Privacy Policy
Last update: August 2024
1. CONTROLLER, GENERAL NOTES
1.1 In this website privacy policy (“Privacy Policy”), we, IWG Ing. W. Garhöfer Ges.m.b.H, (“IWG” or “we”), as controller within the meaning of the EU General Data Protection Regulation (“GDPR”), inform users of our website “www.iwgplating.com” (“Website”) about the processing of their personal data. Our contact details: Sonnenblumenweg 1, 2282 Markgrafneusiedl, Austria, +43 2287 71073, datenschutz@iwgplating.com.
1.2 This privacy policy is aimed at every visitor to our website over the age of 16 (“user”, “data subject” or “you”).
1.3 Unless otherwise defined in this privacy policy, the terms used here have the same meaning as in the GDPR.
1.4 The website contains links to third-party websites. We have no control over the content or privacy practices of these websites. Therefore, please read the respective data protection information of linked websites.
1.5
Data Protection Coordinator:
Claudia Garhöfer-Ondreicska
Sonnenblumenweg 1,
2282 Markgrafneusiedl
Phone: +43 22877107375
E-Mail: claudia.garhoefer@iwgplating.com
2. DATA COLLECTION, ORIGIN AND PROCESSING PURPOSES
We process personal data (hereinafter also referred to as “data”) that you voluntarily and actively transmit to us (e.g. via our contact form). In addition, data is forwarded from your browser to our website server (server log files) and collected by us through the use of cookies and similar technologies (e.g. beacons, tags and scripts) (hereinafter collectively referred to as “cookies”).
2.1 Provision and security of the website – Hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
Legal basis: Art 6(1) (f) GDPR – legitimate interest in the secure, fast and efficient provision and security of our website.
Our host(s) will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data.
Our web hosting is operated by:
netcup GmbH
Daimlerstraße 25
D-76185 Karlsruhe
2.2 Cookies
Our website uses so-called “cookies”. Cookies are small text files that can be stored on the user’s device during the website visit and store certain information about the user. Cookies cannot access other data stored on the user’s device and do not cause any damage to this device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies).
Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies to analyse your surfing behaviour.
We use essential and optional cookies as described below.
2.2.1 Essential Cookies
These ensure the proper functionality of our website. Without essential cookies, this would not be guaranteed or only to a limited extent.
The use of essential cookies does not require consent. However, these can be deactivated at any time via the browser settings.
Legal basis: § 165 (3) Telecommunications Act 2021 (“TKG”), Art 6 (1) (f) GDPR – legitimate interest in the provision of a functioning website including website services.
Essential cookies used
Cookie name | Purpose | Storage duration |
---|---|---|
borlabs-cookie | Saves the settings of visitors selected in the Borlabs Cookie Box. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. Further details on data processing by Borlabs can be found at: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/ https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/ | 1 year |
_icl_visitor_lang_js | Saves the redirected language. This cookie is activated for all website visitors if you use the browser language redirection function. | 1 day |
wpml_browser_redirect_test | Tests whether cookies are enabled. This cookie is activated for all website visitors if you use the browser language redirection function. | End of the session |
wp-wpml_current_admin_language_* | Saves the current language. | 1 day |
wp-wpml_current_language | Saves the current language. This cookie is activated by default on websites that use the language filtering function for AJAX operations. | 1 day |
woocommerce_cart_hash | Necessary for the shopping basket functionality. Helps WooCommerce recognise when the number of items in the shopping cart changes. | End of the session |
store_notice[notice id] | Allows customers to hide shop notifications. Is required to be able to send notifications to the customer when adding or removing items from the shopping basket. | End of the session |
woocommerce_recently_viewed | Contains data on the last products viewed by the visitor. | End of the session |
wp_woocommerce_session_ | Storage of a unique ID to ensure the purchasing function. | 2 days |
woocommerce_items_in_cart | Helps WooCommerce determine when the contents of the shopping cart/data change. | End of the session |
2.2.2 Optional Cookies
These are used to improve our website, optimise the user experience, analyse user behaviour or personalise marketing activities. These cookies include statistics cookies and marketing cookies. They may also be set by external advertising companies (“third-party cookies”).
