Privacy Policy

Thank you for your interest in our website. The protection of your personal data is very important to us. Below you will find information on how we handle your data, which is collected through your use of our website. The processing of your data is carried out in accordance with the legal regulations on data protection.

1. Responsible Party

The responsible party within the meaning of the General Data Protection Regulation (GDPR) is

Region Mainfranken GmbH

Ludwigstraße 10 1/2

97070 Würzburg

Tel: +49(0)931-452 652-0

E-Mail: info@mainfranken.org

2. Contact Details of the Data Protection Officer

You can reach the Data Protection Officer at

Proliance GmbH

www.datenschutzexperte.de

Data Protection Officer

Leopoldstr. 21

80802 Munich

E-Mail: datenschutzbeauftragter@datenschutzexperte.de

When contacting the Data Protection Officer, please mention the company to which your inquiry relates. Please also refrain from attaching sensitive information, such as a copy of your ID, to your inquiry.

3. Data Processing in the Operation of the Website

3.1. Web Hosting

This website is hosted by an external service provider.

Personal data collected on this website is stored on the servers of the host. This may include IP addresses, contact requests, meta and communication data, website accesses, and other data generated through a website.

We collect the listed data to ensure a smooth connection setup of the website and a technically error-free provision of our services. The processing of this data is absolutely necessary to make the website available to you. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR.

We have concluded a data processing agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we obligate them to protect our customers’ data and not to pass it on to third parties.

3.2. Usage Data and Server Logfiles

Description of Data Processing and Purpose

When you access our website, it is technically necessary for data to be transmitted from your internet browser to our web server. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

Date and time of the request
Name of the requested file
Page from which the file was requested
Access status
Web browser and operating system used
(Complete) IP address of the requesting computer
Amount of data transferred

We collect the listed data to ensure a smooth connection setup of the website and a technically error-free provision of our services. The processing of this data is absolutely necessary to make the website available to you. The log files are used to evaluate system security and stability as well as for administrative purposes.

Legal Basis for Data Processing

The legal basis for the processing of the data is our legitimate interest in protecting and maintaining the functionality of our website in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

Storage Duration

For reasons of technical security, especially to defend against attempted attacks on our web server, this data is stored by us for a short period of time. After 7 days at the latest, the data is removed, making it no longer possible to establish a connection to individual users.

In anonymized form, the data may also be processed for statistical purposes. At no time is this data stored together with other personal data of the user, compared with other data sets, or passed on to third parties.

3.3. Data Processing in Connection with Cookies and Similar Technologies

3.3.1. Access to and Storage of Information in End Devices

By using our website, access to information (e.g., IP address) or storage of information (e.g., cookies) may occur on your end devices. This access or storage may be associated with further processing of personal data as defined by the GDPR.

In cases where such access to information or storage of information is strictly necessary for the technically error-free provision of our services, this is done on the basis of § 25 Para. 1 S. 1, Para. 2 No. 2 TDDDG. Any subsequent data processing may be carried out on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR.

In cases where such a process serves other purposes (e.g., the needs-based design of our website), this is done on the basis of § 25 Para. 1 TDDDG only with your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. The consent can be revoked at any time for the future. The processing of your personal data is subject to the provisions of the GDPR and the Federal Data Protection Act (BDSG).

For further information on the processing of your personal data and the relevant legal bases in this context, please refer to the following sections on the specific processing activities on our website.

3.3.2. Cookies and Similar Technologies

3.3.2.1. General Information

On this website, we use services that employ cookies and similar technologies to store data in your end device’s browser and read previously stored data. This may involve the use of cookies, your browser’s local storage, pixels, and so-called tags.

Cookies are small text files that can be stored and read on your end device.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored for a specific period beyond the individual session.

In addition to cookies, we may use your browser’s session storage or local storage to store and read data.

We may also incorporate pixels into our web pages. Pixels are small individualized image files that are loaded during page construction and can be used to track user activities.

Finally, we may use tags on our web pages. Tags are small HTML or JavaScript code fragments or markings that enable services for website analysis or user tracking to distinguish or identify users and track certain user activities.

