Data Privacy Notice

for the Phoenix Contact websites, our external portals and social media presences, and our business partners

The protection of personal data is important to us. We process personal data only in accordance with the applicable data protection requirements. This Data Privacy Notice applies to the processing of personal data in connection with our website. You will also find information on the processing of personal data on our external portals, from which we refer to this Data Privacy Notice, as well as in connection with our social media presences. Finally, this Data Privacy Notice also contains information on the processing of personal data of our business partners and potential business partners, including their employees.

  • In Section A of this Data Privacy Notice, you will find information about the controller responsible for processing your personal data and, if applicable, the controller‘s data protection officer.
  • In Section B you will also find information about the processing of your personal data in connection with our website.
  • In Section C you will also find information about the processing of your personal data on our portals.
  • In Section D you will also find information about the processing of your personal data on our social media presences.
  • In Section E you will also find information about the processing of your personal data by our potential business partners (leads), our existing business partners and their employees.
  • In Section F you will find detailed information on the use of cookies or comparable technologies.
  • In Section G you will also find information about your rights in relation to the processing of your personal data.
  • In Section H you will find additional country-specific information, where appropriate, namely for
    • users of websites or business partners of Phoenix Contact companies in a country of the European Union (EU) or the European Economic Area (EEA),
    • users of websites or business partners of Phoenix Contact companies in the United Kingdom (UK),
    • users of websites or business partners of Phoenix Contact companies in Switzerland,

Languages in which this Data Privacy Notice is provided: This Data Privacy Notice is available in English. If you require this Data Privacy Notice in another language, please contact data-privacy@phoenixcontact.com.

Table of Contents

A. Information on the controller

  1. Identity and contact details of the controller
  2. Contact data of the controller’s data protection officer

B. Information on the processing of personal data in connection with our website.

  1. Informational use of our website.
  2. Use of the web analysis technologies “Google Analytics” and “MovingImage Analytics”.
  3. Use of the personalized web tracking technology “Account Engagement” (formerly “Pardot”) and communications with you.
  4. Use of WiredMinds
  5. Use of the marketing technologies GoogleAds, Microsoft Ads and LinkedIn Insight Tag.
  6. Use of the Facebook/Meta Pixel
  7. Use of the personalized email newsletter
  8. Use of online contact forms, including forms for downloading white papers
  9. Participation in seminars and events/event management (eUNIQUE/VENTARI)
  10. Participation in surveys
  11. Use of the chat function.
  12. Use of the e-shop and “My Phoenix Contact” customer account
  13. Use of the supplier portal
  14. Use of our blogs

C. Information on the processing of personal data on our portals (including PROFICLOUD, PLCnext Store, mGuard Secure Cloud, Grovez.io and Empolis)

  1. Details of the personal data that is processed.
  2. Details of the processing of the personal data.

D. Information on the processing of personal data on our social media presences

E. Information on the processing of personal data of potential business partners (leads), our existing business partners, and their employees

  1. Details of the personal data that is processed.
  2. Details of the processing of the personal data.

F. Information on the use of cookies or similar technologies

  1. General information on cookies
  2. Management of the cookies used on our website.
  3. Cookies used on our website.

G. Information on the rights of data subjects

  1. Right of access
  2. Right to rectification.
  3. Right to erasure (”right to be forgotten”)
  4. Right to restriction of processing.
  5. Right to data portability.
  6. Right to object
  7. Right not to be subject to a decision based solely on automated processing.
  8. Right to withdraw consent
  9. Right to lodge a complaint with a supervisory authority.

H. Additional country-specific information.

  1. For websites of Phoenix Contact companies in a country of the European Union (EU) or the European Economic Area (EEA)
  2. For websites of Phoenix Contact companies in the United Kingdom (UK)
  3. For websites of Phoenix Contact companies in Switzerland.
  4. Any further country-specific additional information

I. Effective date and changes to this Data Privacy Notice.

A. Information on the controller

I. Identity and contact details of the controller

Please see Data Controller & Data Protection Officer - Listing of DPOs According to Country: https://phoe.co/corporate_dpo.

II. Contact data of the controller’s data protection officer

Please see Data Controller & Data Protection Officer - Listing of DPOs According to Country: https://phoe.co/corporate_dpo.

↑ Back to top

B. Information on the processing of personal data in connection with our website

I. Informational use of our website

When the use of the website is purely for informational purposes, certain information, for example your IP address, is sent to our website’s web server by your device for technical reasons. We process this information in order to provide the content on our website (product pages, embedded videos, etc.) requested by you and to ensure the security of the IT infrastructure used to provide our website.

In order to provide the personalized search functions of our website, we process data that you enter into search forms on our website and your search history in order to provide you with personalized search results for the search terms you have entered.

In order to provide the language selection function of our website, information about your language selection is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during your visit to our website in order to provide you with the content of our website in the language you have selected.

In order to provide the data protection settings functions for our website (e.g. for granting or withdrawing consent to the use of certain cookie-based technologies), information about your data protection settings is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during your visit to our website in order to take account of your data protection settings when using our website.

You will find more detailed information on this below:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when visiting our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, last site accessed before visiting the site (referrer URL), and date and time of visit.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the content of our website requested by you.

The data is stored in server log files for a maximum period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Search function data

Data that is generated by using the personalized search functions of our website:

These include all information that you enter as search terms in the relevant search form on our website.

This data is also stored as a search history in cookies on your device (Section F) and can be read during your visit to our website.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, you cannot use the search functions on our website.

The data is stored in server log files for a maximum period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

(You can find more information on the durations the cookies stored on your device in Section F. III.)

Language selection data

Data that is generated when the language selection function of our website is used:

These include the language you have selected.

This data is stored in cookies on your device (Section F) and can be read during your visit to our website.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the language selection function of our website. This means that we cannot provide the requested content of our website in the language of your choice.

We only process the data temporarily for the duration of the visit to our website.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

Data protection settings data

Data on data protection settings you have made for our website:

This includes information on whether you have given your consent and, if so, what consent you have given at what time.

This data is stored in cookies on your device (Section F) and can be read during your visit to our website.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot take your consents for our website into account. This means that we may not be able to provide you with certain functions of our website that require consent.

We only process the data temporarily for the duration of the visit to our website.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Provision of content of our website requested by the user (product pages, embedded videos, etc.):

For this purpose, data is temporarily processed on our web server.

HTTP data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of the content of our website requested by the user.

Website providers

Hosting providers

Ensuring the security of the IT infrastructure used for provision of our website, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks):

For this purpose, data is temporarily stored in log files on our web server and automatically evaluated.

HTTP data

Search function data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is ensuring the security of the IT infrastructure used for provision of our website, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks).

Website providers

Hosting providers

Provision of the personalized search function on our website

For this purpose, data on your current search terms and your search history are temporarily processed on our web server. When processing your search query, your individual search history (if available) and company-related parameters are analyzed by an algorithm in order to display the most relevant results for you as prominently as possible.

For this purpose, information about your search history is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during your visit to our website in order to base the processing of new search queries on your search history.

HTTP data

Search function data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of the personalized search functions of our website accessed by the user.

Website providers

Hosting providers

Search function providers

Provision of data protection settings functions for our website:

Certain features of our website (e.g. the use of certain cookie-based technologies) require your consent.

We provide data protection settings functions for our website to enable you to give and, if necessary, withdraw your consent.

For this purpose, information about your consent is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during your visit to our website in order to determine whether you have given your consent and, if so, what consents you have given.

HTTP data

Data protection settings data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of data protection settings functions for our website.

Website providers

Hosting providers

Data protection settings function providers

Provision of the language selection function of our website:

When you visit our website, we determine whether you have already selected a particular language version of our website in order to provide you with the content of our website requested by you in the language which you have selected, if applicable.

For this purpose, information about your language selection is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during your visit to our website to determine which language you have selected.

HTTP data

Language selection data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of the content of our website accessed by the user in the language selected by the user.

Website providers

Hosting providers

↑ Back to top

II. Use of the web analysis technologies “Google Analytics” and “MovingImage Analytics”

If you have given your consent, we use the web analysis technologies “Google Analytics” and (for embedded videos on our website) “MovingImage Analytics” using cookies.

Web analytics enables the collection and evaluation of information about the activities of users of our website, including interaction by users with embedded videos on our website. The information obtained serves us to improve our website and to better achieve the goals of our website (e.g. increasing page and video views).

This also includes carrying out ”A/B tests“ (also known as ”split testing“), in which we test different display versions of our website against each other. This involves collecting, evaluating, and comparing details of usage behavior in different display versions.

When you visit our website, the web analysis tool Google Analytics collects information about your use of our website and stores it in a device-related profile. To be able to assign this information to your device, your device is assigned a unique ID which is linked to the device-related profile. This ID is stored in cookies ( Section F) on your device. During your visit to our website, your device can be recognized there on the basis of the ID assigned to it.

Such an assignment can also be made via a link to your account with the relevant provider (e.g. your Google account if you have activated personalized advertising there) instead of via the ID. In this way, actions taken by you using different devices can also be assigned to you as a unique user and included in aggregated reports on the surfing behavior of our users.

Even without your consent, Google Analytics is used to simply analyze access to our website. This enables us to recognize where visitors who have not given their consent come from (country, region, and possibly city) and which pages are opened and how often. No cookies are used and no profiles are created, so it is not possible to recognize whether different page views were made by the same person or by different people. Google Analytics uses this information to model the (presumed) behavior of our visitors on the basis of empirical values.

You will find more detailed information on this below:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

Web analytics HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when using the web analysis tool deployed on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot carry out a web analysis.

IP anonymization is activated on our website for the use of the web analysis tool. This means that the IP address transmitted via the browser for technical reasons is anonymized before being stored by shortening the IP address (by deleting the last octet of the IP address).

Moreover we only process the log data temporarily for the duration of the visit to our website.

Web analytics device data

Data that is assigned to your device by the web analysis tool used on our website:

This includes a randomly generated unique ID to (re)identify your device. It also includes certain parameters relevant for web analysis.

This data is stored in cookies on your device (Section F) and can be read when visiting our website.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot carry out a web analysis.

We store the unique ID for the duration of your consent.

We only process parameters relevant for web analysis temporarily for the duration of the visit to our website.

We delete this data when you withdraw your consent.

(For information on the durations of the cookies stored on your device, please refer to Section F. III.)

Web analytics profile data

Data generated by the web analysis tool used due to the triggering of events on our website and stored in a device-related profile:

This includes data about the use of our website, in particular page visits, video views, frequency of visits, and time spent on the pages visited.

This also includes the unique ID assigned to your device.

Independently generated

-

We store the unique ID for the duration of your consent.

We store information about the use of our website and embedded videos on the website for a period of 14 months from collection.

We delete this data when you withdraw your consent.

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Web analytics (profile- and cookie-based):

Web analytics enables the collection and evaluation of information about the activities of users of our website.

When you visit our website, including embedded videos on the site, the web analysis tools used by us collects information about your use of our website and stores it in a device-related profile. To be able to assign this information to your device, a unique ID is assigned to your device, which is linked to the device-related profile. This ID is stored in cookies (Section F) on your device. During your visit of our website, your device can be recognized there on the basis of the ID assigned to it.

Such an assignment can also be made via a link to your account with the relevant provider (e.g. your Google account if you have activated personalized advertising there) instead of via the ID. In this way, actions taken by you using different devices can also be assigned to you as a unique user and included in aggregated reports on the surfing behavior of our users.

The aim of the analysis is to examine where the users of our website come from, which areas of our website are visited and how often and for how long which page/which video and categories are viewed. The information obtained is used to improve our website and to better achieve the goals of our website (e.g. increasing pages and videos views).

Web analytics HTTP data

Web analytics device data

Web analytics profile data

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Website providers

Web analytics service provider

A/B tests based on web analytics:

Web analysis also includes carrying out “A/B tests” (also known as “split testing”), in which we test different display variants of our website against each other. This test method gives us the opportunity to automatically display different display variants of a particular page to different users of our website. Details of user behavior are recorded, evaluated and compared in different display variants (e.g. evaluation of which display variant of our newsletter registration form is used to subscribe to the newsletter more frequently).

Web analytics HTTP data

Web analytics device data

Web analytics profile data

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Website providers

Web analytics service provider

Simple evaluation of access (without cookies and without profiling):

Even without your consent, a simple analysis of access to our website is carried out. This allows us to recognize where visitors who have not given their consent come from (country, region, and possibly city) on an anonymous basis and which pages are opened and how often.

No cookies are used and no profile is created, so it is not possible to recognize whether different page views were made by the same person or by different people.

Our web analysis tools use this information to model the (presumed) behavior of our visitors on the basis of empirical values. Such modelled usage activities are added to the evaluations of the consent-based device-related profiles described above in order to obtain an (estimated) overall picture of our usage activities. We use the information obtained to improve our website and better achieve our website goals (e.g. increasing page and video views).

Web analytics HTTP data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the collection of certain basic information on access to our website for the anonymous measurement of our web audience.

Website providers

Web analytics service provider

↑ Back to top

III. Use of the personalized web tracking technology “Account Engagement” (formerly “Pardot”) and communications with you

If you have given your consent, we use the personalized web tracking technology “Account Engagement” (formerly “Pardot”), which records and evaluates certain user actions (e.g. downloading a white paper using an email address, opening our newsletter or clicking on a link to our website in one of our newsletters) on our website in order to determine the interests of our users, manage our marketing activities, and personalize communications with our users based on their individual interests and a score value for the probability of purchasing our products.

For this purpose, we combine data of our users/customers, namely data from certain forms on our website (e.g. our newsletter registration form; in each case only to the extent that we inform you about this in the form and you give your consent), data from our customer relationship management system and information about interaction with our social media channels or our newsletter (Section VII), in prospect profiles and store this combined information in the web tracking technology “Account Engagement” (formerly “Pardot”). This information may also be transferred to our customer relationship management system if we list you there as a customer/prospect or if we have sufficient information about you as a prospect based on your user actions.

For this purpose, the web tracking technology “Account Engagement” (formerly “Pardot”) collects information about your use of these forms in a profile when you visit certain forms on our website. To be able to assign this information to your device, your device is assigned a unique, randomly generated ID that is linked to the profile. This ID is stored in cookies ( Section F) on your device. During your visit to our website, your device can be recognized by the ID assigned to it. This allows our website to remember your preferences (e.g. to pre-fill the form details based on your previous entries). We cannot track your surfing behavior on our entire website in this way, but only certain user actions by entering your email address and opening our newsletters or clicking on links to our website in one of our newsletters.

You can find more detailed information on this below:

  1. Details of the personal data processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

Pardot HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when using the web tracking technology Account Engagement deployed on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot carry out web tracking using Account Engagement.