Optional cookies are only set in accordance with the user’s consent given via the website cookie banner. Consent can be revoked at any time (for all or each cookies) with effect for the future. To do this, you can call up the cookie banner again at any time via the floating icon on the website and change the cookie settings. In addition, cookies can be rejected, authorised and deleted via the browser settings. Rejecting or deleting cookies that require consent can lead to functional restrictions on the website.
Legal basis: Art 6 (1) (a) GDPR – consent.
Optional cookies that used
Cookie name | Purpose | Storage time |
---|---|---|
_ga_0V7JNYGWCC, _ga_4BXXKZJZTZ, _ga_58GG1QVC8C, _ga_B8SKQ9HHPZ, _ga_BDJCJ7JL22, _ga_CMVQJLTS69, _ga_GJH9RGDDP5 ga_RQXSGJFQ59, _ga_X6LMX9VR0Y, _ga_LXTM6CQ0XK, _ga_TSV1TG0PFC | Is used by GA4 to identify a unique user. | 2 months |
_gat_UA-233105469-1 | Google Analytics: [Is used to throttle the request rate and expires after one minute. Is set by Google Analytics to read and filter requests from bots]. | 1 minute |
_gcl_au | Google Adsense: [Is set by Google Adsense to save and track conversions] | 1 year |
_gid | Google Analytics: [Is set by Google Analytics to count and store page views]. | 24 hours |
test_cookie doubleclick.net | Google Ads: [Is set by Google Ads on a test basis to check whether the browser allows cookies to be set. Contains no identification features.] | 15 minutes |
ar_debug doubleclick.net | This cookie is used by Google Ad Services to debug adverts | 1 year |
IDE doubleclick.net | Google Ads: [Is set by Google Ads. It contains a randomly generated user ID. Google can use this ID to recognise the user across different websites and display personalised advertising]. | 1 year |
NID | Is used to display the Google Map and YouTube and to provide advertising or retargeting and to save user preferences. | 6 months |
_ga, _gat, _gid | Google Tag Manager – Consent cookie to control advanced script and event handling. | 2 years |
SRCHD, SRCHHPGUSR, SRCHUID and SRCHUSR | Are set by Bing Advertising. These are cookies from the analytics service that links data from the Bing advertising network with the actions performed on the website. | 2 years |
SUID | To save a unique session ID. | 20 minutes |
MUID | Used as a unique user identifier. It can be set by embedded Microsoft scripts and is used to enable the tracking of users across different Microsoft domains. | 13 months |
OID, OIDI and OIDR | Are used for advertising tracking purposes, to track the targeting and performance of advertising campaigns in the Bing advertising network. OIDR is used as an identifier for an object in the identity system of Bing. | OIDI 14 days OID and OIDR 3 months |
_HPVN | Is a first-party cookie from Microsoft MSN that ensures that the website functions properly. | 1 year |
BFB | Helps to target and track the performance of advertising campaigns in the Bing advertising network. | 1 year |
_RwBf | Is set for Bing advertising tracking purposes | 1 year |
_SS | Used for tracking with Microsoft Bing | Only for the session |
_UR, ipv6 | Analysis service that links data from the Bing advertising network with actions performed on the website. | 340 days |
dsc | Analysis service that links data from the Bing advertising network with actions performed on the website. | Session |
ACL | Places an icon in the Chrome toolbar that indicates whether cookies are allowed/allowed/denied for the current page/session | |
USRLOC | Used by Bing to understand user interaction with the website. | Only for the session |
_uetvid and _uetsid | This cookie is used by Microsoft Bing Ads and is a tracking cookie. It enables us to contact a user who has previously visited our website. | 1 day |
_uetmsclkid | Is set by Microsoft to save actions performed on the website | Session |
bcookie | Is set by LinkedIn and is used to uniquely identify devices used to access the LinkedIn platform in order to prevent unauthorised access. | 1 year |
lidc | Is set by LinkedIn and is used by LinkedIn to select the data centre. | 24 hours |
AMCVS_14215E3D5995C57C0A495C55%40AdobeOrg; AMCV_14215E3D5995C57C0A495C55%40AdobeOrg | LinkedIn Analytic cookie indicates for the Adobe Experience Cloud when a session has started. | 2 years |
AnalyticsSyncHistory | Is set by LinkedIn to store and track visits to various websites. | 30 days |
UserMatchHistory | Is set by LinkedIn to enable ad placement or retargeting. | 30 days |
gpv_pn | Is used to store and retrieve the previously visited page in Adobe Analytics. | 6 months |
