Menu
BRAND. For lab. For life.®

Data privacy statement

We thank you for visiting our website and for your interest in our company and our products.

As the operator of this website, we take the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with the statutory data protection regulations and this data privacy statement.

When you visit this website, various personal data is collected. Personal data is data that can be used to identify you personally. This data privacy statement explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

 

1. Who we are and how you can contact us

2. General information

3. Information on the transfer of personal data to third countries

4. Which of your data is processed when you visit our website

5. Your rights

6. Changes to our data privacy statement

1. Who we are and how you can contact us

Provider and responsible office as defined in the Data Protection Act

BRAND GMBH + CO. KG

Otto-Schott- Strasse 25

97877 Wertheim, Germany 

Phone: +49 9342 808-0
Fax: +49 9342 808-98000
www.brand.de

 

Please send general inquiries about data protection, such as the enforcement of data subject rights, to the following email address, which will redirect your inquiry to the data protection officer and our data protection team:

privacy@brand.de

Confidential data protection inquiries can be sent to our data protection officer by telephone, regular mail, or email:

 

Ronald Baranowski

SIX DATENSCHUTZ GmbH

Kasseler Str. 30
61118 Bad Vilbel, Germany
Phone: +49 6101 982 9422
rb@six-datenschutz.de (for confidential inquiries)

2. General information

2.1 Area of applicability:

This data privacy statement applies to the following offers:

  • our website, available in particular at https://shop.brand.de and www.brand.de
  • whenever reference is made to this data privacy statement from one of our offers (e.g. websites, subdomains, mobile applications, web services, or integrations into third-party sites), regardless of how you access or use it.

All of these offers are also referred to collectively as “services”.

2.2 Integration of third-party services and content

Our website sometimes includes content and services from other providers. In order for this data to be accessed and displayed in the user’s browser, the transmission of the IP address is mandatory. The providers (hereinafter referred to as “third-party providers”) therefore perceive the IP address of the respective user.

Even if we endeavor to only use third-party providers who only need the IP address to be able to deliver content, we have no influence on whether the IP address may be stored for statistical purposes, among other things. Insofar as we are aware that the IP address is being stored, we will inform our users of this.

2.3 Transfer of data to third parties

Your data will not be transferred to unauthorized third parties. Insofar as external service providers receive your personal data, we have ensured that they implement appropriate technical and organizational measures and that they comply with the applicable data protection regulations and laws.

 

2.4 Data economy

We store personal data in accordance with the principles of data avoidance and data minimization and only for as long as is necessary or prescribed by law (statutory retention period). If the purpose of the data collected no longer applies or the storage period ends, we block or delete the data.

3. Information on the transfer of personal data to third countries

If we transfer data to third countries, i.e. countries outside the European Union, the transfer takes place exclusively in compliance with the legally regulated admissibility requirements.

If the transfer of data to a third country does not serve to fulfill our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defense of legal claims and no other exception under Art. 49 of the General Data Protection Regulation (GDPR) applies, we will only transfer your data to a third country if an adequacy decision pursuant to Art. 45 GDPR or suitable guarantees pursuant to Art. 46 GDPR exist.

An adequate level of data protection in the USA was last stated by the adequacy decision “Data Privacy Framework (DPF)” adopted in July 2023. US companies must be certified in order to be listed in it. You can find the adequacy decision here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Alternatively or additionally, the EU standard data protection clauses issued by the European Commission create suitable guarantees with the recipient body in accordance with Art. 46 para. 2(c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available on the European Commission’s website, available here.

We have agreed EU standard data protection clauses with providers in third countries and in some cases data processing on servers in Germany and the EU. Timely deletion of data reduces the risk of unauthorized access.

 

4. Which of your data is processed when you visit our website

In the following, we inform you for what purpose, in what way, and to what extent your personal data may be processed when you visit our website.

4.1 Collection of personal data when you visit our website

If you use the website purely for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis for this is Art. 6 para. 1 sentence 1(f) GDPR, legitimate interest):

the IP address, host name, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request originates (referrer), the specific pages of our website that you have accessed, browser: type, version, and set language, operating system: type and version

If JavaScript is activated, also the screen resolution, color depth, size of the browser window, installed browser plugins

 

4.2 Cookies

This website uses “cookies”. These are text files that are stored on your computer by the server. They may contain information about the browser, IP address, operating system, and internet connection. We do not pass this data on to third parties or link it to personal data without your consent.

