Privacy policy

Thank you for visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point about your personal data that we collect when you visit our website and for what purposes it is used.

This privacy statement applies to the Sprick GmbH internet offer which can be accessed under the www.papier-sprick.de domain and the various subdomains (“our website”).

Who is responsible and how do I contact you?

Responsible person

for processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

Sprick GmbH
Hanfstr. 23
33607 Bielefeld
Germany

gruetzner@datenschutzbeauftragter.ruhr

Data Protection Officer

arbeitgeber ruhr GmbH
Königsallee 67
44789 Bochum
Germany
Dirk Grützner
gruetzner@datenschutzbeauftragter.ruhr

What is at issue?

This privacy statement meets statutory requirements for transparency in the processing of personal data. Personal data is any information relating to an identified or identifiable natural person. For example, this includes information such as your name, your age, your address, your telephone number, your date of birth, your email address, your IP address or user behaviour when visiting a website. Information through which we cannot (or only through a disproportionate effort) establish a relationship to you personally (e.g. through anonymisation) is not personal data. Processing of personal data (e.g. collection, querying, use, storage or transmission) requires a legal basis and a defined purpose in every case.

Stored personal data is deleted as soon as the purpose of processing has been achieved and there are no legal reasons for further retention of the data. We shall inform you about specific storage periods and criteria for storage in individual processing operations. Regardless of this, we store your personal data in individual cases to assert, exercise or defend legal claims and if statutory retention obligations exist.

Who receives my data?

We only forward your personal data that we process on our website to third parties if this is necessary to fulfil particular purposes and, in an individual case, is covered by a legal basis (e.g. consent or protection of legitimate interests). In addition, we forward personal data to third parties in individual cases if this serves to assert, exercise or defend legal claims. Examples of possible recipients in this case may be law enforcement authorities, lawyers or solicitors, auditors, courts, etc.

Insofar as we use service providers to operate our website, and these process personal data on our behalf in accordance with Article 28 of the GDPR, these service providers may be recipients of your personal data. Further information on the use of processors and web services can be found in the overview of individual processing operations.

Do you use cookies?

Cookies are small text files that we transmit to the browser of your device and are stored there when you visit our website. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be provided without the use of cookies or local storage (technically necessary cookies). However, other cookies enable us to realise various analyses so that, for example, we can recognise the browser you are using when you visit our website again and transmit various information to us (non-essential cookies). Among other things, cookies help us to make our Internet offer more user-friendly and effective for you by, for example, tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly through your browser. Cookies do not cause any damage to your device. They cannot run programs and do not contain viruses.

We provide information about the respective services for which we use cookies in individual processing operations. Detailed information about the cookies used can be found in the cookie settings or in the consent manager of this website.

What rights do I have?

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you, as the data subject, have the following rights:

  • Information pursuant to Art. 15 GDPR on stored data relating to your person in the form of meaningful information on the details of processing and a copy of your data;
  • Rectification pursuant to Art. 16 GDPR to request the immediate correction of incorrect or incomplete personal data relating to you stored by us;
  • Erasure pursuant to Art. 17 GDPR of data stored by us, insofar as processing is not necessary for exercising the right to freedom of expression and information, to meet a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • Restriction of processing pursuant to Art. 18 GDPR, insofar as the correctness of the data is disputed by you, processing is unlawful, we no longer require the data and you reject its erasure because you require it to assert, exercise or defend legal claims, or you have registered an objection against processing pursuant to Art. 21 GDPR.
  • Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data in the context of consent granted pursuant to Art. 6 (1) a. GDPR or on the basis of an agreement pursuant to Art. 6 (1) b. GDPR, and this has been processed by us with the aid of an automated method. You shall receive your data in a structured, commonplace and machine-readable format, or we shall transmit the data directly to another responsible party, insofar as this is technically feasible.
  • Objection pursuant to Art. 21 GDPR to the processing of your personal data, insofar as this occurs on the basis of Art. 6 (1) e., f. GDPR and reasons exist for this arising from your personal situation, or the objection is against direct marketing. The right to object does not exist if there are compelling legitimate grounds worthy of protection for processing which override your interests, or if processing is necessary for the assertion, exercise or defence of legal claims. Insofar as the right to object in the case of individual processing procedures does not exist, this is indicated here.
  • Revocation pursuant to Art. 7 (3) GDPR of the consent you have granted with effect for the future.
  • Lodging of a complaint pursuant to Art. 77 GDPR with a supervisory authority if you are of the opinion that processing of your personal data is in breach of the GDPR. You can generally address a supervisory authority in this respect in your usual place of abode, your place of work or the location of our office.