365 days

Pardot device data

Data assigned to your device by the web tracking tool Account Engagement used on our website:

This includes a unique, randomly generated visitor ID for recognizing returning visitors.

This data is stored in cookies on your device (Section F) and can be read when you visit our website.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot carry out web tracking using Account Engagement.

We only process this data temporarily for the duration of use of the website.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

User input data

Individual data provided by users of our website when filling in certain forms (e.g. our newsletter registration form; in each case only if we inform you of this in the form and you give your consent).

This includes, for example, the name, email address, and company of our users as well as enquiries from our users.

Users of our website

Provision of the data generally not required by law or contract or to enter into a contract. There is generally no obligation of the data subject to provide the data.

If the data is not provided, we cannot offer the relevant function and cannot use the relevant information to merge it into a prospect profile.

Within Account Engagement, this data is used for a maximum of 365 days.

If necessary, the data will be stored for longer in connection with the relevant main purpose of the form (e.g. a contact form). We will inform you about this separately in the relevant section of this Data Privacy Notice.

Customer relationship data

Information about our interactions with potential and existing customers that we have stored in our Customer Relationship Management (CRM) system and/or our marketing automation tool:

This includes information about email or telephone conversations, invitations, and participation in our events.

Potential/existing customers

Provision of data is generally not required by law or contract. Provision of data may be necessary for the conclusion of a contract. There is generally no obligation of the data subject to provide the data.

If the data is not provided, we cannot process the corresponding enquiry and cannot use this data to merge it into a prospect profile.

This category of personal data does not relate to data that we have collected from you via our website. Instead, it relates to data that we have collected or collect from you in another context (e.g. when you call us). The details of whether you are obligated to provide such data and the consequences of not providing such data are evident from the relevant context.

Within Account Engagement, this data is used for a maximum of 365 days.

Social media data

Information about interaction with our social media channels

Publicly available information from social media, such as LinkedIn

-

365 days

Pardot profile data

Data generated by the Account Engagement web tracking tool used on our website and stored in prospect profiles:

This includes information about certain user actions on our website (e.g. registration for our newsletter) and opening our newsletter as well as clicking on links to our website in our newsletter (Section VII), which is linked to the unique visitor ID of the relevant visitor (stored in the Pardot device data) and to the relevant user input data and, if available, customer relationship data, and social media data.

This also includes the results of our analyses of this data, such as our assumptions about the interests of a particular user or a score value that we generate on the basis of the above-mentioned data and statistical information. This score value represents the probability with which a (potential) customer will buy our products.

Independently generated

-

365 days

  1. Details of the processing of personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Identification of the interests of our users, management of our marketing activities and personalization our communications with our users based on their individual interests:

For this purpose, we record certain user actions (e.g. downloading a white paper using an email address, opening our newsletter or clicking on a link to our website in one of our newsletters) and evaluate them. We cannot track your surfing behavior on our entire web-site in this way.

Individual prospect profiles are created from this information.

In order to better personalize our website (e.g. displaying certain offers based on your interests), our individual communications with you (e.g. responding to enquiries via our contact forms or other communications channels) and our newsletters (only if a user also subscribes to the newsletter), the prospect profiles are combined with

· user input data (e.g. when users enter their email address and details of their company to subscribe to our newsletter),

· customer relationship data,

· social media data, and

· newsletter profile data.

On the basis of this combined information and on the basis of statistical information, we calculate a score value for each user/customer. This score value represents the probability with which a (potential) customer will buy our products and is also the basis for the personalization described above.

We use the web tracking tool Account Engagement (formerly Pardot) for these purposes.

Pardot HTTP data

Pardot device data

User input data

Customer relationship data

Social media data

Pardot profile data

Newsletter profile data (Section VII)

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Website providers

Web tracking providers

↑ Back to top

IV. Use of WiredMinds

We use the WiredMinds LeadLab analysis tool on our website to measure reach.

Measuring reach using LeadLab enables us to collect and evaluate statistical information about the activities of users of our website. We use the information obtained to improve our website and better achieve our website goals (e.g. increasing the number of page views) and to specifically target companies that visit our website. The collection of such statistical information is limited to information on the use of our website by companies. Specifically, we only collect information about those users whose IP address has enabled us to determine that they are accessing our website from a corporate network with a fixed IP address. We do not record usage originating from private individuals that cannot be attributed to a specific company. WiredMinds LeadLab does not allow us to identify individual users/employees who visit our website.

If you wish to object to the evaluation of your visit data in the context of reach measurement, please click here. Please note that this is done by setting a cookie on your device that prevents your visit data from being collected. If you delete your browser cookies or use a different browser on your next visit, you will need to click on the link again.

You will find more detailed information on this below:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

WiredMinds HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when using the web analysis tool on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot carry out any reach measurement.

Log data on IP addresses that we cannot clearly identify as fixed IP addresses of a certain company and which therefore may be attributable to an individual will be immediately deleted. No personal data is stored.

WiredMinds user profile data

Data in usage profiles that we create by analyzing usage behavior on our website using WiredMinds LeadLab and that relates exclusively to usage processes of companies (access to our website for which it is ensured that it originates from a company network and cannot be traced back to a natural person, i.e. the employee of this company who visited our website).

This includes data on the use of our website, in particular page views, frequency of visits and time spent on the pages visited.

This also includes information on the relevant company from which the use originates, such as name, address, and industry.

Independently generated

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot carry out any reach measurement.

No personal data is stored.

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Creation of a database of the companies that visit our website, to improve our website and to better achieve our website goals (e.g. increase page views), and to specifically target companies that visit our website:

For this purpose, statistical information about the activities of users of our website is collected and evaluated.

The collection of such statistical information is limited to information on the use of our website by companies. Companies are identified by comparing the user’s IP address with WiredMinds’ own IP address database. This database only contains IP addresses for which it is ensured that they assigned to a company network and cannot be traced back to the relevant user as a natural person. WiredMinds LeadLab does not allow us to identify individual users/employees who visit our website.

If the usage behavior of a user can be assigned to a specific company, a purely company-related profile is created without recognizing or separating out individual users on the part of the relevant company.

If the usage behavior of a user cannot be assigned to a specific company, no profile is created and the log data generated for technical reasons is deleted immediately.

WiredMinds user profile data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is to determine from which companies our website is accessed in order to be able to target our marketing activities at these companies where appropriate and to exclude private visitors from our reach measurement.

Website providers

Reach measurement service providers

V. Use of the marketing technologies GoogleAds, Microsoft Ads and LinkedIn Insight Tag

If you have given your consent, we will use marketing technologies from the providers Google, Microsoft and LinkedIn for conversion tracking and remarketing on our website.

  • “Conversions“ are user activities on our website as determined by us. “Conversion tracking” is a process that tracks what happens after you interact with our ads on search engines or other websites. For example, we can see whether you have subsequently taken a particular action on our website.

If our ads are displayed to you on search engines or on other websites or if you interact with our ads, information about this may be collected (if applicable, depending on your consent to the relevant website operator) and stored in a device-related profile. To be able to assign this information to your device, a unique ID can be assigned to your device (if applicable, depending on your consent to the relevant website operator), which is linked to the device-related profile. This ID can be stored in cookies (Section F) on your device (if applicable, depending on your consent to the relevant website operator). If you subsequently visit our website, the information stored in these cookies can be read. In this way, your device can be recognized by the ID and, on the basis of this ID, the information stored in the device-related profile about the view of our ads can be retrieved and additional data can be stored. This allows us to collect information about the use of our website, in particular the “conversions“ triggered by you.

Such an assignment can also be made by performing a comparison of hashed contact information instead of via the ID or, where applicable, via a link to your account with the relevant provider (e.g. your Google account if you have activated personalized advertising). In this way, actions taken by you using different devices can also be assigned to you as a unique user.

This allows us to observe which keywords, ads, ad groups, and campaigns lead to the user actions we want. We can also understand how our return on investment (ROI) is generated and make more informed decisions about our advertising expenses. We can also automatically optimize our advertising campaigns according to our business goals.

  • Remarketing” (or “retargeting”) means that we can specifically re-address users who have already interacted with our website, for example with ads on search engines or on other websites that participate in the same advertising networks as us.

When you visit our website, information about your use of our website is collected and stored in a device-related profile. In order to associate this information with your device, your device is assigned a unique ID that is linked to the device-related profile. This ID is stored in cookies (Section F) on your device. If you subsequently use search engines with the same device or visit other websites that participate in the same advertising network, your device can be recognized there on the basis of the ID assigned to it (possibly subject to your consent to the relevant operator of the website) and on the basis of this ID the stored information about the use of our website, including the assignment of your device-related profile to certain advertising segments, can be retrieved. In this way, the provider of the remarketing tool we use can present our ads to you there specifically. Such an assignment can also be made by performing a comparison of hashed contact information instead of via the ID or, where applicable, via a link to your account with the relevant provider (e.g. your Google account if you have activated personalized advertising). In this way, actions taken by you using different devices can also be assigned to you as a unique user. In this way, the provider of the remarketing tool we use can present our ads to you there specifically.

When you visit the relevant search engines or other websites that participate in the same advertising network, information about your use of the search engine or other website may be collected and added to your device-related profile (if applicable, depending on your consent to the relevant website operator) in order to enable better personalization and optimization of how different ads are displayed.

Based on the information stored in your device-related profile, we and the provider of the relevant remarketing tool used by us can personalize our ads specifically for you.

Based on the information stored in your device-related profile, the provider of the remarketing tool used by us also determines billing-relevant factors of the ad placement in order to be able to bill us for its services.

We are jointly responsible for the use of these marketing technologies on our website with the provider of the marketing technology concerned. Any further processing of the data by the provider concerned for its own purposes or purposes of third parties is the sole responsibility of the provider. Information on joint responsibility and information on the privacy policies of the various providers is contained in the following.

You will find more detailed information on this below:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

GoogleAds

Microsoft Ads

LinkedIn Insight Tag

HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when using the relevant marketing tool deployed on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot carry out any remarketing or conversion tracking.

90 days

GoogleAds

Microsoft Ads

LinkedIn Insight Tag

Device data

Data that can be assigned to your device (if applicable, depending on your consent to the relevant website operator), when our ads are displayed to you on search engines or on other websites, when you interact with our ads, or when you access our website:

This includes a unique ID to (re)identify your device.

This data may be stored in cookies (Section F) on your device (if applicable, depending on your consent to operators of other websites) when our ads are displayed to you on search engines or on other websites, when you interact with our ads, or when you access our website. When you access our website or the relevant search engines and other websites participating in the same advertising networks, the information stored in these cookies (Section F) may be read.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot carry out any remarketing or conversion tracking.

90 days

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

GoogleAds

Microsoft Ads

LinkedIn Insight Tag

Profile data

Data that is collected by the relevant marketing tool and stored in a device-related profile (if applicable, depending on your consent to the relevant website operator) when our ads are displayed to you on search engines or on other websites participating in the same advertising network, or when you interact with such ads:

This includes a unique ID assigned to your device and information on our ads that are displayed to you on search engines or on other websites participating in the same advertising network, or that you have interacted with there. This also includes information on use of the relevant search engine or other website.

This can also include hashed contact data (e.g. an email address) that is known to the marketing tool concerned as well as technical information on your device that can be read from it (e.g. screen size).

Collected by the marketing tool on search engines or other websites

-

90 days

Data generated by the marketing tool used on our website and additionally stored in the device-related profile when you visit our website.

This includes the unique ID assigned to your device as well as information about the use of our website, in particular page views, frequency of views, and time spent on viewed pages, including the “conversions” triggered by you.

This can also include hashed contact data (e.g. an email address) entered by you on our website as well as technical information on your device that can be read from it (e.g. screen size).

This also includes the results of the evaluation of this information, in particular the allocation of your device-related profile to certain advertising segments.

Collected by the marketing tool on our website

-

90 days

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories o personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Conversion tracking:

“Conversions” are user activities on our website that are defined by us. “Conversion tracking” is a process recording what happens after our adverts have been shown to you on search engines or on other websites or after you have interacted with our adverts on search engines or on other websites. For example, we can see whether you have subsequently performed a certain action on our website.

If our adverts are displayed to you on search engines or on other websites or if you interact with our adverts, information about this may be collected (if applicable, depending on your consent to the relevant website operator) and stored in a device-related profile. To be able to assign this information to your device, a unique ID may be assigned to your device (if applicable, depending on your consent to the relevant website operator), which is linked to the device-related profile. This ID can (if applicable, depending on your consent to the relevant website operator) be stored in cookies (Section F) on your device. When you subsequently visit our website, the information stored in these cookies can be read. In this way, your device can be recognized using the ID and the information stored in the device-related profile about your visit to our ads can be retrieved and further data can be stored using this ID. This enables us to record information about the use of our website, in particular the “conversions” triggered by you.

Such an assignment can also be made by performing a comparison of hashed contact information instead of via the ID or, where applicable, via a link to your account with the relevant provider (e.g. your Google account if you have activated personalized advertising). In this way, actions taken by you using different devices can also be assigned to you as a unique user.

This allows us to observe which keywords, ads, ad groups, and campaigns lead to the user actions we want. We can also understand how our return on investment (ROI) is generated and make more informed decisions about our advertising expenses. We can also automatically optimize our advertising campaigns according to our business goals.

For Google:

GoogleAds HTTP data

GoogleAds device data

GoogleAds profile data

For Microsoft:

Microsoft Ads HTTP data

Microsoft Ads device data

Microsoft Ads profile data

For LinkedIn:

LinkedIn Insight Tag HTTP data

LinkedIn Insight Tag device data

LinkedIn Insight Tag profile data

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Marketing tool providers

Remarketing:

“Remarketing” (or “retargeting”) means that we can specifically re-address users who have already interacted with our website, for example with ads on search engines or on other websites that participate in the same advertising networks as us.

When you visit our website, information about your use of our website is collected and stored in a device-related profile. In order to associate this information with your device, your device is assigned a unique ID that is linked to the device-related profile. This ID is stored in cookies (Section F) on your device. If you subsequently use search engines with the same device or visit other websites that participate in the same advertising network, your device can be recognized there on the basis of the ID as-signed to it (possibly subject to your consent to the relevant operator of the website) and on the basis of this ID the stored information about the use of our website, including the assignment of your device-related profile to certain advertising segments, can be retrieved. In this way, the provider of the remarketing tool we use can present our ads to you there specifically.

Such an assignment can also be made by performing a comparison of hashed contact information instead of via the ID or, where applicable, via a link to your account with the relevant provider (e.g. your Google account if you have activated personalized advertising). In this way, actions taken by you using different devices can also be assigned to you as a unique user.

In this way, the provider of the remarketing tool we use can present our ads to you there specifically.

