1
2
3
4
5
6
7
8
9
10
11

Privacy Policy

We are very pleased about your interest in our company. Data protection is of particular importance to the management of Haavest GmbH. The use of the Internet pages of Haavest GmbH is generally possible without providing any personal data. However, if a data subject wishes to use special services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the countryspecifc data protection regulations applicable to Haavest GmbH. Through this privacy policy, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs data subjects of the rights to which they are entitled.

Haavest GmbH, as the data controller, has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, such as by telephone.

1. Defnitions

The privacy policy of Haavest GmbH is based on the terms used by the European legislator in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easily readable and understandable for the public, as well as for our customers and business partners. To ensure this, we would like to explain theterminology used in advance.

We use the following terms in this privacy policy:

a) Personal Data

Personal data means any information relating to an identifed or identifable natural person (hereinafter "data subject"). An identifable natural person is one who can be identifed, directly or indirectly, in particular by reference to an identifer such as a name, an identifcation number, location data, an online identifer, or one or more factors specifc to the physical, physiolo

b) Data Subject

A data subject is any identifed or identifable natural person whose personal data is processed by the data controller.

c) Processing

Processing means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of Processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

e) Profiling

Profling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specifc data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identifed or identifable natural person.

g) Controller or Data Controller

The controller or data controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

h) Processor

A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient

A recipient is a natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not.

j) Third Party

A third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Consent is any freely given, specifc, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

2. Name and Address of the Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other data protection provisions, is:

Haavest GmbH
Marienstr. 32
40210 Düsseldorf
Germany

Phone: +49 211 - 158 743 39
Email: info@haavest.de
Website: www.haavest.de

3. Cookies

The Internet pages of Haavest GmbH use cookies. Cookies are text fles that are stored and saved on a computer system via an Internet browser.

Many Internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifer for the cookie. It consists of a string of characters that allows websites and servers to associate the specifc Internet browser in which the cookie was stored.

By using cookies, Haavest GmbH can provide users of this website with more userfriendly services that would not be possible without cookie settings.

The affected person can prevent the setting of cookies through our website at any time using the appropriate setting in their Internet browser and thereby permanently object to the setting of cookies.

If cookies are deactivated, not all functions of our website may be fully usable.

4. Collection of General Data and Information

The website of Haavest GmbH collects a range of general data and information each time the website is accessed by a data subject or an automated system. These general data and information are stored in the server's log fles. The data that may be collected include (1) the types and versions of browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the subpages accessed on our website by an accessing system, (5) the date and time of access to the website, (6) an Internet Protocol (IP) address, (7) the internet service provider of the accessing system, and (8) other similar data and information that serve to avert dangers in the event of attacks on our information technology systems.

When using this general data and information, Haavest GmbH does not draw any conclusions about the data subject. Instead, this information is required to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the necessary information for prosecution in the event of a cyberattack. These anonymously collected data and information are therefore evaluated statistically by Haavest GmbH, with the further aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data from the server log fles are stored separately from all personal data provided by a data subject.

5. Subscription to Our Newsletter

On the website of Haavest GmbH, users are given the opportunity to subscribe to our company's newsletter. The personal data transmitted to the controller when ordering the newsletter is determined by the input mask used for this purpose.

Haavest GmbH regularly informs its customers and business partners about company offers via a newsletter. The newsletter of our company can generally only be received by a data subject if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter. A confrmation email will be sent to the email address entered by a data subject for the frst time for the newsletter subscription,
following the double opt-in procedure. This confrmation email is used to verify whether the owner of the email address, as the data subject, has authorized the receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by the internet service provider (ISP) of the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to trace any potential misuse of a data subject's email address at a later date and thus serves the legal protection of the controller.