How is my data processed in detail?

You will find information below on individual processing procedures, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective storage duration. An automated decision in an individual case, including profiling, does not occur.

Provision of the website

In the event of accessing and use of our website, we collect the personal data that your browser transmits automatically to our server. The following information is stored temporarily in a so-called log file:

  • IP address of the requesting computer
  • Date and time of accessing
  • Name and URL of the retrieved file
  • Website from which accessing occurs (referrer URL)
  • Browser used and, where applicable, the operating system of your computer and the name of your access provider

[Our website is not hosted by us, but by a service provider that, for this purpose, processes the previously mentioned data on our behalf pursuant to Art. 28 GDPR.]

Purpose and legal basis

Processing occurs to protect our predominantly legitimate interest in showing our website and ensure security and stability on the basis of Art. 6 (1) f. GDPR. The collection of data and its storage in log files is essential for operation of the website. A right to object to processing does not exist due to the exception pursuant to Art. 21 (1) GDPR. Insofar as further storage of the log files is required by law, processing occurs on the basis of Art. 6 (1) c. GDPR. There is no contractual or statutory obligation to provide the data, but accessing of our website is technically impossible if the data is not provided.

Storage duration

The aforementioned data is stored for the duration the website is displayed [and also for an additional period of maximum [7 days] for technical reasons].

Contact form

Type and scope of processing

We offer you the option to contact us using a form provided on our website. The information collected through the mandatory fields is necessary for processing of the inquiry. Moreover, you can also voluntarily provide additional information which, in your opinion, is necessary for processing the contact inquiry.

Your personal data is not forwarded to third parties when the contact form is used.

Purpose and legal basis

Processing of your data through use of the contact form occurs for the purpose of communication and processing of your inquiry on the basis of your consent pursuant to Art. 6 (1) a. GDPR. Insofar as your inquiry refers to an existing contractual relationship with us, processing occurs for the purpose of contractual fulfilment based on Art. 6 (1) b. GDPR. There is no contractual or statutory obligation to provide the data, but processing of your inquiry is impossible if the information in the mandatory fields is not provided. Contact us by other means if you do not wish to provide this data.

Storage duration

Insofar as you use the contact form on the basis of your consent, we store the data collected in each inquiry for a duration of three years beginning with addressing of your inquiry or until revocation of your consent.

[If you use the contact form in the context of a contractual relationship, we store the data collected for the duration of [three years] as of the end of the contractual relationship.]

Contact form for applicants

Type and scope of processing

We collect and process personal data from applicants. Appropriate data processing can also occur through electronic channels in this respect if application documents from applicants are transmitted to us via email or one of the web forms on our website. We offer you the option on our website of transmitting applications for advertised vacancies to us by email.

In addition, any storage of your data in an applicant database above and beyond the current application process can only occur if you have granted us your separate consent for this purpose.

Purpose and legal basis

Processing of your data in relation to your application occurs for the purpose of processing your application and a decision on the establishment of an employment relationship on the basis of Art. 6 (1) b. GDPR in conjunction with Section 26 of the German Federal Data Protection Act (§ 26 BDSG). In the event of your application documents being forwarded to a third party, particularly to a company related to us, and the storage of data that goes beyond the current application process, your data is processed on the basis of Art. 6 (1) Clause 1 a. GDPR. There is no contractual or statutory obligation to provide your data, but processing of your application is impossible if the information is not provided.

Storage duration

We store the data collected for a duration of six months as of the date on which the position is filled.

Presences on social media platforms

We maintain so-called fan pages, accounts or channels on the networks specified below so that we can also provide you with information and offers within social networks and provide you with other channels through which you can contact us and obtain information on our offers. We have provided information for you below on the data from you that we or the respective social network process in relation to accessing and use of our fan pages/accounts by you.