Further details on the cookies and similar technologies we use can be found below in the descriptions of the cookie categories and in our consent management platform “Borlabs Cookie“, which is displayed when you visit our website. You can give and easily revoke consent through the platform. You can access the platform at any time by clicking the fingerprint symbol in the bottom left corner of the website to change your settings.

Please note that without the use of certain cookies and similar technologies, our websites may not be displayed correctly and some functions may no longer be technically available.

3.3.2.2. Essential Category

Services in this category may use cookies and similar technologies to store and read information on your end device. We use these:

to enable the display of the website and provide its basic functions, especially page navigation and access to secure areas,
to enable the giving and revoking of consent,
to protect our forms from abusive entries, and
to protect our website against cyber attacks and fraud attempts.
In some cases, the cookies and similar technologies used only contain information about certain settings and are not personally identifiable. They are not used by us for the purpose of tracking your interactions, for measurement and statistical evaluation, or for advertising purposes.

The use of services and corresponding cookies and similar technologies in this category is based on § 25 para. 2 no. 1, no. 2 TDDDG. Subsequent data processing is carried out on the basis of Art. 6 para. 1 s. 1 lit. f GDPR.

3.3.2.3. Statistics Category

Services in this category may use cookies and similar technologies to store and retrieve information on your device. We use these,

to count and distinguish you as an individual website visitor and to create statistical analyses of your interactions and your use of our websites,
to design our websites according to needs and adapt them to user interactions,
to test adjustments to the website and measure user reactions to them (A/B testing) and
to monitor the technical functionality of our website and enable troubleshooting.

For this purpose, we and the services regularly store individual pseudonymous identifiers (recognition features) consisting of numbers and letters in cookies on your device when you visit our website and read them again during a subsequent visit.

The use of pseudonyms allows for individual differentiation and recognition of users. However, the natural person behind a pseudonym usually cannot be directly identified, especially not by name, without further additional data.

Regularly, other technologies may also be used to read recognition features from your device, such as in the case of so-called browser or device fingerprinting, where data from properties of the browser you use (e.g., type and version of the browser) and its configuration (e.g., preferred language), properties of your device (e.g., manufacturer and model of your mobile phone, operating system) or the hardware you use (e.g., screen resolution) are used to pseudonymously recognize you as a different user.

The use of services and corresponding cookies and similar technologies in this category is based on your consent according to § 25 para. 1 TDDDG. Subsequent data processing is carried out on the basis of your consent according to Art. 6 para. 1 s. 1 lit. a GDPR.

3.3.2.4. Advertising Category

Services in this category may use cookies and similar technologies to store and retrieve information on your device. We use these,

to count and distinguish you as an individual website visitor and to create statistical analyses of your interactions and your use of our websites,
to track your interactions with advertisements we place through third-party providers on other websites across different devices and websites (so-called conversion tracking),
to track and evaluate your interactions with our website, and to subsequently use this as a basis for targeted advertising campaigns in advertising networks directed at you or a specific target group to which you belong (so-called retargeting and remarketing),
to improve the effectiveness of our advertising measures and to control our advertising campaigns.

For this purpose, we and the services regularly store individual pseudonymous identifiers (recognition features) consisting of numbers and letters in cookies on your device when visiting another website or our website and read them again during a subsequent visit to this or a new website.

Regularly, other technologies may also be used to read recognition features from your device, such as in the case of so-called browser or device fingerprinting, where data from properties of the browser you use (e.g., type and version of the browser) and its configuration (e.g., preferred language) or properties of your device (e.g., manufacturer and model of your mobile phone, operating system) or the hardware you use (e.g., screen resolution) are used to pseudonymously recognize you as a different user.

If applicable, the processed pseudonymous recognition features may also be combined with other data by us or the providers of the services used.

Services used by us and their providers can also exchange and compare identification features (ID) among themselves in order to merge the features and assign them to the same pseudonymous user (so-called ID Matching/ID Syncing) in case of a match. This enables cross-device, cross-platform, and cross-advertising network recognition and advertising targeting of website visitors.

