5 Individual functionalities

The functionalities used on the website are operated on the basis of the user's consent in accordance with Art. 6 (1) (a) GDPR or on the basis of the legitimate interest of the controller in accordance with Art. 6 (1) (f) GDPR. Unless otherwise stated, the legitimate interest of the controller lies in ensuring the appropriate design and continuous optimisation of the website. The purpose of data processing and categories of personal data are described in the context of the respective functionality.

5.1 Page-turning catalogue

For the interactive presentation of extensive product catalogues, the controller uses the “page-turning catalogue”, a service provided by COMINTO GmbH, Klosterstraße 49, 40211 Düsseldorf, Germany. The page-turning catalogues are hosted and managed directly by the controller. Within certain page-turning catalogues, the controller uses Google Analytics, a reach analysis service provided by Google Ireland Limited. Further information on data processing by Google Analytics can be found in section 5.7 of this privacy policy. Users have the option of making individual settings and creating bookmarks within the flip catalogues. Both individual settings and bookmarks are stored in the local storage of the end device used by the user.

5.2 Cloudflare

The website uses the CDN and security service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as “Cloudflare”).

Cloudflare offers a globally distributed content delivery network with DNS. Technically, this means that the transfer of information between the user’s browser and the website is routed via the Cloudflare network. This enables Cloudflare to analyse the data traffic between the user’s browser and our website and to act as a filter between our servers and potentially malicious data traffic from the Internet. Cloudflare may also use cookies or other technologies to recognise users, but these are used solely for the purpose described here.

The legal basis for the processing is Art. 6 (1) (f) GDPR. The processing serves the legitimate interest of the controller in providing the website as error-free and secure as possible.

Further information on data protection at Cloudflare is available at: www.cloudflare.com/de-de/trust-hub/privacy-and-data-protection/ and www.cloudflare.com/privacypolicy/

5.3 EasyLife 365

The controller uses “EasyLife 365”, a governance tool from EasyLife 365 AG, Schochenmühlestrasse 6, 6340 Baar, Switzerland (hereinafter referred to as “EasyLife”), to implement internal compliance guidelines for collaboration software.
The processing of personal data is based on the controller's legitimate interest pursuant to Art. 6(1)(f) GDPR in secure and location-independent collaboration with business partners or customers.

External users receive an invitation by email to the controller’s necessary internal collaboration options. This invitation contains a link that can be used to confirm the invitation. After confirming the invitation, external users are asked to give their consent to the processing of their profile data (e.g. company, name, business address, telephone number, email address and photo) and their activity data (e.g. data on access, use and content). This data is processed within the scope of the required collaboration options and deleted as soon as the external user’s access is deleted.

Further information on data protection at EasyLife is available at: www.easylife365.cloud/web/privacy/

5.4 Facebook fan page

The controller operates several Facebook fan pages, which can be accessed at:

• https://www.facebook.com/rudketten
• https://www.facebook.com/TyreProtectionChains
• https://www.facebook.com/rudschneeketten
• https://www.facebook.com/forstketten
• https://www.facebook.com/erlau.freiraum
• www.facebook.com/Erlau.BarrierfreiesBad

Facebook is a social media network owned by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as “Meta”).

The controller's own processing of personal data on the Facebook fan page is based on Art. 6 (1) lit. f GDPR, as it is in the legitimate interest of the controller to offer customers, interested parties and users up-to-date information and interaction options.

When accessing the Facebook fan page, Meta's terms and conditions and data policy apply, over which the controller has no influence. In particular, data may also be processed by Meta outside the European Union. Meta’s data policy for Facebook products is available at: de-de.facebook.com/policy.php

When visiting the Facebook fan page, cookies are used to collect statistical information about the use of the Facebook fan page. If the user is logged into their Facebook account when visiting the Facebook fan page, the statistics are collected across devices. Further information is available at de-de.facebook.com/help/pages/insights. The controller has no influence on the generation and display of these so-called “page insights”. The data provided by Meta includes: total number of page views, “likes”, page activity, post interactions, reach, video views, post reach, comments, shared content, replies, proportion of men and women, origin in terms of country and city, language, views and clicks in the shop, clicks on route planners, clicks on telephone numbers. Further information is available at: www.facebook.com/legal/terms/page_controller_addendum

The controller is aware that the data is processed by Meta at least for the purposes of advertising, creating user profiles and market research. 
If users do not want the data processing described above, the connection between the user's Facebook account and the Facebook fan page can be severed using the “Unlike this page” or "Unsubscribe from this page” function.
Objections (so-called opt-outs) can be set at: www.facebook.com/login.php

Meta’s data protection officer responsible for Facebook products can be contacted at: www.facebook.com/help/contact/540977946302970
 

5.5 Font Awesome (local hosting)

The website uses Font Awesome from Fonticons, Inc., 307 S Main St Ste 202 Bentonville, AR, 72712-9214, USA (hereinafter referred to as "Fonticons") for the uniform display of fonts. Font Awesome is installed locally. No connection to Fonticons' servers is established.

Font Awesome's privacy policy is available at: fontawesome.com/privacy
 

5.6 Google Ads (including DoubleClick advertising network)

The website uses Google Ads from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google").

Google Ads, which also includes the DoubleClick advertising network, is a Google advertising network for targeted advertising campaigns on the Internet. Cookies are used to create individualised user profiles (e.g. based on characteristics, habits, interests, topics and keywords) for website visitors. Each user is assigned an identification number (ID) so that it is possible to check which ads were displayed and which ads were clicked on. The assignment of cookies and identification numbers (IDs) allows very accurate predictions to be made about the interests of users. This enables advertisers to place interest-based ads in real time.

The information contained in the cookies is transferred to Google servers outside the EU, among other places, and stored there.

Users can prevent the collection of data generated by cookies and the transfer of this data to Google, as well as the processing of this data by Google, by downloading and installing the DoubleClick deactivation extension: www.google.com/settings/ads/onweb

Google's privacy policy is available at: policies.google.com/privacy
 

5.7 Google Analytics

The website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google").