For Google:

GoogleAds HTTP data

GoogleAds device data

GoogleAds profile data

For Microsoft:

Microsoft Ads HTTP data

Microsoft Ads device data

Microsoft Ads profile data

For LinkedIn:

LinkedIn Insight Tag HTTP data

LinkedIn Insight Tag device data

LinkedIn Insight Tag profile data

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Marketing tool providers

Profile enrichment by the provider of the remarketing tool used by us:

When you visit search engines or other websites that participate in the same advertising network, the provider of the remarketing tool used by us may add information about your use of that the relevant search engine or other website and information about the ads you are presented with or have interacted with there to the device-related profile in order to enable better personalization.

In addition, the enrichment of profiles enables the provider of the remarketing tool used by us to optimize how various ads are displayed for us and other companies for which it displays ads (e.g. controlling the frequency with which certain ads are displayed).

For Google:

GoogleAds device data

GoogleAds profile data

For Microsoft:

Microsoft Ads device data

Microsoft Ads profile data

For LinkedIn:

LinkedIn Insight Tag device data

LinkedIn Insight Tag profile data

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Marketing tool providers

Personalization of ads:

We and the provider of the remarketing tool used by us personalize our ads specifically for you on the basis of your device-related profile, in particular on the basis of your use of our website.

For this purpose, we analyze the information stored in your profile and on this basis assign your profile to certain advertising segments.

For Google:

GoogleAds profile data

For Microsoft:

Microsoft Ads profile data

For LinkedIn:

LinkedIn Insight Tag profile data

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Marketing tool providers

Determination of billing-relevant factors for ads placed by the provider of the remarketing tool used by us:

The information stored in your device-related profile is also used by the provider of the remarketing tool we use to evaluate the ads displayed to your device that lead to our website via the provider in order to bill us for its services. For the purpose of billing us, the provider must determine the number of visits to our website via these ads and other factors relevant for billing.

For Google:

GoogleAds profile data

For Microsoft:

Microsoft Ads profile data

For LinkedIn:

LinkedIn Insight Tag profile data

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Marketing tool providers

↑ Back to top

VI. Use of the Facebook/Meta Pixel

If you have given your consent, we will use the “Meta Pixel”.

The Meta Pixel enables Meta to collect information about the activities of users of our website. In the course of this, cookies from Meta are used (Section F) that Meta is able to read when you visit our website and other websites, including Facebook. The information gained is used to evaluate the effectiveness of our Meta ads and to form target audiences for our Meta ads. In addition, Meta may use the information for its own purposes or for the purposes of third parties, for example to create target groups for other advertising clients.

By integrating the Meta Pixel, we enable Meta to collect personal data and/or send some personal data to Meta via servers, for which we are jointly responsible with Meta under data protection law in some cases. This data is collected and processed within the sphere of Meta. Meta provides us with evaluations or further information based on the collected data only in aggregated, anonymized form. We are not able to associate the information provided to us with any natural person. We have no knowledge of the details of the processing of personal data within Meta’s area of responsibility. For information about Meta's processing of personal information, please see Meta’s privacy policy: https://www.facebook.com/about/privacy/.

You will find more detailed information on use of the ”Meta Pixel” in the following:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

Meta Pixel HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when using the Meta Pixel deployed on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, functioning of the Meta Pixel is not possible.

We do not collect or store this data ourselves.

This data is collected and processed within the sphere of Meta. The data is deleted as soon as it is no longer needed for processing purposes (as a rule after two years maximum).

Meta Pixel device data

Data that is assigned to your device by the Meta Pixel:

These includes a unique ID to re(identify) recognizing returning visitors.

This data is stored in a cookie on your device (Section F) and can be read when you visit our website. These cookies can also be read (if applicable, depending on your consent to Meta) if you visit the Meta website or another website that uses the Meta Pixel with the same device.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, functioning of the Meta Pixel is impossible or only possible to a limited extent.

We do not collect or store this data our-selves.

This data is collected and processed within the sphere of Meta. The data is deleted as soon as it is no longer needed for processing purposes.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

Meta Pixel event data

Data that Meta collects through the Meta Pixel, which is matched with the unique visitor ID of the visitor stored in the Meta Pixel Device Data:

These include actions that take place on our website (”events“). These include, for example, completing a newsletter registration, performing searches, completing other forms or viewing content, and downloading content (e.g. white papers).

This also includes information related to the actions recorded in each case (“parameters”). These include, for example, the value of purchases made.

This also includes events taking place on other participating websites (e.g. Facebook), such as when are ads are displayed on such sites.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, functioning of the Meta Pixel is impossible or only possible to a limited extent.

We generally do not collect or store this data our-selves.

This data is generally collected and processed within the sphere of Meta. The data is deleted as soon as it is no longer needed for processing purposes (as a rule after two years maximum).

We transmit certain events occurring during use of our site to Meta via servers. The duration of storage is based on the storage duration stated for the specific function of our website specified in this Data Privacy Notice.

Meta Pixel analysis data

Data that Meta generates based on the information collected by the Meta Pixel, which is matched with the unique visitor ID of the visitor stored in the Meta Pixel Device Data:

These include information about the effectiveness of Meta ads and user association to target groups for Meta ads.

Meta may use the information collected to generate additional information for its own purposes or for the purposes of third parties. We have no knowledge of the details of the data generated by Meta.

Independently generated by Meta

-

Meta provides us with analyses or further information based on the collected data only in aggregated, anonymized form. We cannot associate the information provided to us with any natural person.

This data is collected and processed within the sphere of Meta. The data is deleted as soon as it is no longer needed for processing purposes (as a rule after two years maximum).

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Evaluation of the effectiveness of our Meta ads and creating of target groups for our Meta ads:

The ”Meta Pixel“ records actions that users perform on our website (e.g. completing a purchase) and reports these actions to Meta.

Based on the information collected by Meta, Meta provides us with aggregated, anonymized measurement results for our Meta ads. In particular, this enables us to know whether users who receive our Meta advertisements execute certain actions on our website, such as making a purchase (so-called ”conversions“).

In addition, Meta will allow us to reach people who have visited our website or performed a specific action on our website on the basis of information collected by Meta, again via Meta and to optimize our types of target groups (”audiences“).

In addition, Meta enables us to create similar target groups (”lookalike audiences“) for us based on the information collected by Meta in order to reach people with our Meta advertisements who have similar characteristics as the users of our website.

Meta provides us with evaluations or further information based on the collected data only in aggregated, anonymous form. We cannot associate the information provided to us with any natural person. The collection and processing of personal data lies within Meta’s sphere of responsibility. We have no knowledge of the details of the processing of data in Meta’s area of responsibility.

In order to reidentify you on our website (if applicable, depending on your consent to Meta) as well as on the website of Meta and possibly on other websites that use the Meta pixel, cookies (Section F) are stored on your device and read by Meta.

Meta Pixel HTTP data

Meta Pixel device data

Meta Pixel event data

Meta Pixel analysis data

Legal basis allowing the collection of personal data through our website by Meta:

Consent (if the GDPR applies: Article6(1)(a) GDPR)

We do not process personal data in our area of responsibility. We have no knowledge of the details of the processing of data in Meta’ area of responsibility, in particular of the legal basis used by Meta for the processing.

Meta

Evaluation of activities of users of our website for use for Meta’s own purposes or for the purposes of third parties:

Meta may also use the information collected via ”Meta Pixel“ for its own purposes or for the purposes of third parties, for example to create target groups for other advertisement clients.

Meta is responsible for the collection and processing of personal data. We have no knowledge of the details of the processing of data in Meta’s area of responsibility.

In order to reidentify you on our website (if applicable, depending on your consent to Meta) as well as on the website of Meta and possibly on other websites that use the Meta Pixel, cookies (Section F) are stored on your device and read by Meta.

Meta Pixel HTTP data

Meta Pixel device data

Meta Pixel event data

Meta Pixel analysis data

Legal basis allowing the collection of personal data through our website by Meta:

Consent (if the GDPR applies: Article6(1)(a) GDPR)

We do not process personal data in our area of responsibility. We have no knowledge of the details of the processing of data in Meta’s area of responsibility, in particular of the legal basis used by Meta for the processing.

Meta

3. Details of joint controllership

We are jointly responsible with Meta under data protection law for use of the Meta Pixel for certain processing activities, providing that the GDPR applies.

You will find more detailed information on this below:

Joint controllers

Agreement between joint controllers

Meta:

Meta Platforms Ireland Ltd.

Merrion Road, Dublin 4, D04 X2K5, Ireland

We have entered into a joint controllership agreement with Meta in order to set down the various responsibilities to comply with the GDPR for processing as joint controllers (Article26 GDPR).

Under this agreement, we are required to inform you of the following:

· Meta’s contact details and the contact details of Meta’s data protection officer can be found in Meta’s privacy policy.

· Further information on how Meta processes personal data, including information on the legal basis for the processing and the assertion of data protection rights against Meta, can also be found in Meta’s privacy policy.

· Meta is responsible for safeguarding data protection rights under Articles15 to 20 GDPR for the data stored at Meta after joint processing.

Meta’s privacy policy can be found here:

https://www.facebook.com/about/privacy/

We will be happy to provide you with the main points of the agreement between Meta and us on request (contact data Section A. I).

↑ Back to top

VII. Use of the personalized email newsletter

On our website we offer you the possibility to register for our personalized email newsletter (e.g. in separate newsletter registration forms or in connection with standard contact forms or forms for downloading white papers). When you subscribe to the email newsletter, certain information is collected, such as your email address and, if applicable, the type of newsletter selected by you. We process this information to confirm your subscription and to provide the personalized email newsletter. We also store and use this information for evidence purposes for the possible assertion, exercise, or defense of legal claims.

When using the newsletter subscription and unsubscription form from our newsletter on our website, certain information is sent from your device to the web server of our website for technical reasons, for example your IP address. We process this information to provide the newsletter subscription and unsubscription form on our website and to ensure the security of the IT infrastructure used to provide the newsletter subscription and unsubscription form.

In order to provide the newsletter subscription and unsubscription form, information on the current form session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during the use of the newsletter subscription and unsubscription form in order to maintain the current form session.

If you have given your consent to this, we also analyze the usage behavior of newsletter subscribers in our newsletter and create usage profiles when using pseudonyms for the purpose of personalizing the newsletter.

If you have given your consent to this, we will also combine data from your newsletter registration and on the use of our newsletter with prospect profiles, which we create using the personalized web tracking technology “Account Engagement” (formerly “Pardot”). This allows us to personalize our newsletters and other communications with you (Section B. III).

You will find more detailed information on this below:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

Newsletter form HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when accessing the form for subscribing to and unsubscribing from our newsletter on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the newsletter subscription and unsubscription form.

The data is stored in server log files for a maximum period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Newsletter form device data

Data that is assigned to your device when using the form to subscribe to and unsubscribe from the newsletter on our website:

This includes a unique ID for the form session (”session ID“) and the expiry date of the session.

This data is stored in cookies on your device (Section F) and can be read during the use of the newsletter subscription and unsubscription form on our website.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the newsletter subscription and unsubscription form.

We only process the data temporarily for the period the newsletter subscription and unsubscription form is used.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

Newsletter subscription data

Data we collect during the subscription for the newsletter:

These include the following mandatory information: email address

These include the following optional information: title, first name, last name, company name, type of newsletter.

Newsletter subscribers

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the mandatory information is not provided, we cannot provide you with a newsletter.

We store this data as long as you are registered for our newsletter.

In addition, we store this data for evidence purposes for the assertion, exercise, or defense of any legal claims for two years from the time you unsubscribed and in the event of any legal disputes until the dispute has been concluded.

Newsletter opt-in data

Log data that is generated when subscribing to and unsubscribing from the newsletter:

This includes date and time of subscription to the newsletter, and date and time when the registration notification is sent in the double opt-in procedure, date and time of the confirmation of the registration in the double opt-in procedure as well as the IP address of the device used for the confirmation, and date and time of any unsubscription from the newsletter.

Newsletter subscribers

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide you with a newsletter.

We store this data as long as you are registered for our newsletter.

In addition, we store this data for evidence purposes for the assertion, exercise, or defense of any legal claims for two years from the time you unsubscribed and in the event of any legal disputes until the dispute has been concluded.

Newsletter tracking pixel data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) when accessing our newsletter via the “tracking pixels2 contained in the newsletter:

Tracking pixels are small graphics in HTML emails that allow a log file to be recorded and a log file analysis of access to these emails.

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), date and time of the visit. This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Newsletter subscribers

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot carry out any analysis of newsletter usage behavior and cannot personalize newsletters on this basis.

We only store this data as long as you are registered for our newsletter.

Newsletter profile data

Data in usage profiles that we create by analyzing usage behavior regarding the newsletter:

This includes data about the use of the newsletter, in particular links to our website contained in the newsletter that are accessed, access frequency, and time spent in the newsletters accessed.

Independently generated

-

We only store this data as long as you are registered for our newsletter.

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Provision of the newsletter subscription and unsubscription form on our website and acceptance of subscriptions:

For this purpose, HTTP data is temporarily processed on our web server.

For this purpose, HTTP data is temporarily processed on our web server.

In addition, information on the current form session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during the use of the newsletter subscription and unsubscription form in order to maintain the current form session.

Newsletter form HTTP data

Newsletter subscription data

Newsletter opt-in data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of the newsletter subscription and unsubscription form on our website requested by the user.

Website providers

Email newsletter providers

Ensuring the security of the IT infrastructure used for provision of the form, in particular for the detection, elimination, and conclusive documentation of disruptions (e.g. DDoS attacks):

For this purpose, data is temporarily stored and evaluated in log files on our web server.

Newsletter form HTTP data

Newsletter subscription data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is ensuring the security of the IT infrastructure used to provide the form, in particular to identify, eliminate, and preserve evidence of disruptions (e.g. DDoS attacks).

Website providers

Email newsletter providers

”Double opt-in” procedure to confirm the subscription:

For this we send an email message requesting confirmation to the email address provided when registering for the newsletter. Any subscription only becomes effective when the subscriber has confirmed the email address by accessing the confirmation link in the email.

Newsletter form HTTP data

Newsletter subscription data

Newsletter opt-in data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the legally secure documentation of your consent to receipt of the newsletter.

Website providers

Email newsletter providers

Sending of the personalized newsletter to the newsletter subscriber:

We use the optional information provided during subscription for personalizing the newsletter and for a targeted selection of information relevant for the recipient.

If you have given your consent to this,

· the newsletter contents will be personalized on the basis of your use of our newsletter and/or

· on the basis of certain user actions on our website and other information stored in our personalized web tracking technology “Account Engagement” (formerly “Pardot”).

The aim of personalization is to tailor our newsletter contents as far as possible to the topics that we assume will be particularly relevant to you.

