Thank you for your interest in PTXRE. Protecting your personal data is very important to us. Below you will find information on how we handle the data collected through your use of PTXRE. The processing of your data is carried out in accordance with the statutory data protection regulations.
PTXRE GmbH
Junghofstraße 24
60311 Frankfurt (Main)
+49 89 262 010 020
You can reach the Data Protection Officer at:
Proliance GmbH
www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de
When contacting the Data Protection Officer, please specify the company to which your inquiry relates. Please also refrain from attaching sensitive information, such as a copy of your ID.
The processing of your data may, if applicable, also take place in countries outside the European Union (EU) and the European Economic Area (EEA). For data transfers to certain third countries, a decision of adequacy by the European Commission pursuant to Art. 45 (1) GDPR may exist. With such a decision, it is determined that an adequate level of data protection exists in the third country.
A list of current adequacy decisions can be viewed via the following link: Data protection adequacy for non-EU countries.
The scope of an adequacy decision may additionally be limited to a specific group of recipients or tied to further conditions. For example, the adequacy decision for data transfers to the USA only applies in relation to companies certified under the EU-U.S. Data Privacy Framework. The status of certification of participating companies can be viewed here: Participant Search (dataprivacyframework.gov).
If your data is transferred to recipients in third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security or surveillance purposes, without you being informed or being able to exercise legal remedies.
Hence, for transfers of your data to recipients in such third countries, we ensure that suitable safeguards pursuant to Art. 46 GDPR are in place. Usually, either we or the service providers we use enter into the Standard Contractual Clauses of the European Commission pursuant to Art. 46 (2)(c) GDPR. These clauses oblige the recipient in the third-country to process the data in accordance with the European level of protection. The clauses can be inspected at: Publications on the Standard Contractual Clauses (SCCs) – European Commission.
Should you require further information about which modules of the Standard Contractual Clauses or additional measures we have concluded in individual cases, we will gladly provide you with a copy upon request. Please contact us at the controller address above.
For certain recipients, data transfers may also be based on approved binding corporate rules (BCRs) under Art. 46 (2)(b) GDPR. These may be viewed here: Approved Binding Corporate Rules | European Data Protection Board.
Where the Standard Contractual Clauses or binding corporate rules do not suffice to ensure the level of protection, additional technical, contractual and/or organisational measures are taken to secure the data transfer. Further, we regularly monitor and assess whether these additional measures continue to guarantee an adequate level of protection or whether additional measures must be taken.
Further information on data transfers to third countries can in each relevant case be found under the processing activities or services used (“Data processing in third countries”).
In the course of processing your data, Artificial Intelligence (AI) may be used.
We use company-wide / in certain business areas AI systems or assistants with a general purpose. The use of these AI systems and assistants is not limited to individual functions or tasks, but may be applied across various contexts. These systems are typically based on large language models and can be flexibly used for a variety of purposes, for example to support text creation, to answer internal queries, or to analyse content.
In doing so, personal data may be processed in so-called “prompts”. A prompt is an input or command that our employees provide to the AI system in order to receive a certain output. The AI systems process these inputs and generate corresponding outputs, which may in turn also contain personal data. These outputs may then be further processed and used.
In this type of AI usage it cannot be listed exhaustively which personal data in detail is processed. However, we would like to emphasise that:
In our company we use the AI system “Microsoft Copilot” by Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA. In the European Union (EU) and EEA the service is offered by Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
Description of data processing and purpose
When using Microsoft Copilot, prompts may be entered in the form of requests, questions, documents, images and other content, and outputs may be generated. These may then possibly be further processed internally or externally, provided such processing is permissible within our business activities. For example, we use Copilot to:
It cannot be excluded that Copilot prompts contain personal data or that responses output personal data. In principle all categories of personal data that we hold regarding you may be affected, provided you supply these. The input of sensitive personal data is however explicitly prohibited. The use of the processed data for training the AI model by Microsoft is contractually excluded.
The purpose of data processing and our legitimate interest lie in enabling a more efficient way of working and facilitating the provision of certain business services.
Legal basis of data processing
Data processing is carried out pursuant to Art. 6 (1) S. 1 lit. f GDPR based on our aforementioned legitimate interest.
Recipients
In the course of data processing your data is transferred to the following recipients:
In our company we use the AI system “ChatGPT Enterprise” by OpenAI Inc., 3180 18th St, San Francisco, USA. In the European Union (EU) and EEA the service is supplied by OpenAI Ireland Ltd., 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland.
Description of data processing and purpose
When using ChatGPT, prompts may be entered in the form of commands, questions, documents, images and other content, and outputs generated. These may then possibly be further processed internally or externally, insofar as this processing is permissible within our business activities. For instance, we use ChatGPT to:
It cannot be excluded that ChatGPT prompts contain personal data or that responses output personal data. In principle all categories of personal data that we hold about you may be affected, though the input of sensitive personal data is explicitly prohibited. The use of the processed data for training the AI model by OpenAI is contractually excluded.
The purpose of data processing and our legitimate interest lie in enabling a more efficient way of working and facilitating certain business services.
Legal basis of data processing
Data processing is performed pursuant to Art. 6 (1) S. 1 lit. f GDPR based on our aforementioned legitimate interest.
Recipients
In the course of data processing your data is transferred to the following recipients:
Storage period
By using ChatGPT, data is transferred to the above recipients and further processed in our own systems as long as this is necessary for achieving the purposes stated. Afterwards we delete your data from our operational systems unless processing remains permissible on another legal basis mentioned in this statement.
Description of data processing and purposeWhen you visit our website it is technically necessary that data is transferred between your browser and our web server. During a connection between browser and web server the following data regularly occurs:
The listed data is stored in log files and – if needed – analysed.
Our purpose and legitimate interest lie in ensuring a smooth connection between your browser and our website and providing the website technically without errors, as well as detecting, preventing and tracing attacks on our website. The log files serve the evaluation of system stability, functionality and security. The processing of this data is absolutely necessary to provide the website to you.
Legal basis of data processing
The legal basis for processing the data is Art. 6 (1) S. 1 lit. f GDPR.
Recipients
In the course of data processing your data is transferred to the following categories of recipients:
In particular, the following provider is used:
Data processing in third countries
Your data is transferred to recipients in third countries. For data transfers to the USA an adequacy decision of the European Commission exists with regard to companies certified under the EU-U.S. Data Privacy Framework. Webflow, Inc. is certified under the EU-U.S. Data Privacy Framework.