Google Analytics uses cookies that enable the controller to analyse website users. Among other things, personal data (IP address) is transferred to Google servers outside the EU and stored there. In order to ensure the protection of users' personal data, the controller for the website has activated "IP anonymisation". This means that the IP addresses of users within the EU are only processed by Google in truncated form, i.e. anonymised. Only in exceptional cases is the full IP address transferred to Google servers outside the EU and truncated there. The transmitted IP address is not merged with other Google data.

On behalf of the controller, Google uses the collected data to evaluate the activities of website users, compile reports on website activity and provide other services related to website activity and internet usage to the controller.

The user can prevent Google from collecting and using their data by downloading and installing the following browser plugin: tools.google.com/dlpage/gaoptout

Google's privacy policy is available at: policies.google.com/privacy
 

5.8 Google Conversion Tracking

The website uses Google Conversion Tracking from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").

With the help of Google Conversion Tracking, both the controller and Google can see whether users have performed certain actions on the website. For example, it is possible to evaluate which buttons on the website are clicked on how often and which products and services are viewed or purchased particularly frequently. This information is used to create so-called conversion statistics.

The controller is not able to identify individual users at any time; Google itself uses cookies or similar recognition technologies to identify users. In this process, personal data is transferred to Google servers outside the EU and stored there.

Google's privacy policy is available at: policies.google.com/privacy
 

5.9 Google Maps

The website uses the Google Maps map service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google"). This allows interactive maps to be displayed directly on the website, enabling users to conveniently use the map function.

In this context, it is necessary to store the user's IP address. The information obtained in this way is usually transferred to a Google server outside the EU and stored there. This occurs regardless of whether the user is logged into their Google account or not. Google stores user data as usage profiles and uses it for advertising, market research and/or the needs-based design of the website.

If the user is logged into their Google account, the data is assigned to the account. This assignment can be prevented by the user logging out of their Google account beforehand.

Google's privacy policy is available at: policies.google.com/privacy
 

5.10 Google reCAPTCHA

The website uses reCAPTCHA from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google").

reCAPTCHA is used to check whether data entry on websites (e.g. in a contact form) is done by a human or by an automated programme. To do this, reCAPTCHA analyses the user's behaviour based on various characteristics. This analysis starts automatically as soon as the user enters the website. reCAPTCHA evaluates various information for the analysis (e.g. IP address, length of time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Users are not notified that an analysis is taking place.

Data processing is carried out on the basis of Art. 6 (1) lit. f GDPR. The controller has a legitimate interest in protecting its website from abusive automated spying and SPAM.

Further information on reCAPTCHA and Google's privacy policy is available at: policies.google.com/privacy
 

5.11 Google Tag Manager

The website uses Google Tag Manager from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google").

Google Tag Manager allows website tags to be managed via an interface. Google Tag Manager itself is a cookie-free domain and does not collect any personal data. It triggers other tags, which may collect personal data.

Google Tag Manager itself does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

Google's privacy policy is available at: policies.google.com/privacy
 

5.12 Google Web Fonts (local hosting)

The website uses Google Web Fonts from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google") for the uniform display of fonts. Google Web Fonts are installed locally. No connection to Google servers is established.

Further information on Google Web Fonts is available at: developers.google.com/fonts/faq and policies.google.com/privacy
 

5.13 Hubspot Chat

The website uses Hubspot Chat from Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter referred to as "Hubspot") to communicate with customers and interested parties.

Users can chat with employees of the controller in real time via live chat. Depending on the course of the conversation, personal data (e.g. first name, surname, address, email address, telephone number, etc.) may be processed. Furthermore, the IP address, log files, location information and other metadata of users are collected. Hubspot uses cookies and other browser technologies to evaluate user behaviour, recognise users and store and transfer data entered. It cannot be ruled out that Hubspot also stores and processes personal data on servers in the USA.

If a user has already made contact requests in the past or has consented to the collection and analysis of their usage behaviour on the website, the data collected via live chat can be assigned to user profiles.

Hubspot's privacy policy is available at: legal.hubspot.com/de/privacy-policy
 

5.14 Hubspot CRM

The website uses Hubspot CRM from Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter referred to as "Hubspot").

Hubspot enables the controller to manage existing and potential customers and customer contacts, as well as to record, sort and analyse customer interactions via email, social media or telephone across various channels. The personal data collected can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot, the controller is also able to record and analyse the user behaviour of contacts on its website.

The legal basis for the processing of personal data via Hubspot is Art. 6 (1) lit. f GDPR, as the most efficient customer management and customer communication possible is in the legitimate interest of the controller.

If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Hubspot's privacy policy is available at: legal.hubspot.com/de/privacy-policy
 

5.15 imgix

The website uses the image optimisation service imgix from imgix Inc., 423 Tehama St, San Francisco, CA 94103, USA (hereinafter referred to as "imgix").

When using imgix, users' personal data (e.g. IP address, technical details about image retrieval) is stored on imgix servers in the USA.
The legal basis for the processing of personal data via imgix is Art. 6 (1) lit. f GDPR, as optimised image display and improved loading times are in the legitimate interest of the controller.

Users have the option of preventing the transfer of personal data to imgix by using browser extensions or add-ons that block the loading of images from certain domains. Please note that this may affect the quality and display of images on our website.

The imgix privacy policy is available at: www.imgix.com/privacy
 

5.16 Instagram

The controller operates several of its own pages on Instagram, which can be accessed at:

• www.instagram.com/erlau.bad,
• www.instagram.com/erlau.freiraum und
• www.instagram.com/rudzubi.

The pages and their technical functionality are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as "Meta").
The controller's own processing of personal data on the Instagram pages is based on Art. 6 (1) lit. f GDPR, as it is in the controller's legitimate interest to offer customers, interested parties and users up-to-date information and interaction options.