aam_uuid | Is set by LinkedIn to be able to set the ID synchronisation for Adobe Audience Manager. | 30 days |
long | LinkedIn cookie to store a user’s language preference so that LinkedIn.com displays the language the user has selected in their settings. | Session |
li_gc | Is set by LinkedIn and is used to store the guest’s consent to the use of cookies for non-essential purposes. | 6 months |
li_mc | Set by LinkedIn and used as a temporary cache to avoid database queries for a member’s consent to use non-essential cookies, and is used to have consent information on the client side to enforce consent on the client side | 6 months |
li_sugr | Is set by LinkedIn and is used to make a probable comparison of the identity of a user outside the designated countries. | 90 days |
liap | Is set by LinkedIn and is used by non-WWW domains to identify the login status of a member | 1 year |
lms_ads | Is set by LinkedIn and is used to identify LinkedIn members outside of LinkedIn for advertising purposes. | 30 days |
lms_analytics | Used to identify LinkedIn members outside of LinkedIn for analyses | 30 days |
s_cc | Is set by LinkedIn and is used to determine whether cookies are activated for Adobe Analytics. | Session |
s_ips | Is set by LinkedIn and tracks the percentage of pages viewed. | Session |
s_plt, s_pltp | Is set by LinkedIn and provides the value of the URL for use by Adobe Analytics. | Session |
s_ppv | Set by LinkedIn and used by Adobe Analytics to store and retrieve what percentage of a page has been viewed. | Session |
s_sq | Is set by LinkedIn and used to store information about the previous link that the user clicked on in Adobe Analytics. | Session |
s_tp | Is set by LinkedIn and tracks the percentage of the page viewed | Session |
s_tslv | Is set by LinkedIn and used to store and retrieve the time since the last visit in Adobe Analytics. | 6 months |
ln_or | Is set by LinkedIn to determine whether oribi analyses can be carried out for certain domains. | 1 day |
fptctx2 | To prevent misuse in payment processes for LinkedIn | Session |
dfpfpt | Is set by LinkedIn for a unique user ID to prevent misuse in payment processes at LinkedIn. | 2 years |
_hjIncludedInPageviewSample | Set by Hotjar to determine whether a website visitor is included in the data sample defined by the website’s page view limit. | 2 minutes |
_hjAbsoluteSessionInProgress | Is set by Hotjar to recognise the first page view of a website visitor. | 30 minutes |
_hjFirstSeen | Is set by Hotjar to identify the first session of a new website visitor and new user sessions. | 30 minutes |
_hjIncludedInSessionSample_{site-id} | Set to determine whether a user is included in the data sample defined by the website’s daily session limit. | 2 minutes |
_hjSession_{site-id} | Is set by Hotjar to ensure that subsequent requests in the same session window can be assigned to the same session. | 30 minutes |
_hjTLDTest | Set by Hotjar to determine the most common cookie path to use instead of the hostname on the website to share cookies across subdomains. | Session |
_hjSessionUser_3034179 | Hotjar cookie that is set when a user accesses a page for the first time. | 1 year |
_BEAMER_LAST_UPDATE_zeKLgqli17986 | This cookie is used by Hotjar for analytical data on user behaviour. | 1 year |
_BEAMER_USER_ID_zeKLgqli17986 | This cookie is always set when you register to receive Beamer updates. | 1 year |
_hjDonePolls | Is set when a user completes a survey on the website. Ensures that the same survey is not displayed again if it has already been completed. | 1 year |
_lfa | This cookie is set by the provider Leadfeeder. This cookie is used to identify the IP address of devices that visit the website. The cookie collects information such as IP addresses, time spent on the website and page views for the visits. This collected information is used for retargeting multiple users referred from the same IP address. | 2 years |
_wpfuuid | Is set by WordPress and activates the form functionality on our website. | 11 years |
__hs_opt_out[add further optional cookies if necessary] | Is set by HubSpot to save cookie settings | 6 months |
__hs_do_not_track | Is set by HubSpot to store “Do not track” signals | 6 months |
hs_ab_test | Is set by HubSpot to save the IDs of experiments and sessions for A/B tests | Session |
hs-messages-is-open | Is set by HubSpot to save whether a message has been displayed | 30 minutes |
hs-messages-hide-welcome-message | This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed. | 1 day |
messagesUtk | Is set by HubSpot to save browser details, save actions performed on the website | 13 months |