If you identify yourself with your clear data such as name or email address, or enter your own user data on our websites, or log in to social networks or online services from third-party providers that also provide us with corresponding tracking and advertising services, pseudonymous identification features can additionally be linked to your clear data or user data.

In this way, we or the service providers can create and evaluate comprehensive pseudonymous or non-pseudonymous user profiles in order to subsequently use them for targeted advertising based on your interests.

The use of the services as well as corresponding cookies and similar technologies in this category is based on your consent according to § 25 para. 1 TDDDG. Subsequent data processing is carried out on the basis of your consent in accordance with Art. 6 para. 1 S. 1 lit. a GDPR.

3.3.2.5. Category External Media

Services or external content and media from third-party providers in this category may use cookies and similar technologies to store and read information on your device. We use these,

to enable the loading of content and media from third parties,
to design our websites attractively for you and operate them efficiently, and
to provide you with certain settings and additional functions of the website.

3.4. Consent Management via Consent Management Platform Borlabs Cookie

On our websites, we use the consent management platform “Borlabs Cookie” from Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany, with which we manage your consent to the use of cookies and similar techniques.

Description of Data Processing and Purpose

We use the service to manage your consent to the use of cookies and similar techniques as well as the subsequent data processing.

If you give consent via our consent banner, the service processes the following data:

the IP address of the connection you are using,
the description of the web browser and operating system used,
the language used by your browser and your operating system,
the address of the website on which you give your consent,
the date and time of consent,
the country from which you make your request,
a pseudonym by which different users are distinguished,
your consent status regarding the cookies and similar technologies we use or regarding the services used, which serves as proof of your consent.

This data is logged on the provider’s servers. Cookies are used as part of data processing to store your consent status on your device, to read it out again when the page is accessed again, and to compare it.

In this way, we are able to check your consent status on all subsequent and future visits to our websites and activate or deactivate these according to your decision on the use of cookies and other technologies when the page is accessed again.

The purpose and our legitimate interest lie in using cookies and similar technologies on our websites in compliance with data protection regulations and in enabling you to easily revoke your declarations of consent.

Legal basis for data processing

To the extent that we use cookies and similar technologies as part of the integration of the service, or to the extent that data is stored on or read from your device by the service, this is done in accordance with § 25 Para. 2 TDDDG. Subsequent data processing is carried out on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR.

Recipient

As part of the use of the platform, the data collected via our websites is transmitted to the following recipients:

Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany.

Storage Duration

By integrating the services on our websites, data is transmitted to the above-mentioned recipients and stored there for a period of 26 months. There is no further storage of the data processed by the service and made available to us in our own systems. In individual cases, data on the time, status, and scope of consent may also be stored in our own systems for longer periods, insofar as this is permissible for other purposes mentioned in this declaration.

3.5. Google Analytics

On our websites, we integrate the service Google Analytics from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA,.

In the European Union (EU) and the European Economic Area (EEA), the service is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,.

Description of Data Processing and Purpose

Google Analytics creates usage profiles based on pseudonyms (recognition features from cookie and device ID and other data about the device used or the so-called browser fingerprint) and usage data (e.g., name and address of the website content requested by your browser, referral links, description of the web browser and operating system used, and the IP address of the requesting device).

Additionally, the following are collected:

Demographic data (such as continent, country, region, city, age, gender, and interests of users)
Data on your interactions with search engines or other websites,
Data on your interactions with our websites (accessed subpages, data on visit times, button clicks, scroll depth, reading depth, as well as the use of filters, search functions, forms, and other input and login options, data on products and services viewed by you on our websites), and
Data on your interactions with social media networks

are collected and analyzed.

This allows Google to pseudonymously recognize and count website visitors and the devices they use, and assign them to certain demographic target groups, interest groups, or customer segments.

Visitors who have their own user account on Google platforms can also be identified by Google as visitors to our websites across devices.

The data collection and processing on our websites is carried out using cookies and JavaScript code, which is loaded when the page is called up and executed in the browser of your device. With the help of this JavaScript code, cookies can then be stored on your device and various information can be read from your device and from cookies stored there. Details on the cookies used and similar technologies can be found above under “Data processing in connection with cookies and similar technologies” as well as via the information you can access through our consent management platform.