When accessing the Instagram pages, Meta's terms and conditions and data processing guidelines apply, over which the controller has no influence. Data may also be processed outside the European Union. Meta's privacy policy is available at: help.instagram.com/519522125107875

When visiting Instagram pages, Instagram collects, among other things, the IP address and other information about users (e.g. through the use of cookies). This also applies if users do not have an Instagram account or are not logged in to Instagram. If the user is logged into their Instagram account when visiting Instagram pages, Meta is able to track whether and how users use this website. This data can be used to offer content or advertising tailored to users.

If users do not want the data processing described above, they should log out of Instagram or deactivate the "stay logged in" function, delete the cookies on their device, and close and restart their browser.
 

5.17 jsdelivr. (CDN)

The website uses the Content Delivery Network (CDN) jsDelivr from ProspectOne, Królewska 65A/1, 30-081, Kraków, Poland (hereinafter referred to as "jsDelivr").

A CDN is a service that helps deliver website content, especially large media files, to users faster using regionally distributed servers connected via the internet. To do this, the browser used by the user connects to the CDN servers. In the process, personal data of users (e.g. IP address) is stored on ProspectOne servers.

The legal basis for the processing is Art. 6 (1) (f) GDPR. The processing serves the legitimate interest of the controller in providing the website as quickly and error-free as possible.

The jsDelivr privacy policy is available at: www.jsdelivr.com/terms/privacy-policy
 

5.18 Contact

When contacting the controller (e.g. by e-mail or contact form), the details of the enquiring user are processed to the extent necessary to respond to the contact request and any requested measures. This also includes the transfer of the enquiring user's details to group companies, to the extent necessary to respond to the enquiry and any requested measures.

The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. f GDPR, as it is in the legitimate interest of the controller to respond to enquiries.

Any other transfer of the data provided by the enquiring user when contacting us will only take place with their consent within the meaning of Art. 6 para. 1 lit. a GDPR.
 

5.19 Leadfeeder

The website uses Leadfeeder, a lead generation and tracking tool provided by Leadfeeder, Keskuskatu 6 E, 00100 Helsinki (hereinafter "Leadfeeder").

Leadfeeder enables the controller to record visits to its website by members of other companies. For this purpose, the user's IP address and, if applicable, other data are compared with the data contained in Leadfeeder's company database. In this context, user behaviour (e.g. duration and time of the website visit, pages visited, etc.) may also be recorded.

Leadfeeder's privacy policy is available at: www.leadfeeder.com/privacy
 

5.20 Leadinfo

The website uses the lead generation service provided by Leadinfo B.V., Rivium Quadrant 141, 2909 LC Capelle aan den IJssel, Netherlands (hereinafter referred to as "Leadinfo").
The service recognises visits to the website based on IP addresses and displays publicly available information to the controller, such as the company name, address data or data from the commercial register, if the user is a company. In individual cases, the correlation also affects personal data of natural persons. In addition, Leadinfo evaluates user behaviour on the website in order to correlate IP addresses with companies and improve the services offered.

Objections (so-called opt-outs) can be set at: www.leadinfo.com/en/opt-out

Leadinfo's privacy policy is available at: www.leadinfo.com/de/datenschutz
 

5.21 LinkedIn

The controller operates the following pages on LinkedIn:

• https://www.linkedin.com/company/rud-ketten-rieger-&-dietz-gmbh-u-co-kg
• https://www.linkedin.com/showcase/mold-handling-solutions-rud
• https://de.linkedin.com/company/erlau-bad
• de.linkedin.com/company/erlau-freiraum

The pages and their technical functionality are provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as "LinkedIn").

The processing of personal data on the LinkedIn page is based on the legitimate interests of the controller pursuant to Art. 6 (1) lit. f GDPR in order to provide information about the controller's offerings and to contact customers, interested parties and users who are active there.

When you visit the LinkedIn page, LinkedIn's terms and conditions and data processing guidelines apply, over which the controller has no influence. Data may also be processed outside the European Union. LinkedIn's privacy policy is available at www.linkedin.com/legal/privacy-policy.

When you visit the LinkedIn page, LinkedIn collects personal data from users (e.g. through the use of cookies). This also applies if you do not have a LinkedIn account or are not logged in to LinkedIn. Information about data collection and further processing by LinkedIn is available at www.linkedin.com/legal/privacy-policy.

If the user is logged into their LinkedIn account when they visit the controller's LinkedIn page, LinkedIn is able to track whether and how users use this website. Based on this data, LinkedIn can assign the user's behaviour to a specific LinkedIn account. Only the public profile of users on LinkedIn is visible to the controller. Which information is visible depends on the selected profile settings.

If users do not want the data processing described above, they should log out of LinkedIn or deactivate the "stay logged in" function, delete the cookies on their device, and close and restart their browser.
 

5.22 LinkedIn Insight Tag

The website uses the Insight Tag from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as "LinkedIn").

The LinkedIn Insight Tag stores a cookie in the user's browser that collects personal data such as the IP address, device and browser characteristics, and interactions on the website (e.g. purchase of goods, submission of a contact form, etc.) across devices. The controller uses this data for statistical and market research purposes.

If users are registered and logged in to LinkedIn, the controller can use the LinkedIn Insight tag to analyse their key professional data (e.g. job title, career level, industry, etc.). The controller uses this data to better tailor the website to the identified target groups.

In addition, the controller can use the so-called "retargeting function" to display targeted advertising to users outside the website. Users can object to the use of their personal data for advertising purposes: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The controller is not able to identify users as specific individuals when using the LinkedIn Insight tag. LinkedIn processes users' personal data outside the European Union and also uses it for its own advertising purposes. LinkedIn also collects so-called log files (URL, referrer URL, IP address, device and browser characteristics, and time of access). IP addresses are truncated or (if used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent data collected via the LinkedIn Insight Tag from being linked to a LinkedIn account, users must log out of their LinkedIn account before visiting our website.