Storage period
For reasons of technical security, in particular to defend against attacks on our web server, these data are stored by us for a short time. After at most 7 days the data is anonymised by truncating the IP-address to the domain level so that no reference to an individual user is possible. In individual cases, if there is an attack or attack attempt, the data may be stored longer – as long as required for investigations or court proceedings or for asserting legal claims.
In anonymised form the log file data may be retained and further processed for statistical purposes.
5.1.2. Content management system WebflowFor the creation and operation of our website we use the content-management system of “Webflow” services by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.
Description of data processing and purpose
The service is used to create and manage websites and their contents. We use the service to provide our website to you. Personal data collected on this website is stored on the servers of the hosting provider. These may include in particular IP-addresses, contact requests, meta and communication data, website accesses, log files and other data generated when visiting a website. Cookies and similar techniques, in particular JavaScript, may be used to store and read data on your end-device (technically necessary cookies). Further details are given under “Data processing in connection with cookies and similar techniques”.
Our purpose and legitimate interest is to manage our online presence and content efficiently and to make the website available to you.
Legal basis of data processing
Where, in the course of embedding the content-management system, cookies and similar techniques are used or data are stored or read in your end-device, this is pursuant to § 25 (2) Nr. 2 TDDDG. Subsequent data processing takes place on the basis of Art. 6 (1) S. 1 lit. f GDPR. Our legitimate interest lies in the efficient operation and provision of our website.
Recipients
In the course of using the service data collected via our website is transferred to the following recipients:
Data processing in third countries
Your data is transferred to recipients in third countries. For data transfers to the USA an adequacy decision of the European Commission exists for companies certified under the EU-U.S. Data Privacy Framework. Webflow, Inc. is certified under the EU-U.S. Data Privacy Framework.
Storage period
By embedding the CMS, data is transferred to the above recipients and processed there as long as necessary for the achievement of the stated purposes.
5.1.3. Content delivery service Amazon CloudFront (in connection with Webflow)
To provide our website we use Amazon CloudFront, a service by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. The embedding of the service is done via our content-management service Webflow.
Description of data processing and purpose
The service enables us to provide content quickly by using proxy servers worldwide to cache files locally and thereby improve download speed. For our website use this means: companies can offer data-rich content on their websites for users to access without long loading times. The CDN may also be used to make JavaScript files available for older browsers. In order to provide content via the service, your personal data is transferred to the service provider. The processed data include in particular:
We use the service to make our online presence available with minimal loading times. Cookies and similar techniques may be used to store/read data on your end-device (see “Data processing in connection with cookies and similar techniques”).
Legal basis of data processing
Where cookies or similar techniques are used, pursuant to § 25 (2) Nr. 2 TDDDG. Subsequent processing on the basis of Art. 6 (1) S. 1 lit. f GDPR.
Recipients
Data is transferred to the following recipients:
Data processing in third countries
Your data is transferred to recipients in third countries. For data transfers to the USA an adequacy decision exists for certified companies under the EU-U.S. Data Privacy Framework. Amazon Web Services Inc. is certified.
Storage period
By embedding the CMS, data is transferred to the above recipients and processed there as long as necessary. No further storage of data processed by the service in our own systems is undertaken.
5.1.4. Content delivery service Cloudflare (in connection with Webflow)
To provide our website we also use Cloudflare, a service by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA. The embedding of the service is done via our hosting provider Webflow.
Description of data processing and purpose
The service enables us to provide content quickly via proxy servers worldwide, improving access speed and allowing device features also for older browsers. To provide content via the service, your personal data is transferred. Processed data include in particular:
We use the service to make our online presence available with minimal loading times. Cookies and similar techniques may be used (see “Data processing in connection with cookies and similar techniques”).
Legal basis of data processing
Where cookies or similar techniques are used: § 25 (2) Nr. 2 TDDDG. Subsequent processing: Art. 6 (1) S. 1 lit. f GDPR.
Recipients
Data is transferred to Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA.
Data processing in third countries
Your data is transferred to recipients in third countries. For data transfers to the USA an adequacy decision exists for certified companies under the EU-U.S. Data Privacy Framework. Cloudflare, Inc. is certified.
Storage period
By embedding the CMS, data is transferred to the above recipients and processed there as long as necessary. No further storage of data processed by the service in our own systems is undertaken.
5.1.5. Content delivery jsDelivr (in connection with Webflow)
To provide our website we also use “jsDelivr”, a service by Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, EN4 9EB, United Kingdom. The embedding of the service is done via our content-management service Webflow.
Description of data processing and purpose
The service enables companies to provide large media quickly via worldwide proxy servers, improving loading speed. To provide content, your personal data is transferred. Processed data include in particular:
We use the service to make our online presence available with minimal loading times. Cookies and similar techniques may be used.
Legal basis of data processing
Where cookies or similar techniques are used: § 25 (2) Nr. 2 TDDDG. Subsequent processing: Art. 6 (1) S. 1 lit. f GDPR.
Recipients
Data is transferred to Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, EN4 9EB, United Kingdom.
Data processing in third countries
Your data is transferred to recipients in third countries. For data transfers to the UK an adequacy decision of the European Commission exists.
Storage period
By embedding the CMS, data is transferred to the above recipients and processed there as long as necessary.
5.2.1. Access to and storage of information in end-devices
When you use our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your end-device may occur. Such access or storage may involve further processing of personal data under the GDPR.
Where such access or storage is strictly necessary for the technical provision of our services, this is carried out pursuant to § 25 (2) Nr. 1 or Nr. 2 TDDDG. Where such operations serve other purposes (e.g. the needs-based design of our website) this occurs pursuant to § 25 (1) TDDDG with your consent. Where subsequent personal data processing is carried out, this is pursuant to the GDPR and the BDSG. These processing operations are explained in the respective sections below.
5.2.2.1. General informationOn this website we use services that deploy cookies and similar techniques to store information on your browser or to read already stored information. These may include cookies, the browser storage (local or session storage), pixels and so-called tags.
Cookies are small text files that can be stored and read on your end device. We distinguish between session cookies (deleted when the browser is closed) and permanent cookies (stored beyond a session for a defined period). Besides cookies we also may use session storage or local storage in the browser, and we may embed pixels (small invisible images) and tags (small HTML or JavaScript code snippets) that allow services for web analytics or user tracking to identify or distinguish users and trace certain activities.
Further information on cookies and similar techniques can be found in the descriptions of the cookie categories and in our consent-management platform, which is displayed when you visit our website. Via the platform you can give and withdraw consent. You can access the platform anytime via the switch icon bottom left to change your settings. Please note that without the use of certain cookies and similar techniques our website may not display correctly and some functions may no longer be available.