Newsletter subscription data

Newsletter opt-in data

If applicable, newsletter profile data

If applicable, Pardot profile data (Section B. III. 1)

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Website providers

Email newsletter providers

Storage and processing for evidence purposes for any assertion, exercise, or defense of legal claims

Newsletter subscription data

Newsletter opt-in data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Website providers

Email newsletter providers

Assertion, exercise, or defense of legal claims, including cooperation with external lawyers

Newsletter subscription data

Newsletter opt-in data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Courts

Lawyers

Analysis of the usage behavior of newsletter subscribers and creation of usage profiles for the purposes of personalizing the newsletter.

In the course of this, we can in particular track clicks on links to our website contained in our newsletter. We are not able to further track the surfing behavior on our website possibly following such a click in this way and are not able to assign it to your newsletter usage profile.

Newsletter subscription data

Newsletter opt-in data

Newsletter tracking pixel data

Newsletter profile data

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Website providers

Email newsletter providers

VIII. Use of online contact forms, including forms for downloading white papers

We offer you the possibility on our website to contact us using contact forms, for example to ask questions, request the release of image material or download a white paper. We process the information provided by you in the contact forms to process your request. Where applicable, we also store and use the information for evidence purposes for any assertion, exercise, or defense of legal claims or in order to comply with statutory document retention obligations, in particular under commercial and tax law.

When the contact forms on our website are used certain information is sent from your device to the web server of our website for technical reasons, for example your IP address. We process this information in order to provide the contact forms on our website and to ensure the security of the IT infrastructure used to provide the contact forms.

In order to provide the contact forms on our website, information on the current contact form session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during the use of the contact forms in order to maintain the current contact form session.

If you have given your consent to this, we will also combine data from your contact form queries with prospect profiles, which we create using the personalized web tracking technology “Account Engagement” (formerly “Pardot”). This enables us to respond better and more individually to your request and to personalize other communications with you (Section B. III).

You will find more detailed information on this below:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

Contact form HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when contact forms are access on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

This also includes data collected from your end device that is required to protect our contact form (e.g. mouse movements or responses to computing tasks sent to your device).

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the content of our website requested by you.

The data is stored in server log files for a maximum period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Contact form device data

Data that is assigned to your end device when you use the contact forms:

This includes a unique ID for the contact form session ("session ID") and the expiry date of the session.

This data is stored in cookies on your device (Section F) and can be read during the use of the contact forms.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide contact forms on our website.

We only process this data temporarily for the duration of use of the relevant contact form.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

Contact form data

Data you provide us with in contact forms on our website:

These include the information you provide to us in the relevant contact form. In particular this could include your name, date of birth, address, telephone number, email address, company name, and the contents of your request.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot process your request.

The data is stored until your request has been dealt with.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of one year commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Provision of the contact forms on our website and receiving queries:

For this purpose, data is processed temporarily on our web server.

For this purpose, in addition, information on the current contact form session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during the use of the contact form in order to maintain the current contact form session.

Contact form HTTP data

Contact form device data

Contact form data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of the contact forms on our website requested by the user.

Website providers

Hosting providers

Ensuring the security of the IT infrastructure used for provision of the form, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks):

For this purpose, data is temporarily stored and evaluated in log files on our web server.

This also includes protecting our contact forms against unwanted automated access by machines (bots) by means of “captchas”, which run in the background of our website and use certain parameters (e.g. the time spent on the registration form, mouse movements or responses to computing tasks directed to your device) to determine whether such automated access or access by a human being is involved.

Contact form HTTP data

Contact form device data

Contact form data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is ensuring the security of the IT infrastructure used for provision of the form, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks).

Website providers

Hosting providers

Processing of your request:

If you have consented to this separately, we will also use information about you that we have stored in our personalized web tracking technology “Account Engagement” (formerly “Pardot”) to process your request (e.g. information about certain user actions on our website and the use of our newsletter) in order to be able to respond better and more individually to your request.

In order to process your request, we may forward your enquiry and, subject to your separate consent, the corresponding Pardot profile data to one of our affiliated companies or to third party sales partners if this is necessary to process your request (e.g. if your company is located in a region for which one of our affiliated companies or a sales partner is responsible).

Contact form data

Where applicable, Pardot profile data (Section B. III. 1)

If your request concerns a contract to which you are party or steps taken prior to entering into a contract:

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR)

Otherwise:

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

In this case, our legitimate interest is the processing of your request.

For optional combination with Pardot profile data:

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Where applicable, one of our affiliated companies or a third-party sales partner

Storage and processing for evidence purposes for the possible assertion, exercise, or defense of legal claims

Contact form data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

-

Assertion, exercise, or defense of legal claims, including cooperation with external lawyers

Contact form data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Courts

Lawyers

Retention of data in order to comply with statutory retention obligations, in particular under commercial and tax law:

Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Contact form data

Fulfilment of a legal obligation (if the GDPR applies: Article6(1)(c) GDPR)

-

↑ Back to top

IX. Participation in seminars and events/event management (eUNIQUE/VENTARI)

On our website, we offer you the opportunity to register for seminars and events using a registration form. We process the information you provide in the registration forms to organize and prepare the seminars or events for which you register. Where applicable, we also store the information and use it for evidence purposes for the possible assertion, exercise, or defense of legal claims or in order to comply with statutory retention obligations, in particular under commercial and tax law.

When you use the registration forms on our website, certain information is sent from your device to our website’s web server for technical reasons, such as your IP address. We process this information to provide the registration forms on our website and to ensure the security of the IT infrastructure used to provide the forms.

To provide the registration forms on our website, information on the current registration form session is stored in cookies (Section F) on your end device. The cookies and the information stored in them can be read during use of the registration forms in order to maintain the current registration form session.

If you have given your consent to this, we will also combine data about your participation in events with prospect profiles that we create using the personalized web tracking technology “Account Engagement” (formerly “Pardot”). This serves to personalize our communications with you, including any follow-up communication on such events (Section B. III).

You will find more detailed information on this below:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

Registration form HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when registration forms are access on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the content of our website requested by you.

The data is stored in server log files for a maximum period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Registration form device data

Data that is assigned to your device when you use the registration forms:

This includes a unique ID for the registration form session (“session ID”) and the expiry date of the session.

This data is stored in cookies on your device (Section F) and can be read during use of the registration forms.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide application forms on our website.

We only process the data temporarily for the duration of use of the relevant application form.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

Master data

This may include above all the following data:

Title, name, gender, address, contact details (such as email address, telephone, and fax number),

Company, possibly different billing address,

Additional personal data (depending on the event), e.g. home address, date of birth.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, it may not be possible to take part in the seminar/event.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims for 12 months from the end of the event and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Employee data

Features of the organizational classification of employees (organizational key, cost code, and personnel number), e.g. to create expense reports.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, it may not be possible to take part in the seminar/event.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims for 12 months from the end of the event and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Event dates

Details of the booked event (name of the event, date, time, costs)

Assigned hotels and travel options for booking resources

Where applicable, special data required for the relevant event, such as travel dates, clothing size, special dietary preferences, passport number (for visa applications), etc.

Any comments/remarks you may have.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, it may not be possible to take part in the seminar/event.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims for 12 months from the end of the event and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Provision of our registration forms on our website and receiving registrations:

For this purpose, data is temporarily processed on our web server.

For this purpose, in addition, information on the current registration form session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during use of the registration form in order to maintain the current registration form session.

Registration form HTTP data

Registration form device data

Master data

Employee data

Event data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of our registration forms requested by the user on our website.

Website providers

Hosting providers

Ensuring the security of the IT infrastructure used for provision of the form, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks):

For this purpose, data is temporarily stored and evaluated in log files on our web server.

Registration form HTTP data

Registration form device data

Master data

Employee data

Event data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is ensuring the security of the IT infrastructure used for provision of the form, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks).

Website providers

Hosting providers

Organization and preparation of the seminars or events you register for

Master data

Employee data

Event data

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR)

Event service providers

Where applicable hotel/venue

Storage and processing for evidence purposes for the possible assertion, exercise, or defense of legal claims

Master data

Employee data

Event data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

-

Assertion, exercise, or defense of legal claims, including cooperation with external lawyers

Master data

Employee data

Event data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Courts

Lawyers

Retention of data in order to comply with statutory retention obligations, in particular under commercial and tax law:

Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Master data

Employee data

Event data

Fulfilment of a legal obligation (if the GDPR applies: Article6(1)(c) GDPR)

-

↑ Back to top

X. Participation in surveys

On our website, we offer you the opportunity to take part in various surveys. We evaluate the information you provide in the surveys in order to improve our services based on the aggregated survey results. It may be necessary to provide contact details in order to participate in certain surveys,. If you have consented to this, we may send you invitations to participate in test panels/surveys, a personalized survey link or reminders to participate in a survey.

When you use the survey forms on our website, certain information is sent from your device to our website’s web server for technical reasons, such as your IP address. We process this information in order to provide the survey forms on our website and to ensure the security of the IT infrastructure used to provide the forms.

To provide the survey forms on our website, information on the current survey form session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during use of the survey forms in order to maintain the current survey form session.

If you have given your consent to this, we will also combine data from your participation or interest in surveys (but not your answers in the surveys) with prospect profiles that we create using the personalized web tracking technology “Account Engagement” (formerly “Pardot”). This allows us to personalize our communications with you (Section B. III).

You will find more detailed information on this below:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

Survey form HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when survey forms are accessed on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Survey participants

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the content of our website requested by you.

The data is stored in server log files for a maximum period of 12 months, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Survey form device data

Data that is assigned to your device when you use survey forms:

This includes a unique ID for the survey session (“session ID”) and the expiry date of the session.

This data is stored in cookies on your device (Section F) and can be read during use of the survey form.

Survey participants

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide survey forms on our website.

We only process the data temporarily for the duration of use of the relevant survey form.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

Contact data

Data that we may collect from you to send invitations, survey links or reminders:

Email address

Information on which surveys we may contact you about.

Survey participants

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, it will not be possible to send invitations, survey links or reminders.

12 months (calculated from the end of the ongoing calendar year)

Survey form data

Data that you provide to us in the survey forms:

This includes, in particular, the information that you provide to us in the relevant survey form as a survey response (e.g. your assessment of your satisfaction with our products) and, depending on the context, any additional fields for specifying your response or for free text.

Depending on the type of survey, this may also include the following data in individual cases, which can usually be provided optionally (except in the case of “test panels”, in which this data is mandatory):

Name, postal address, country

Survey participants

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If mandatory data is not provided, participation in the survey is not possible.

12 months (calculated from the end of the ongoing calendar year)

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Provision of our survey forms on our website and receipt of your responses:

For this purpose, data is temporarily processed on our web server.

For this purpose, in addition, information on the current survey form session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during use of the survey forms in order to maintain the current survey form session.

Survey form HTTP data

Survey form device data

Survey form data

Contact data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of our survey forms requested by the user on our website.

Hosting providers

Survey service providers

Ensuring the security of the IT infrastructure used for provision of the form, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks):

For this purpose, data is temporarily stored and evaluated in log files on our web server.

Survey form HTTP data

Survey form device data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is ensuring the security of the IT infrastructure used for provision of the form, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks).

Hosting providers

Survey service providers

Evaluation of the information provided in the surveys:

We statistically evaluate the answers provided by all participants and thus obtain aggregated statistical information that is no longer related to individual participants. We use these aggregated survey results to improve our product range

To participate in certain surveys (test panels), it is necessary to provide contact details in order to coordinate the test panels. We do not merge this data with the survey responses.

Survey form data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is to receive feedback from our (potential) business partners in order to improve our product range and tailor it to the needs of our (potential) business partners.

Survey service providers

Sending invitations to participate in test panels/surveys, personalized survey links, and reminder emails

Contact data

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Survey service providers

Storage and processing for evidence purposes for the possible assertion, exercise, or defense of legal claims

Survey form data

Contact data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

-

Assertion, exercise, or defense of legal claims, including cooperation with external lawyers

Survey form data

Contact data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Courts

Lawyers

↑ Back to top

XI. Use of the chat function

On our website, we offer you the possibility to contact us via a chat function. We process the information you provide during the dialogue with our chat employees in order to deal with your request. Where applicable, we also store and use the information for evidence purposes for the possible assertion, exercise, or defense of legal claims or for the fulfilment of legal, in particular commercial and tax law, retention obligations.

When using the chat function, certain information is sent from your device to the web server of our chat function for technical reasons, for example your IP address. We process this information to provide the chat function on our website and to ensure the security of the IT infrastructure used to provide the chat function.

To provide the chat function on our website, information about the current chat session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during use of the chat function in order to maintain the current chat session.

You will find more detailed information on this below:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

Chat function HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the chat function is accessed on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we will not be able to provide the chat function.

The data is stored in server log files for a maximum period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Chat function device data

Data that is assigned to your device when you use the chat function:

This includes a unique ID for the chat session (“session ID”) and the expiry date of the session.

This data is stored in cookies on your device (Section F) and can be read during use of the chat function.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we will not be able to provide the chat function.

We only process this data temporarily for the duration of use of the chat function.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

Chat data

Data that you provide to us in dialogs with our chat employees:

This may include above all the following information: name, address, telephone number, email address, and the contents of your request.

Users of our website

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot use them to process your request.

We store the data until your request has been dealt with.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Data that our chat employees communicate to you in dialogs using our chat:

This may include above all the following information: answers to your request.

Independently generated

-

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Provision of the chat function on our website:

For this purpose, data is temporarily processed on the web server for our chat function.

For this purpose, in addition, information on the current chat session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during use of the chat function in order to maintain the current chat session.

Chat function HTTP data

Chat function device data

Chat data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of the chat function.

Chat function providers

Ensuring the security of the IT infrastructure used for provision of the chat function, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks):

For this purpose, data is temporarily stored and evaluated in log files on the web server of our chat function.

Chat function HTTP data

Chat function device data

Chat data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is ensuring the security of the IT infrastructure used to provide the chat function, in particular to identify, eliminate, and preserve evidence of disruptions (e.g. DDoS attacks).

Chat function providers

Processing of your request:

The request you communicate to our chat employees is processed by them and you will generally receive a response to your request straight away in the chat.

If our chat employees are not able to handle your request completely straight away, our customer service will contact you be other means (e.g. by email) in order to process your request further.

Chat data

If your request concerns a contract to which you are party or steps taken prior to entering into a contract:

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR).

Otherwise:

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

In this case, our legitimate interest is the processing of your request.