LinkedIn's privacy policy is available at: de.linkedin.com/legal/privacy-policy

LinkedIn's data protection officer can be contacted at: www.linkedin.com/help/linkedin/ask/TSO-DPO
 

5.23 Matomo

The website uses the open source web analytics service Matomo. With the help of Matomo, the controller is able to collect and analyse data about how users use its website. This allows it to find out, among other things, when which pages were viewed and which region users come from. In addition, various log files (e.g. IP address, referrer, browsers and operating systems used) are collected and measured to determine whether users perform certain actions (e.g. clicks, purchases, etc.).

Matomo has been configured so that no cookies are stored in the user's browser. Matomo is hosted exclusively on the controller's own servers, so that all analysis data remains with the controller and is not passed on.

Further information on data protection at Matomo is available at https://matomo.org/privacy.
 

5.24 Microsoft Advertising

The controller uses Microsoft Advertising. Microsoft Advertising is an online advertising programme from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft Advertising enables the controller to display advertisements in the Bing search engine or on third-party websites when users enter certain search terms in Bing (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Microsoft (e.g. location data and interests) (target group targeting). The controller, as the website operator, can evaluate this data quantitatively, for example by analysing which search terms led to the display of the advertisements and how many advertisements led to corresponding clicks.

The controller uses Microsoft Advertising's Universal Event Tracking (UET). This involves collecting pseudonymised data to track what actions users take on our websites after clicking on an advertisement on Microsoft Advertising. UET collects the IP address (anonymised), device identifiers, information about device and browser settings, Microsoft Click ID (stored in a cookie), time spent on the website, which areas of the website were accessed, which ad brought users to the website, and the keyword clicked.

Users can object to data processing directly at Microsoft:

https://account.microsoft.com/privacy/ad-settings/signedout?lang=de-DE.

Further information on data protection and the cookies used is available at https://privacy.microsoft.com/de-de/privacystatement. 
 

5.25 Microsoft Clarity

The website uses the Clarity analysis tool from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (hereinafter "Clarity").

Clarity is a tool for analysing user behaviour on websites. In particular, Clarity records mouse movements and creates a graphical representation of which parts of the website users scroll through most frequently (heat maps). Clarity can also record sessions so that the controller can view page usage in the form of videos. Furthermore, the controller receives information about general user behaviour within the website.

Clarity uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). Users' personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.

Further details on Clarity's data protection and security can be found at: clarity.microsoft.com/privacy
 

5.26 Microsoft Teams

For audio and video conferencing and collaboration purposes, the controller uses Microsoft Teams, a service provided by Microsoft Ireland, South County Business Park, One Microsoft Place, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland (hereinafter referred to as ‘Microsoft’).

When users communicate with the controller via video or audio conference or make use of collaboration options, their personal data is collected and processed by both the controller and Microsoft. The controller's own processing of personal data is based on its legitimate interests pursuant to Art. 6(1)(f) GDPR in the effective execution of communication and collaboration processes. Insofar as personal data of employees of the controller is processed, Art. 6 para. 1 lit. b, f GDPR is the legal basis for data processing. Insofar as consent is requested in accordance with Art. 6 para. 1 lit. a GDPR (e.g. voice transcription, recording), the use of Microsoft Teams is based on this consent; Consent can be revoked at any time with future effect.

The scope of personal data processed when using Microsoft Teams depends on the information provided by users. The following personal data may be processed when using Microsoft Teams:

• User information: user name, first name/surname, email address, telephone number, profile picture, organisation, availability as status.
• Metadata for audio and video conferences: title, date, time, location, duration and other details of the meeting, meeting ID, device/hardware information, attendance and duration of attendance, meeting history, call quality data.
• Metadata for collaboration features: file name, date and time of editing, user name.
• Text, audio and video data, files: Text entries made by the user (chat messages/messages in Teams channels) are processed in order to display them and, if necessary, log them. To enable video display and audio playback, data from the terminal device's microphone and any video camera on the terminal device is processed for the duration of audio and video conferences. Users can switch off or mute the camera or microphone themselves at any time. Files uploaded in chats or Teams channels or shared via screen sharing are processed in order to make them available to the communication partner or to edit them collaboratively.
• Voice transcription: Microsoft Teams offers the option of voice transcription. This involves recording participants' spoken contributions during audio and video conferences in text form. If speech transcription is to take place, all participants are informed of this in detail before the start of the meeting and during the meeting. Microsoft Teams offers a function for displaying a pop-up message to participants informing them of the speech transcription. Speech transcription only takes place with the consent of the participants.
• Recordings: Microsoft Teams offers the option of recording meetings. If a recording is to be made, all participants will be fully informed of this fact before the start of the meeting and during the meeting. Recordings will only be made with the consent of the participants.

Microsoft Teams is part of Microsoft 365. If users have a Microsoft 365 account and are logged in to it, personal data may be stored by Microsoft. The scope and duration of storage depends on the respective settings in the user account, over which the controller has no influence.

When using Microsoft 365, it cannot be ruled out that personal data may also be processed outside the European Union. An adequate level of data protection is guaranteed, on the one hand, by the conclusion of the so-called EU standard contractual clauses. As a supplementary protective measure, the controller has configured its Microsoft tenant as strictly as possible from a data protection perspective. In addition, Microsoft is certified under the ‘EU-US Data Privacy Framework’ (https://www.dataprivacyframework.gov/participant/6474).

Further information on data protection and data security is available at https://privacy.microsoft.com/de-de/privacystatement and at

https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.
 

5.27 Newsletter distribution

To subscribe to the controller's newsletter, at least the user's email address is required. After successful registration, the user receives a registration notification by email, which they must confirm in order to receive the newsletter (so-called double opt-in). This serves as proof for the controller that the registration was actually initiated by the respective user. Newsletters contain information about the controller, its services, promotions and offers. In addition, newsletters contain so-called "web beacons", i.e. pixel-sized files that transmit technical information (e.g. browser, system, IP address and time of retrieval) to the controller when the newsletter is opened. This technical information is used to improve the offer by determining target groups, reading behaviour, retrieval locations and access times. In doing so, the controller also evaluates whether and when a newsletter is opened and which links within the newsletter are clicked on. No user-related evaluation takes place. The receipt of the newsletter and the measurement/analysis of its reach are based on the consent of the users in accordance with Art. 6 para. 1 lit. a GDPR. Consent to receive the newsletter and the measurement/analysis of its reach can be revoked at any time via a link at the end of each newsletter.