__cf_bm | Is set by Cloudflare. Identifies and mitigates automated traffic to protect the website from malicious bots. Places the __cf_bm cookie on end-user devices accessing customer websites protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for these bot solutions to function properly. | 30 minutes |
cfuvid | Set by Cloudflare based on its rate limit policies. | Session |
_fbp | This cookie is set by Facebook to display adverts when you are on Facebook or a digital platform supported by Facebook advertising after visiting this website. | 2 months |
_conv_v | Convert Cookie is a string of parts separated by an asterisk (*): Number of sessions, number of sessions for this visitor, timestamp for the start of the current session, timestamp for the start of the first session, number of page views for this visitor in all sessions and timestamp for the start of the previous session. | Max. 6 months |
_conv_r | Stores the domain name of the referrer, the referral medium and the search terms of the referrer that were automatically selected by the search engines or manually entered via the corresponding UTM variable. | This is overwritten each time a visitor comes from a new referrer. |
wc-order-attribution cookies | Set by Woocommerce and tracks the attribution of sales to specific marketing channels using the cookies listed below and helps analyse and optimise marketing strategies for better ROI | |
sbjs_current | Provides information about the origin of the traffic and the visitor to our shop. | Session |
sbjs_current_add | Shows the timestamp, referring URL and entry page for visitor’s current visit to our shop. | Session |
sbjs_first | Provides information about the origin of the traffic when the visitor first visits our shop. | Session |
sbjs_first_add | Shows timestamp, referring URL and entry page for visitor’s first visit to our shop | Session |
sbjs_migrations | Technical data to support migration between different versions of the tracking function. | Session |
sbjs_session | The number of page views in this session and the current page path. | 30 minutes |
sbjs_udata | Provides information about the visitor’s user data, such as IP, browser and device type. | Session |
2.2.3 How you can control and manage the use of cookies
By clicking the “Accept all” button in our cookie banner, you consent to the use of the optional cookies listed above on our website. Your consent can be revoked at any time (for all or each cookies) with effect for the future.
You can also prevent the use of cookies by selecting the appropriate settings in your browser or by deleting the cookies from your device or browser. Most browsers accept cookies automatically. However, you can change your browser settings to delete cookies or to prevent their automatic use if you prefer. In general, you have the option of seeing which cookies have been set and deleting them individually, blocking third-party cookies or cookies from certain websites, accepting all cookies, being notified when a cookie is used or rejecting all cookies. Select “Options” or “Settings” in your browser to change your preferences and use the following links for more browser-specific information:
Cookie settings in Microsoft Edge
If you delete all cookies, any preferences will be lost and websites may not function properly or some functions may be lost.
You should be aware that if you delete all cookies, any preferences will be lost and many websites may not work properly or some functions may be lost. For these reasons, we recommend that you do not disable cookies when you use our website.
2.3 Website analyses, statistics and tools from third-party providers
2.3.1 Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.
Legal basis: The use of this service is based on your consent and thus in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG. Further information on consent (e.g. revocation etc.) can be found under point 4 of this privacy policy.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). Further information on the DPF can be found under point 3.3 of this privacy policy.
2.3.2 Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
These are
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server enquiry
- IP address
This data is not merged with other data sources. The processing of these log files is necessary for us to ensure the functionality, stability, access and security of our website. We may also process them as part of forensic investigations in the event of a security incident or to compile user statistics. For statistical purposes, your IP address is only used in anonymised form.