-

Storage and processing for evidence purposes for the possible assertion, exercise, or defense of legal claims

Chat data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

-

Assertion, exercise, or defense of legal claims, including cooperation with external lawyers

Chat data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Courts

Lawyers

Retention of data in order to comply with statutory retention obligations, in particular under commercial and tax law:

Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Chat data

Fulfilment of a legal obligation (if the GDPR applies: Article6(1)(c) GDPR)

-

XII. Use of the e-shop and “My Phoenix Contact” customer account

If you are a business owner or you act on behalf of a company, you have the possibility to use our e-shop on our website. To be able to use our e-shop, which is targeted exclusively at business customers, you will need to have a “My Phoenix Contact” customer account. We process personal data of users of our e-shop and holders of a “My Phoenix Contact” customer account for the following purposes:

  • Providing our e-shop functions on the website for informational use
  • Creating a customer account for the use of our e-shop as a registered customer and providing the customer account functions on our website, including checking whether you are a business owner or acting on behalf of a company
  • Providing our shopping cart function
  • Performing steps prior to entering into a contract, including generating cost estimates, and performing sales contracts concluded in the e-shop
  • Sending advertising by post to holders of a customer account and customers of our e-shop
  • Managing our purchase price claims in our internal debtor management system
  • Recovering our purchase price claims
  • Rescinding sales contracts in the event of revocation or other reasons for withdrawal
  • Storing data for evidence purposes for any assertion, exercise, or defense of legal claims.
  • Asserting, exercising or defending legal claims
  • Storing data in order to comply with statutory document retention obligations, in particular under commercial and tax law
  • Ensuring the security of the IT infrastructure used for provision of the e-shop, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks)

In order to make the shopping cart and the log-in to the “customer portal” available to you on our website, information necessary for these functions are stored in cookies (Section F). The cookies and the information stored in them can be read during your visit to our website in order to provide you with the relevant function.

You will find more detailed information on this below:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

E-shop HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the e-shop is accessed on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

In connection with our registration form, this also includes data collected from your end device that is required to protect our registration form (e.g. mouse movements).

Users of the e-shop

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the content of our website requested by you.

The data is stored in server log files for a maximum period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Registration data

Data that you provide to us in the relevant registration form on our website in order to register for the e-shop for the first time (opening a customer account).

This includes the following mandatory information: email address, password, first name, last name

Users of the e-shop when registering

Provision of the information marked as mandatory during the registration process is a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the mandatory information is not provided, registration will not be possible.

The data will in principle be saved until you submit a request for deletion.

Documents subject to a statutory retention period will be deleted at the end of the retention period under the applicable law (as a rule 10 years maximum).

Access data will be disabled without undue delay after we gain knowledge that a customer or contact person at a customer has left.

Additional customer account data

Data that you can add to your customer account:

This includes information on your company and function, if applicable your Phoenix Contact customer number, telephone number, invoice and delivery addresses, and payment method (e.g. credit card details).

This also includes product-related information saved by you in your customer account, such as wish lists, projects, or product comparisons.

Users of the e-shop

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot store this data in your customer account for later use. This means that you must provide this data separately if you wish to use certain functions (e.g. specifying the alternative delivery address during a specific order process). If the data is not provided, we may also not be able to open your customer account (if we cannot determine whether you are a business owner or acting on behalf of a company).

The data will in principle be saved until you submit a request for deletion.

Documents subject to a statutory retention period will be deleted at the end of the retention period under the applicable law (as a rule 10 years maximum).

Access data will be disabled without undue delay after we gain knowledge that a customer or contact person at a customer has left.

Login data

Data that is generated when logging into your customer account:

This includes your email address and your password.

This also includes a unique ID for the session in which you are logged into your customer account (“session ID”) and the expiry date of the session. This data is stored in cookies on your device (Section F) and can be read during use of our e-shop.

Users of the e-shop

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot enable you to log into the customer section.

We only process this data temporarily as long as you are logged into your customer account.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

Shopping cart data

Data that is generated when using the shopping cart function:

This includes information on the products which you place in the shopping cart.

This also includes a unique ID for the shopping cart session (“session ID”) and the expiry date of the session. This data is stored in cookies on your device (Section F) and can be read during use of our e-shop.

Users of the e-shop

Provision of the data is a requirement necessary to enter into a sales contract. There is no obligation of the data subject to provide the data.

If the data is not provided, you cannot use the shopping card function. This means that you cannot purchase items from our e-shop.

We only process the data temporarily for the period the shopping cart function is used.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

Contact data

Data that you provide us during the ordering process (including the process for requesting cost estimates) to contact you to process your order:

This includes company, title, first name, last name, postal address (billing address), telephone number, email address, business address, if applicable different delivery address, business contact details, department, and function in the company.

Users of the e-shop

If you are logged into your customer account when using the e-shop, this data will be taken from your customer account.

Provision of the data is a requirement necessary to enter into a sales contract. There is no obligation of the data subject to provide the data.

If the data is not provided, you may not be able to purchase any items from our e-shop.

We store the data until the handling of your order is complete, i.e. until shipping of the ordered item.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Shipping data

Data that you provide us with in the ordering process (including the process for obtaining cost estimates) for shipping your ordered items:

This includes the chosen shipping method and, if applicable, the delivery address entered that differs from the billing address.

Users of the e-shop:

If you are logged into your customer account when using the e-shop, this data will be taken from your customer account.

Provision of the data is a requirement necessary to enter into a sales con-tract. There is no obligation of the data subject to provide the data.

If the data is not provided, you cannot purchase any items from our e-shop.

We store the data until the handling of your order is complete, i.e. until the goods have been shipped.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Payment data

Data that you provide us with in the ordering process (including the process for obtaining cost estimates) for payment of your ordered items:

This includes your chosen payment method and, depending on the chosen payment method, further information that must be provided for that payment method (e.g. bank details, credit card numbers)

Users of the e-shop

If you are logged into your customer account when using the e-shop, you may use the data for select payment methods which you previously stored in your customer account.

Provision of the data is a requirement necessary to enter into a sales contract. There is no obligation of the data subject to provide the data.

If the data is not provided, you cannot purchase any items from our e-shop.

We store the data until the handling of your order is complete, i.e. until the goods have been shipped.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Order data

Information about your order or your request for a cost estimate:

This includes information about the requested items (item name, item number, quantity, size, color, price, currency, order number), store version used, date and time of purchase, and status of your order.

Independently generated

-

We store the data until the handling of your order is complete, i.e. until the goods have been shipped.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

If you have a customer account, we also store this data for the purpose of providing the customer account functions.

Transaction email data

Data from transaction emails that we send for the (re-)processing of your order or your request for a cost estimate (e.g. order acknowledgment):

This includes the content and time of the transaction emails.

Independently generated

-

We store the data until the handling of your order is complete, i.e. until the goods have been shipped.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Debtor data

Data that we process for the administration of our purchase price receivables in our internal accounts receivable management system:

This includes information on current o-pen items, incoming payments, transaction numbers of payment service providers, dunning levels, ongoing collection processes, and returns.

Payment service provider

Debt collection agency

Independently generated

-

We store the data until the handling of your order is complete, i.e. until the goods have been shipped.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Advertising management data

Information on any advertising consents you have given and any objections you may have to advertising:

This includes the date and time of consent, the IP address of the device used for consent, the date and time of any withdrawal of consent, or objection to the processing of personal data for advertising purposes.

Users of the e-shop

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we will not be able to process your consents and/or your objections to advertising.

We store this data as long as consent exists or as long as we carry out advertising measures without consent on the basis of the information provided to you in each case for this advertising.

We also store this data for evidence purposes for the possible assertion, exercise, or defense of legal claims for an interim period of three years from the end of the year in which you have withdrawn your consent or we have ended the relevant advertising measure and in the event of any legal disputes until the dispute has been concluded.

A This also includes the documentation of the information that we have provided to you in order to obtain your consent and/or for advertising that we have carried out without your consent.

Independently generated

-

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Provision of our online shop for informational use:

For this purpose HTTP data is processed temporarily on our web server.

E-shop HTTP data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of our online shop requested by the user for informational use.

Website providers

Hosting providers

Creation of a customer account for the use of our online shop as a registered customer and provision of the customer account functions on our website:

This includes the check on whether you are a business owner or acting on behalf of a company, Provision of the log-in to the customer account, the storage of contact information, addresses, and payment information stored by the customer in the customer account for the use of the online shop. If the customer is logged into the customer account when using the online shop, the information required for the order is prefilled with the information stored in the customer account in order to make the ordering process in the online shop as convenient as possible for the customer.

This also includes displaying details of the orders made in the online shop, in particular the processing and delivery status and details of the ordered items.

Information on the session during which you are logged into your customer account is stored in cookies on your device (Section F) on your device. The cookies and the information stored in them can be read during your use of our online shop in order to maintain the current session.

E-shop HTTP data

Registration data

Additional customer account data

Log-in data

Order data

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR)

Website providers

Hosting providers

Identity management providers

Provision of our shopping cart function:

For this purpose Information on the current shopping cart session is stored in cookies on your device (Section F) on your device. The cookies and the information stored in them can be read during your use of our e-shop in order to maintain the current shopping cart session.

E-shop HTTP data

Shopping cart data

Where placing an item into the shopping cart is used to enter into a contract:

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR)

Otherwise:

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of the functions of our online shop requested by the user.

Website providers

Hosting providers

Performance of steps prior to entering into a contract, including preparing cost estimates, and performance of sales contracts concluded via the online shop:

This includes in particular the receipt of your request for a cost estimate or your order, the handling of the payment, the shipping of the ordered items and the sending of transaction emails to inform you about the status of your cost estimate and/or order.

If you have a customer account for our online shop and are logged into the customer account during the ordering process (including the process for obtaining cost estimates), the information required for the order is pre-filled with the information stored in the customer account in order to make the ordering process in the online shop as convenient as possible for you.

E-shop HTTP data

Shopping cart data

Contact data

Shipping data

Payment data

Order data

Transaction email data

For customers who are logged into their customer account, additionally:

Registration data

Additional customer account data

Log-in data

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR)

Website providers

Hosting providers

Email providers

Payment providers

Shipping service providers

Identity management providers

Sending advertising by post to holders of a customer account and customers of our online shop:

If you have created a customer account in our online shop or have placed an order as a ”guest“, we may send you interesting offers and information about our products by post, unless you have objected.

We may use information about your previous orders to design the content of this advertising based on your interests.

Registration data

Contact data

Order data

Advertising management data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the promotion of our products to holders of a customer account and to customers of our e-shop.

Website providers

Hosting providers

Email providers

Administration of our purchase price claims in our internal debtor management system

Contact data

Debtor data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is administering our purchase price claims in an orderly manner.

Website providers

Hosting providers

Recovery of our purchase price claims

Contact data

Debtor data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the recovery of our purchase price claims.

Debt collection service providers

Rescission of purchase agreements in the event of cancellation or other reasons for reversal:

We use the same payment method that you used for the payment of the purchase price to refund the price.

Contact data

Shipping data

Payment data

Order data

Transactional email data

Debtor data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the rescission of purchase agreements.

Website providers

Hosting providers

Email providers

Retention for evidence purposes for any assertion, exercise, or defense of legal claims

Contact data

Shipping data

Payment data

Order data

Transactional email data

Debtor data

Advertising management data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Website providers

Hosting providers

Assertion, exercise, or defense of legal claims, including cooperation with external lawyers

Contact data

Shipping data

Payment data

Order data

Transactional email data

Debtor data

Advertising management data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Courts

Lawyers

Retention in order to comply with statutory document retention obligations, in particular under commercial and tax law:

Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Contact data

Shipping data

Payment data

Order data

Transactional email data

Debtor data

Fulfilment of a legal obligation (if the GDPR applies: Article6(1)(c) GDPR)

Website providers

Hosting providers

Ensuring the security of the IT infrastructure used for provision of the online shop, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks):

For this purpose, data is temporarily stored and evaluated in log files on our web server.

This also includes protecting our registration form from unwanted automated access by machines (bots) by means of “captchas”, which run in the background of our website and use certain parameters (e.g. the time spent on the registration form or mouse movements) to determine whether such automated access or access by a human being is involved.

E-shop HTTP data

Log-in data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is ensuring the security of the IT infrastructure used for provision of the form, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks).

Website providers

Hosting providers

Captcha provider

Identity management providers

↑ Back to top

XIII. Use of the supplier portal

On our website, we offer you the opportunity to register on our supplier portal. We process the information you provide in the registration form in order to check whether your company is eligible to be our supplier and, if so, to give you access to our supplier portal.

We process information on the suppliers registered with us in order to cover the need for externally procured materials, investments, and services as well as to select optimal sources of supply, reduce the procurement risk, carry out quality assurance, minimize default risks (supplier or goods), and to ensure the company’s production capability. You can find more information on this in Section E.

Where applicable, we also store and use the information for evidence purposes for the possible assertion, exercise, or defense of legal claims or in order to comply with statutory retention obligations, in particular under commercial and tax law.

When you use the registration forms on our website, certain information is sent from your device to our website’s web server for technical reasons, such as your IP address. We process this information to provide the registration form on our website and to ensure the security of the IT infrastructure used to provide the form.

To provide the registration form for the supplier portal and the log-in to the supplier portal, information on the session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during use of our website in order to maintain the current session.

You will find more detailed information on this below:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

Registration form HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the registration form is accessed on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Users of the supplier portal when registering

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the content of our website requested by you.

The data is stored in server log files for a maximum period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Registration form device data

Data that is assigned to your device when you use the registration form:

This includes a unique ID for the registration form session (“session ID”) and the expiry date of the session.

This data is stored in cookies on your device (Section F) and can be read during use of the registration form.

Users of the supplier portal when registering

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the registration form on our website.

We only process the data temporarily for the duration of use of the relevant registration form.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

Registration form data

Data that you provide to us in the registration form for our supplier portal or that you may add/change later in the supplier portal:

This includes personal information about you, such as: salutation, name, title, department and function in the company, language, country, and contact details (telephone number, fax number, email address).

This also includes information about the company you wish to register as a supplier, such as company name, addresses, contact de-tails, information on products and delivery areas as well as any attachments to the registration, and comments in free text (e.g. company presentations, catalogs, etc.).

Users of the supplier portal during registration and, where applicable, after registration

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data shown as mandatory fields in the registration form is not provided, we will not be able to register you in the supplier portal. You can provide other data voluntarily so that we can keep it on record. Should we need data that is not specified, we will get in touch with you.

The master data of a supplier is stored in the system for as long as a contractual relationship exists or cannot be ruled out for the future.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Supplier portal HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the supplier portal is accessed on our website:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Users of the supplier portal

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot provide the content of our website requested by you.

The data is stored in server log files for a maximum period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Supplier portal account data

Access data for your account: email address and password

Independently generated

-

The master data of a supplier is stored in the system for as long as a contractual relationship exists or cannot be ruled out for the future.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

Supplier portal log-in data

Data that is generated when you log into your supplier account:

This includes your email address and your password.