Data from you which we process

If you wish to contact us via Messenger or direct message via the respective social network, we generally usually process your user name which you use to contact us and, where appropriate, store other data imparted by you insofar as this is necessary for processing/answering your request.

The legal basis is Art. 6 (1) Clause 1 f. GDPR (processing is necessary to protect the legitimate interests of the responsible party).

(Statistical) usage data that we receive from social networks

We receive statistics regarding our accounts automatically via insights functionalities. The statistics contain information including the total number of times the website is accessed, details of likes, details of website activities and post interactions, ranges, video views and details of the percentage of males/females among our fans/followers.

The statistics only contain aggregated data, and not data related to individual persons. You cannot be identified by us in this manner.

Data from you that social networks process

You need not be a member of the respective social network to view the content of our fan pages or accounts and, in this respect, no user account is required for the respective social network.

However, please note that when the respective social network is accessed, the social networks also collect and store data from website visitors without a user account (e.g. technical data to enable you to view the website) and use cookies and similar technologies, and we have no influence over this. Details of this can be found in the privacy policies of the respective social network (see the respective links above)

Insofar as you wish to interact with the content on our fan pages/accounts to, for example, comment on, share or like our postings/contributions, prior registration with the respective social network and disclosure of personal data is required.

We have no influence on the processing of data by social networks in the context of your usage. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, along with analysis of usage behaviour (using cookies, pixel/web beacons and similar technologies), based on which advertising reflecting your interests is displayed both within and outside the respective social network. It can not be excluded in this context that your data will be stored by social networks outside the EU/EEA and imparted to third parties.

Information on, for example, the exact extent and purposes of processing of your personal data, the storage duration/deletion and guidelines for the use of cookies and similar technologies in the context of registration and usage of social networks can be found in the privacy policies/cookie guidelines of social networks. You can also find information on your rights and objection options there.

Facebook page

When you visit our Facebook page, Facebook (Meta) records your IP address and other information present on your PC in the form of cookies. This information is used to provide us as the operator of Facebook pages with statistical information on the use of the Facebook website. Facebook provides more information on this at the following link: https://facebook.com/help/pages/insights.

It is not possible for us to draw conclusions regarding individual users using the statistical information transmitted. We only draw on this to address the interests of our users and to continuously improve our online presence and ensure its quality.

We only collect your data through our fan page to realise any potential provision for communication and interaction with us. This collection usually involves your name, news content, comments and the profile information displayed “publicly” by you.

Processing of your personal data for our purposes mentioned above occurs on the basis of our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 (1) f. GDPR. If you as the user have granted the respective social network provider consent regarding processing, the legal basis of processing extends to Art. 6 (1) a. and Art. 7 GDPR.

Due to the fact that actual processing of data is realised by the social network provider, our options for accessing your data are limited. Only the social network provider has the legitimate right to fully access your data. As a consequence, only the provider can take and implement direct and appropriate measures to fulfil your user rights (information inquiries, erasure demands, objections, etc.). The assertion of relevant rights therefore occurs most effectively by directly addressing the respective provider.

Together with Facebook, we are responsible for the personal content of the fan page. Rights of data subjects can be asserted at Meta Platforms Ireland Ltd. and with us.

According to the GDPR, primary responsibility for the processing of insights data lies with Facebook, and Facebook fulfils all obligations from the GDPR with regard to the processing of insights data, while Meta Platforms Ireland Ltd. provides the data subject with the essentials of the page insights supplement.

We do not reach any decisions regarding the processing of insights data and the storage duration of cookies on user devices.

Further information can be found directly at Facebook (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

Information on, for example, the exact extent and purposes of processing your personal data, the storage duration/deletion and guidelines for the use of cookies and similar technologies in the context of registration and usage of social networks can be found in the privacy policies/cookie guidelines of Facebook: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
https://www.facebook.com/policies/cookies

Instagram page

When you visit our Instagram page, Instagram records your IP address and other information present on your PC in the form of cookies. This information is used to provide us as the operator of Instagram pages with statistical information on the use of the Instagram page. Instagram provides more information on this at the following link: https://facebook.com/help/pages/insights.

It is not possible for us to draw conclusions regarding individual users using the statistical information transmitted. We only draw on this to address the interests of our users and to continuously improve our online presence and ensure its quality.