5.2.2.2. Category Essential
Services in this category may use cookies and similar techniques to store/read information on your end-device. We use these for the purpose and interest of:
The use of these services and corresponding cookies and similar technologies is based on § 25 (2) Nr. 1, Nr. 2 TDDDG. Subsequent data processing is based on Art. 6 (1) S. 1 lit. f GDPR.
5.2.2.3. Category Functional
Services and external content/media from third-party providers in this category may use cookies and similar technologies to store/read information on your end-device. We use these to:
The use of these services and corresponding cookies/technologies is based on your consent pursuant to § 25 (1) TDDDG. Subsequent data processing is based on your consent pursuant to Art. 6 (1) S. 1 lit. a GDPR.
5.2.2.4. Category Measurement
Services in this category may use cookies and similar techniques to store/read information on your end-device. We use these to:
To this end, we and the services used regularly set pseudonymous identifiers (consisting of numbers and letters) in cookies when you visit our website, and read them again if you return. Through the use of pseudonyms it is possible to distinguish and re-identify returning visitors as such, although the natural person behind it cannot, without additional data, normally be identified. Other technologies may also be used to extract identifiers from your device such as browser- or device-fingerprinting, where data from your browser (e.g. type and version) and its configuration (e.g. preferred language), or your device (e.g. manufacturer and model of your mobile phone, operating system) or your hardware (e.g. screen resolution) are used to recognise you as a distinct user.
The use of services and corresponding cookies/technologies in this category is based on your consent pursuant to § 25 (1) TDDDG. Subsequent data processing is based on Art. 6 (1) S. 1 lit. a GDPR.
5.2.2.5. Category Marketing
Services in this category may use cookies and similar technologies to store/read information on your device. We use these to:
In doing so, we and the involved services regularly set pseudonymous identifiers in cookies on your device when you visit our website or another website, and read them again on a new visit or new website. Often other techniques may be used to extract identifiers such as browser- or device-fingerprinting. These identifiers may be merged between services through so-called ID-matching/ID-syncing to recognise you across devices, platforms and advertisement networks. If you log in with your clear-text data (name or email) or your user data on our website or via a third-party-service, these pseudonymous identifiers may be linked with your clear-text or user data. In this way we or the service providers may build comprehensive pseudonymous or non-pseudonymous user profiles and analyse them to then target advertising based on your interests.
The use of services and corresponding cookies/technologies in this category is based on your consent pursuant to § 25 (1) TDDDG. Subsequent data processing is based on Art. 6 (1) S. 1 lit. a GDPR.
5.3. Consent-management via Consent-management platform Cookiebot
On our websites we use the consent-management platform “Cookiebot” of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.
Description of data processing and purpose
We use the service to manage your consents to the use of cookies and similar techniques and the subsequent processing of data. If you submit or refuse consents through the banner of our consent-management platform, the service processes the following data:
These data are logged on the provider’s servers. Your IP-address is truncated by removing the last three digits so that no reference to an individual person can be established. In the course of processing your consent ID and status are stored both in the cookie “CookieConsent” on your end-device and on the provider’s servers to cross-check the status on subsequent visits.
This allows us to check your consent status on future website visits and to activate or deactivate cookies/technologies in accordance with your decision.
Purpose and legitimate interest
Our purpose and legitimate interest is to centrally steer the cookies and similar techniques embedded in our website as well as to give you an easy way to give and withdraw your consents, so as to comply with our legal obligations for consent under Art. 5 (2) GDPR and our accountability obligations.
Legal basis of data processing
Where cookies and similar techniques are used in connection with the service: § 25 (2) Nr. 2 TDDDG. Subsequent processing: Art. 6 (1) S. 1 lit. f GDPR.
Recipients
Data is transferred to the following recipient:
Storage period
By embedding the service on our website, data are transferred to the above recipient and stored there for a duration of 12 months. No further storage of data processed by the service in our own systems takes place in most cases. In individual cases, data on time, status and scope of consent may be stored in our own systems longer, if legally permissible.
On our websites we integrate the service “Google Tag Manager” of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. In the EU and EEA the service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Description of data processing and purpose
The service is a tag-management system (TMS) that enables us to embed and manage further website content in JavaScript or HTML code. In particular, tags (web-beacons, tracking-pixels or similar markers) can be integrated into our website and managed. Through these tags services used for web analytics or user tracking can distinguish or identify users. The analysis of website visits or user-tracking is not performed by the Tag Manager itself but by the services used for these purposes (e.g. Google Analytics or other third-party services). The Tag Manager simply allows embedding and managing such marks on our website.
Because the Tag Manager is provided by Google and loaded from Google servers upon page load, the technically required usage-data is also transmitted. Google thus also receives your IP-address, which is technically required for retrieval of the content.
Purpose and legitimate interest
Our purpose and legitimate interest is that by using Google Tag Manager we can easily and efficiently embed other services and content into our website.
Legal basis of data processing
The integration and use of the service are based on your consent, if you have granted it through our consent-management platform. The use of cookies and similar technologies is pursuant to § 25 (1) TDDDG. Subsequent data processing is based on Art. 6 (1) S. 1 lit. a GDPR. Your consent is voluntary and may be withdrawn at any time with future effect. To exercise your right of withdrawal please use the switch icon bottom left on the website to reopen the consent-management platform and change your settings.
Recipients
Data is transferred to the following recipients:
Data processing in third countries
Your data is transferred to recipients in third countries. For transfers to the USA an adequacy decision of the European Commission exists for certified companies under the EU-U.S. Data Privacy Framework. Google LLC is certified.
Storage period
By embedding the service on our website data is transferred to the above recipients and processed there as long as necessary.
On our websites we integrate the service “Google Analytics” of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. In the EU and EEA the service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Description of data processing and purpose
Google Analytics creates usage-profiles based on pseudonyms (identifiers created from cookies and device ID and further data about the used end-device or browser-fingerprint) and usage data (e.g. name and address of requested website content, referral links, description of browser & operating system used as well as IP-address). It also processes demographic data (such as continent, country, region, city, age category, gender, language and interests of users), data about your interactions with search engines or other websites captured by Google (e.g. search queries associated with your Google account, origin of your visit such as click on paid ad), data about your end-device (type, manufacturer and model) and its configuration (e.g. language settings, screen resolution), data about your interests if Google has captured them, data about your interactions with our advertisements/campaigns (for example that a specific action on our website is attributable to clicking a certain advertisement), data about your interactions with our website (previous visits, accessed pages, timestamps and session duration, button-clicks, scroll-depth, reading depth, use of filters/searches/forms or other input and login options, clicked external links, data about viewed or purchased products and services, interactions with social-media networks) and more. Using these data Google can pseudonymously re-identify website visitors and allocate them to demographic target groups. Visitors with a Google account may be identified across devices. Cookies and similar techniques are used, as above.