This also includes a unique ID for the session during which you are logged into your supplier account (“session ID”) and the expiry date of the session. This data is stored in cookies on your device (Section F) and can be read during use of our supplier portal.

Users of the supplier portal

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we cannot enable you to log into the customer portal.

We only process the data temporarily as long as you are logged into your customer account.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Provision of our registration form for the supplier portal on our website and acceptance of registrations:

For this purpose, data is temporarily processed on our web server.

For this purpose, in addition, information on the current registration form session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during use of the registration form in order to maintain the current registration form session.

Registration form HTTP data

Registration form device data

Registration form data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of our website content accessed by the user.

In the case of registration:

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR)

Website providers

Hosting providers

Checking whether your company is eligible to become our supplier and, where applicable, setting up a supplier account to use our supplier portal

Registration form data

Supplier portal account data

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR)

Website providers

Hosting providers

Provision of the supplier account functions on our website:

This includes providing the login to the supplier account. In the supplier account, registered suppliers can view the data stored about their company and themselves (such as contact information, addresses and company information) and adjust/update it if necessary.

For this purpose, HTTP data is temporarily processed on our web server.

Information about the session during which you are logged into your supplier portal account is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read while you are using our supplier portal in order to maintain the current session.

Supplier portal HTTP data

Registration form data

Supplier portal account data

Supplier portal log-in data

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR)

Website providers

Hosting providers

Ensuring the security of the IT infrastructure used for provision of the registration form, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks)

For this purpose, data is temporarily stored and evaluated in log files on our web server.

Registration form HTTP data

Registration form device data

Registration form HTTP data

Supplier portal HTTP data

Supplier portal account data

Supplier portal log-in data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is ensuring the security of the IT infrastructure used for provision of the form, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks).

Website providers

Hosting providers

Storage and processing for evidence purposes for the possible assertion, exercise, or defense of legal claims

Registration form data

Supplier portal account data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

-

Assertion, exercise, or defense of legal claims, including cooperation with external lawyers

Registration form data

Supplier portal account data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Courts

Lawyers

Retention of data in order to comply with statutory retention obligations, in particular under commercial and tax law:

Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Registration form data

Fulfilment of a legal obligation (if the GDPR applies: Article6(1)(c) GDPR)

-

XIV. Use of our blogs

When the use of the blog is purely for informational purposes, certain information, for example your IP address, is sent to our website’s web server by your device for technical reasons. We process this information in order to provide the content on our blog requested by you and to ensure the security of the IT infrastructure used to provide our blog.

You also have the option of subscribing to our email messages on new blog articles. When you register, certain information is collected, such as your email address. We process this information to confirm your subscription and to provide you with email messages on new blog articles.

You also have the option of providing ratings and/or comments on our blog articles so that we can publish them on the relevant blog articles.

We store and use the information you provide in the context of subscriptions or publications for evidence purposes for the possible assertion, exercise, or defense of legal claims.

You will find more detailed information on this below:

1. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

Blog HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when our blog is accessed:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Users of our blogs

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we will not be able to provide our blog.

The data is stored in server log files for a maximum period of seven days, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Blog subscription data

Data that we collect when you subscribe to our blog articles:

This includes the following mandatory information: email address.

This also includes the following optional information: name.

Users of our blogs

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the mandatory information is not provided, we cannot send you any information about new blog articles by email.

We store this data for as long as you are registered for the subscription.

In addition, we store this data for evidence purposes for the assertion, exercise, or defense of any legal claims for two years from the time you unsubscribed and in the event of any legal disputes until the dispute has been concluded.

Blog opt-in data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when subscribing to and unsubscribing from our blog articles:

This includes date and time of subscription, date and time when the registration notification is sent in the double opt-in procedure, date and time of the confirmation of the registration in the double opt-in procedure as well as the IP address of the device used for the confirmation, and date and time of any unsubscription.

Users of our blogs

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the mandatory information is not pro-vided, we cannot send you any information about new blog articles by email.

We store this data for as long as you are registered for the subscription.

In addition, we store this data for evidence purposes for the assertion, exercise, or defense of any legal claims for two years from the time you unsubscribed and in the event of any legal disputes until the dispute has been concluded.

Ratings data

Data generated when you review a blog article:

This includes the number of stars you have awarded.

Users of our blogs

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, you will not be able to submit a rating.

We store this data permanently but only in anonymous form.

Comments data

Data that is generated when a comment is published on our blog:

This includes the following mandatory information: comments text.

This also includes the following optional information: name, email address, website.

Users of our blogs

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we will not be able to publish your comments or any additional optional information.

We store this data until it is no longer required, i.e. basically as long as the relevant blog post is online or until you ask us to delete it.

In addition, we store this data for evidence purposes for the assertion, exercise, or defense of any legal claims for two years from completion of the publication and in the event of any legal disputes until the dispute has been concluded.

2. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Provision of the relevant blog for informational use:

For this purpose, HTTP data is temporarily processed on our web server.

Blog HTTP data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of the blog accessed by the user for informational use.

Website providers

Hosting providers

Provision of the form for subscribing to and unsubscribing from our blog articles and acceptance of subscriptions:

For this purpose, HTTP data is temporarily processed on our web server.

Blog HTTP data

Blog subscription data

Blog opt-in data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of the form accessed by the user to subscribe to and unsubscribe from our blog articles.

Website providers

Hosting providers

Ensuring the security of the IT infrastructure used for our blog, in particular for the detection, elimination and conclusive documentation of incidents (e.g. DDoS attacks)

For this purpose, data is temporarily stored and evaluated in log files on our web server.

Blog HTTP data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is ensuring the security of the IT infrastructure used for provision of our blog, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks).

Website providers

Hosting providers

”Double opt-in” procedure to confirm the subscription:

For this purpose, we send an email message requesting confirmation to the email address provided during registration. A subscription only becomes effective when the subscriber confirms the email address by clicking on the confirmation link contained in the email.

Blog HTTP data

Blog subscription data

Blog opt-in data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the legally secure documentation of your consent to receipt of messages about new blog articles.

Website providers

Email providers

Sending email messages about new blog articles

Blog subscription data

Blog opt-in data

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Website providers

Email providers

Receipt and publication of your ratings and/or comments:

We only publish ratings as an aggregated overall rating, i.e. without personal data about you.

We publish comments with the data you provide. You can also submit a comment without personal data or, for example only with your first name or under an alias.

Blog HTTP data

Ratings data

Comments data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is publication of the ratings and/or comments you have submitted for publication.

Website providers

Hosting providers

Storage and processing for evidence purposes for the possible assertion, exercise, or defense of legal claims

Blog subscription data

Blog opt-in data

Ratings data

Comments data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Website providers

Email providers

Assertion, exercise, or defense of legal claims, including cooperation with external lawyers

Blog subscription data

Blog opt-in data

Ratings data

Comments data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Courts

Lawyers

↑ Back to top

C. Information on the processing of personal data on our portals (including PROFICLOUD, PLCnext Store, mGuard Secure Cloud, Grovez.io and Empolis)

Outside of our website, we offer various portals, including PROFICLOUD, PLCnext Store, mGuard Secure Cloud, Grovez.io and Empolis . You will find a link to this Data Privacy Notice on each of our portals to which this Data Privacy Notice applies.

When the use of the relevant portal is purely for informational purposes, certain information, for example your IP address, is sent to our portals’ web server by your device for technical reasons. We process this information in order to provide the content on our portals requested by you and to ensure the security of the IT infrastructure used to provide our portals.

You have the option of registering on the portals, i.e. creating an account. We process the information you provide in the registration form in order to complete your registration and give you access to the relevant portal and use of the functions requiring registration (e.g. management of technical devices).

Where applicable, we also store and use the information for evidence purposes for any assertion, exercise, or defense of legal claims or in order to comply with statutory document retention obligations, in particular under commercial and tax law.

To provide the registration forms and log-in on the relevant portal, information about the current session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during use of the portal in order to maintain the current session.

You will find more detailed information on this below:

I. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

Portal HTTP data

Log data that is generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the relevant portal is accessed:

This includes IP address, type, and version of your internet browser, operating system used, site accessed, site accessed before visiting the site (referrer URL), and date and time of the visit.

Users of the relevant portal

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we will not be able to provide the content you have requested on the relevant portal.

The data is stored in server log files for a maximum period of 18 months, unless a security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, server log files are stored until the security-relevant event has been eliminated and completely resolved.

Registration form device data

Data that is assigned to your device when you use the registration form:

This includes a unique ID for the registration form session (“session ID”) and the expiry date of the session.

This data is stored in cookies on your device (Section F) and can be read during use of the registration form.

Users of the relevant portal

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we will not be able to provide the registration form on the relevant portal.

We only process the data temporarily for the duration of use of the relevant registration form.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

Registration form data

Data that you provide to us in the registration form for the relevant portal or that you may add/change later in that portal:

This includes personal information about you, such as: salutation, name, title, department and function in the company, language, country, and contact details (telephone number, fax number, email address).

This also includes information about the company you wish to register, such as company name, address, and contact details.

Users of the relevant portal

Provision of the information marked as mandatory during the registration process is a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the mandatory data is not provided, registration will not be possible.

The data will be stored in the system as long as an account exists.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Account data

Address data for your account: email address and password

Users of the relevant portal

Provision of the information marked as mandatory during the registration process is a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, registration will not be possible.

The data will be stored in the system as long as an account exists.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

Log-in data

Data that is generated when you log into your account for the relevant portal:

This includes your email address and password.

This also includes a unique ID for the session during which you are logged into your account (“session ID”) and the expiry date of the session. This data is stored in cookies on your device (Section F) and can be read during use of the relevant portal.

Users of the relevant portal

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we will not be able to enable you to log in.

We only process this data temporarily as long as you are logged into your account.

(You can find more information on the lifetimes of the cookies stored on your device in Section F. III.)

Account content data

Data that you save in your account or that is automatically saved in your account.

Depending on the specific function of the relevant portal, this may include data for managing devices through your account.

Users of the relevant portal

Provision of the data is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, you may not be able to use all the functions of the account.

The data will be stored in the system as long as an account exists.

We store this data for evidence purposes for the assertion, exercise, or defense of any legal claims and also for an interim period of three years commencing at the end of the year in which you provide the data to us and in the event of any legal disputes until the dispute has been concluded.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

II. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Provision of the relevant portal for informational use:

For this purpose, HTTP data is temporarily processed on our web server.

Portal HTTP data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of the portal accessed by the user for informational use.

Website providers

Hosting providers

Provision of our registration form for the relevant portal and acceptance of registrations:

For this purpose, data is temporarily processed on our web server.

For this purpose, in addition, information on the current registration form session is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during your use of the registration form in order to maintain the current registration form session.

Portal HTTP data

Registration form device data

Registration form data

Account data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is provision of our registration forms accessed by the user.

In the case of registration:

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR)

Website providers

Hosting providers

Provision of the account functions of the relevant portal that require registration:

This includes providing the log-in to the relevant portal. In the account, registered users can update registration data if necessary and use the functions of the portal (e.g. to manage devices).

For this purpose, HTTP data is temporarily processed on our web server.

Information on the session during which you are logged into your account is stored in cookies (Section F) on your device. The cookies and the information stored in them can be read during your use of the relevant portal in order to maintain the current session.

Portal HTTP data

Registration form data

Account data

Log-in data

Account content data

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR)

Website providers

Hosting providers

Ensuring the security of the IT infrastructure used for provision of portal concerned, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks)

For this purpose, data is temporarily stored and evaluated in log files on our web server.

Portal HTTP data

Registration form device data

Account data

Log-in data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is ensuring the security of the IT infrastructure used for provision of portal concerned, in particular for the detection, elimination, and conclusive documentation of incidents (e.g. DDoS attacks).

Website providers

Hosting providers

Storage and processing for evidence purposes for the possible assertion, exercise, or defense of legal claims

Registration form data

Account data

Account content data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

-

Assertion, exercise, or defense of legal claims, including cooperation with external lawyers

Registration form data

Account data

Account content data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Courts

Lawyers

Retention of data in order to comply with statutory retention obligations, in particular under commercial and tax law:

Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Registration form data

Account content data

Fulfilment of a legal obligation (if the GDPR applies: Article6(1)(c) GDPR)

-

↑ Back to top

D. Information on the processing of personal data on our social media presences

We do not use any automatically activated plug-ins (e.g. iFrames) of social networks on our websites. Our social network buttons such as Facebook, Twitter, Xing, LinkedIn, YouTube, Instagram etc. are mere links to the sites of the provider or activate the desired cloud service. Once you click on these links, you will be redirected to the pages of the social network or the specific cloud service is activated. Please note that once you are on the websites of the social network websites or cloud services, their privacy policies will be applicable.

In addition, we have an online presence in some of these social networks and platforms to promote our business, inform interested parties/users about our products and services and to communicate with them. On some of these platforms, user data is processed outside the European Union (EU), even in countries where no data protection level comparable to that of the EU can be guaranteed. Your personal data is often used for the platform's own purposes, e.g. for market research and advertising purposes or to analyze user behavior for the creation of user profiles. To this end, cookies from these platforms are usually stored on the user's device.

Although we do not have access to the profile data processed by the platforms, we may be a joint controller for the data processing under the relevant data protection laws. The personal data of the users is processed based on our legitimate interests in simple information and communication with the users (if the GDPR applies: Article6(1)(f) GDPR). For further information, please contact our designated point of contact (under Section A).

For detailed information on the processing of your personal data and possible opt-out options, please refer to details of the social media platforms linked below:

  • Facebook

If the GDPR applies: on the basis of an agreement on joint controllership pursuant to Article26 GDPR.

Privacy policy at: https://www.facebook.com/about/privacy

Opt-out at: https://www.facebook.com/settings?tab=ads

  • Instagram

Privacy policy at: http://instagram.com/about/legal/privacy

Opt-out at: http://instagram.com/about/legal/privacy/ (Ziffer VI.)

  • YouTube / Google (Maps)

Privacy policy at: https://www.google.de/intl/de/policies/privacy/

Opt-out at: https://adssettings.google.com

  • Vimeo

Privacy policy at: https://vimeo.com/privacy

Opt-out at: https://vimeo.com/privacy#your_privacy_choices

  • Twitter

Privacy policy at: www.twitter.com/privacy

Opt-out at: https://twitter.com/personalization

  • LinkedIn

Privacy policy at: https://www.linkedin.com/legal/privacy-policy

Opt-out at: https://privacy.linkedin.com/de-de/settings?lr=1

  • XING

Privacy policy at: https://privacy.xing.com/de/

Opt-out at: https://privacy.xing.com/de/

  • io

Privacy policy at: https://walls.io/privacy

Opt-out at: https://walls.io/privacy

↑ Back to top

E. Information on the processing of personal data of potential business partners (leads), our existing business partners, and their employees

In connection with our business activities, we process the personal data of potential business partners (leads), our existing business partners and their employees.