The website uses the following newsletter dispatch tools to send newsletters:

• "Mailchimp" from Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (Mailchimp's privacy policy is available at https://mailchimp.com/legal/terms),
• "Salesforce" from Salesforce, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA (Salesforce's privacy policy is available at www.salesforce.com/de/company/privacy) and
• "Hubspot" by HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA (Hubspot's privacy policy is available at legal.hubspot.com/de/privacy-policy).

In this case, personal data of newsletter subscribers is stored and processed on servers in both the EU and the USA.

For the purpose of verifying its proper execution, the controller logs the registration process for the newsletter. The legal basis for the processing is Art. 6 (1) (f) GDPR. The processing serves the legitimate interest of the controller in complying with data protection documentation obligations.

The personal data processed for the purpose of receiving the newsletter will be stored until the subscriber unsubscribes from the newsletter and will be deleted from the newsletter distribution list after unsubscribing. Data stored for other purposes remains unaffected by this.

After unsubscribing from the newsletter distribution list, the relevant email address may be stored in a blacklist by the controller or the newsletter service provider if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The processing serves the legitimate interest of the controller in complying with the legal requirements for sending newsletters.
 

5.28 Pinterest

The controller operates a page on Pinterest, which can be accessed at www.pinterest.com/erlau_bad_freiraum. In addition, the website uses social media elements from Pinterest. Pinterest is a social media network operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (hereinafter ‘Pinterest’).

When users visit a page that contains a social media element, their browser establishes a direct connection to Pinterest's servers. The social media element transmits log data to Pinterest's server in the USA. This log data may contain the following personal data:

• IP address
• Addresses of visited websites that also contain Pinterest functions
• Type and settings of the browser
• Date and time of the request
• Use of Pinterest
• Cookies

Pinterest's privacy policy and privacy protection options are available at policy.pinterest.com/de/privacy-policy.
 

5.29 Salesforce Sales Cloud

The controller uses the Salesforce Sales Cloud from salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter referred to as "Salesforce") to manage customer data.

Salesforce Sales Cloud is a CRM system that enables the controller to manage existing and potential customers and customer contacts and to organise sales and communication processes. Furthermore, the use of the CRM system enables the analysis of customer-related processes. For this purpose, customer data is stored on Salesforce's servers and, if necessary, also transferred to Salesforce's parent company in the USA. Details on the functions of Salesforce Sales Cloud are available at: www.salesforce.com/de/products/sales-cloud/overview

The processing of personal data is based on the legitimate interest of the controller pursuant to Art. 6 (1) lit. f GDPR in the most efficient customer management and customer communication possible.

If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Salesforce's privacy policy is available at: www.salesforce.com/de/company/privacy
 

5.30 Survey Monkey 

The controller uses the services of SurveyMonkey Europe UC, 2 Shelbourne Buildings, Second Floor, Shelbourne Road, Dublin 4, Ireland (hereinafter referred to as "SurveyMonkey") to conduct surveys.

Participation in surveys is voluntary and takes place via a link that customers receive by email. When customers click on the link, they are redirected to the external SurveyMonkey website.

When accessing the external SurveyMonkey website, SurveyMonkey's terms of use and privacy policy apply, over which the controller has no influence. Data may also be processed outside the European Union. SurveyMonkey's privacy policy is available at: de.surveymonkey.com/mp/legal/privacy-basics/ and de.surveymonkey.com/mp/legal/privacy/

When participating in surveys, participants' responses and entries are processed. Depending on the survey, users can submit a rating, select from predefined answer options or formulate their own answers. Participants are asked not to submit any sensitive data. The survey results are used solely to optimise our offering and are not linked to other data.
 

5.31 TeamViewer

For support and remote maintenance purposes, the controller uses "TeamViewer", a service provided by TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany (hereinafter referred to as "TeamViewer").

The processing of personal data is based on the legitimate interest of the controller pursuant to Art. 6 (1) lit. f GDPR in the effective performance of IT support and remote maintenance work. Insofar as personal data of employees of the controller is processed, Art. 6 (1) lit. b, f GDPR is the legal basis for data processing.

When using TeamViewer, a connection to TeamViewer's servers is established. In addition to the IP address, the user's location and MAC address as well as the start and end of the TeamViewer session are transmitted to TeamViewer. In the course of IT support and remote maintenance work, the controller is generally able to view the content accessed by the user on their computer. It is therefore recommended that you close all programmes and windows that are not required for IT support or remote maintenance before using TeamViewer.

Further information on data protection at TeamViewer is available at: www.teamviewer.com/de/privacy-policy
 

5.32 tawk.to

The controller uses the services of tawk.to, inc., 187 E Warm Springs Rd, SB298, Las Vegas, Nevada 89119, USA (hereinafter referred to as "tawk.to") to process user enquiries via its support channels or live chat systems.

Messages that users send to us may be stored in the tawk.to ticket system or answered by our employees in live chat. Depending on the course of the conversation, personal data (e.g. first name, surname, address, email address, telephone number, etc.) may be processed. With the help of tawk.to, it is also possible to determine the region from which the user comes, how long they communicate with us and how satisfied they are with the communication process. It cannot be ruled out that tawk.to also stores and processes personal data on servers in the USA.

The privacy policy of tawk.to is available at: www.tawk.to/privacy-policy and www.tawk.to/data-protection/gdpr
 

5.33 X (formerly Twitter)

The controller operates its own channel on the short message service X, which can be accessed at x.com/RUDKetten. The site and its technical functionality are provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter referred to as "X").

The processing of personal data on X by the controller is based on Art. 6 (1) lit. f GDPR, as it is in the legitimate interest of the controller to offer customers, interested parties and users up-to-date information and interaction options.