Legal basis: Art. 6 (1) (f) GDPR – legitimate interest in maintaining the functionality, stability and security of our website.
2.3.3 Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.
We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the recorded data records and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.
Legal basis: The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG. Further information on consent (e.g. revocation etc.) can be found under point 4 of this privacy policy.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.
The company also has DPF certification. Further information on the DPF can be found under point 3.3 of this privacy policy.
Google Analytics e-commerce measurement
If you have consented to the use of Google Analytics, this website uses the “e-commerce measurement” function of Google Analytics. With the help of e-commerce measurement, the website operator can analyse the purchasing behaviour of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.
IP-anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser Plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de
Google signals
We use Google signals. When you visit our website, and subject to your consent Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalised advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalised advertising messages. The data is also used to compile anonymised statistics on the user behaviour of our users.
Data processing by processor
We have concluded a data processing agreement (DPA) with Google.
2.3.4 Hotjar
This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).
Hotjar is a tool for analysing your user behaviour on this website. Hotjar allows us to record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you remain with the mouse pointer in a certain place. Hotjar uses this information to create so-called heat maps, which can be used to determine which website areas are favoured by website visitors.
Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you cancelled your entries in a contact form (so-called conversion funnels).
Hotjar can also be used to obtain direct feedback from website visitors. This function serves to improve the website operator’s web offerings.
Hotjar uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or the use of device fingerprinting).
Legal basis: The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG.
Deactivating Hotjar
If you wish to deactivate data collection by Hotjar, you can do so via our cookie banner (see also point 4 of the privacy policy) or click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/
Please note that Hotjar must be deactivated separately for each browser or end device.
For more information about Hotjar and the data collected, please refer to Hotjar’s privacy policy at the following link:
https://www.hotjar.com/privacy
Data processing by processor
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
2.3.5 Leadfeeder
Our website uses the Leadfeeder analytics service from Liidio Oy, Mikonkatu 17, 0100 Helsinki, Finland. Leadfeeder collects user behaviour data (pages viewed, visitor source, time spent on the website) and records the user’s IP address in order to determine their company and geographical location. All visit data is aggregated at company level, i.e. Leadfeeder automatically sorts out all users with private IP addresses. Leadfeeder also enriches this company data with contact data from publicly available data sources.
Further details on Leadfeeder can be found in the privacy policy at https://www.leadfeeder.com/privacy/.
Legal basis: The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG. Further information on consent (e.g. revocation etc.) can be found under point 4 of this privacy policy.
2.3.6 Cloudflare
On our website we use a so-called Content Delivery Network (“CDN”) of the technology service provider Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA, (“Cloudflare”). A CDN is an online service that is used in particular to deliver large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected via the Internet. The use of Cloudflare’s Content Delivery Network helps us to optimise the loading speed of our website.
Legal basis: The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG. Further information on consent (e.g. revocation etc.) can be found under point 4 of this privacy policy.
We have concluded a data processing agreement with Cloudfare (Data Processing Addendum, available at https://www.cloudflare.com/media/pdf/cloudflare-customer-dpa.pdf), which obliges Cloudfare to protect the data of our website visitors and not to pass it on to third parties. For the transfer of data from the EU to the USA, Cloudfare relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
Further information can be found in Cloudflare’s privacy policy at: https://www.cloudflare.com/privacypolicy/
In addition, the company has DPF certification. Further information on the DPF can be found under point 3.3 of this privacy policy.
2.4 External media
2.4.1 Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of this service, we can integrate map material on our website.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there.
The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of standardising the display of fonts. When you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we indicate on the website.
Legal basis: The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG. Further information on consent (e.g. revocation etc.) can be found under point 4 of this privacy policy.
Data transfer to the USA is based on the standard data protection clauses of the EU Commission.
Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
In addition, the company has DPF certification. Further information on the DPF can be found under point 3.3 of this privacy policy.