From the processed information Google produces aggregated statistics for us from which we recognise e.g. which topics interest website visitors and how many visitors interacted with our website in which way. We as users of Google advertisement services receive only aggregated data from which no conclusions about individual persons can be drawn. These insights are used by us to optimise online-advertising and marketing campaigns in advertising networks, in particular Google ad services. The purpose of data processing lies in analysing the origin, preferences and interests of visitors to our website in order to optimise our online advertising and target ad placements.
Legal basis of data processing
The integration and use of the service rely on your consent given via our consent-management platform. The use of cookies and similar technologies occurs pursuant to § 25 (1) TDDDG. Subsequent data processing is based on Art. 6 (1) S. 1 lit. a GDPR. Your consent is voluntary and may be withdrawn at any time with future effect. To withdraw your consent, please use the switch icon bottom left on the website to re-open the consent-management platform and change your settings.
Recipients
Data is transferred to:
Further information on Google’s handling of personal data can be found at: https://policies.google.com/privacy?hl=de
Data processing in third countries
Your data is transferred to recipients in third countries. For transfers to the USA an adequacy decision exists for certified companies under the EU-U.S. Data Privacy Framework. Google LLC is certified.
Storage period
By embedding the service on our website, data is transferred to the above recipients and processed there for a period of 14 months. No further storage of the data processed by the service in our own systems takes place.
On our websites we embed the service “Google Fonts” of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. In the EU and EEA the service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Description of data processing and purpose
Google Fonts allows us to use web-fonts. When our website is accessed, the required Google Fonts are loaded into your browser cache. This is necessary so that your browser can display text in an enhanced visual style. If your browser does not support this, a standard font from your computer is used. As the fonts are provided by Google and loaded from their servers upon page load, the technically required usage data is transmitted, including your IP-address. Cookies and similar techniques may be used.
Purpose and legitimate interest
Our purpose and legitimate interest is to make our online presence more visually appealing.
Legal basis of data processing
The embedding and use of the service is based on your consent, if given via our consent-management platform. The use of cookies and similar technologies is pursuant to § 25 (1) TDDDG. Subsequent processing is based on Art. 6 (1) S. 1 lit. a GDPR. Your consent is voluntary and may be withdrawn at any time. To withdraw your consent please use the switch icon bottom left on the website to change your settings.
Recipients
Data is transferred to:
Further information on Google’s handling of personal data: https://policies.google.com/privacy?hl=de
Data processing in third countries
Your data is transferred to recipients in third countries. For transfers to the USA an adequacy decision exists for certified companies under the EU-U.S. Data Privacy Framework. Google LLC is certified.
Storage period
By embedding the service, data is transferred to the above recipients and processed there as long as necessary. No further storage occurs in our systems.
On our websites we include the service “Google reCAPTCHA” of Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. In the EU and EEA the service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Description of data processing and purpose
Google reCAPTCHA is used to verify whether data entry on our website (for instance in a contact form) is made by a human or by an automated programme (bot). Such programmes are used to overload websites with excessive requests, to place spam messages via forms or to penetrate systems via login forms. As the service is provided by Google and loaded from its servers upon page load, usage-data is also transmitted:
To protect our forms, the service analyses the behaviour of the website visitor based on various features and assesses a probability value to determine whether it is more likely a human input or a bot. The analysis may include data such as:
Data analysed by the service is forwarded to Google. Cookies and similar techniques may be used.
Purpose and legitimate interest
Our purpose and legitimate interest is to protect web-forms from automated inputs, ensuring a smooth and secure operation of the website and connected systems.
Legal basis of data processing
Where cookies or similar techniques are used: § 25 (2) Nr. 2 TDDDG. Subsequent processing: Art. 6 (1) S. 1 lit. f GDPR.
Recipients
Data is transferred to:
Further information: https://policies.google.com/privacy?hl=de
Data processing in third countries
Your data is transferred to recipients in third countries. For transfers to the USA an adequacy decision exists for certified companies under the EU-U.S. Data Privacy Framework. Google LLC is certified.
Storage period
By embedding the service on our website data is transferred to the above recipients and processed there as long as necessary. No further storage in our own systems occurs.
On our websites we integrate the platform “HubSpot” of HubSpot Inc., 2 Canal Park, Cambridge, MA 02141, USA. Further detailed information on data processing via HubSpot is provided in the section “Data protection information for customers and other business partners as well as prospective clients”.
Description of data processing and purpose
If you contact us via contact form or email, your details from the inquiry form or email—including personal data you provide—are stored for processing your inquiry and for subsequent enquiries. Providing an email address is required for contact; providing your first and last name and telephone number is voluntary. These data will never be passed on without your consent.
Legal basis of data processing
Legal basis for data processing is our and your legitimate interest in responding to your inquiry pursuant to Art. 6 (1) S. 1 lit. f GDPR, and if your inquiry is aimed at the conclusion of a contract possibly Art. 6 (1) S. 1 lit. b GDPR.
Recipients
In the course of processing your data we use the following categories of recipients:
In particular, the following recipient:
Storage period
Your data will be deleted once your inquiry has been fully answered and no further follow-up is expected, unless statutory retention obligations prevent deletion.
On our websites we collect personal data through various web-forms for the purpose of addressing you by advertising in order to promote the sale of our products, goods or services by direct marketing. These may include forms for newsletter sign-up, webinars or event registration, booking demo appointments for products, or download of white papers and other documents.
Description of data processing and purpose
We process your personal data if it is necessary for contract initiation, performance, fulfilment or the execution of pre-contractual measures. We only process data that are related to the contract initiation or pre-contractual measures. These may be general personal details (name, address, contact details etc.) and, if needed, further data provided by you in the course of contract initiation.
Legal basis of data processing
When personal data are required for contract initiation or performance or for pre-contractual measures, processing is lawful pursuant to Art. 6 (1) S. 1 lit. b GDPR.
Sources
We process personal data which we receive during contact or contract initiation via post, telephone, email, website forms or via our social-media profiles.
Recipients
Data processing involves transfer to the following categories of recipients:
In particular the following recipients:
Storage period
We process and store your personal data for the duration of our business relationship and for contractual purposes. This includes contract initiation and execution. Additionally, we are subject to various retention and documentation obligations under the Commercial Code (HGB) and Tax Code (AO) which impose retention periods of two to ten years. Finally, the storage period is also determined by statutory limitation periods under §§ 195 ff. BGB, which are generally three years but in some cases up to thirty years.