When accessing X, the General Terms and Conditions and the Privacy Policy of X apply, over which the controller has no influence. The Privacy Policy of X is available at: x.com/en/privacy

The controller advises users that they use the short message service and its functions at their own risk. This applies in particular to the use of interactive functions (e.g. sharing, rating).

The data collected when using the service is processed by X and may be transferred to countries outside the European Union. This includes, among other things, the IP address, the application used, information about the device used (including device ID and application ID), information about websites visited, location and mobile phone provider. This data is assigned to the user's X account or X profile. The controller has no influence on the type and scope of data processed by X, the type of processing and use, or the transfer of this data to third parties. Information about what data is processed by Twitter and for what purposes it is used is available at: x.com/de/privacy and help.x.com/de/managing-your-account/accessing-your-x-data

The controller does not collect or process any other data from the use of the short message service.

Users can restrict the processing of data in the general settings of their X account and under "Privacy and Security". In addition, users of mobile devices (smartphones, tablet computers) can restrict X's access to contact and calendar data, photos, location data, etc. in the settings options available on those devices. However, this depends on the operating system used. Further information on this is available at: help.x.com/de/rules-and-policies/data-processing-legal-bases
 

5.34 XING

The controller operates its own page on Xing, which can be accessed at: www.xing.com/pages/rudkettenrieger-dietzgmbhu-co-kg. The page and its technical functionality are provided by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (hereinafter referred to as "Xing").

The processing of personal data on the Xing page is based on the legitimate interests of the controller pursuant to Art. 6 (1) lit. f GDPR in order to provide information about the offer and to contact customers, interested parties and users who are active there.

When visiting the Xing page, the terms and conditions and data processing guidelines of Xing apply, over which the controller has no influence. Data may also be processed outside the European Union. Xing's privacy policy is available at: privacy.xing.com/de/datenschutzerklaerung

When visiting the controller's Xing page, Xing collects personal data from users (e.g. through the use of cookies). This also applies if the user does not have a Xing account or is not logged in to Xing. Information about data collection and further processing by Xing is available at: privacy.xing.com/de/datenschutzerklaerung

If the user is logged into their Xing account when they visit the Xing page, Xing is able to track whether and how users use this website. Based on this data, Xing can assign the user's behaviour to a specific Xing account. Only the user's public profile on Xing is visible to the controller. The information that is visible depends on the profile settings selected.

If users do not want the data processing described above, they should log out of Xing or deactivate the "stay logged in" function, delete the cookies on their device, and close and restart their browser.
 

5.35 YouTube

The website uses YouTube, an internet video portal operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google").

The controller operates the following channels on YouTube:

• https://www.youtube.com/user/rudketten
• https://www.youtube.com/user/RUDLiftingAndLashing
• https://www.youtube.com/user/TyreProtectionChains
• https://www.youtube.com/c/RUDSchneeketten1875
• https://www.youtube.com/user/RUDKetten1
• https://www.youtube.com/@RUD_Conveyor_DriveSystems
• https://www.youtube.com/RUDChainInc
• www.youtube.com/@rud-schottler9652  
• www.youtube.com/user/ErlauAG1

YouTube allows video publishers to upload video clips free of charge and other users to view, rate and comment on these video clips free of charge. When users visit a website that has YouTube integrated, a connection to the YouTube servers is established. This tells the YouTube server which website users have visited. If users are logged into their YouTube account, they enable YouTube to assign their surfing behaviour directly to their personal profile. Users can prevent this by logging out of their YouTube account.

The controller integrates YouTube exclusively in extended data protection mode.  According to YouTube, videos played in extended data protection mode are not used to personalise browsing on YouTube. Advertisements played in extended data protection mode are also not personalised. No cookies are set in extended data protection mode. Instead, however, so-called local storage elements are stored in the user's browser, which, similar to cookies, contain personal data and can be used for recognition purposes.

Details on enhanced privacy mode are available at: support.google.com/youtube/answer/171780

After activating a YouTube video, further data processing operations may be triggered over which we have no control.

Google's privacy policy is available at: policies.google.com/privacy
 

6 Further data processing

6.1 Contractual relationships

The processing of personal master data, contract data and payment data is necessary for the establishment and/or execution of contractual relationships with customers. In order to fulfil the agreed purpose of the contract, personal data may also be passed on to distributors and dealers commissioned by the controller for the purpose of preparing quotations. The legal basis for the processing is Art. 6(1)(b) GDPR.

The controller processes customer and prospect data for evaluation and marketing purposes. The legal basis for processing is Art. 6 (1) (f) GDPR. The processing of serves the legitimate interest of the controller in further developing its range of services and providing targeted information about them.

Further processing of personal data takes place only on the basis of consent within the meaning of Art. 6 para. 1 sentence 1 lit. a GDPR or within the framework of the fulfilment of legal obligations within the meaning of Art. 6 para. 1 sentence 1 lit. c GDPR.
 

6.2 RUD configurators

The controller provides configurators for identifying suitable anchorage points and slings at https://configuration.rud.com/lifting-points and https://configuration.rud.com/lifting-means/configurator.

The configurators can generally be used without registration. If users wish to register, they must provide their email address and password, first and last name, company, address, country and telephone number. Optionally, they can specify their position in the company and give their consent to receive the newsletter. After registration, users receive an email with an activation link for their user account. The legal basis for processing is Art. 6 (1) (b) GDPR.

After registration, users can save configured attachment points and slings and create corresponding enquiries, call up configured slings by ID number, compare components and specifications, and download technical documentation (CAD data and operating instructions).

If a request for individual advice is created for configured attachment points and slings, users will be contacted by the controller afterwards. Users can optionally have a copy of their request sent to them by email.

The user data provided can be viewed and changed at any time under ‘User account’ > ‘User data’. The password can be changed under ‘User account’ > “Password”. In addition, the password can be reset via the ‘Forgot your password?’ link in the login screen. 
 