Cookies fulfill two main tasks. They help us to make it easier for you to navigate through our website and enable the website to be displayed correctly. They are not used to introduce viruses or launch programs.

Users have the option of accessing our website without cookies. To do this, the corresponding settings must be changed in the browser. Please use the help function of your browser to find out how to deactivate cookies. However, we would like to point out that this may impair some of the functions of this website and limit the ease of use.

The websites www.aboutads.info/choices/ (USA) and www.youronlinechoices.com/uk/your-ad-choices/ (Europe) allow you to manage interest-based advertising.

 

4.2.1 Use of essential cookies

Essential cookies do not require your consent and are processed by us in accordance with Art. 6 para. 1(f) GDPR. Our legitimate interest here is the smooth and optimal use and presentation of our website.

4.2.2 Consent to cookies / consent required for the use of services by third-party providers

On our website, we use the cookie consent tool “Cookiebot” from Usercentrics A/S, Danneskiold-Samsøes Allé 41, 1434 Copenhagen, Denmark. The purpose of this processing is to obtain your consent for the technically unnecessary cookies used on our website and to document them in accordance with applicable data protection regulations and laws.

When you visit our website, a cookie is stored in your browser in which the consents you have given or the revocation of these consents are documented.

The legal basis for this data processing is Art. 6 para. 1(c) GDPR – legal obligation, which consists in the fact that consent must be obtained for technically unnecessary cookies before they are used in accordance with the ECJ ruling of October 1, 2019, AZ C-673/17.

The data collected will be stored until you ask us to delete it or delete the cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Further details on data processing by the provider can be found here.

 

4.2.3 Google Analytics web analytics service

We only use the Google Analytics service, a web analysis service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (belonging to Google Inc., headquartered at 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA, “Google”), once you have given your consent.

Google Analytics uses “cookies”. These are text files that are stored on your computer and enable your use of the website to be analyzed.

The information generated by the cookie about your use of this website, such as the browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), and time of the server request, is usually transmitted to a Google server in the USA and stored there.

 

However, we only use Google Analytics if IP anonymization is activated, i.e. your IP address will be previously abbreviated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide us with other services relating to website and internet use.

 

The IP address transmitted by your browser within the context of Google Analytics is not merged with other Google data.

 

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this, you might not be able to use the full functionality of this website.

 

This analysis tool is used on the basis of Art. 6 para. 1(f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior, in order to optimize its web content and its advertising.

 

If a corresponding consent has been requested (e.g. consent to store cookies), processing takes place on the basis of Art. 6 para. 1(a) GDPR; consent can be revoked at any time.

 

The data will be deleted as soon as it is no longer needed for our recording purposes. This is the case after 7 days.

For more information about Google’s terms of use and privacy, please visit

https://marketingplatform.google.com/about/analytics/terms/de/ or https://policies.google.com/?hl=de&gl=de.

 

Google Analytics Version 4.0
We also use Google Analytics Version 4.0 from Google Ireland Ltd (see above). In doing so, Google processes personal user data insofar as you have not previously objected to this use in your Google account. In this case, Google creates user profiles based on various data, including that of Google Signals, which collects and analyzes cross-device tracking data. Google can use this information to evaluate, for example, whether users first came across our website and how this was done – for example via an advertisement – or whether further interactions followed after the website visit – e.g. the installation of an app or purchases. We only receive statistical, anonymized information from Google in order to optimize our websites and our offer.
You can find more information about Google’s data protection here: https://policies.google.com/privacy?hl=de&gl=de

 

4.2.4 Google Marketing Platform (formerly DoubleClick by Google)/Campaign Manager

This website uses the online marketing tool Campaign Manager from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (part of Google Inc., headquartered at 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA, “Google”).

Campaign Manager uses cookies to display ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Campaign Manager can use cookie IDs to record “conversions” that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser’s website with the same browser and makes a purchase there. According to Google, Campaign Manager cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating Campaign Manager, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. Insofar as you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and store it.