The personal data collected during a newsletter subscription is used exclusively for sending our newsletter. Furthermore, newsletter subscribers may be informed by email if this is necessary for the operation of the newsletter service or a related registration, such as in the case of changes to the newsletter offering or changes in technical circumstances. There is no transfer of personal data collected as part of the
newsletter service to third parties. The newsletter subscription can be canceled by the data subject at any time. The data subject may revoke their consent to the storage of personal data given for newsletter distribution at any time. A corresponding link for withdrawing consent is included in each newsletter. Furthermore, it is possible to unsubscribe from the newsletter at any time directly on the website of the controller or by informing the controller in another way.

6. Newsletter Tracking

The newsletters of Haavest GmbH contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format to enable log fle recording and analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, Haavest GmbH can determine whether and when an email was opened by a data subject and which links
contained in the email were accessed by the data subject.

Such personal data collected via the tracking pixels contained in the newsletters is stored and evaluated by the controller to optimize the newsletter dispatch and better tailor the content of future newsletters to the interests of the data subject. These personal data are not passed on to third parties. Data subjects are entitled at any time to withdraw the separate declaration of consent issued via the double opt-in
procedure. After a withdrawal, these personal data will be deleted by the controller. Haavest GmbH automatically interprets an unsubscribe from the newsletter as a withdrawal.

7. Routine Deletion and Blocking of Personal Data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or as provided by the European Directive and Regulation legislator or another legislator in laws or regulations to which the controller is subject.

If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation legislator or another competent legislator expires, the personal data are routinely blocked or deleted in accordance with legal requirements.

8. Rights of the Data Subject

a) Right to Confrmation

Every data subject has the right granted by the European Directive and Regulation legislator to obtain confrmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confrmation, they may contact an employee of the controller at any time.

b) Right to Access

Every data subject affected by the processing of personal data has the right granted by the European Directive and Regulation legislator to obtain, at any time and free of charge, information from the controller about the personal data stored concerning them and to receive a copy of this information. Furthermore, the European Directive and Regulation legislator has granted the data subject the right to access the following information:

  • The purposes of processing
  • The categories of personal data being processed
  • The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly in the case of recipients in third countries or international organizations
  • If possible, the planned duration for which the personal data will be stored, or, if not possible, the criteria used to determine that duration
  • The existence of a right to rectifcation or erasure of personal data concerning them, or to restriction of processing by the controller, or the right to object to such processing
  • The existence of a right to lodge a complaint with a supervisory authority
  • If the personal data was not collected from the data subject: all available information about the source of the data
  • The existence of automated decision-making, including profling, pursuant to Article 22(1) and (4) of the GDPR, and, at least in such cases, meaningful information about the logic involved as well as the signifcance and intended consequences of such processing for the data subject

Furthermore, the data subject has the right to be informed whether personal data hasbeen transferred to a third country or an international organization. If this is the case, the data subject also has the right to be informed about the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right of access, they may contact an employee of the controller at any time.

c) Right to Rectifcation

Every data subject affected by the processing of personal data has the right granted by the European Directive and Regulation legislator to request the immediate rectifcation of incorrect personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of
processing.

If a data subject wishes to exercise this right to rectifcation, they may contact an employee of the controller at any time.

d) Right to Erasure (Right to Be Forgotten)

Every data subject affected by the processing of personal data has the right granted by the European Directive and Regulation legislator to request the controller to immediately erase personal data concerning them if one of the following reasons applies and processing is not necessary:

  • The personal data was collected or otherwise processed for purposes that are no longer necessary.
  • The data subject withdraws their consent on which the processing was based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for processing, or the data subject objects to processing pursuant to Article 21(2) GDPR.
  • The personal data was processed unlawfully.
  • The erasure of personal data is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data was collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.

If one of the above reasons applies and a data subject wishes to request the deletion of personal data stored by Haavest GmbH, they may contact an employee of the controller at any time. The employee of Haavest GmbH will arrange for the deletion request to be promptly fulflled.