Necessity of providing personal data
Providing personal data for the decision about contract conclusion, contract fulfilment or pre-contractual measures is voluntary. However, we can only make a contract decision if you provide those personal data which are necessary for contract conclusion, contract fulfilment or pre-contractual measures.
To manage the personal data of customers and prospects we use “Salesforce” of Salesforce.com Germany GmbH, Erika-Mann-Straße 31-37, 80636 Munich, Germany.
Description of data processing and purpose
The software enables management of customer and prospect data, including contact persons, to approach these for marketing purposes.
Legal basis of data processing
Legal basis for data management is Art. 6 (1) S. 1 lit. f GDPR or Art. 6 (1) S. 1 lit. a GDPR depending on which legal basis we use for the respective marketing approach.
Recipients
In the course of processing your data we transfer data to the following categories:
In particular:
Storage period
We store your data as long as necessary for the stated purpose, unless you have objected to processing or you have withdrawn your consent. Afterwards we delete your data unless further processing is permitted under another legal basis (e.g. statutory retention obligations).
We process your personal data to contact you by mail, telephone and email for the purpose of direct advertising, and to evaluate prospect data, conduct market research and customer satisfaction surveys.
6.3.1.1. Collection of advertising data via web-forms on the website
We may collect personal data on our website via various forms for the purpose of directly addressing you by advertising to promote our products, goods or services or those of cooperation partners. These may be forms for newsletter, webinars, events, demo appointments, download of white papers, etc.
6.3.1.2. Collection of advertising data at events or trade fairs
We may collect personal data at events or fairs via analogue or digital forms for the purpose of direct advertising to promote our products, goods or services or those of cooperation partners.
6.3.2.1. Advertising to existing customers
We process your personal data (salutation, first name, last name, business email address for business contacts) which we receive in connection with a contract, for the purpose and in our legitimate interest of sending you personalised direct advertising to similar products, goods, services, events and offers that are connected with the previous contract.
Legal basis of data processing
The legal basis is Art. 6 (1) S. 1 lit. f GDPR. As we comply with the exception under § 7 (3) UWG and process only such personal data which are connected with your professional role, there are no overriding interests of yours opposing our interest, provided you have not objected. You can object to the processing at any time with future effect without costs other than transmission costs at basic rates. To exercise your right of objection please use the unsubscribe link in our advertising emails or contact the controller as above.
Recipients
Data is transferred to the following categories of recipients:
In particular:
6.3.2.2. Consent to receive marketing e-mails and email-tracking
We process your personal data (salutation, first name, last name, business email address for business contacts, private email address for consumer contacts, company) only for the purpose of addressing you or your company personalised by email or via our newsletter about our products, goods, services, events and offers or those of cooperation partners, if you have given explicit consent. If we have your consent, we also process data about whether you received our marketing emails, opened them, how you interacted with content (which links you clicked) and what extent you read or skimmed.
Legal basis of data processing
The legal basis is your consent pursuant to Art. 6 (1) S. 1 lit. a GDPR. Your consent is voluntary and may be withdrawn at any time with future effect. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. To exercise your right of withdrawal please use the unsubscribe link in our marketing emails/newsletter or contact dataprotection@ptxre.com.
Recipients
Data is transferred to:
In particular:
Storage period
We store your data as long as necessary for the stated purpose or until you withdraw your consent, but in any case for a maximum of 5 years. After that we delete your data unless further processing is permitted.
We process your personal data (salutation, first name, last name, business telephone number for business contacts, company) for the purpose and in our legitimate interest of contacting you or your company personalised by telephone about our products, goods, services, events and offers or those of cooperation partners.
As we comply with § 7 (2) Nr. 1 & 2 UWG and only process personal data related to your professional role, no overriding interests of yours oppose our interest, provided you have not objected.
Legal basis for business contacts
The legal basis is Art. 6 (1) S. 1 lit. f GDPR. Our legitimate interest lies in promoting the sale of our products, goods and services by direct marketing.
You can object at any time with future effect without costs other than basic transmission costs. To exercise your right of objection please contact the controller.
Recipients
Data is transferred to categories:
In particular:
Storage period
We store your data as long as necessary for the stated purpose or until you object, but in any case for a maximum of 5 years. Afterwards we delete your data unless further processing is permitted.
We process your personal data (salutation, first name, last name, business address for business contacts, company) for the purpose and in our legitimate interest of contacting you or your company personalised by mail about our products, goods, services, events and offers or those of cooperation partners.
As we comply with § 7 (2) Nr. 1 & 2 UWG and only process the stated personal data related to your professional role, no overriding interests of yours oppose our interest, provided you have not objected.
Legal basis of data processing
The legal basis is Art. 6 (1) S. 1 lit. f GDPR. You may object at any time with future effect. To exercise your objection please contact the controller.
Recipients
Data is transferred to categories:
In particular:
Storage period
We store your data as long as necessary for the stated purpose or until you object, but in any case for a maximum of 5 years. Afterwards we delete your data unless further processing is permitted.
On our websites we use the platform “HubSpot” of HubSpot Inc., 2 Canal Park, Cambridge, MA 02141, USA. In the EU/EEA the service – depending on customer location – is offered by certain national group companies. In Germany the service is offered by HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin.
Description of data processing and purpose
The platform enables us to:
with the aim of gaining new prospects for our products and services, targeting acquired prospects and existing customers with advertising, and using data-driven analysis to optimise our marketing strategy, particularly in online and email marketing.
We use HubSpot for:
Purpose and legitimate interest
Our purpose and legitimate interest is to manage contact data of prospects and customers effectively and to use the associated data processing opportunities via the platform.
We also use HubSpot to analyse and evaluate website visits. We observe and analyse visitor behaviour and usage of our websites. This allows us to recognise returning visitors pseudonymously, and to analyse how a visitor arrived at our site (e.g. via search engine, direct, social media, other websites, marketing emails or campaigns), how many visits occurred, how long a stay lasted, and how many pages were accessed. Additionally we process further data about interactions and behaviour on our website (e.g. form submissions, chat usage, document downloads, media playback etc.). Purpose: to produce statistics, improve our web-presence and optimise the effectiveness of marketing.
We also use HubSpot for preparing and carrying out email marketing and email tracking. If you give separate consent, we use your email address to contact you or your company by email for marketing about our products, services, events and offers or those of cooperation partners. Purpose: to address you personalised by email or newsletter, as above.