6.3 Erlau online shop

The controller operates a web shop for high-quality outdoor furniture at shop.erlau.com. The legal basis for the processing of personal data in the context of the web shop is Art. 6 (1) (b) GDPR. The controller uses the data collected exclusively for the purpose of processing the contract or order and for associated measures and obligations, to safeguard its own rights and for purposes related to administrative tasks and business organisation.

Users can register in the web shop or "order as a guest".

During registration, the email address, password, company name, mobile number and address are collected. The first name and surname can be provided on a voluntary basis. The information provided during registration is compared with the customer database of the controller. This ensures that only customers receive a user account in the online shop. If the comparison is successful, the user receives a confirmation email. The customer account can be deleted at any time by sending a message to the controller at the above address.

The selected products are placed in the shopping basket; from there, the user proceeds to the checkout process. This involves the following steps:

• For registered users: Selection of a billing or delivery address from the data entered during the registration process or entry of a new billing or delivery address.
• For guest users: Enter country, company name, address, email address and, if applicable, a different delivery address. The first name, surname and mobile number can be provided on a voluntary basis.
• Select shipping method, add special shipping instructions, select partial or complete delivery, enter desired shipping date.
• Select payment method (credit card, direct debit, PayPal, invoice) and enter promotional code if applicable.
• Review order details / submit order.

The controller integrates payment services from third-party companies into its online shop. When users make a purchase, their payment details (e.g. first name/surname, payment amount, account details, credit card number, validity, CVC) are processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective provider apply to these transactions. The use of payment service providers is based on Art. 6 (1) lit. b GDPR and Art. 6 (1) lit. f GDPR, as it is in the legitimate interest of the controller to ensure that the payment process is as smooth, convenient and secure as possible.

The parent provider of our payment services is Computop Paygate GmbH, Schwarzenbergstr. 4, 96050 Bamberg (hereinafter referred to as "Computop"). Computop's privacy policy is available at computop.com/de/datenschutz. The controller integrates the following payment services via Computop:
 

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as "Mastercard").

Details on payment with Mastercard are available at:

• www.mastercard.de/de-de/datenschutz.html
• www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf
   

VISA

This payment service is provided by Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as "VISA").

VISA's privacy policy is available at: www.visa.de/nutzungsbedingungen/visa-privacy-center.html
 

PayPal

The payment service provider is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as ‘PayPal’).

Details on payment with PayPal are available at: www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

PayPal's privacy policy is available at: www.paypal.com/de/webapps/mpp/ua/privacy-full.
 

6.4 Snow chain advisor and online shop (B2C)

The website offers users the opportunity to configure and order snow chains for a specific vehicle via the snow chain advisor (schneekettenberater.rud.com).

This involves the processing of personal data related to the order, e.g. company/first name, surname, street, house number, postcode, town, country, email address, different delivery address if applicable, and payment details. For payment by credit card, it is necessary to enter the complete credit card details, i.e. name of the cardholder, credit card number, expiry date and CVC code. For payment by direct debit, it is necessary to provide the account holder's name, account number, bank code and bank name.

The controller processes personal data for the purpose of processing the order in the online shop on the basis of Art. 6 (1) (b) GDPR.

In the case of a purchase on account or any other payment method where we make advance payments, we may carry out a credit check (scoring).  For this purpose, we transfer address data of users to informa HIS GmbH, Kreuzberger Ring 68, 65205 Wiesbaden (hereinafter referred to as "informa"). Based on this data, the probability of a payment default is determined. If the risk of payment default is excessive, we may refuse the relevant payment method.

The credit check is carried out for the purpose of fulfilling the contract within the meaning of Art. 6 (1) (b) GDPR and on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR in avoiding payment defaults.

Further information on the activities of informa is available at: www.informa-his.de/haeufige-fragen.
 

6.5 Snow chain advisor and online shop (B2B)

The website offers commercial users the opportunity to configure and order snow chains for a specific vehicle via the snow chain advisor (rud.orderfactory.it).

To use the online shop, commercial users must first register and then log in. To register, they must provide their company name, address including country, and first and last name, telephone number and e-mail address of the contact person. After successful registration, commercial users receive their user name and password by e-mail.

After logging into their personal account, commercial users have access to an overview of their stored data, an order overview and the ‘buy again’ function. Commercial users can proceed to the checkout process via the shopping basket. Here, a delivery address that differs from the billing address can be entered and the order can be submitted.

The controller processes personal data for the purpose of processing the order in the online shop on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR.

Business partners are informed separately about data processing in the context of the business relationship.

6.7 BUDDYtron app 

The controller operates its own app for digital advice on lifting loads. The BUDDYtron app provides support in the selection, assembly, visual inspection and repair of slings and attachment points and helps to make lifting operations safer and more efficient.

The BUDDYtron app can generally be used without providing personal data. The only exceptions to this are when users use the contact form integrated into the app, rate the app in the app store or give their consent to app tracking or the use of Google Analytics.

In this respect, the following applies:

• Data processing in connection with the contact form is described in the section on ‘Contact’ in this privacy policy. If images are to be added to an enquiry, the app requires access to the user's media library.
• When leaving a review in an app store, the account identifier (e.g. user name or email/account ID), the review content (text and stars), metadata such as date/time, app/device information, IP address and approximate location, visible profile information (e.g. profile picture), if applicable, as well as technical log and interaction data (replies, likes, moderation notes) are processed. The legal basis for processing is Art. 6 (1) (a) GDPR. Users can edit or delete reviews they have left at any time via their user account. Further information on data protection in the app stores is available at https://policies.google.com/privacy?hl=de and at https://support.apple.com/de-de/102399.
• When tracking apps, the following personal data may be collected for marketing and product optimisation purposes: Device ID, IP address, location data, usage data, interaction data, device and system information, advertising and conversion data, network and connection data, browser and referrer information, and, where applicable, cross-device identifiers and profile data, which are combined for user tracking or the creation of user profiles. The legal basis for processing is Art. 6 (1) (a) GDPR. Users can prevent or restrict app tracking via the settings on their smartphone/browser.
• Data processing within the scope of Google Analytics is described in the section on ‘Google Analytics’ in this privacy policy.