From the processed information, Google creates summarized statistics for us, from which we can see what users of our websites are interested in, how many users have interacted with our websites in which way.

We only receive summarized statistics (aggregated data) from Google from which we, as users of Google advertising services, cannot draw conclusions about individual persons.

We then use these insights to run targeted online advertising measures and marketing campaigns in advertising networks, particularly in Google advertising services.

Legal Basis for Data Processing

The legal basis for the integration and use of the service is your consent, provided you have given it via our consent management platform.

The use of cookies and similar technologies is based on § 25 Para. 1 TDDDG. The subsequent data processing is based on Art. 6 Para. 1 S. 1 lit. a GDPR.

Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your revocation, please use the fingerprint symbol at the bottom left of the website to recall the consent management platform and change your settings.

Recipient

As part of the use of the services, the data collected via our websites is transmitted to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

We generally have no influence on any further data processing by the third-party provider.

For more information on how Google handles personal data, please visit https://policies.google.com/privacy?hl=en.

Data Processing in Third Countries

The processing of your data when using the service may also take place in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, particularly in the USA.

For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 Para. 1 GDPR regarding companies certified under the EU-U.S. Data Privacy Framework, which can be viewed at the following link: Data protection adequacy for non-EU countries.

Google LLC is certified under the EU-U.S. Data Privacy Framework and thus commits to comply with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

If your data is transferred to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or able to take legal action.

To ensure an adequate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures are taken to safeguard the data transfer. Furthermore, it is regularly reviewed and evaluated whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures need to be taken.

Storage Duration

3.6. Contact Form and General Inquiries by Email

Description of Data Processing and Purpose

If you send us inquiries via the contact form or email, your information from the inquiry form or your email, including the personal data you provided there, will be stored with us to process the inquiry and in case of follow-up questions.

Providing an email address is necessary for contact, while providing your first and last name and phone number is voluntary. We do not pass on this data to third parties without your consent under any circumstances.

Legal Basis for Data Processing

The legal basis for processing your data is your and our legitimate interest in answering your inquiry in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, and if applicable, Art. 6 Para. 1 S. 1 lit. b GDPR, if your inquiry is aimed at concluding a contract.

Recipient

We only share your personal data within our company with the departments and individuals who need this data to fulfill contractual and legal obligations or to implement our legitimate interest.

We may transfer your personal data to affiliated companies insofar as this is permissible within the scope of the purposes and legal bases set out in this privacy policy.

Your personal data is processed on our behalf based on data processing agreements according to Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of internet services as well as providers of customer management systems and software.

Otherwise, data is only transferred to recipients outside the company if legal provisions allow or require this, if the transfer is necessary for processing and thus for fulfilling the contract or, at your request, for carrying out pre-contractual measures, if we have your consent, or if we are authorized to provide information.

Under these conditions, recipients of personal data may include, for example:

External tax advisor
Public authorities and institutions (e.g., public prosecutor’s office, police, supervisory authorities, tax office) in the event of a legal or official obligation,
Recipients to whom the transfer is directly necessary for contract initiation or fulfillment,
Other data recipients, insofar as you have given us your consent for data transfer.

Storage Duration

Your data will be deleted after the final processing of your request, as soon as no further inquiries are expected and provided that no legal retention obligations prevent this.

3.7. Web Forms for Collecting Advertising Data

On our websites, we collect personal data through various web forms for the purpose of addressing you for advertising purposes, to promote the sale of our own products, goods or services or those of cooperation partners through direct marketing.

These may include, for example, forms

for registering for newsletters, webinars or events,
for booking participation in events or
for downloading white papers and other documents

Further information on the processing of your data for advertising purposes can be found in the following section of this privacy policy.

4. Privacy Information for Customers and other Business Partners as Well as Interested Parties

4.1. Contract Initiation, Execution, Fulfillment and Implementation of Pre-Contractual Measures in General

Description of data processing and purpose

We process your personal data if this is necessary for contract initiation, execution, fulfillment and for carrying out pre-contractual measures.

We only process data that is related to the contract initiation or pre-contractual measures. This may include general data about you or persons in your company (name, address, contact details, etc.) as well as other data that you provide to us in the context of establishing the contract.