If you provide separate consent we may also process data about whether you received our marketing emails, opened them, which email-client software is used, how you interacted (which links clicked) and extent you read the messages. We use these data to create statistics, improve the attractiveness of our marketing emails and optimise our marketing strategy. Once your email address is submitted via form or chat on our website you will receive a confirmation email with a link asking you to confirm your email address and subscribe for marketing emails. Purpose: ensure only authorised persons subscribe.
We also use HubSpot to create, enrich and evaluate prospect profiles. The processed data are consolidated in a personalised profile, optionally enriched with further sources, assessed via scoring, and analysed to infer which of our products or services, current events, actions and offers you may be interested in, to which customer segment you may belong, and how likely your interest may lead to a contract. We process the following data:
Legal bases of data processing
Recipients
Data is transferred to:
In particular:
Storage period
Deletion
Subsequently we delete your data from our operational systems unless further processing is permitted on another legal basis.
Description of data processing and purpose
We process data you as prospect (via website forms) or as customer or employee of a customer (during pre-contractual measures or in contract performance) to determine which of our products, goods, services, events and offers or cooperation partners interest you, how we may improve these, and how we may optimise our advertising activities. We may build target groups from the data. The analysis and evaluation may include your information from customer satisfaction surveys we conduct.
We may collect your data about:
Legal basis of data processing
The legal basis is Art. 6 (1) S. 1 lit. f GDPR. Our legitimate interest is to further develop our products and services according to market needs and to understand the needs and interests of customers and prospects so that we can carry out targeted direct marketing.
Recipients
Data is transferred to:
In particular:
Storage period
We store your data as long as necessary for the purpose or until you object, but at most 5 years. After that we delete your data unless further processing is permitted under another legal basis.
Description of data processing and purpose
We process your personal data insofar as it is necessary for a decision on the establishment of an employment relationship with us. We only process data related to your application. These may include general personal details (name, address, contact details etc.), information on your professional qualification and schooling, details on further training and possibly additional data you supply with your application.
If an employment, training or internship relationship is established with you, we may continue to process the data already collected for purposes of the employment relationship, provided this is required for the execution or termination of the employment relationship or for exercising/fulfilling rights and obligations arising from a law, collective agreement, works- or service agreement (collective bargaining).
Legal basis of data processing
Legal basis is Art. 88 GDPR in conjunction with § 26 (1) BDSG or Art. 6 (1) S. 1 lit. b GDPR if the data processing is required for a decision on the establishment of an employment relationship. If you give explicit consent to the processing of personal data for certain purposes, legality is based on § 26 (2) BDSG, Art. 6 (1) S. 1 lit. a GDPR. A consent given may be withdrawn at any time with future effect.
If further processing is required for performance or termination of the employment relationship, legal basis is Art. 88 GDPR in conjunction with § 26 (1) BDSG or Art. 6 (1) S. 1 lit. b GDPR.
Sources
We process personal data you submit via our career portal upload, by post or email, via job portals or professional networks, or which we receive from recruitment agencies.
Recipients
Data is transferred to:
In particular:
If you give your explicit consent, we store your application beyond the actual application process for the purpose of considering you for future positions in the talent pool. The purpose is to consider applicants for other suitable positions within the group that they did not apply for initially.
Legal basis of data processing
Data processing is based on § 26 (2) BDSG, Art. 6 (1) S. 1 lit. a GDPR on the basis of your consent. If you voluntarily provide special categories of personal data under Art. 9 GDPR (e.g. a photo revealing ethnic origin, data on severe disability etc.) the consent also refers to this data under Art. 9 (2) GDPR. The consent is voluntary and can be withdrawn at any time with future effect. To withdraw, contact the controller as above.
Recipients
Data is transferred to categories:
In particular:
If you explicitly consent, we store your application beyond the actual application for future positions in the talent pool of our group. Applications in the talent pool are shared with other companies of our group. If your application matches a job profile in the group, we or the respective group company will contact you. The purpose is to consider applicants for other positions in the group.
Legal basis
Processing is based on § 26 (2) BDSG, Art. 6 (1) S. 1 lit. a GDPR on your consent. If you provide special categories of personal data as above under Art. 9 GDPR, your consent also covers this sector under Art. 9 (2) GDPR. Consent is voluntary and may be withdrawn with future effect. To withdraw, contact the controller.
Recipients
Data is transferred to categories:
In particular:
Storage period
We process the data for 12 months. Afterwards, data is deleted unless further processing is permissible on another legal basis.
On our career website we embed the personnel and applicant-management service “Personio” of Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany.
Description of data processing and purpose
The service enables us to store and manage incoming applicant data. When you submit your application via our application form, the data entered in the form is transferred and stored by the service provider. The service form connects to the provider’s servers. The following data is processed:
Through the service provider the following data may be processed:
Processing occurs only when using our application form. Cookies and similar techniques (in particular JavaScript) may be used.
Purpose
The purpose lies in efficiently managing our application process and digitally managing applicant data.
Legal basis
Where cookies/techniques are used: § 25 (2) Nr. 2 TDDDG. Subsequent processing for contract initiation or job decision: Art. 6 (1) S. 1 lit. b GDPR and § 26 (1) BDSG.
Recipients
Data is transferred to:
In particular:
Storage period
By embedding the service on our website, data is transferred to the above recipients and stored there for the duration of the application process. Candidate data/departments will be stored at most 6 months after the application process ends. If further storage in our own systems occurs, it is likewise for at most 6 months after the end of the process.
Below you will find information on how we handle your data collected through your use of our social media profiles on social networks and platforms.
We maintain profiles, presences, pages, or fan pages on the following social media platforms:
PlatformProfileLinkedInhttps://de.linkedin.com/company/ptxre
Depending on how the platform operators and we, as page operators, are involved in the processing of your personal data, the respective responsibility and role differ. We may either be jointly responsible with the platform operator, or the platform operator may be solely responsible.
There is joint controllership between us and the following platform operators:
PlatformPlatform operatorLinkedInLinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4, 5, 6, Dublin 2, Ireland
We, as the page operator, together with the respective platform provider, are jointly responsible for the processing of your personal data in connection with your visit to our presence, profile, page, or fan page on the platforms when the platform operators provide aggregated information about visitors to our profiles, presences, pages, or fan pages (e.g., so-called “Insights” or “Analytics”).