The processing is carried out with your consent in accordance with Art. 6 para. 1(a) GDPR. You can revoke your consent at any time in the cookie settings.

In addition, you can prevent participation in this tracking process in various ways:

  • by setting your browser software accordingly; in particular, suppressing third-party cookies will result in you not receiving ads from third-party providers;
  • by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain googleadservices.com, www.google.de/settings/ads, whereby this setting is deleted when you delete your cookies;
  • by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via the link www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies;
  • by permanently deactivating them in your Firefox, Internet Explorer, or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin,
  • using the appropriate cookie setting. We would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

In addition, you can prevent Google from collecting the data generated by the cookies about your use of the websites and the processing of this data by Google by downloading and installing the browser plug-in available at https://support.google.com/adsense/answer/142293?hl=de under “Display settings”, “Campaign Manager deactivation extension”.

 

The data sent by us and linked to cookies is automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.

Further information on the Google Marketing Platform can be found at https://marketingplatform.google.com/about and on data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at www.networkadvertising.org.

 

4.2.5 Google Ads

Google Ads is an internet advertising service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (part of Google Inc., headquartered at 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA, “Google”).

This service allows advertisers to place ads both in Google’s search engine results and in the Google advertising network. Google Ads enables an advertiser to define certain keywords in advance, by means of which an ad is only displayed in Google’s search engine results if the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed on topic-relevant websites using an automatic algorithm and taking into account the previously defined keywords.

The purpose of Google Ads is to promote our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine and by displaying third-party advertising on our website.

If a data subject reaches our website via a Google ad, a “conversion cookie” is stored on the data subject’s IT system by Google. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. Insofar as the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, such as the shopping cart from an online store system, have been accessed on our website.

The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via Ads ads and to optimize our Ads ads for the future. Neither our company nor other Google Ads advertisers receive information from Google that could be used to identify the data subject.

The conversion cookie is used to store personal information, such as the websites visited by the data subject. Each time you visit our website, personal data, including the IP address of the Internet connection used by the data subject, is thus transmitted to Google in the United States of America and may be stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the internet browser used, and may thus permanently deny the setting of cookies.

Furthermore, the data subject has the option of objecting to interest-based advertising by Google. To do this, the data subject must access the link www.google.de/settings/ads from each of the internet browsers they use and make the desired settings there. Further information and the applicable data protection provisions of Google may be accessed at www.google.de/intl/de/policies/privacy/.

 

4.2.6 Google Tag Manager

This website uses the Google Tag Manager of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (part of Google Inc., headquartered at 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA, “Google”).

Google Tag Manager provides a technical platform to run and bundle other web services and web tracking programs using “tags”. In this context, Google Tag Manager stores cookies on your computer and analyzes your surfing behavior (“tracking”) if web tracking tools are executed by Google Tag Manager.

This data sent by individual tags integrated in Google Tag Manager is combined, stored and processed by Google Tag Manager under a uniform user interface. All embedded tags are listed separately in this privacy statement.

When using our website with activated integration of Google Tag Manager tags, data such as your IP address and your user activities are transferred to servers of Google Ireland Ltd. and processed and stored outside the European Union, e.g. in the USA.

On our behalf, Google will use this information to evaluate your visit to the website, to compile reports on website activity and to provide us with other services relating to website and internet use.

The IP address transmitted by your browser within the context of Google Tag Manager is not merged with other Google Ireland Ltd. data.

The data is stored and analyzed on the basis of Art. 6 para. 1(a) GDPR (consent), either within the scope of registration with Google (opening a Google account and acceptance of the data privacy statement implemented there) or, if you have not registered with Google, by explicit consent when opening our site. Your consent can be revoked at any time in the cookie settings.

 

4.2.7 hCaptcha

We use hCaptcha (hereinafter referred to as “hCaptcha”) on our websites. The provider is Intuition Machines, Inc, 350 Alabama St, San Francisco, CA 94110, USA (hereinafter referred to as “IMI”).

The purpose of hCaptcha is to check whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated program. To do so, hCaptcha analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website.