If Haavest GmbH has made the personal data public and is obligated as the controller pursuant to Article 17(1) GDPR to delete the personal data, Haavest GmbH shall take reasonable measures, including technical measures, considering available technology and implementation costs, to inform other controllers processing the published personal data that the data subject has requested the deletion of all links to this
personal data or copies or replications of this personal data, provided that processing is not required. The employee of Haavest GmbH will take the necessary steps in individual cases.

e) Right to Restriction of Processing

Every data subject affected by the processing of personal data has the right granted by the European Directive and Regulation legislator to request the controller to restrict processing if one of the following conditions applies:

-The accuracy of the personal data is contested by the data subject, for a period allowing the controller to verify the accuracy of the personal data.
-The processing is unlawful, and the data subject opposes the deletion of the personal data and instead requests the restriction of their use.
-The controller no longer needs the personal data for processing purposes, but the data subject requires them for the establishment, exercise, or defense of legal claims.
-The data subject has objected to processing pursuant to Article 21(1) GDPR, and it has not yet been determined whether the legitimate interests of the controller override those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by Haavest GmbH, they may contact an employee of the controller at any time. The employee of Haavest GmbH will arrange for the restriction of processing.

f) Right to Data Portability

Every data subject affected by the processing of personal data has the right granted by the European Directive and Regulation legislator to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data
was provided, provided that processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

When exercising the right to data portability pursuant to Article 20(1) GDPR, the data subject also has the right to have personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.

To exercise the right to data portability, the data subject may contact an employee of Haavest GmbH at any time.

g) Right to Object

Every data subject affected by the processing of personal data has the right, granted by the European Directive and Regulation legislator, to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them, which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profling based on these provisions.

Haavest GmbH will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is for the establishment, exercise, or defense of legal claims.

If Haavest GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing. This also applies to profling insofar as it is related to such direct marketing. If the data subject objects to Haavest GmbH processing their data for direct marketing purposes, Haavest GmbH will no longer process the
personal data for these purposes.

Additionally, the data subject has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them for scientifc or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject may directly contact any employee of Haavest GmbH or another employee. The data subject is also free to exercise their right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical
specifcations.

h) Automated Individual Decision-Making, Including Profling

Every data subject affected by the processing of personal data has the right, granted by the European Directive and Regulation legislator, not to be subject to a decision based solely on automated processing, including profling, which produces legal effects concerning them or similarly signifcantly affects them, unless the decision (1) is necessary for entering into or the performance of a contract between the data
subject and the controller, or (2) is authorized by Union or Member State law to which the controller is subject and that law provides for suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, or (3) is based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into or performing a contract between the data subject and the controller, or (2) is based on the data subject’s explicit consent, Haavest GmbH shall implement suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, which includes at least the right to obtain human intervention from the controller, to express their point of view, and to
contest the decision.

If the data subject wishes to exercise rights related to automated decisions, they may contact an employee of the controller at any time.

i) Right to Withdraw Data Protection Consent

Every data subject affected by the processing of personal data has the right, granted by the European Directive and Regulation legislator, to withdraw their consent to the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they may contact an employee of the controller at any time.

9. Data Protection Provisions on the Use of Google AdSense

The data controller has integrated Google AdSense on this website. Google AdSense is an online service that enables the placement of advertisements on third-party websites. Google AdSense is based on an algorithm that selects advertisements displayed on third-party websites in a way that matches the content of the respective third-party website. Google AdSense allows for interest-based targeting of internet
users, which is implemented by generating individual user profles.

The operating company of the Google AdSense component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of the Google AdSense component is to integrate advertisements on our website. Google AdSense places a cookie on the data subject’s information technology system. What cookies are has already been explained above. By setting the cookie, Alphabet Inc. is enabled to analyze the use of our website. With each visit to an individual page of this website operated by the data controller and on which a Google
AdSense component is integrated, the internet browser on the data subject’s information technology system is automatically prompted by the respective Google AdSense component to transmit data to Alphabet Inc. for the purpose of online advertising and commission settlement. Through this technical process, Alphabet Inc. obtains knowledge of personal data, such as the data subject’s IP address, which serves, among other things, to trace the origin of visitors and clicks and subsequently facilitate commission settlements.