In cases of joint controllership, we have concluded agreements pursuant to Art. 26 GDPR with the platform operators regarding joint responsibility for the processing of your personal data (e.g., Page Controller Addendum or Joint Controller Addendum). These agreements set out which processing activities are the responsibility of us and which are the responsibility of the respective platform operator. You can view these agreements at the following links:
PlatformJoint controllership agreementsLinkedInhttps://legal.linkedin.com/pages-joint-controller-addendum
Further information on data processing by the platform operators can be found in their privacy policies:
PlatformPrivacy policyLinkedInhttps://www.linkedin.com/legal/privacy-policy
You can contact the data protection officers of the platform operators here:
PlatformContact optionLinkedInYou can reach LinkedIn’s Data Protection Officer via the contact form at: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
8.3.3.1. Access to and storage of information in terminal equipment
When you access our profiles on the aforementioned platforms, the platform operator uses cookies and similar technologies on your terminal equipment to store or read information on your device. Such access or storage may involve further processing of personal data within the meaning of the GDPR.
Where such access to information or storage of information is strictly necessary for the technically error-free provision of the services, this is based on Section 25 (1) sentence 1 and (2) no. 2 of the Telecommunications-Digital Services Data Protection Act (TDDDG). Any subsequent data processing may be based on Art. 6 (1) sentence 1 lit. f GDPR.
Where such processing serves other purposes (e.g., demand-oriented design of our website), it is carried out on the basis of Section 25 (1) TDDDG only with your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. Consent can be withdrawn at any time with effect for the future. The provisions of the GDPR and the German Federal Data Protection Act (BDSG) apply to the processing of your personal data.
Further information on the use of cookies and similar technologies and their legal bases can be found in the respective privacy policy of the platform operator. Links to the respective privacy policies are provided above. For further questions, please contact the operator of the respective social media platform directly.
8.3.3.2. Data processing for advertising and market research purposes
As a rule, personal data on our social media profile are primarily processed for the platform operator’s own market research and advertising purposes. Where data collection also takes place directly on our social media profile, we participate in the platform operator’s data processing and are therefore jointly responsible to that extent.
Cookies and similar technologies are used in the course of processing, enabling the platform operator to recognise you when you visit a social media profile. In addition, if you are a member of the social media platform, the platform operator carries out extensive analysis of your interactions on the platform (clicks, comments, and “like” details) and processes the information you provide to the platform operator such as your master data, profile picture, or profile name. In particular, demographic information (age, gender, country, industry, profession, etc.) from your own member profile may be processed. Usage profiles can be created using the collected data. The platform operator then uses these to display advertisements within and outside the platform that presumably correspond to your interests. Although we have no direct access to the data processed by the platform operator, we also benefit from this processing by placing corresponding advertisements within or outside the platforms based on the target groups identified by the platform operator.
The legal basis for the processing of your personal data in this respect is the consent you have given to the platform operator pursuant to Art. 6 (1) lit. a GDPR. Please note that we have no influence on data collection and further processing in the responsibility of the platform operators. Consequently, we cannot provide information on the extent, the place, and the duration of storage by the platform operator. Further information can be found in the privacy information of the respective provider.
8.3.3.3. Data processing in the context of “Insights” or “Analytics”
In addition, your data are processed under joint responsibility in connection with so-called “Page Insights” or “Page Analytics”. “Page Insights” or “Page Analytics” are analysis functions provided by the platform operator whereby your master data processed by the platform operator—particularly demographic data—as well as data relating to your interactions with our profile are collected jointly by the platform operator and us. The platform operator then analyses these data and creates consolidated (aggregated) data for us, from which we can see which demographic target groups visited our profile and how our profile was used.
We also have no direct access to the data processed by the platform operator. These are only made available to us by the platform operator in aggregated form. This means that we cannot recognise individual visitors or their interactions from the aggregated data. We use these aggregated data to target our social media profile to specific audiences and to optimise it in general for the aforementioned advertising purposes (increasing the reach and awareness of our profile and evaluating the success of marketing campaigns).
The legal basis for the processing of your personal data in this respect is the consent you have given to the platform operator pursuant to Art. 6 (1) lit. a GDPR. Please note that we have no influence on data collection and further processing in the responsibility of the platform operators. Consequently, we cannot provide information on the extent, the place, and the duration of storage by the platform operator. Further information can be found in the privacy information of the respective provider.
8.3.3.4. Data processing based on consent
If you are asked by the respective platform operator to give consent to processing for a specific joint purpose, the legal basis for the processing is Art. 6 (1) lit. a, Art. 7 GDPR. Any consent given may be withdrawn at any time with effect for the future.
8.3.3.5. Recipients and data transfers to third countries
If we disclose personal data to social media platform operators, such operators are recipients of the data within the meaning of Art. 4 no. 9 GDPR.
PlatformRecipientLinkedInLinkedIn Corp., 1000 W. Maude Ave, Sunnyvale, CA 94085, USA
When visiting our social media profiles, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) (third countries).
For data transfers to certain third countries, there is an adequacy decision by the European Commission. For data transfers to the USA, there is an adequacy decision by the European Commission pursuant to Art. 45 (1) GDPR for companies certified under the EU-U.S. Data Privacy Framework.
For data transfers to third countries for which there is no adequacy decision by the European Commission, Standard Contractual Clauses are concluded or Binding Corporate Rules are used, together with further supplementary measures to safeguard the data transfer, in order to ensure an adequate level of data protection.
PlatformRecipientThird countrySafeguard for third-country transferLinkedInLinkedIn Corp.USAAdequacy decision of the EU Commission and certification under the EU-U.S. Data Privacy Framework
Additional information and further links can be found above in the section “General information on data transfers to third countries.”
If, as a visitor to the page, you wish to exercise your rights (access, rectification, erasure, restriction, data portability, complaint to the supervisory authority, objection, or withdrawal), you may contact either the platform operator or us.
PlatformSettings in the platform accountLinkedInYou can restrict the visibility of your LinkedIn account (also) to us via the LinkedIn settings. For further information on exercising your rights, please refer to LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.
Where your personal data are processed by any of the social media platform operators listed below, such processing is carried out under the sole responsibility of the platform operator within the meaning of Art. 4 no. 7 GDPR.
We are solely responsible for the following data processing operations via our social media profiles.
When you visit our social media profile or interact with it, we process personal data about you. This may include information that you actively provide (comments, “likes,” as well as information you have made publicly available such as your profile picture or profile name). Depending on the provider and your settings on the provider’s platform, we may also be informed about who has accessed our profile within the platform.
The legal basis for processing personal data when operating our social media profile is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in addressing visitors for advertising purposes and in providing an effective means of communication and interaction with our company on the social media platform.