For the analysis, hCaptcha evaluates various information (e.g. IP address, time spent on the website by the website visitor, or mouse movements made by the user). The data collected during the analysis is forwarded to IMI.

The hCaptcha analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

Data is processed with your consent on the basis of Art. 6 para. 1(a) GDPR. Moreover, the website operator has a legitimate interest in protecting its web content against improper automated spying and spam.

Further information about hCaptcha and how it handles your data can be found here.

 

4.2.8 Content delivery network

We use a “content delivery network” (or “CDN”) for some of our offers in order to reduce loading times. With this service, content, e.g. large media files, is delivered via regionally distributed servers of external CDN service providers. For this purpose, access data (e.g. IP address, date and time of access) is processed on the servers of the service providers. The retention period is determined by the respective service provider, over which we have no influence.

This service is provided by the following service providers:

When using these services, personal data may be transmitted to servers that are not located in the EU, e.g. in the USA. This is done in accordance with item 3 of this data privacy statement.

If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this data privacy statement.

 

4.2.9 Microsoft Advertising (formerly Bing Ads)

Microsoft Advertising (formerly Bing Ads) is a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland and associated companies.

The purposes of processing include: viewing time analysis, display of personalized advertising, measurement of advertising success, billing of advertising. Bing Ads processes the IP address, as the search history, and the click path. This processing takes place with your consent in accordance with Art. 6 para. 1(a) GDPR. It is also possible to prevent processing: opt-out.

Data may be transferred to the following countries: Australia, Austria, Brazil, Canada, Chile, Finland, France, Germany, Hong Kong (PR China), India, Ireland, Japan, South Korea, Luxembourg, Malaysia, Netherlands, Singapore, South Africa, United Kingdom, and other countries. Please refer to item 1.4 of this data privacy statement for information on transfers to third countries.

Further information about this service and the protection of your data can be found here: https://privacy.microsoft.com/de-de/privacystatement

 

4.2.10 YouTube

This website contains plugins from YouTube of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (part of Google Inc., headquartered at 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA, “Google”).

When you start an embedded YouTube video on our website, a connection to the YouTube servers is established. YouTube is informed which website you have visited. If you have your own YouTube account and are already logged into it, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this assignment by logging out of your account beforehand.

If you wish, you can use the “YouTube button” or the share function. This requires you to log in to YouTube. Logging in will result in the provider’s service being activated.

Processing takes place on the basis of your consent (Art. 6 para. 1(a) GDPR). If you have given your consent, you can revoke it for the future at any time in the cookie settings.

The embedded use of YouTube causes other services to be loaded; we cannot prevent this and we do not actively use these services ourselves.

These services include:

  • Google Fonts
    For the graphically uniform display of fonts within the YouTube application, Google uses Google Fonts, in which fonts are loaded dynamically. Technical data (e.g. IP address, browser type, etc.) may be processed by the service provider. The above service is used automatically by YouTube. Consent to the processing of your data by YouTube also extends to processing by Google Fonts.
  • DoubleClick
    For details, see section Google Marketing Plattform (vormals DoubleClick by Google)/Campaign Manager
  • Google Photos
    Supporting service for YouTube for image display
  • Google APIs
    Supporting service for Google to provide the programming interface
  • Google Video
    Supporting service for YouTube for video display
  • YouTube Images
    Supporting service for YouTube for image display

4.2.11 Web analysis by Mouseflow

Our website uses the services of the company Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, phone: +49 32221090227, email: hi@mouseflow.com.

Mouseflow is a web analysis tool that is used to analyze user behavior on a website and to derive and make improvements to this website using the data listed below and the evaluations on “heat maps”. Visits are only recorded with an anonymized IP address. In this context, Mouseflow stores cookies on your computer with which the following information is collected:

Clicks, mouse movements, hovering, scrolling, browser, device (desktop/tablet/mobile), language, operating system, screen resolution, visit duration, navigation (URLs), page content (HTML), ISP & location (city, state/region, country), keyboard entries (only for non-EU/EEA data subjects in non-EU/EEA accounts and never for passwords, numbers, or excluded fields), referrer URL, visitor type (first-time visitor/returning visitor), individual tags or variables, responses in the feedback tool

The Mouseflow cookies with the above data are stored for 2 months and then deleted.