The data subject can prevent the setting of cookies by our website at any time, as described above, by confguring their internet browser accordingly and thereby permanently objecting to the setting of cookies. Such a confguration of the internet browser would also prevent Alphabet Inc. from setting a cookie on the data subject’s information technology system. Additionally, a cookie already set by Alphabet Inc. can
be deleted at any time via the internet browser or other software programs.

Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic embedded in websites to enable log fle recording and log fle analysis, thereby allowing statistical evaluations. Through the embedded tracking pixel, Alphabet Inc. can determine whether and when a website was accessed by a data subject and which links were clicked by the data subject. Tracking pixels serve, among other purposes, to
analyze visitor traffic on a website.

Through Google AdSense, personal data and information, including the IP address, which is necessary for recording and billing displayed advertisements, are transmitted to Alphabet Inc. in the United States of America. These personal data are stored and processed in the United States of America. Alphabet Inc. may share these personal data, collected through this technical process, with third parties.

Google AdSense is explained in more detail at the following link: https://www.google.com/adsense/start/.

10. Data Protection Provisions on the Use of Google Analytics (with Anonymization Function)

The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics involves the collection, gathering, and evaluation of data regarding the behavior of visitors to websites. A web analytics service collects, among other things, data on which website a data subject came from (so-called referrer), which subpages were accessed, how often, and for how long a subpage was viewed. Web analytics is mainly used to optimize a website and to conduct cost-beneft analyses of internet advertising.

The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The data controller uses the "_gat._anonymizeIp" extension for web analytics via Google Analytics. This extension ensures that the IP address of the data subject’s internet connection is shortened and anonymized by Google when access to our website occurs from a member state of the European Union or another contracting state of the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor traffic on our website. Google uses the collected data and information, among other things, to evaluate the use of our website, to compile online reports for us that display activities on our website, and to provide further services related to the use of our website.

Google Analytics places a cookie on the data subject’s information technology system. The nature of cookies has already been explained above. By placing the cookie, Google is enabled to analyze the use of our website. With each visit to an individual page of this website operated by the data controller and on which a Google Analytics component is integrated, the internet browser on the data subject’s information technology system is automatically prompted by the respective Google Analytics component to transmit
data to Google for the purpose of online analysis. Through this technical process, Google gains knowledge of personal data, such as the data subject’s IP address, which serves, among other things, to trace the origin of visitors and clicks and subsequently facilitate commission settlements.

The cookie stores personal information such as access time, location from which access originated, and the frequency of visits to our website by the data subject. With each visit to our website, these personal data, including the IP address of the data subject’s internet connection, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may share these personal data, collected through this technical process, with third parties.

The data subject can prevent the setting of cookies by our website at any time, as described above, by confguring their internet browser accordingly and thereby permanently objecting to the setting of cookies. Such a confguration of the internet browser would also prevent Google from placing a cookie on the data subject’s information technology system. Additionally, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option to object to and prevent the collection of data generated by Google Analytics related to the use of this website, as well as the processing of this data by Google. To do this, the data subject must download and install a browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information related to website visits may be transmitted to Google Analytics. Google interprets the installation of the browser add-on as an objection. If the data subject’s information technology system is later deleted, formatted, or reinstalled, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their control, it is possible to reinstall or reactivate the browser add-on.

Further information and Google’s applicable data protection policies can be accessed at https://www.google.com/intl/en/policies/privacy/ and https://www.google.com/analytics/terms/us.html. Google Analytics is further explained at the following link: https://www.google.com/analytics/.