We collect personal data ourselves when you contact us, e.g., via a contact form or a messenger function of the respective platform. Which data are collected depends on your details and the contact data you have provided or released. These data are stored by us for the purpose of processing the request and in case of follow-up questions. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) sentence 1 lit. f GDPR. Your data will be deleted after your request has been conclusively processed, provided that there are no statutory retention obligations to the contrary. We consider processing to be concluded when it can be inferred from the circumstances that the matter in question has been finally clarified.
If your contact via a social network or any other platform aims at the conclusion of a contract for the supply of goods or the provision of services with us, we process your data for the performance of the contract or for the implementation of pre-contractual measures and/or the provision of the requested services. The legal basis for processing your data in this case is Art. 6 (1) sentence 1 lit. b GDPR. Your data will be deleted when they are no longer required for the performance of the contract or it is clear that the pre-contractual measures will not result in a contract corresponding to the purpose of your contact.
Please note, however, that even after completion of the contract it may be necessary to store personal data of our contractual partners in order to comply with contractual or statutory obligations.
If we ask you for your consent to processing for a specific purpose, the legal basis for the processing is Art. 6 (1) lit. a, Art. 7 GDPR. Any consent given may be withdrawn at any time with effect for the future.
The personal data collected by us are deleted from our systems when they are no longer required for the purposes defined at the time of collection or when you have exercised your right of withdrawal or objection. Statutory retention periods remain unaffected. We have no influence on the storage period of your data stored by the social media providers for their own purposes. For details, please obtain information directly from those providers.
Description and purpose of processing
If you give us a declaration of consent, we process your personal data regarding the circumstances and time of the declaration (where applicable: signature, email address, telephone or fax number, or IP address) in order to demonstrate, within the scope of our accountability under Art. 5 (2) GDPR, that you have consented to the relevant data processing. The same applies to the withdrawal of your consent.
If you exercise your data subject rights under the GDPR vis-à-vis us, we also process your personal data to demonstrate, within the scope of our accountability under Art. 5 (2) GDPR, that we complied with the GDPR when processing your request.
Legal basis
Processing is carried out on the basis of Art. 6 (1) sentence 1 lit. c GDPR in conjunction with Art. 5 (2) GDPR and/or Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in documenting compliance with the GDPR within the scope of our accountability.
Recipients
In the course of processing, your data are transferred to the following categories of recipients that we use to achieve the stated purposes:
In particular, these recipients include:
Furthermore, it may occur that we forward your personal data in connection with your request to our external company data protection officer who supports us in complying with the GDPR:
Storage period
We store your data as long as necessary to achieve the aforementioned purpose. Data relating to a consent given are regularly stored until the end of 3 years after the end of the year in which we last relied on such consent. Data we process in connection with the handling of data subject rights are regularly stored for 3 years after the end of the year in which you exercised your right. We then delete your data unless further processing (possibly also in other systems) is permissible or required on the basis of another legal ground (e.g., statutory retention obligations).
Description and purpose of processing
If you object to processing for marketing purposes based on legitimate interests, we will regularly include your contact details (e.g., first and last name, email address, telephone number, address) in our marketing suppression list. We maintain this list to ensure on a lasting basis that you will not be contacted for advertising purposes in the future, even if we collect and process your data again in compliance with the GDPR. Only matching against this list ensures that your data are not used again for advertising purposes after they have been otherwise deleted from the active data stocks of our operational systems—for example, because you are re-entered as a customer into our systems or because we collect your data again from other data sources or receive them again from third parties, including processors.
Entry into the suppression list also occurs if, in addition to an objection, you exercise your right to erasure, unless it is explicitly or recognisably important to you that your data be erased and the lasting implementation of your right to object is not paramount.
Legal basis
Processing is carried out on the basis of Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in ensuring compliance with the right to object under the GDPR and the right to object within the meaning of Section 7 (3) of the German Unfair Competition Act (UWG) in cases of direct advertising and/or existing customer advertising in a lasting and effective manner beyond any other deletion of the data.
Recipients
In the course of processing, your data are transferred to the following categories of recipients that we use to achieve the stated purposes:
In particular, these recipients include:
Storage period
We store your data in the suppression list as long as necessary to achieve the aforementioned purpose. As a rule, this is for as long as we are active on the market as a company and conduct advertising for our products, goods, services, offers, and events.
Description and purpose of processing
We process personal data insofar as this is necessary to comply with a legal obligation. The scope of the data to be processed results from the legal obligation we must comply with.
Legal basis
In these cases, the legal basis for processing your data is Art. 6 (1) sentence 1 lit. c GDPR in conjunction with the respective legal provision imposing such an obligation. These may include, for example, provisions of the Fiscal Code of Germany (AO), e.g., Section 147 AO, the German Commercial Code (HGB), e.g., Section 257 HGB, or the German Code of Criminal Procedure (StPO).
Recipients
In the course of processing, your data are transferred to the following categories of recipients that we use to achieve the stated purposes:
Storage period
We store your data to the extent necessary for as long as required to achieve the aforementioned purpose. The storage period results from the special statutory provisions obliging us to retain or process data for up to 10 years, whereby the specific commencement of the retention periods results from the respective special law. We then delete your data unless further processing (possibly also in other systems) is permissible on the basis of another legal ground.
Description and purpose of processing
In individual cases, we also process your data for the purpose and in the interest of asserting legal claims, for example to enforce our claims arising from unpaid invoices, insofar as your data are relevant to legal proceedings.
In addition, we process your data in individual cases for the purpose and in the interest of defending against legal claims asserted against us, for example when asserting claims under statutory warranty for defects, insofar as your data are relevant to legal proceedings.
Legal basis
The legal basis for the processing of your data is Art. 6 (1) sentence 1 lit. f GDPR.
Recipients
In the course of processing, your data are transferred to the following categories of recipients that we use to achieve the stated purposes:
Storage period
We store your data in individual cases to the necessary extent for as long as required to achieve the aforementioned purpose. We then delete your data unless further processing (possibly also in other systems) is permissible or required on the basis of another legal ground (e.g., statutory retention obligations).
Below you will find information about the data subject rights granted to you by applicable data protection law with regard to the processing of your personal data by the controller:
Right to object
Where your personal data are processed by us on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data on grounds relating to your particular situation. If the objection concerns the processing of personal data for direct marketing purposes, you have a general right to object without the need to provide a particular reason.
If you wish to exercise your right of withdrawal or objection, please contact us using the contact details of the controller stated above.
This Privacy Policy was last amended on 29th October 2025.
