessary for the provision and technical execution of the survey (e.g. processing the IP address to display the survey in the user's browser or to enable a resumption of the survey with the aid of a temporary cookie (session cookie)) or participants have consented.

Information on legal basis: If we ask the participants for their consent to the processing of their data, this is the legal basis for the processing, otherwise the processing of the participants' data is based on our legitimate interests in conducting an objective survey.

Further information on processing methods, procedures and services used:

Web Analysis, Monitoring and Optimization

Web analytics (also referred to as "reach measurement") is used to evaluate the visitor flows of our online services and may include pseudonymous values related to visitor behavior, interests, or demographic information such as age or gender. Through reach analysis, we can, for example, identify when our online services or their functions and content are most frequently used or likely to encourage repeat visits. It also enables us to determine which areas need optimization.

In addition to web analytics, we may also use testing procedures to test and optimize different versions of our online services or their components.

Unless otherwise specified below, profiles (i.e., data combined from a usage process) may be created for these purposes, and information can be stored in and later retrieved from a browser or device. The data collected includes, in particular, visited websites and elements used on them, as well as technical information such as the browser used, the computer system, and information about usage times. If users have given consent to the collection of their location data to us or to the providers of the services we use, the processing of location data is also possible.

Additionally, users' IP addresses are stored. However, we use an IP masking process (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored as part of web analytics, A/B testing, or optimization. Instead, pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, only the information stored in their profiles for the respective procedures.

Legal basis information: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., our interest in efficient, economic, and user-friendly services). In this context, we would also like to point out the information on the use of cookies in this privacy policy.

Further information on processing methods, procedures and services used:

Online Marketing

We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "Content") based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedure is used by which the relevant user information for the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, communication partners and technical information such as the browser used, computer system used and information on usage times and used functions. If users have consented to the collection of their sideline data, these can also be processed.

The IP addresses of the users are also stored. However, we use provided IP masking procedures (i.e. pseudonymisation by shortening the IP address) to ensure the protection of the user's by using a pseudonym. In general, within the framework of the online marketing process, no clear user data (such as e-mail addresses or names) is secured, but pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or similar memorizing procedures. These cookies can later, generally also on other websites that use the same online marketing technology, be read and analyzed for purposes of content display, as well as supplemented with other data and stored on the server of the online marketing technology provider.

Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing technology we use and the network links the profiles of the users in the aforementioned data. Please note that users may enter into additional agreements with the social network providers or other service providers, e.g. by consenting as part of a registration process.

As a matter of principle, we only gain access to summarised information about the performance of our advertisements. However, within the framework of so-called conversion measurement, we can check which of our online marketing processes have led to a so-called conversion, i.e. to the conclusion of a contract with us. The conversion measurement is used alone for the performance analysis of our marketing activities.

Unless otherwise stated, we kindly ask you to consider that cookies used will be stored for a period of two years.

Notes on revocation and objection:

We refer to the privacy policies of the respective service providers and the possibilities for objection (so-called "opt-out"). If no explicit opt-out option has been specified, it is possible to deactivate cookies in the settings of your browser. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered collectively for each area:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) USA: https://www.aboutads.info/choices.

d) Cross-regional: https://optout.aboutads.info.

Further information on processing methods, procedures and services used:

Profiles in Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may entail risks for users, e.g. by making it more difficult to enforce users' rights.

In addition, user data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the associated interests of users. The user profiles can then be used, for example, to place advertisements within and outside the networks which are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective networks or will become members later on).

For a detailed description of the respective processing operations and the opt-out options, please refer to the respective data protection declarations and information provided by the providers of the respective networks.

Also in the case of requests for information and the exercise of rights of data subjects, we point out that these can be most effectively pursued with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.

Further information on processing methods, procedures and services used:

Plugins and embedded functions and content

Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may, for example, be graphics, videos or city maps (hereinafter uniformly referred to as "Content").

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.

Further information on processing methods, procedures and services used:

Management, Organization and Utilities

We use services, platforms and software from other providers (hereinafter referred to as " third-party providers") for the purposes of organizing, administering, planning and providing our services. When selecting third-party providers and their services, we comply with the legal requirements.

Within this context, personal data may be processed and stored on the servers of third-party providers. This may include various data that we process in accordance with this privacy policy. This data may include in particular master data and contact data of users, data on processes, contracts, other processes and their contents.

If users are referred to the third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party provider processing may process usage data and metadata that can be processed by them for security purposes, service optimisation or marketing purposes. We therefore ask you to read the data protection notices of the respective third party providers.

Information on legal basis: If we ask the users for their consent to the use of third party providers, the legal basis of the processing is consent. Furthermore, the processing can be a component of our (pre)contractual services, provided that the use of the third party was agreed within this context. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

Further information on processing methods, procedures and services used:

Changes and Updates to the Privacy Policy

We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that addresses may change over time and to verify the information before contacting us.

Rights of Data Subjects

As data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

Supervisory authority competent for us:

Der Landesbeauftragte für den Datenschutz und
die Informationsfreiheit Baden-Württemberg
Königstrasse 10 a
70173 Stuttgart
Germany

Terminology and Definitions

This section provides an overview of the terms used in this privacy policy. Many of the terms are drawn from the law and defined mainly in Article 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended above all for the purpose of comprehension. The terms are sorted alphabetically.

Obligations to inform