11. Data Protection Provisions on the Use of Google Remarketing

The data controller has integrated Google Remarketing services on this website. Google Remarketing is a function of Google AdWords that enables a company to display advertisements to internet users who have previously visited the company’s website. The integration of Google Remarketing thus allows a company to create userspecifc advertising and show interest-based advertisements to internet users.

The operating company of Google Remarketing services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of Google Remarketing is to display interest-based advertising. Google Remarketing enables us to display advertisements through the Google advertising network or on other websites that are tailored to the individual needs and interests of internet users.

Google Remarketing places a cookie on the data subject’s information technology system. The concept of cookies has already been explained above. By setting the cookie, Google enables the recognition of visitors to our website when they subsequently access websites that are also members of the Google advertising
network. Each time an internet page containing a Google Remarketing service is accessed, the data subject’s internet browser automatically identifes itself to Google. Through this technical process, Google obtains knowledge of personal data, such as the data subject’s IP address or browsing behavior, which Google uses, among other things, to display interest-based advertising.

Through the use of cookies, personal information, such as the websites visited by the data subject, is stored. With each visit to our website, personal data, including the IP address of the data subject’s internet connection, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may share these personal data, collected through this
technical process, with third parties.

The data subject can prevent the setting of cookies by our website at any time, as described above, by confguring their internet browser accordingly and thereby permanently objecting to the setting of cookies. Such a confguration of the internet browser would also prevent Google from setting a cookie on the data subject’s information technology system. Additionally, a cookie already set by Google Remarketing can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do so, the data subject must access the following link from each internet browser they use and confgure the desired settings: https://www.google.com/settings/ads.

Further information and Google’s applicable data protection policies can be accessed at: https://www.google.com/intl/en/policies/privacy/.

12. Data Protection Provisions on the Use of Google AdWords

The data controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place ads both in Google’s search engine results and in the Google advertising network. Google AdWords enables an advertiser to defne specifc keywords in advance, which ensure that an ad is only displayed in Google’s search engine results when the user retrieves a search result relevant to those keywords. Within the Google advertising network, the ads are distributed on relevant websites using an automated algorithm that considers the predefned keywords.

The operating company of Google AdWords services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of Google AdWords is to promote our website by displaying interestbased advertising on third-party websites and in Google’s search engine results, as well as to display third-party advertisements on our website.

If a data subject accesses our website via a Google advertisement, Google places a socalled conversion cookie on the data subject’s information technology system. The nature of cookies has already been explained above. A conversion cookie expires after thirty days and is not used to identify the data subject. If the cookie has not yet expired, it allows tracking of whether specifc subpages, such as the shopping cart of
an online store system, have been accessed on our website. Through the conversion cookie, both we and Google can determine whether a data subject who reached our website via an AdWords advertisement has completed or abandoned a purchase.

The data and information collected through the use of the conversion cookie are used by Google to generate visit statistics for our website. These visit statistics are used by us to determine the total number of users referred to us via AdWords advertisements, to assess the success or failure of each AdWords advertisement, and to optimize our AdWords campaigns for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.

Through the use of the conversion cookie, personal information such as the websites visited by the data subject is stored. With each visit to our website, personal data, including the IP address of the data subject’s internet connection, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may share these personal data, collected
through this technical process, with third parties.

The data subject can prevent the setting of cookies by our website at any time, as described above, by confguring their internet browser accordingly and thereby permanently objecting to the setting of cookies. Such a confguration of the internet browser would also prevent Google from setting a conversion cookie on the data subject’s information technology system. Additionally, a cookie already set by Google AdWords can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do so, the data subject must access the following link from each internet browser they use and confgure the desired settings: https://www.google.com/settings/ads.

Further information and Google’s applicable data protection policies can be accessed at: https://www.google.com/intl/en/policies/privacy/.