Legal basis for data processing

Insofar as personal data is required for the initiation or execution of a contractual relationship or in the context of carrying out pre-contractual measures, processing is lawful in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR.

Sources

We process personal data that we receive from you by mail, telephone or email via forms on our website or via one of our social media profiles in the context of making contact or establishing a contractual relationship or in the context of pre-contractual measures.

Recipient

We only pass on your personal data within our company to those areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interest.

We may transfer your personal data to affiliated companies insofar as this is permissible within the scope of the purposes and legal bases set out in this privacy policy.

Data transfer to recipients outside the company otherwise only occurs insofar as legal provisions permit or require, the transfer is necessary for processing and thus for fulfilling the contract or, at your request, for carrying out pre-contractual measures, we have your consent, or we are authorized to provide information.

Under these conditions, recipients of personal data may include, for example:

External tax consultant
Public authorities and institutions (e.g., public prosecutor’s office, police, supervisory authorities, tax office) in the event of a legal or official obligation,
Recipients to whom disclosure is directly necessary for contract initiation or fulfillment,
Other data recipients, provided you have given us your consent for data transmission.

Storage Duration

As far as necessary, we process and store your personal data for the duration of our business relationship or for the fulfillment of contractual purposes. This includes, among other things, the initiation and processing of a contract.

In addition, we are subject to various retention and documentation obligations arising from, among others, the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention or documentation periods specified therein range from two to ten years.

Finally, the storage duration is also determined by the statutory limitation periods, which, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.

Necessity of Providing Personal Data

The provision of personal data for deciding on a contract conclusion, contract fulfillment, or for carrying out pre-contractual measures is voluntary. However, we can only make a decision within the framework of contractual measures if you provide such personal data that is necessary for the conclusion of the contract, contract fulfillment, or pre-contractual measures.

4.2. Advertising

We process your personal data to contact you by mail, telephone, and email for direct marketing purposes, as well as to evaluate prospect data, conduct market research, and carry out customer satisfaction surveys.

4.2.1. Data Collection

4.2.1.1. Collection of Advertising Data via Forms on the Website

If applicable, we collect personal data on our websites through various web forms for the purpose of addressing you for advertising purposes, to promote the sales of our own products, goods, or services or those of cooperation partners through direct marketing.

These may include forms

for registering for newsletters, webinars, or events,
for downloading white papers, PDF documents, and other documents,

and others.

Further information on the scope of data processing, purposes, legal bases, recipients, and storage duration of the collected data can be found in the following sections.

4.2.1.2. Collection of Advertising Data at Events or Trade Fairs

Description of Data Processing

If applicable, we collect personal data at events or trade fairs, possibly through analog or digital forms, for the purpose of addressing you for advertising purposes, to promote the sales of our own products, goods, or services or those of cooperation partners through direct marketing.

Further information on the scope of data processing, purposes, legal bases, recipients, and storage duration of the collected data can be found in the following sections.

4.2.2. Email Advertising

4.2.2.1. Existing Customer Advertising

Description of Data Processing and Purpose

We process your personal data (salutation, first name, last name, place of residence, place of work, function, telephone numbers, business email address for business contacts) that we receive in connection with a contract conclusion, for the purpose and in our legitimate interest to send you or your company personalized direct advertising as existing customers for similar products, goods and services, events and promotions that are related to the previous contract conclusion.

Legal Basis of Data Processing

The legal basis for this processing is Art. 6 para. 1 s. 1 lit. f GDPR. Since we comply with the requirements of the exception regulation of § 7 para. 3 UWG, and also process only such personal data that are related to your professional activity to achieve the purpose, overriding interests on your part that conflict with our interest in data processing are not apparent, as long as you have not yet objected to the processing.

You can object to the data processing at any time with effect for the future, without incurring any costs other than the transmission costs according to the basic rates. To exercise your right to object, please use the unsubscribe link in our promotional emails or the contact details provided above under ‘Controller’.