We only collect your data through our fan page to realise any potential provision for communication and interaction with us. This collection usually involves your name, news content, comments and the profile information displayed “publicly” by you.

Processing of your personal data for our purposes mentioned above occurs on the basis of our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 (1) f. GDPR. If you as the user have granted the respective social network provider consent regarding processing, the legal basis of processing extends to Art. 6 (1) a., Art. 7 GDPR.

Due to the fact that actual processing of data is realised by the social network provider, our options for accessing your data are limited. Only the social network provider has the legitimate right to fully access your data. As a consequence, only the provider can take and implement direct and appropriate measures to fulfil your user rights (information inquiries, erasure demands, objections, etc.). The assertion of relevant rights therefore occurs most effectively by directly addressing the respective provider.

Together with Instagram, we are responsible for the personal content of the fan page. Rights of data subjects can be asserted at Facebook Ireland and with us.

According to the GDPR, primary responsibility for the processing of insights data lies with Instagram, and Instagram fulfils all obligations from the GDPR with regard to the processing of insights data, while Facebook Ireland provides the data subject with the essentials of the page insights supplement.

We do not reach any decisions regarding the processing of insights data and any other information arising from Art. 13 GDPR, including the legal basis, the identity of those responsible and the storage duration of cookies on user devices.

Further information can be found directly at Instagram (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

LinkedIn page

LinkedIn is a social network provided by LinkedIn Inc. which is based in Sunnyvale, California in the United States and facilitates the creation of both private and professional profiles of natural persons and business profiles. Users can manage their existing contacts within the social network and establish links with new contacts. Companies and other organisations can create profiles onto which photos and other business information are uploaded, and they can present themselves as employers and for the purpose of employing workers.  Other LinkedIn users can access this information, write their own articles and share this content with others. The focus of the network is on a professional exchange over technical issues with people with the same professional interests.

If the network is used or visited, LinkedIn automatically collects data from users and visitors during use or visiting. This data includes the user name, job title and IP address. This is achieved with the aid of different tracking technologies. The availability of LinkedIn for use is, among other things, provided on the basis of data on information, offers and recommendations collected in this manner.

We only collect your data through our business profile to realise any potential provision for communication and interaction with us. This collection usually involves your name, news content, comments and the profile information displayed “publicly” by you.

Processing of your personal data for our purposes mentioned above occurs on the basis of our legitimate business and communicative interest in offering an information and communication channel pursuant to Art. 6 (1) f. GDPR. If you as the user have granted the respective social network provider consent regarding processing of data, the legal basis of processing extends to Art. 6 (1) a. and Art. 7 GDPR.

Due to the fact that actual processing of data is realised by the social network provider, our options for accessing your data are limited. Only the social network provider has the legitimate right to fully access your data. As a consequence, only the provider can take and implement direct and appropriate measures to fulfil your user rights (information inquiries, erasure demands, objections, etc.). The assertion of relevant rights therefore occurs most effectively by directly addressing the respective provider.

Together with LinkedIn, we are responsible for the personal content of our business profile. Rights of data subjects can be asserted at LinkedIn Inc. and with us.

We do not reach any decisions regarding the data collected on the LinkedIn website using tracking technologies.

Further information on LinkedIn can be found at: https://about.linkedin.com.

Further information on data protection at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.

Further information on the storage duration/deletion and guidelines for the use of cookies and similar technologies in the context of registration and usage at LinkedIn can be found at: https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy.

XING page

XING is a social network of XING SE which is based in Hamburg, Germany. It enables the creation of private and professional profiles. Users can manage their existing contacts and establish links with new contacts. Companies can create profiles onto which photos and other business information are uploaded. Other XING users can access this information, write their own articles and share this content with others.

The focus is on a professional exchange over technical issues with people with the same professional interests. In addition, XING is frequently used by companies and other organisations to employ workers and present themselves as interesting employers.

Further information on XING can be found at: https://corporate.xing.com/de/unternehmen/

Further information on data protection at XING can be found at: https://privacy.xing.com/de/datenschutzerklaerung.

We do not collect and process any personal data through our XING business page.

Google Analytics

Type and scope of processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as an analytical service for statistical evaluation of our online offer. This encompasses aspects such as the number of times our online offer is accessed, subpages visited and the length of time visitors stay.

Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users when they visit again.

This information is also used to compile reports on website activity.

Purpose and legal basis

Use of Google Analytics occurs on the basis of your consent pursuant to Art. 6 (1) a. GDPR and Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (§ 25 Abs. 1 TTDSG).

We intend to transmit personal data to third countries outside the European Economic Area, particularly the United States. Data transmission to the United States occurs pursuant to Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. US companies involved and/or their US subcontractors are certified pursuant to the EU-US Data Privacy Framework (EU-US DPF).

In cases in which the adequacy decision of the European Commission exists (including US companies not certified according to the EU-US DPF), we have agreed other suitable guarantees with recipients of data that conform to Art. 44 et seq. GDPR. Unless otherwise indicated, these are standard contractual clauses of the EU Commission pursuant to the Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, we obtain your consent before any such third country transfer pursuant to Art. 49 (1) Clause 1 a. GDPR which you grant through consent in the consent manager (or other forms, registrations, etc.). We would like to point out that, in the event of third country transfers, there can be unknown risks in the details (e.g. data processing by the security authorities of the third country, as we are unaware of the exact extent of this and its consequences for you, cannot influence it and, under certain circumstances, you cannot obtain any information on this).

Storage duration

We have no influence on the specific storage duration of the processed data, as this is determined by Google Ireland Limited. Further information can be found in the privacy statement for Google Analytics: https://policies.google.com/privacy.

Google Tag Manager

Type and scope of processing

We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to administer website tags through an interface and enables us to control the exact integration of services on our website.

This allows us to integrate additional services flexibly to assess the accessing of our website by users.

Purpose and legal basis

Use of Google Tag Manager occurs on the basis of your consent pursuant to Art. 6 (1) a. GDPR and Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (§ 25 Abs. 1 TTDSG).

We intend to transmit personal data to third countries outside the European Economic Area, particularly the United States. Data transmission to the United States occurs pursuant to Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. US companies involved and/or their US subcontractors are certified pursuant to the EU-US Data Privacy Framework (EU-US DPF).

In cases in which the adequacy decision of the European Commission exists (including US companies not certified according to the EU-US DPF), we have agreed other suitable guarantees with recipients of data that conform to Art. 44 et seq. GDPR. Unless otherwise indicated, these are standard contractual clauses of the EU Commission pursuant to the Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, we obtain your consent before any such third country transfer pursuant to Art. 49 (1) Clause 1 a. GDPR which you grant through consent in the consent manager (or other forms, registrations, etc.). We would like to point out that, in the event of third country transfers, there can be unknown risks in the details (e.g. data processing by the security authorities of the third country, as we are unaware of the exact extent of this and its consequences for you, cannot influence it and, under certain circumstances, you cannot obtain any information on this).

Storage duration

We have no influence on the specific storage duration of the processed data, as this is determined by Google Ireland Limited. Further information can be found in the privacy statement for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Google reCAPTCHA

Type and scope of processing

We have integrated components from Google reCAPTCHA on our website. Google reCAPTCHA is a service provided by Google Ireland Limited that allows us to differentiate between contact inquiries from a natural person or automated inquiries generated by a program. If you access this content, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and, consequently, your IP address and, under certain circumstances, browser data and your user agent are transmitted. Furthermore, Google reCAPTCHA records the length of stay and mouse movements of the user to differentiate automated and human inquiries. This data is processed exclusively for the abovementioned purposes and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis

Use of Google reCAPTCHA occurs on the basis of your consent pursuant to Art. 6 (1) a. GDPR and Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (§ 25 Abs. 1 TTDSG).

We intend to transmit personal data to third countries outside the European Economic Area, particularly the United States. Data transmission to the United States occurs pursuant to Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. US companies involved and/or their US subcontractors are certified pursuant to the EU-US Data Privacy Framework (EU-US DPF).