13. Data Protection Provisions on the Use of LinkedIn

The data controller has integrated components of LinkedIn Corporation on this website. LinkedIn is an internet-based social network that allows users to connect with existing business contacts and establish new business relationships. More than 400 million registered users utilize LinkedIn across more than 200 countries. This makes LinkedIn the largest platform for business contacts and one of the most visited
websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For data protection matters outside the USA, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

Each time an individual page of our website equipped with a LinkedIn component (LinkedIn plug-in) is accessed, this component prompts the browser used by the data subject to download a corresponding display of the LinkedIn component. More information about LinkedIn plug-ins can be accessed at: https://developer.linkedin.com/plugins. Through this technical process, LinkedIn gains knowledge of which specifc subpage of our website the data subject has visited.

If the data subject is simultaneously logged into LinkedIn, LinkedIn recognizes each visit to our website by the data subject and, throughout their entire stay on our website, which specifc subpage of our website they have accessed. This information is collected by the LinkedIn component and assigned to the respective LinkedIn account of the data subject. If the data subject clicks on a LinkedIn button integrated into our
website, LinkedIn assigns this information to the data subject’s personal LinkedIn user account and stores this personal data.

LinkedIn receives information through the LinkedIn component whenever the data subject visits our website while being logged into LinkedIn. This happens regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, they can prevent the transmission by logging out of their LinkedIn account before visiting our website.

LinkedIn provides an option to unsubscribe from email messages, SMS messages, and targeted ads, as well as to manage ad preferences at: https://www.linkedin.com/psettings/guest-controls. Additionally, LinkedIn uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may set cookies. These cookies can be rejected at: https://www.linkedin.com/legal/cookie-policy.

LinkedIn’s applicable data protection policies can be accessed at: https://www.linkedin.com/legal/privacy-policy. The LinkedIn cookie policy is available at: https://www.linkedin.com/legal/cookie-policy.

14. Data Protection Provisions on the Use of LinkedIn Insight Tag

Our website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data Processing by LinkedIn Insight Tag

With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a visitor is registered with LinkedIn, we can analyze, among other things, professional details such as career level, company size, country, location, industry, and job title of our website visitors. This allows us to better tailor our website to specifc target groups. Additionally, LinkedIn Insight Tag helps us measure whether visitors to
our website make a purchase or perform another action (conversion tracking). Conversion tracking can also take place across devices (e.g., from a PC to a tablet).

LinkedIn Insight Tag also offers a retargeting function that enables us to display targeted advertisements to visitors of our website outside of our website. According to LinkedIn, there is no direct identifcation of the ad recipient.

LinkedIn itself collects log fles, which include data such as URL, referrer URL, IP address, device and browser characteristics, and the time of access. The IP addresses are shortened or hashed (pseudonymized) if they are used to reach LinkedIn members across devices. The direct identifers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is deleted within 180 days.

As website operators, we cannot attribute the data collected by LinkedIn to specifc individuals. LinkedIn will store the collected personal data of website visitors on its servers in the United States and use them for its own advertising purposes. More details can be found in LinkedIn’s privacy policy
at: https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal Basis

The use of LinkedIn Insight Tag is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in effective advertising measures that include social media. If explicit consent has been requested (e.g., consent to store cookies), processing is based exclusively on Article 6(1)(a) of the GDPR, and consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eusccs.

Objection to the Use of LinkedIn Insight Tag

You can object to the analysis of user behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargetingopt-out.

Additionally, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

Data Processing Agreement

We have concluded a data processing agreement (DPA) with the provider mentioned above. This is a legally required contract that ensures LinkedIn processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

15. Data Protection Provisions on the Use of Matomo

The data controller has integrated the Matomo component on this website. Matomo is an open-source software tool for web analytics. Web analytics involves the collection, gathering, and evaluation of data regarding the behavior of visitors to websites. A web analytics tool collects, among other things, data on which website a data subject came from (so-called referrer), which subpages were accessed, how often, and for how long a subpage was viewed. Web analytics is mainly used to optimize a website and to
conduct cost-beneft analyses of online advertising.