Recipient

As part of the data processing, your data will be transmitted to the following recipients:

Software and IT service providers that support us in data processing (IT-B3 GmbH, Gut Wöllried 11, 97228 Rottendorf, Germany).
Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.
Odoo S.A., having its registered office at Chaussée de Namur, 40, 1367 Grand-Rosière, Belgium

Storage Duration

We store your data as long as this is necessary for achieving the aforementioned purpose or until you object to the data processing. Afterwards, we delete your data unless data processing continues to be permissible or mandatory for us on the basis of another legal basis (e.g., in the case of existing legal retention obligations).

4.2.2.2. Consent to Receive Promotional Emails and Newsletter, Email Tracking

Description of Data Processing and Purpose

We process your personal data (salutation, first name, last name, place of work, place of residence, function, phone numbers, business email address for business contacts) only for the purpose of addressing you or your company personally by email or through our email newsletter for advertising purposes and to inform you about our own products, goods, services, events and offers or those of cooperation partners, provided you have given us your separate express consent to do so.

If you give us your consent, you also allow us to process data on whether you have received our marketing emails and opened them, to what extent you have interacted with the content, in particular which links you have clicked and to what extent you have read or skimmed our emails (newsletter tracking).

Legal Basis for Data Processing

The legal basis for this processing is your consent according to Art. 6 para. 1 s. 1 lit. a GDPR. Your consent is voluntary and can be revoked at any time with effect for the future. The revocation of your consent does not affect the lawfulness of the data processing carried out up to that point. To exercise your right of revocation, please use the unsubscribe link in our promotional emails or in the newsletter or the contact details provided above under ‘Controller’.

Recipient

As part of the data processing, your data will be transmitted to the following recipients:

HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland,
HubSpot, Inc., 2 Canal Park, Cambridge, MA 02141, USA.

Data Processing in Third Countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries, particularly in the USA.

For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework, which can be viewed at the following link: Data protection adequacy for non-EU countries.

HubSpot Inc. is certified under the EU-U.S. Data Privacy Framework and thus commits to comply with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When transferring your data to other third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without informing you or allowing you to take legal action.

To ensure an adequate level of data protection when transferring your data to the third country, standard data protection clauses of the European Commission are concluded in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual, or organizational measures will be taken to safeguard the data transfer. In addition, it is regularly reviewed and evaluated whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures need to be taken.

Storage Duration

We store your data as long as this is necessary for achieving the aforementioned purpose or until you have objected to the data processing. Subsequently, we delete your data unless data processing continues to be permissible or mandatory for us on the basis of another legal basis (e.g., in the case of existing legal retention obligations).

4.2.3. Telephone Marketing Measures

Description of Data Processing and Purpose

We process your telephone number for the purpose of personally addressing you or your company by phone and informing you about our own products, goods, services, events and offers or those of cooperation partners.

Legal Basis for Data Processing with Business Contacts

For business contacts, the legal basis for processing is Art. 6 para. 1 s. 1 lit. f GDPR. Our legitimate interest lies in promoting the sale of our products, goods and services through direct marketing.

Since we comply with both the requirements of the exception regulation of § 7 para. 3 UWG and process only such personal data that is related to your professional activity to achieve the purpose, no overriding interests on your part that conflict with our interest in data processing are apparent, as long as you have not yet objected to the processing.

You can object to the data processing at any time with effect for the future, without incurring any costs other than the transmission costs according to the basic rates. To exercise your right to object, please use the contact details provided above under ‘Responsible Party’.

Legal Basis for Data Processing with Consumers

For consumers, the legal basis for processing is your consent according to Art. 6 para. 1 s. 1 lit. a GDPR in conjunction with § 7a para. 1 UWG. Your consent is voluntary and can be revoked at any time with effect for the future. The revocation of your consent does not affect the lawfulness of the data processing carried out until then. To exercise your right of revocation, please use the contact details provided above under ‘Responsible Party’.

Recipient

As part of the data processing, your data will be transmitted to the following recipients:

Software and IT service providers who support us in data processing (IT-B3 GmbH, Gut Wöllried 11, 97228 Rottendorf, Germany)
Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.
Odoo S.A., having its registered office at Chaussée de Namur, 40, 1367 Grand-Rosière, Belgium

Storage Duration

4.2.4. Postal Marketing Measures

Description of Data Processing and Purpose

We process your personal data (title, first name, last name) for the purpose and in our legitimate interest of personally addressing you or your company by mail with advertising about our own products, goods, services, events and offers or to inform you about those of cooperation partners.