The BUDDYtron app is available via third-party distribution platforms, known as app stores (Google Play and Apple iTunes). Downloading the app may require prior registration with the respective app store and installation of the app store software. The controller has no influence on the collection, processing and use of personal data in connection with registration and the provision of downloads in the respective app store and the app store software. The operator of the respective app store is solely responsible for data protection in this regard. Further information is available directly from the respective app store provider if required.
 

6.8 Employment relationships

The website offers applicants the opportunity to apply to the controller via the recruitment portal, by email or by post. In doing so, personal data relating to the specific application is processed, e.g. general personal data, information on school, vocational and further training, and other information provided by applicants.

The controller processes personal data for the purpose of conducting the application process and, if an employment relationship is established, for the purpose of processing the employment relationship, on the basis of Art. 6 (1) lit. b, f GDPR. Furthermore, personal data may be processed if this is necessary to fulfil legal obligations (Art. 6(1)(c) GDPR) or to defend against legal claims asserted against the controller (Art. 6(1)(f) GDPR). The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Personal data will be stored for the aforementioned purposes for as long as is necessary to fulfil these purposes. For the purpose of defending against legal claims asserted against the controller arising from the application process, personal data will be stored for a maximum of 6 months and then deleted.

If no employment relationship is currently possible, there is the option of having the application included in an applicant pool. If included, all documents and information from the application will be transferred to the applicant pool so that applicants can be contacted in the event of suitable vacancies. Inclusion in the applicant pool is only based on consent within the meaning of Art. 6 (1) (a) GDPR. The granting of consent is voluntary and is not related to the current application process. The data subject may revoke their consent at any time. In this case, the data will be deleted from the applicant pool, provided there are no legal reasons for retention. The data from the applicant pool will be stored for a maximum of 2 years and then deleted.

The provision of personal data in the context of application procedures is neither legally nor contractually required. Applicants are therefore not obliged to provide any information. However, the provision of personal data is necessary for the decision on an application or the conclusion of a contract in relation to an employment relationship. If applicants do not provide personal data, the controller cannot make a decision on establishing an employment relationship. It is recommended that only personal data that is necessary in this context be provided in the application.

Information on the processing of personal data via the applicant portal can be accessed directly during the application process by clicking on the "Data protection information" button.

If the "WhatsApp application" function is used for the application, this is done on the basis of consent within the meaning of Art. 6 (1) (a) GDPR. When applying via WhatsApp, all necessary applicant information is requested via a WhatsApp chat, imported directly into the recruiting service provider's system and further processed there for the purpose of the application process. Sent and received messages are end-to-end encrypted.

The private WhatsApp account of the respective applicant is used for applications via WhatsApp. The General Terms and Conditions and Data Policy of Meta apply here, over which the controller has no influence. In particular, data may also be processed by Meta outside the European Union. The WhatsApp Privacy Policy is available at: www.whatsapp.com/legal/privacy-policy-eea
 

6.9 Whistleblower system

For confidential communication with whistleblowers within the meaning of the Whistleblower Protection Act (HinSchG), the controller uses "preeco | hinweisgeber", a digital whistleblower system provided by preeco GmbH, Magirus-Deutz-Straße 14, 89077 Ulm, Germany (hereinafter referred to as "preeco").

In order to maintain confidentiality within the meaning of Section 8 of the Whistleblower Protection Act (HinSchG), whistleblowers can generally use the whistleblower system without providing personal information. This does not apply to information within the meaning of Section 3 of this privacy policy. The exchange of information via the whistleblower system is encrypted. This prevents unauthorised persons from viewing the content.

If whistleblowers wish to receive a personal reply, they must provide their name. This data is then available to the processing department of the controller.

If whistleblowers wish to receive a reply without revealing their identity, they must tick the box "I wish to submit my report completely anonymously" and refrain from providing their name. The system assigns a case-related "token" to the respective report. Communication now takes place via a "digital mailbox" to which whistleblowers have access with their password and the "case token". If whistleblowers lose their access data, they will no longer be able to access the mailbox.

If whistleblowers do not wish to receive a reply, they must tick the box "I do not wish to create access to my report". In this case, it is not possible to contact the whistleblower, confirm receipt of the report or provide information about the progress or completion of the report.

Depending on the content of the report submitted and any accompanying documents, it cannot be ruled out that personal data of the whistleblower or other persons named in the report may be processed. The legal basis for the processing is Art. 6 (1) (c) GDPR in conjunction with § 10 HinSchG.

Further information on data protection at preeco is available at: www.preeco.de/datenschutzhinweise
 

6.10 Usercentrics consent management

The website uses Usercentrics' cookie consent technology to obtain users' consent to the storage of certain cookies on their end device or to the use of certain technologies and to document this in accordance with data protection regulations. The technology is provided by Usercentrics GmbH, Rosental 4, 80331 Munich (hereinafter referred to as "Usercentrics").

The legal basis for processing is Art. 6 (1) (c) GDPR, as the controller is legally obliged to obtain consent from users for certain website content.

When using our website, the following personal data is transferred to Usercentrics:

• Consent(s) or withdrawal of consent(s)
• IP address
• Browser-specific information
• Device-specific information
• Time of visit to the website
• Geolocation

In order to be able to assign the consent(s) given or their revocation, Usercentrics stores a cookie in the user's browser. Users have the option of deleting the cookie themselves at any time.

The Usercentrics privacy policy is available at: usercentrics.com/de/datenschutzerklaerung
 

7 Security of processing

The website uses the TLS (Transport Layer Security) procedure in conjunction with the highest level of encryption supported by the browser used. Whether an individual website is transmitted in encrypted form can be recognised in the address bar of the browser by the prefix https:// and/or the closed padlock symbol.

The controller uses technical and organisational security measures to protect the personal data it manages against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security measures are continuously improved in line with technological developments.
 

8 Validity and currency of the privacy policy

The privacy policy is currently valid and dated 04.11.2025.

Due to ongoing legal and technical developments, the controller reserves the right to update this privacy policy at any time.