The legal basis for the processing of personal data is Art. 6 para. 1(a) GDPR (consent), which you can give us when you access the website.

You can also deactivate cookies in your browser. Mouseflow also offers this via its website at https://mouseflow.de/opt-out an.

Further information on data protection at Mouseflow can be found at

https://mouseflow.com/legal/gdpr/

 

4.2.12 Social media

We maintain publicly accessible profiles in social networks, to which we provide links on our website.

As a rule, social networks comprehensively analyze your user behavior when you visit their websites. Visiting social media sites therefore triggers a number of data protection-related processing operations over which we have no influence.

If you are logged into your social media account and visit a social media platform, the operator of the social network can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social network. In this case, data is collected, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data thus collected, the operators of the social networks can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you within and outside the respective social networks. Insofar as you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we cannot track all of the social networks’ processing operations. Depending on the provider, further processing operations may therefore be carried out. For details, please refer to the terms of use and privacy policy of the respective social network (see below). Please note that when using the following services, personal data may be transferred outside the European Union. Further information can be found under item 3 of this data privacy statement.

 

The specific social networks:

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). 

According to Facebook, the data collected is also transmitted to the USA and other third countries and stored on Facebook servers in the USA or other third countries. We have concluded an agreement with Facebook on joint processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link:

www.facebook.com/legal/terms/page_controller_addendum

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in:

www.facebook.com/settings

For details, please refer to Facebook’s data privacy statement:

www.facebook.com/about/privacy/

 

Instagram

We have a profile on Instagram. The provider is 

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Instagram”). 

For details on how they handle your personal data, please refer to Instagram’s data privacy statement:

help.instagram.com/519522125107875

 

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin4, Ireland (“YouTube”). 

For details on how they handle your personal data, please refer to YouTube’s data privacy statement:

policies.google.com/privacy

 

TikTok

TikTok is a web messaging service provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, referred to here as “TikTok”. We use TikTok as a platform to interact with our customers and present our products.

In order to publish videos yourself and view those of others, it is necessary that the user has downloaded the app (mobile or PC) and registered. Users agree to the terms of use and privacy policy of TikTok. The following data is processed:

  • Content from audio and video chats
  • All installed and deleted apps
  • Location (via GPS); depending on the app version, a query is made every 30 seconds
  • IP addresses and names of network connections
  • MAC addresses of routers and smartphones
  • Information on whether your device is rooted (you have all access rights) or jailbroken (you can download unauthorized apps)
  • Clipboard (for iPhone)

TikTok processes this data for various purposes, e.g. to provide its services, to notify users about changes to the services, to provide support if required and to enable users to share content with other users.

The data is stored for as long as it is necessary to provide the service to users and to fulfill contractual obligations. For information on the retention period, please refer to TikTok’s data privacy statement: https://www.tiktok.com/legal/privacy-policy-eea?lang=de.

TikTok processes your data on the basis of your consent, which you gave when loading the app (Art. 6 para. 1(a) GDPR), as well as a contract that you entered into with TikTok to use the app (Art. 6 para. 1(b) GDPR).

TikTok offers its users the opportunity to control and manage their own user data via the settings options. Automated information services are also offered to provide you with information about how your data is processed. Within the scope of the legal requirements, you have the right to have your data deleted and corrected and can object to the use of your data or have the processing restricted. You also have the right to revoke your declared consent at any time.

We would like to point out that your data may be transferred to third-party providers that are not located in the European Union (e.g. cloud providers). Data is also transmitted to business partners, other companies in the TikTok Group (e.g. in the USA), providers of moderation services, providers of measurement services, advertisers, and analysis providers.