The software is operated on the server of the data controller, and the privacysensitive log fles are stored exclusively on this server.

The purpose of the Matomo component is to analyze visitor fows on our website. The data controller uses the collected data and information to evaluate the use of this website and to compile online reports that illustrate activities on our website.

Matomo places a cookie on the data subject’s information technology system. The nature of cookies has already been explained above. By placing the cookie, we are enabled to analyze the use of our website. With each visit to an individual page of this website, the internet browser on the data subject’s information technology system is automatically prompted by the Matomo component to transmit data to our server for
online analysis. Through this technical process, we obtain knowledge of personal data, such as the data subject’s IP address, which allows us to trace the origin of visitors and clicks.

The cookie stores personal information, such as the time of access, the location from which access originated, and the frequency of visits to our website. With each visit to our website, these personal data, including the IP address of the data subject’s internet connection, are transmitted to our server. These personal data are stored by us. We do not share these personal data with third parties.

The data subject can prevent the setting of cookies by our website at any time, as described above, by confguring their internet browser accordingly and thereby permanently objecting to the setting of cookies. Such a confguration of the internet browser would also prevent Matomo from placing a cookie on the data subject’s information technology system. Additionally, a cookie already set by Matomo can be deleted at any time via an internet browser or other software programs.

Furthermore, the data subject has the option to object to the collection of data generated by Matomo and related to the use of this website, as well as to prevent such data collection. To do so, the data subject must enable the "Do Not Track" setting in their browser.

However, enabling the opt-out cookie may result in the data controller’s website no longer being fully usable for the data subject.

Further information and Matomo’s applicable data protection policies can be accessed at: https://matomo.org/privacy/.

16. Legal Basis for Processing

Article 6(1)(a) of the GDPR serves as the legal basis for processing operations where we obtain consent for a specifc processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, such as processing operations required for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6(1)(b) of the
GDPR. The same applies to processing operations required for carrying out precontractual measures, such as inquiries regarding our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as for fulflling tax obligations, the processing is based on Article 6(1)(c) of the GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured at our facility and their name, age, health insurance data, or other essential information had to be disclosed to a doctor, hospital, or other third party. In this case, the processing would be based on Article 6(1)(d) of the
GDPR.

Finally, processing operations could be based on Article 6(1)(f) of the GDPR. This legal basis applies to processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary for the legitimate interests of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override those interests. Such processing
operations are particularly permitted because they have been specifcally mentioned by the European legislator. The legislator considered that a legitimate interest could existm if the data subject is a customer of the controller (Recital 47, Sentence 2 of the GDPR).

17. Legitimate Interests in Processing Pursued by the Controller or a Third Party

If the processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is the conduct of our business activities for the beneft of the wellbeing of all our employees and shareholders.

18. Duration for Which Personal Data is Stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of this period, the relevant data is routinely deleted, provided that it is no longer required for contract fulfllment or contract initiation.

19. Legal or Contractual Requirements for the Provision of Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Non-Provision

We inform you that the provision of personal data is partially required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., details about the contracting party).

In some cases, it may be necessary for a data subject to provide us with personal data to conclude a contract, which we subsequently need to process. For example, the data subject is obligated to provide us with personal data if our company enters into a contract with them. The non-provision of personal data would mean that the contract with the data subject could not be concluded.

Before providing personal data, the data subject must contact one of our employees. The employee will clarify on a case-by-case basis whether the provision of personal data is legally or contractually required, necessary for contract conclusion, whether there is an obligation to provide the personal data, and what the consequences of nonprovision would be.

20. Existence of Automated Decision-Making

As a responsible company, we refrain from using automated decision-making or profling.

This privacy policy was developed by the LegalTech specialists at Willing & Able, who also created the system for GDPR process directories. The texts of the privacy policy generator were written and published by Professor Dr. h.c. Heiko Jonny Maniero and Attorney Christian Solmecke.