Legal Basis for Data Processing

The legal basis for this processing is Art. 6 para. 1 s. 1 lit. f GDPR. Since we only process personal data that is related to your professional activity to achieve the purpose, there are no apparent overriding interests on your part that would conflict with our interest in data processing.

You can object to the data processing at any time with effect for the future. To exercise your right of objection, please use the contact details provided above.

Recipient

As part of the data processing, your data will be transmitted to the following recipients:

Software and IT service providers that support us in data processing (IT-B3 GmbH, Gut Wöllried 11, 97228 Rottendorf, Germany)
Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.
Odoo S.A., having its registered office at Chaussée de Namur, 40, 1367 Grand-Rosière, Belgium

Storage Duration

We store your data as long as it is necessary to achieve the aforementioned purpose or until you object to the data processing. After that, we delete your data unless further data processing is permissible or mandatory for us on the basis of another legal basis (e.g., in the case of existing legal retention obligations).

4.3. Management of Customer and Prospect Data

Description of Data Processing and Purpose

We manage customer and prospect data. This involves data from existing or potential customers, business partners, or contact persons there, for the purpose of advertising.

Legal Basis for Data Processing

The legal basis for data management is Art. 6 para. 1 s. 1 lit. f GDPR or Art. 6 para. 1 s. 1 lit. a GDPR, depending on which of the two legal bases we rely on for the respective advertising communication by email, phone, or mail. You can find more information on this in this section of the privacy policy.

Recipient

As part of the data processing, your data will be transmitted to the following recipients:

Software and IT service providers that support us in data processing (IT-B3 GmbH, Gut Wöllried 11, 97228 Rottendorf, Germany)
Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.
Odoo S.A., having its registered office at Chaussée de Namur, 40, 1367 Grand-Rosière, Belgium

Storage Duration

4.4. Statistical Evaluation and Analysis of Customer and Prospect Data, Market Research, and Customer Satisfaction Surveys

Description of Data Processing and Purpose

We process data collected from you as prospects, e.g., via forms on our website, as well as data collected from you as customers or employees of a customer in the context of carrying out pre-contractual measures or in the context of contract fulfillment, in order to find out which of our products, goods, services, events and offers or which of our cooperation partners prospects and customers are interested in, how we can possibly improve these, and how we can optimize our advertising measures. To be able to target prospects more specifically with advertising, we form so-called target groups from the data. The analysis and evaluation may also include your information from customer satisfaction surveys conducted by us.

For this purpose, we may collect your information and data on

Your company (e.g., size, industry)
Your position in the company,
Your country,
Your areas of interest or product categories,
as well as the referral source, i.e., information on how you became aware of our company.

Legal Basis for Data Processing

The legal basis for processing your data is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interests lie in developing our products and services based on market requirements, better understanding the needs and interests of our customers and potential customers, and enabling targeted direct marketing on this basis.

Recipient

As part of data processing, your data will be transmitted to the following recipients:

Software and IT service providers who support us in data processing (IT-B3 GmbH, Gut Wöllried 11, 97228 Rottendorf, Germany)
Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.
Odoo S.A., having its registered office at Chaussée de Namur, 40, 1367 Grand-Rosière, Belgium

Storage Duration

We store your data as long as it is necessary to achieve the aforementioned purpose or until you object to the data processing. Afterwards, we delete your data unless further data processing is permissible or mandatory for us on the basis of another legal ground (e.g., in the case of existing legal retention obligations).

5. Other Data Processing

5.1. Documentation of Compliance with Data Protection

Description of Data Processing and Purpose

If you provide us with a declaration of consent, we process your personal data regarding the circumstances and time of submission (if applicable, signature, email address, telephone or fax number, or IP address) in order to be able to demonstrate, within the scope of our accountability obligation under Art. 5 Para. 2 GDPR, that you have consented to the relevant data processing.