Further information can be found in TikTok’s terms of use:

https://www.tiktok.com/legal/terms-of-use?lang=de

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland)

For details on how they handle your personal data, please refer to LinkedIn’s data privacy statement:

 https://www.linkedin.com/legal/privacy-policy

Xing and Kununu

We have a profile on Xing. The provider is New Work SE (Am Strandkai 1, 20457 Hamburg, Germany). For details on how they handle your personal data, please refer to Xing’s data privacy statement:

https://privacy.xing.com/de/datenschutzerklaerung

 

4.2.13 Use of the live chat function
This website uses Userlike, a live chat software from the company Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne ("Userlike"). Userlike uses "cookies", text files that are stored on your computer and that enable a personal conversation with you in the form of a real-time chat on the website. The data collected is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym. Please address your rights (to information, correction, deletion and export) under the GDPR to the operator of this website.
For further information, please refer to Userlike's privacy policy at www.userlike.com/de/terms

4.3 Which of your data we process when you interact with us

4.3.1 Contact form

On our website, we offer you the option of contacting us via the online form or by email. In this case, the information you provide will be stored for the purpose of processing the contact. The disclosure of your data is completely voluntary.

The data you provide will be processed exclusively on the basis of your consent (Art. 6 para. 1(a) GDPR) or if you wish to conclude a contract with us or have any questions in this regard (Art. 6 para. 1(b) GDPR). You can revoke your consent at any time for the future. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data will not be passed on to unauthorized third parties. The data collected in this way is also not compared with data that may be collected by other components of our website. As far as technically possible and reasonable, the services offered can also be used without providing this data or by providing anonymized data or a pseudonym.

Your data will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

 

4.3.2 Newsletter

If you register for our newsletter, we will use the data you enter exclusively for this purpose or to inform you of circumstances relevant to this service or registration. We do not pass this data on to unauthorized third parties.

A valid email address is required in order to receive the newsletter. We also store the IP address you use to register for the newsletter and the date on which you order the newsletter. This data serves as proof in the event of misuse if a third-party email address is registered for the newsletter. In addition, to ensure that an email address is not misused by third parties in our mailing list, we work with the “double opt-in” procedure in accordance with legal requirements. As part of this process, the newsletter order, the sending of the confirmation email, and the receipt of the registration confirmation are recorded. The legal basis for this is your consent in accordance with Art. 6 para. 1(a) GDPR.

You have the option to revoke your consent to the storage of your data, your email address, and its use for sending the newsletter at any time. We provide you with a link to revoke your consent in every newsletter and on the website. You also have the option of informing us of your wish to withdraw your consent via the contact options listed in this document.

We use CleverReach for sending out our newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. With this service, we can organize and analyze our newsletter mailing process. The data submitted in connection with the newsletter, such as your email address, is stored on CleverReach’s servers. The servers are located in Germany and Ireland.

Mailing our newsletters with CleverReach allows us to analyze the behavior of newsletter recipients. We can analyze, among other things, how many recipients have opened the newsletter message and how frequently links were clicked on in the newsletter. With the aid of “conversion tracking,” we can see whether a previously defined action was performed after clicking a link in the newsletter. Further details about data analysis by CleverReach can be found at: https://www.cleverreach.com/de-de/push-magazin/newsletter-reporting-und-tracking/

Data is processed on the basis of your consent (Art. 6 para. 1(a) GDPR). You can revoke your consent at any time. If you do not want your behavior analyzed by CleverReach, you must unsubscribe from the newsletter.

Details about the privacy policy of CleverReach can be found at: https://www.cleverreach.com/de/datenschutz/

 

4.3.3 Online shopping

In the following, we will describe how your personal data is processed in our online shop in connection with a customer relationship existing between you and us.

For the registration as a customer and the processing of your order (disposition, dispatch, payment) we need your personal data, address data, company name, contact data and payment data.

We process your payment data for the processing of payments within the scope of orders in the online shop. Your order data is required for the processing of your order. This data is processed in accordance with Art. 6 para. 1(b) GDPR (fulfillment of contract, pre-contractual measure).

Notes on data processing by third parties in the processing of payments:
 

Credit card payment:

Payments by credit card are processed by BS PAYONE GmbH, Lyoner Strasse 9, 60528 Frankfurt am Main, Germany. The following personal data is processed by BS PAYONE GmbH:
-    First and last name
-    Contact details such as address
-    The purchase price
-    Order data
-    Financial data such as account information, credit card details

BS PAYONE GmbH is certified according to the Payment Card Industry Data Security Standard (PCI DSS) and is approved and supervised by the Federal Financial Supervisory Authority, Graurheindorfer Strasse 108 in 53117 Bonn, Germany, as an e-money institution.