Business partners are all natural or legal persons with which we maintain business relations. These in particular include our customers, suppliers and distribution partners. Data of our business partners can be personal data if the business partners are natural persons. Personal data is also data concerning employees of our business partners.

We process data of potential business partners (leads), our existing business partners and their employees for the following purposes:

  • Determining potential business partners (leads) and initiating business relationships, including establishing initial contact with the objective of establishing a business relationship
  • Identifying our business partners
  • Screening sanctions lists in order to fulfil legal obligations
  • Taking steps prior to entering into a contract, including pre-contractual communications and preparation of quotes and cost estimates
  • Assessing our business partner’s credit-worthiness as well as setting and monitoring credit limits for our customers
  • Performing contracts with our business partners, including pre-contractual communications, exchange of services, invoicing, and payment processing
  • Conducting proper accounting and document retention in order to comply with contractual and statutory, in particular commercial and tax law document retention obligations
  • Retaining documents for evidence purposes for the establishment, exercise, and defense of legal claims
  • Establishing, exercising, or defending of legal claims, including cooperation with external lawyers
  • Cooperating with external tax consultants and/or public accountants in order to comply with statutory obligations
  • Cooperating with supervisory authorities, courts, and other public bodies in order to comply with statutory obligations
  • Engaging in business relationship management, including establishing contact to our business partners and maintaining the relationship with our business partners, and adapting our services to the needs and wishes of our business partners

You will find more detailed information on this below:

I. Details of the personal data that is processed

Categories of personal data processed

Personal data included in the categories

Sources of the data

Obligation of the data subject to provide the data

Storage duration

Lead data

Company name

Industry

Name

Function

Business contact details (address, email address, telephone number)

(Potential) business partners (leads)

Provision is not a statutory or contractual requirement. There is no obligation of the data subject to provide the data.

Provision may be necessary to enter into a contract. If the data is not provided, it may not be possible to initiate a business relationship.

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

(Existing) business partners

Other third parties

Publicly accessible sources (e.g. websites, trade directories)

-

Master data

Company name

Registered office of the company

Register number

VAT ID number

Business identification number

Industry

Business partners

Provision is generally not a statutory or contractual requirement. The data subject is generally not obligated to provide the data.

Provision is generally necessary to enter into a contract. If the data is not provided, it may not be possible to enter into or perform a contract.

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Customer number(s)

Supplier number(s)

Generated by us

-

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

KYC data

Data that we collect as part of the know-your-customer process (KYC process):

This includes information on the ownership structure and the economic beneficiary of our business partners:

Business partners

Provision may be a statutory or contractual requirement. There may be an obligation of the data subject to provide the data.

Provision may be necessary to enter into a contract. If the data is not provided, it may not be possible to enter into or perform a contract.

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Commercial register

-

Contact data

Name

Function

Business contact data (address, email address, telephone number, fax number)

Business partners

Provision may be a statutory or contractual requirement. There may be an obligation of the data subject to provide the data.

Provision may be necessary to enter into a contract. If the data is not provided, it may not be possible to enter into or perform a contract.

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Bank account details

Account holder

Bank

IBAN

BIC

Business partners

Provision is not a statutory requirement; however it may be a contractual requirement. The data subject may be obligated to provide the data.

Provision may be necessary to enter into a contract. If the data is not provided, it may not be possible to enter into or perform a contract.

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Communications data

Contents of business communication with our business partners:

In particular by post, e-mail, telephone, fax.

Business partners

Provision is not a statutory or contractual requirement. There is no obligation of the data subject to provide the data.

Provision may be necessary to enter into a contract. If the data is not provided, it may not be possible to enter into or perform a contract.

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Circumstances of business communication with our business partners, in particular those involved, time and duration

Generated by us

-

Credit assessment data

Data that we use to assess the credit-worthiness of our business partners:

These include in particular credit scores provided by credit agencies and information on the due payment of debts, generated by us.

Credit agencies

Generated by us

-

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Contract data

Data we receive from our business partners in order to take steps prior to entering into a contract and/or to perform contracts with our business partners

Business partners

Provision of the data is not a statutory or contractual requirement. There is no obligation of the data subject to provide the data.

Provision may be necessary to enter into a contract. If the data is not provided, it may not be possible to enter into or perform a contract.

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Data from written (including electronic) contract documents that we receive from our business partners

Business partners

Provision of the data is not a statutory or contractual requirement. There is no obligation of the data subject to provide the data.

Provision may be necessary to enter into a contract. If the data is not provided, it may not be possible to enter into or perform a contract.

Data that we may receive from third parties in order to take steps prior to entering into a contract and/or to perform contracts with our business partners

Third parties

-

Data from written (including electronic) contract documents that we create

Generated by us

-

Invoice data

Data from invoices and payment reminders that we receive from our business partners, in particular date, invoice items and invoice amounts

Business partners

Provision may be a statutory or contractual requirement. There may be an obligation of the data subject to provide the data.

The provision is not necessary to enter into a contract.

If the data is not provided, invoicing may not be possible.

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Data that we generate automatically for invoicing purposes, in particular the content of internal time records and activity reports

Generated by us

-

Data from invoices and payment reminders that we create, in particular date, invoice items and invoice amounts

Generated by us

-

Payment data

Data concerning payment processes, in particular data and payment amounts

Generated by us

-

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Record data

Data from records concerning the business content of appointments and meetings with our business partners that we prepare for the maintenance of the business relationship

Generated by us

-

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Analysis data

Data from analyses of the business structure of the companies of our business partners that we prepare for the strategic alignment of our business relationships

Generated by us

-

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

Survey data

Responses to our surveys for voluntary assessments of the business relationship from the business partner’s perspective

Business partners

Provision is not a statutory or contractual requirement or a requirement necessary to enter into a contract. There is no obligation of the data subject to provide the data.

If the data is not provided, we will not be able to take any survey results of this business partner into account. This does not otherwise affect the business relationship.

We store the data until the purposes of processing this data specified below have been achieved.

We also store this data to the extent that statutory obligations to do so, in particular commercial and tax law document retention obligations, exist. Depending on the document type, commercial and tax law document retention obligations of six or ten years can exist.

II. Details of the processing of the personal data

Purpose of processing the personal data

Categories of personal data processed

Legal basis and, where applicable, legitimate interests

Recipients
(further details Section H)

Determination of potential business partners (leads) and initiation of business relationships, including establishing initial contact with the objective of establishing a business relationship:

Depending on the kind of business relationship sought, the determination of potential business partners and the establishment of initial contact can in certain cases require cooperation with other companies from our corporate group or companies outside our corporate group.

If you have consented to this separately, we will also use information about you that we have stored in our personalized web tracking technology “Account Engagement” (formerly “Pardot”) in this context (e.g. information about certain user actions on our website and the use of our newsletter) in order to be able to respond better and more individually to your request.

Lead data

Pardot profile data (Section B. III)

The legal basis for the determination of potential business partners and the initiation of business relationships is in principle:

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the establishment of new business relationships.

Depending on the circumstances of the individual case, the legal basis for establishing contact with leads, in particular the type of initial contact with the relevant lead, can be:

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Otherwise:

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR)

Otherwise:

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the establishment of new business relationships.

Our affiliated companies

Cooperating companies outside our corporate group

CRM service providers

IT service providers

Identification of our business partners

Master data

KYC data

Fulfilment of a legal obligation (if the GDPR applies: Article6(1)(c) GDPR)

Otherwise:

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is knowing who our business partners are.

Identification service provider

IT service providers

Screening of sanctions list in order to fulfil legal obligations:

We are obligated to screen sanctions lists for each business partner from whom we receive payments or to whom we make payments. If this screening of sanctions lists is positive after comparing the name of the contact person at the business partner and, if applicable, his or her date of birth and address with a publicly accessible “terror list”, we are obligated to transmit this to the Federal Office of Economics and Export Control (BAFA) for further clarification.

Master data

Contact data

KYC data

Fulfilment of a legal obligation (if the GDPR applies: Article6(1)(c) GDPR).

Federal Office of Economics and Export Control (BAFA)

IT service providers

Taking steps prior to entering into a contract, including pre-contractual communication and preparation of quotes and cost estimates:

Depending on the services provided, cooperation with other companies in our corporate group or companies outside our corporate group may take place in individual cases in order to take steps prior to entering into a contract.

Master data

Contact data

Communications data

Contract data

If the data subject is our (potential) business partner:

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR)

If the data subject is not our (potential) business partner:

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is taking steps prior to entering into a contract at the request of our (potential) business partner.

Our affiliated companies

Cooperating companies outside our corporate group

Shipping service providers

IT service providers

Assessing our business partners’ creditworthiness as well as setting and monitoring credit limits for our customers:

Prior to entering into a contract with our business partners, we may assess our business partners’ creditworthiness and set credit limits for our customers. We regularly monitor the creditworthiness and credit limits for our customers until payment has been made in full.

Depending on the services provided, cooperation with other companies in our corporate group or companies outside our corporate group may take place in individual cases for assessing our business partners’ creditworthiness as well as setting and monitoring credit limits for our customers.

Master data

Contact data

Communications data

Credit assessment data

Contract data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is safeguarding the collection of receivables.

Our affiliated companies

Cooperating companies outside our corporate group

Credit agencies

IT service providers

Performance of contracts with our business partners, including pre-contractual communication, exchange of services, invoicing and payment processing:

Depending on the services provided cooperation with other companies in our corporate group or companies outside our corporate group may be required.

Master data

Contact data

Bank account data

Communications data

Contract data

Invoice data

Payment data

If the data subject is our business partner:

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR).

If the data subject is not our business partner:

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the performance of the contract with our business partner.

Our affiliated companies

Cooperating companies outside our corporate group

Shipping service providers

Invoicing and payment processing service providers

IT service providers

Proper accounting and document retention in order to comply with statutory document retention obligations, in particular under commercial and tax law

Master data

KYC data

Contact data

Bank account data

Communications data

Contract data

Invoice data

Payment data

Fulfilment of a legal obligation (if the GDPR applies: Article6(1)(c) GDPR):

In particular compliance with statutory requirements for proper accounting and statutory, especially professional, commercial, and tax law document retention obligations.

If the data subject is our business partner, the following also applies:

Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (if the GDPR applies: Article6(1)(b) GDPR).

If the data subject is not our business partner, the following also applies:

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the performance of the contract with our business partner.

Accounting service providers

Archiving service providers

IT service providers

Document retention for evidence purposes for the establishment, exercise, and defense of legal claims

Master data

KYC data

Contact data

Bank account data

Communications data

Contract data

Record data

Invoice data

Payment data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Archiving service providers

IT service providers

Assertion, exercise, or defense of legal claims, including cooperation with external lawyers

Master data

KYC data

Contact data

Bank account data

Communications data

Contract data

Invoice data

Payment data

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the assertion, exercise, or defense of legal claims.

Courts

Lawyers

IT service providers

Cooperation with external tax consultants and/or public accountants in order to comply with statutory obligations

Master data

KYC data

Contact data

Bank account data

Communications data

Contract data

Invoice data

Payment data

Fulfilment of a legal obligation (if the GDPR applies: Article6(1)(c) GDPR)

Tax consultants

Public accountants

IT service providers

Cooperation with supervisory authorities, courts, and other public bodies in order to comply with statutory obligations

Master data

KYC data

Contact data

Bank account data

Communications data

Contract data

Invoice data

Payment data

Fulfilment of a legal obligation (if the GDPR applies: Article6(1)(c) GDPR)

Supervisory authorities and other public bodies

IT service providers

Business relationship management, including establishing contact to inform our business partners and maintaining the relationship with our business partners, and adapting our services to the needs and wishes of our business partners:

If you have consented to this separately, we will also use information about you that we have stored in our personalized web tracking technology “Account Engagement” (formerly “Pardot”) in this context (e.g. information about certain user actions on our website and the use of our newsletter) in order to be able to respond better and more individually to your request.

Master data

Contact data

Communications data

Contract data

Record data

Analysis data

Survey data

Pardot profile data (Section B. III)

The legal basis for the business relationship management is in principle:

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is the maintenance and strategic alignment of the relationship with our business partners, and adapting our services to the needs and wishes of our business partners.

Depending on the circumstances of the individual case, the legal basis for establishing contact with leads, in particular the type of initial contact with the relevant lead, can be:

Consent (if the GDPR applies: Article6(1)(a) GDPR)

Otherwise:

Pursuing legitimate interests under balancing of interests (if the GDPR applies: Article6(1)(f) GDPR):

Our legitimate interest is informing our business partners.

CRM service providers

IT service providers

↑ Back to top

F. Information on the use of cookies or similar technologies

We use cookies in connection with our website, including our portals. In doing so, we use the processing and storage functions of your device’s browser and collect information from the memory of your device’s browser.

You will find more detailed information on this below.

I. General information on cookies

Cookies are small text files with information that can be placed on a user’s device through its browser when a website is visited. When the relevant website is visited again with the same device, the cookie and the information it contains can be retrieved

1. First-party and third-party cookies

Depending on where a cookie comes from, a distinction can be made between first-party cookies and third-party cookies:

First-party cookies

Cookies that are placed and accessed by the operator of the website as the controller or by a processor engaged by the controller

Third-party cookies

Cookies that are placed and accessed by controllers other than the operator of the website that are not processors engaged by the operator of the website

2. Transient and persistent cookies

A distinction can be made between transient and persistent cookies depending on how long they remain active:

Transient cookies
(session cookies)

Cookies that are automatically deleted when you close your browser

Persistent cookies

Cookies that remain stored on your device for a certain period of time after the browser is closed

3. Consent-free cookies and cookies requiring consent

Users’ consent is required for some cookies depending on their function and purpose of use. Thus a distinction can be made between cookies that require users’ consent and those that do not:

Consent-free cookies

Cookies that have as their sole purpose to transmit a message using an electronic communications network

Cookies that are necessary so that the party offering a service that has been expressly requested by a participant or user can provide this service (”strictly necessary cookies”)

Cookies requiring consent

Cookies for all purposes of use other than those mentioned above

II. Management of the cookies used on our website

1. Granting and withdrawing consents to the use of cookies in the data protection settings of our website

If consent is necessary for the use of certain cookies, we only use these cookies if you have previously granted your consent to this. You can find information as to whether the use of a particular cookie requires consent in the information on the cookies used on our website in Section F. III of this Data Privacy Notice.