In cases in which the adequacy decision of the European Commission exists (including US companies not certified according to the EU-US DPF), we have agreed other suitable guarantees with recipients of data that conform to Art. 44 et seq. GDPR. Unless otherwise indicated, these are standard contractual clauses of the EU Commission pursuant to the Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, we obtain your consent before any such third country transfer pursuant to Art. 49 (1) Clause 1 a. GDPR which you grant through consent in the consent manager (or other forms, registrations, etc.). We would like to point out that, in the event of third country transfers, there can be unknown risks in the details (e.g. data processing by the security authorities of the third country, as we are unaware of the exact extent of this and its consequences for you, cannot influence it and, under certain circumstances, you cannot obtain any information on this).

Storage duration

We have no influence on the specific storage duration of the processed data, as this is determined by Google Ireland Limited. Further information can be found in the privacy statement for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.

Plausible Analytics

Type and scope of processing

We use Plausible Analytics from Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia as an analytical service for statistical evaluation of our online offer. This encompasses aspects such as the number of times our online offer is accessed, subpages visited and the length of time visitors stay. This information is also used to compile reports on website activity.

Plausible Analytics does not place any cookies, does not save any information in the browser and does not collect any personal data of visitors.

Purpose and legal basis

Use of Plausible Analytics occurs on the basis of your consent pursuant to Art. 6 (1) a. GDPR and Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (§ 25 Abs. 1 TTDSG).

Storage duration

We have no influence on the specific storage duration of the processed data, as this is determined by Plausible Insights OÜ. Further information can be found in the Plausible Analytics privacy statement: https://plausible.io/data-policy.

Tidio Chat

Type and scope of processing

We have integrated components from the Tidio Chat customer communication platform on our website. Tidio Chat is a service provided by Tidio Ltd. providing us with an option to communicate with visitors to our website through chat and provide targeted help in response to questions. Tidio Chat uses cookies and other browser technologies to evaluate user behaviour and recognise users when they visit again. In addition, Tidio Chat is used to save data entered in chats using cookies, along with transmitting this data together with its IP address. Your data is transmitted in this case to the operator of Tidio Chat, namely Tidio Ltd., 220C Blythe Road W14 0HH, London, United Kingdom.

Purpose and legal basis

Use of Tidio Chat occurs on the basis of your consent pursuant to Art. 6 (1) a. GDPR and Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (§ 25 Abs. 1 TTDSG).

Storage duration

We have no influence on the specific storage duration of the processed data, as this is determined by Tidio Ltd. Further information can be found in the Tidio Chat privacy statement: https://www.tidio.com/privacy-policy/.

YouTube video

Type and scope of processing

We have integrated YouTube Video on our website. YouTube Video is a component of the YouTube, LLC video platform to which users upload content, distribute it over the Internet and can obtain detailed statistics.

YouTube Video allows us to integrate platform content in our website.

YouTube Video uses cookies and other browser technologies to evaluate user behaviour, recognise users when they visit again and create user profiles. This information is, for example, used to analyse the activity of associated content and create reports.  If a user is registered with YouTube, LLC, YouTube Video can assign the videos played to the profile.

If you access this content, you establish a connection to the servers of YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and, consequently, your IP address and, under certain circumstances, browser data and your user agent are transmitted.

Purpose and legal basis

Use of this service occurs on the basis of your consent pursuant to Art. 6 (1) a. GDPR and Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act (§ 25 Abs. 1 TTDSG).

We intend to transmit personal data to third countries outside the European Economic Area, particularly the United States. Data transmission to the United States occurs pursuant to Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. US companies involved and/or their US subcontractors are certified pursuant to the EU-US Data Privacy Framework (EU-US DPF).

In cases in which the adequacy decision of the European Commission exists (including US companies not certified according to the EU-US DPF), we have agreed other suitable guarantees with recipients of data that conform to Art. 44 et seq. GDPR. Unless otherwise indicated, these are standard contractual clauses of the EU Commission pursuant to the Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, we obtain your consent before any such third country transfer pursuant to Art. 49 (1) Clause 1 a. GDPR which you grant through consent in the consent manager (or other forms, registrations, etc.). We would like to point out that, in the event of third country transfers, there can be unknown risks in the details (e.g. data processing by the security authorities of the third country, as we are unaware of the exact extent of this and its consequences for you, cannot influence it and, under certain circumstances, you cannot obtain any information on this).

Storage duration

We have no influence on the specific storage duration of the processed data, as this is determined by YouTube, LLC. Further information can be found in the YouTube video privacy statement: https://policies.google.com/privacy.