 

Tax-relevant data is subject to a retention period of 10 years (counting from the beginning of the year following the year of the respective data processing). Provided that other statutory retention periods do not conflict with this, the data will be deleted in accordance with data protection regulations at the end of the retention period.

We use your contact and address data for the transmission of advertising for our own offers that are in line with your interests. We process this data in accordance with Art. 6 para. 1(f) GDPR, to maintain customer relations and to market our services.
This data is subject to a retention period of 10 years; unless other legal retention periods prevent this, the data will be deleted after the retention period has expired in accordance with data protection regulations.

 

4.3.4 Data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of handling the application process and for the decision on the establishment of an employment relationship. This is carried out on the basis of Art. 88 para. 1 GDPR in conjunction with Section 26 of the Federal Data Protection Act (BDSG) and Art. 6 para. 1(b) GDPR – pre-contractual measures. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by email or via a web form on the website. Your data will only be forwarded to the relevant departments responsible for the application process.

If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

If the controller does not conclude an employment contract with the applicant, the application documents will be stored for the duration of the application process and for a further six months and then deleted, insofar as deletion does not conflict with any contractual, legal, or other legitimate interests of the controller. Other legitimate interest in this sense might include, for example, a burden of proof in defense in proceedings under the General Equal Treatment Act (AGG).

The office responsible for all data arising in connection with the application process is BRAND INTERNATIONAL GMBH (BRAND INTERNATIONAL). BRAND INTERNATIONAL carries out all tasks for BRAND GMBH + CO KG, VACUUBRAND GMBH + CO KG and VITLAB GmbH which concern the services of a personnel department (e.g. personnel recruitment, personnel development and personnel administration).

5. Your rights

Information, blocking, deletion, and correction

Within the limits of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to rectify, block or delete this data. You can contact us or our data protection officer at any time at the address given in the legal notice if you have further questions on the subject of personal data.

 

Revoking your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time with effect for the future. All you need to do is send us an informal message by email. The legality of data processing that has already been carried out remains unaffected.

Right to object to data collection and direct advertising (Art. 21 GDPR)

If data processing is based on Art. 6 para. 1(a) or (f) GDPR (consent or legitimate interest), you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data privacy statement. If you file an objection, we will no longer process your personal data unless we can prove compelling reasons that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection according to Art. 21 para. 1 GDPR).

If you are a customer of ours, your data may also be used for direct advertising if it concerns the same or similar topics in connection with the services commissioned by you. If your personal data is processed for the purpose of direct advertising, you have the right at any time to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is in connection with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection according to Art. 21 para. 2 GDPR).

 

Right of complaint to the competent supervisory authority

In the event of infringements of the GDPR, those involved have the right to appeal to a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place where the suspected infringement was committed. The right of appeal is without prejudice to other administrative or judicial remedies.

The supervisory authority responsible for us is:

Der Landesbeauftragte für den Datenschutz und
die Informationsfreiheit Baden-Württemberg
Lautenschlagerstrasse 20
70173 Stuttgart
Phone: +49 711 / 61 55 41 0
Email: poststelle@lfdi.bwl.de

 

Right to data portability

You have the right to have data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only take place if this is technically feasible.

 

Right to limitation of processing

You have the right to request limited processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to limitation of processing exists in the following cases:

If you dispute the correctness of your personal data stored by us, we normally need time to review this. For the duration of the review process, you have the right to request limited processing of your personal data.

If your personal data was/is being processed unlawfully, you can request limited processing of your data instead of having the data deleted.

When we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request limited processing of your personal data instead of having the data deleted.

If you file an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request limited processing of your personal data.

When the processing of your personal data is limited, this data – apart from its storage – may only be processed with your consent, or in order to assert, exercise or defend legal claims, or to protect the rights of another natural person or legal entity, or for reasons of substantial public interest of the European Union or a member state.

 

6. Changes to our data privacy statement

We reserve the right to make changes at any time to ensure that our data privacy statements always comply with the current legal requirements. This also applies in the event that the data privacy statement has to be adapted due to new or revised services, for example new services. The new data privacy statements will then apply the next time you visit our website. This data privacy statement is valid as of May 2024.