When you first visit our website, we display a pop-up for data privacy settings. In the data privacy settings, you can give consent to the use of cookies that require consent and the processing of your personal data enabled by this. However, you can also continue to use our website without consent. In this case, we will only use cookies for which consent is not required.

You can access the data privacy settings for our website at any time via the link contained in this Data Privacy Notice and in the footer of our website. In the data privacy settings, you can withdraw or re-grant the consents you have given at any time.

We store whether and, if applicable, which consents you have given in the form of a (strictly necessary) cookie (”privacy settings cookie“) on your device. The privacy settings cookie has a limited lifetimes of 12 months. After expiration of the lifetimes, or if you delete the privacy settings cookie manually beforehand, we will display the banner for data privacy settings for our website again the next time you visit our website.

You cannot deactivate cookies that are strictly necessary in the data privacy settings of our website. However, you can generally deactivate these cookies in your browser at any time.

2. Managing cookies using browser settings

You can also manage the use of cookies in your browser’s settings. Different browsers have different ways to configure cookie settings. You can find more extensive information on this, for example at https://allaboutcookies.org/how-to-manage-cookies .

However, we would like to point out that some functions of our website may not work properly or at all if you deactivate cookies in general in your browser.

III. Cookies used on our website

You can view the information on the cookies used on our website at any time in the data privacy settings of our website.

↑ Back to top

G. Information on the rights of data subjects

As a data subject, you have the following rights in relation to the processing of your personal data:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent

You may contact us for the purpose of exercising these rights using the contact information in Section A.

Where applicable, you will find information on any specific arrangements and mechanisms designed to help you exercise your rights, in particular to exercise your rights to data portability and to object, in the information on the processing of personal data in Sections B to E of this Data Privacy Notice.

You also have the right to lodge a complaint with a supervisory authority.

You will find more detailed information on your rights with regard to the processing of your personal data below:

I. Right of access

As a data subject, you have a right to obtain access and information under the applicable legal conditions.

This means in particular that you have the right to obtain confirmation from us as to whether we are processing personal data concerning you. If this is the case, you also have the right to obtain access to this personal data and further information. This includes information regarding the purposes of the processing, the categories of personal data that is being processed and the recipients or categories of recipients to whom the personal data has been or will be disclosed

If the GDPR applies: You can find the full extent of your right to access and information in Article15 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

II. Right to rectification

As a data subject, you have the right to rectification under the applicable legal conditions.

This means in particular that you have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and competition of incomplete personal data.

You can find the full extent of your right to rectification in Article16 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

III. Right to erasure (”right to be forgotten”)

As a data subject, you have a right to erasure (”right to be forgotten”) under the applicable legal conditions.

This means that you in principle have the right to obtain from us the erasure of your personal data and we are obligated to erase your personal data without undue delay when legal grounds for erasure apply. This can be the case, for example, if personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

If we have made the personal data public and are obligated to erase it, we may also be obligated, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested the erasure by such controllers of any links to, or copy, or replication of that personal data.

The right to erasure (”right to be forgotten”) does not apply if the processing continues to be necessary on legal grounds. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.

If the GDPR applies: You can find the full extent of your right to erasure (”right to be forgotten”) in Article17 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679D.

IV. Right to restriction of processing

As a data subject, you have a right to restriction of processing under the applicable legal conditions.

This means that you have the right to obtain from us the restriction of processing if one of the legal conditions applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data.

Restriction means that stored personal data is marked with the goal of restricting its future processing.

If the GDPR applies: You can find the full extent of your right to restriction of processing in Article18 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

V. Right to data portability

As a data subject, you have a right to data portability under the applicable legal conditions.

This means that you in principle have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit that data to another controller without hindrance from us if the processing is based on consent or on a contract and the processing is carried out by automated means.

You can find information as to whether an instance of processing is based on consent or on a contract in the information regarding the legal basis of processing in Sections B to E of this Data Privacy Notice.

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller where technically feasible.

If the GDPR applies: You can find the full extent of your right to data portability in Article20 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VI. Right to object

As a data subject, you have a right to object under the applicable legal conditions.

At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object.

You will find more detailed information on this below:

1. Right to object on grounds relating to the particular situation of the data subject

As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on pursuing legitimate interests under balancing of interests, including profiling.

You can find information as to whether an instance of processing is based on pursuing legitimate interests under balancing of interests in the information regarding the legal basis of processing in Sections B to E of this Data Privacy Notice.

In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

You can find the full extent of your right to object in Article21 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

2. Right to object to direct marketing

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can find information as to whether and to what extent personal data is processed for direct marketing purposes in the information regarding the legal basis of processing in Sections B to E of this Data Privacy Notice.

If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.

If the GDPR applies: You can find the full extent of your right to object in Article21 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VII. Right not to be subject to a decision based solely on automated processing

Under the applicable legal conditions, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

We do not perform such automated decision-making in connection with the processing activities described in this Data Privacy Notice.

If the GDPR applies: You can find the full extent of your right not to be subject to a decision based solely on automated processing in Article22 GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

VIII. Right to withdraw consent

If the instance of processing is based on consent, as a data subject you have the right to withdraw your consent at any time under the applicable legal conditions. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.

You can find information as to whether an instance of processing is based on consent in the information regarding the legal basis of processing in Sections B to E of this Data Privacy Notice.

If the GDPR applies: You can find the full extent of your right to withdraw consent in Article7(3) GDPR, which can be accessed using the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679.

IX. Right to lodge a complaint with a supervisory authority

As a data subject, you have a right to lodge a complaint with a supervisory authority under the applicable legal conditions.

If the GDPR applies:

↑ Back to top

H. Additional country-specific information

The above information applies to all of Phoenix Contact companies worldwide referred to under Section A. I. Our processing activities and the information provided in this context are always based on the strictest regulations in each case.

Where we are obligated under the relevant national law to provide you with more additional information, you will find this country-specific additional information below.

I. For websites of or business relations to Phoenix Contact companies in a country of the European Union (EU) or the European Economic Area (EEA)

You will find more details on the recipients of personal data described in Sections B to E of this Data Privacy Notice below, in particular information on transfers to third countries outside the European Union (EU) or the European Economic Area (EEA):

We use the following recipients as processorswho process personal data on our behalf and in accordance with our instructions:

Recipients

Transfers to third countries and/or international organizations

Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organizations

Website providers

Data protection settings functions providers

Search function providers

Reach measurement service providers

Chat function providers

Identification service providers

Invoicing and payment processing service providers

Accounting service providers

Archiving service providers

Debt collection service providers

No data is transferred to third countries and/or international organizations.

-

Event service providers

As a rule, no data is transferred to third countries and/or international organizations. In individual cases, however, there may be transfers to third countries (e.g. when using local service providers for events taking place in third countries).

An adequacy decision of the European Commission within the meaning of Article45 GDPR exists for certain third countries.

These adequacy decisions are available here:

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

If a transfer to a third country is not covered by an adequacy decision, EU “standard contractual clauses” within the meaning of Article46(2)(c) GDPR are used to achieve adequate protection of the transferred data.

The EU standard contractual clauses are available here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

Survey service providers

New Zealand

An adequacy decision of the European Commission within the meaning of Article45 GDPR exists for transfers of personal data to New Zealand.

The adequacy decision is available here:

https://eur-lex.europa.eu/eli/dec_impl/2013/65/oj

Captcha providers

US

An adequacy decision of the European Commission within the meaning of Article45 GDPR exists for certain third countries, including for the US.

The adequacy decision for the US is available here:

https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj

Due to self-certification of our service provider under the EU-U.S. Privacy Framework, this adequacy decision applies to processing by our service provider.

Identity management providers

US

Thes transfers are not covered by an adequacy decision of the European Commission within the meaning of Article45 GDPR. EU standard contractual clauses within the meaning of Article46(2)(c) GDPR are used here in order to achieve adequate protection of the data transferred.

The EU standard contractual clauses are available here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

Hosting providers

Web analytics service providers

Web tracking providers

Email providers

Email newsletter providers

CRM service providers

IT service providers

As a rule, no data is transferred to third countries and/or international organizations. In individual cases, however, there may be transfers to third countries, e.g. to the US (e.g. for support purposes). These transfers are usually limited to remote access, while storage continues to take place within the EU/EEA.

An adequacy decision of the European Commission within the meaning of Article45 GDPR exists for certain third countries.

These adequacy decisions are available here:

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

The adequacy decision for the US is available here:

https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj

If a transfer to a third country is not covered by an adequacy decision, EU “standard contractual clauses” within the meaning of Article46(2)(c) GDPR are used to achieve adequate protection of the transferred data.

The EU standard contractual clauses are available here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

The following recipients receive personal data from us to the extent necessary and are themselves controllers under data protection law:

Recipients

Transfers to third countries and/or international organizations

Adequacy decision or appropriate or suitable safeguards for transfers to third countries and/or international organizations

Marketing tool providers

We do not transfer any personal data to third countries and/or international organizations in this context and are only in contact with our service providers based in the EU/EEA, who are themselves responsible under data protection law.

However, the service providers may transfer data to third countries, e.g. to the US (e.g. for support purposes) in their own area of responsibility under data protection law, at least in individual cases. These transfers are usually limited to remote access, while storage continues to take place within the EU/EEA.

An adequacy decision of the European Commission within the meaning of Article45 GDPR exists for certain third countries.

These adequacy decisions are available here:

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

The adequacy decision for the US is available here:

https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj

If a transfer to a third country is not covered by an adequacy decision, EU “standard contractual clauses” within the meaning of Article46(2)(c) GDPR are used to achieve adequate protection of the transferred data.

The EU standard contractual clauses are available here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

Meta:

Meta Platforms Ireland Ltd.

Merrion Road, Dublin 4, D04 X2K5, Irland

We do not transfer any personal data to third countries and/or international organizations in this context and are only in contact with our service provider based in the EU/EEA, who is itself responsible under data protection law.

However, the service provider may transfer data to third countries, e.g. to the US (e.g. for support purposes) in its own area of responsibility under data protection law, at least in individual cases. These transfers are usually limited to remote access, while storage continues to take place within the EU/EEA.

An adequacy decision of the European Commission within the meaning of Article45 GDPR exists for certain third countries.

These adequacy decisions are available here:

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

The adequacy decision for the US is available here:

https://eur-lex.europa.eu/eli/dec_impl/2023/1795/oj

As Meta Platforms, Inc. is certified under the Data Privacy Framework, this adequacy decision also applies to transfers to this recipient.

Details of certification are available here:

https://www.dataprivacyframework.gov/list

If a transfer to a third country is not covered by an adequacy decision, EU “standard contractual clauses” within the meaning of Article46(2)(c) GDPR are used to achieve adequate protection of the transferred data.

The EU standard contractual clauses are available here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

Lawyers

Courts

Public accountants

Tax consultants

Federal Office of Economics and Export Control (BAFA)

Supervisory authorities and other public bodies

Shipping service providers

Credit agencies

Payment providers

Shipping service providers

No data is transferred to third countries and/or international organizations.

-

Our affiliated companies

Third-party sales partners

Cooperating companies outside our corporate group

As a rule, no data is transferred to third countries and/or international organizations. In individual cases, however, there may be transfers to third countries, especially if your request involves affiliated companies or third-party sales partners in third countries.

An adequacy decision of the European Commission within the meaning of Article45 GDPR exists for certain third countries.

These adequacy decisions are available here:

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

If a transfer to a third country is not covered by an adequacy decision, EU “standard contractual clauses” within the meaning of Article46(2)(c) GDPR are used to achieve adequate protection of the transferred data, at least insofar as the transfer is also not permitted in individual cases on the basis of an exemption provision without taking such measures.

The EU standard contractual clauses are available here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

Hotel/venue

No data is generally transferred to third countries and/or international organizations.

The data will only be transferred to a third country if this is necessary for holding the event, e.g. hotel/venue in a third country.

An adequacy decision of the European Commission within the meaning of Article45 GDPR exists for certain third countries.

These adequacy decisions are available here:

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

If a transfer to a third country is not covered by an adequacy decision, EU “standard contractual clauses” within the meaning of Article46(2)(c) GDPR are used to achieve adequate protection of the transferred data, at least insofar as the transfer is also not permitted in individual cases on the basis of an exemption provision without taking such measures.

The EU standard contractual clauses are available here:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

II. For websites of or business relations to Phoenix Contact companies in the United Kingdom (UK)

For information on transfers to third countries outside the United Kingdom, please refer to the above information on transfers outside the European Union (EU) or the European Economic Area (EEA) (Section H. I) which generally applies accordingly. However, the following exceptions apply:

  • For situations where Section I states that there is no transfer to third countries, there can however, be transfers to the European Union (EU) or the European Economic Area (EEA), mostly Germany and Ireland. From the perspective of the UK, the EU/EEA countries are third countries. However, there exist adequacy regulations fro these countries by the UK Secretary of State.
  • Where Section I refers to adequacy decisions by the European Commission, there exist corresponding adequacy regulations by the UK Secretary of State.
  • Where Section I refers to EU “standard contractual clauses”, these standard contractual clauses are also used for transfers from the UK, using the “International Data Transfer Addendum to the EU Commission Standard Contractual Clauses” adopted by the UK Information Commissioner.

III. For websites of or business relations to Phoenix Contact companies in Switzerland

For information on transfers to third countries outside Switzerland, please refer to the above information on transfers outside the European Union (EU) or the European Economic Area (EEA) (Section H. I) which generally applies accordingly. However, the following exceptions apply:

  • For situations where Section I states that there is no transfer to third countries, there can however, be transfers to the European Union (EU) or the European Economic Area (EEA), mostly Germany and Ireland. From the perspective of Switzerland, the EU/EEA countries are third countries. However, these countries are considered to guarantee an adequate level of data protection under Swiss law (see Annex 1 to the Swiss Data Protection Ordinance).
  • Where Section I refers to adequacy decisions by the European Commission, the relevant countries are generally also considered to guarantee an adequate level of data protection under Swiss law (see Annex 1 to the Swiss Data Protection Ordinance). However, under Swiss law, for example, the US is not considered to guarantee an adequate level of data protection.
  • Where Section I refers to EU “standard contractual clauses” or where a country is not considered to guarantee an adequate level of data protection under Swiss law (such as the US), these standard contractual clauses are also used for transfers from Switzerland, using necessary adaptions based on the requirements issued by the Swiss Federal Data Protection and Information Commissioner.

IV. Any further country-specific additional information

-

↑ Back to top

I. Effective date and changes to this Data Privacy Notice

The effective date of this Data Privacy Notice is September 2024.

It may be necessary to modify this Data Privacy Notice due to technical developments and/or changes in statutory and/or official requirements.

Our latest Data Privacy Notice can be accessed at any time at https://phoe.co/corporate_data_protection.

↑ Back to top