If you exercise your data subject rights under the GDPR towards us, we also process your personal data in order to be able to demonstrate, within the scope of the accountability obligation according to Art. 5 Para. 2 GDPR, that we have complied with the GDPR when processing your request.

Legal Basis for Data Processing

The processing is carried out on the basis of Art. 6 Para. 1 S. 1 lit. c GDPR or Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest lies in being able to document compliance with the requirements of the GDPR within the scope of our accountability obligation.

Recipient

In addition, it may happen that we forward your personal data in connection with your request to our external data protection officer, who supports us in complying with the requirements of the GDPR.

Storage Duration

We store your data as long as it is necessary to achieve the aforementioned purpose. We usually store data on given consent for up to 3 years from the end of the year in which we last used it. Data that we process in connection with the implementation of data subject rights are usually stored for a period of 3 years from the end of the year in which you exercised your data subject right.

Afterwards, we delete your data unless further data processing, possibly also in other systems, is permissible or mandatory for us on the basis of another legal ground (e.g., in the case of existing legal retention obligations).

5.2. Fulfillment of other Legal Obligations

Description of Data Processing and Purpose

We process personal data if this is necessary for the fulfillment of a legal obligation. The scope of the data to be processed results from the legal obligation that we have to comply with.

Legal Basis for Data Processing

The legal basis for processing your data in these cases is Art. 6 Para. 1 S. 1 lit. c GDPR in conjunction with the respective legal norm that imposes such an obligation on us.

These may include, for example, regulations from the German Fiscal Code (AO), e.g., § 147 AO, the German Commercial Code (HGB), e.g., § 257 HGB, or the German Code of Criminal Procedure (StPO).

Recipient

If necessary, your data will be transmitted to the required extent to tax consultants, auditors, financial or investigative authorities, lawyers, experts, or courts.

Storage Duration

We store your data to the necessary extent as long as this is required for achieving the aforementioned purpose. The storage duration is derived from specific legal regulations that obligate us to retain or process data for up to 10 years, whereby the specific start of the retention periods is determined by the respective special law.

Afterwards, we delete your data unless data processing, possibly also in other systems, continues to be permissible on the basis of another legal ground.

5.3. Exercise or Defense of Legal Claims

Description of Data Processing and Purpose

In addition, we process your data in individual cases for the purpose and in the interest of asserting legal claims, for example, to enforce our claims due to unpaid invoices, if your data is relevant to a legal dispute.

We also process your data in individual cases for the purpose and in the interest of defending against legal claims raised against us, for example, when asserting warranty claims, if your data is relevant to a legal dispute.

Legal Basis for Data Processing

The legal basis for processing your data is Art. 6 Para. 1 S. 1 lit. f GDPR.

Recipient

If necessary, your data will be transmitted to the required extent to tax consultants, auditors, financial or investigative authorities, lawyers, experts, or courts.

Storage Duration

We store your data in individual cases to the necessary extent as long as this is required for achieving the aforementioned purpose. Afterwards, we delete your data unless data processing, possibly also in other systems, continues to be permissible or mandatory for us on the basis of another legal ground (e.g., in the case of existing legal retention obligations).

6. Your Rights

Below you will find information about what rights the applicable data protection law grants you as a data subject in relation to the controller regarding the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data if not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about their details.

The right to demand immediate correction of incorrect or completion of your personal data stored by us in accordance with Art. 16 GDPR.

The right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for the assertion, exercise or defense of legal claims.

The right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR.

The right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller in accordance with Art. 20 GDPR.

The right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our above-mentioned registered office or, if applicable, that of your usual place of residence or work.

The Right to Withdraw Consent Given According to Art. 7 Para. 3 GDPR: You have the right to withdraw any consent given for data processing at any time with effect for the future. In the event of withdrawal, we will delete the affected data immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Object

If we process your personal data on the basis of legitimate interests pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data according to Art. 21 GDPR, insofar as this is done for reasons arising from your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object without the need to specify a particular situation.

If you wish to exercise your right of withdrawal or objection, please contact us using the contact details provided above under ‘Responsible Party’.

Last updated: May 6, 2025