Google Fonts (local hosting)
This site uses so-called Google Fonts, which are provided by Google, for the standardised display of fonts. To use the functions of Google Fonts, it may be necessary to store your IP address to ensure that the fonts are displayed. Google Fonts are installed locally. There is no connection to Google servers. This means that there is no transmission to Google’s servers in the USA
You can find more information about Google Fonts at
https://developers.google.com/fonts/faq and in Google’s privacy policy:
https://policies.google.com/privacy?hl=de.
2.4.2 YouTube with extended data protection
This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of these websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalise surfing on YouTube. Ads that are played in extended data protection mode are also not personalised.
personalised. No cookies are set in extended data protection mode. Instead, however, so-called local storage elements are stored in the user’s browser, which contain personal data similar to cookies and can be used to recognise the user.
Details on the extended data protection mode can be found here:
https://support.google.com/youtube/answer/171780.
After activating a YouTube video, further data processing operations may be triggered over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our online offers.
Legal basis: The use of this service is based on your consent in accordance with Art. 6 ( 1) (a) GDPR and § 165 (3) TKG.
Further information on consent (e.g. revocation etc.) can be found under point 4 of this privacy policy.
Further information about data protection at YouTube can be found in their privacy policy at
https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the DPF. Further information on the DPF can be found under point 3.3 of this privacy policy.
2.5 Marketing
2.5.1 Google Ads
The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display adverts in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted adverts can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
have led.
Legal basis: The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG. Further information on consent (e.g. revocation etc.) can be found under point 4 of this privacy policy.
Data transfer to the USA is based on the standard data protection clauses of the EU Commission.
Details can be found here:
https://policies.google.com/privacy/frameworks and
https://privacy.google.com/businesses/controllerterms/mccs/.
The company also has DPF certification. Further information on the DPF can be found under point 3.3 of this privacy policy.
2.5.2 Google Ads Remarketing
This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently show them interest-based advertising in the Google advertising network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device functions. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have a Google account, you can object to personalised advertising by clicking on the following link:
https://adssettings.google.com/anonymous?hl=de.
If you have a Google account, you can object to personalised advertising by clicking on the following link:
https://www.google.com/settings/ads/onweb/.
Legal basis: The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG. Further information on consent (e.g. revocation etc.) can be found under point 4 of this privacy policy.
Further information and the data protection provisions can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.
The company has DPF certification. Further information on the DPF can be found under point 3.3 of this privacy policy.
Target group formation with customer matching
We use Google Ads Remarketing customer matching, among other things, to form target groups.
In doing so, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers concerned are Google users and are logged into their Google account, they will be shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).
2.5.3 Google Conversion-Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can recognise whether the user has carried out certain actions. For example, we can analyse which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our adverts and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
Legal basis: The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG. Further information on consent (e.g. revocation etc.) can be found under point 4 of this privacy policy.
You can find more information about Google Conversion Tracking in Google’s privacy policy:
https://policies.google.com/privacy?hl=de.
The company has DPF certification. Further information on the DPF can be found under point 3.3 of this privacy policy.
2.5.4 Microsoft Advertising
The website operator uses Microsoft Advertising. Microsoft Advertising is an online
Advertising programme of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft Advertising enables us to display adverts in the Bing search engine or on third-party websites when the user enters certain search terms in Bing (keyword targeting). Furthermore, targeted adverts can be displayed based on the user data available at Microsoft (e.g. location data and interests) (target group targeting).
As website operators, we can evaluate this data quantitatively by analysing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
We use universal event tracking (UET) from Microsoft Advertising on this website. Pseudonymised data is collected to track the actions you take on our websites after you have clicked on a Microsoft Advertising ad. UET collects your IP address (anonymised), device identifiers, information about device and browser settings, Microsoft Click ID (stored in cookie), time spent on the website, which areas of the website were accessed, which ad brought you to the website and which keyword you clicked on.
Legal basis: The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG. Further information on consent (e.g. revocation etc.) can be found under point 4 of this privacy policy.
Data transfer to the USA is based on the standard data protection clauses of the EU Commission.
Details can be found here:
https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses.
The company also has DPF certification. Further information on the DPF can be found under point 3.3 of this privacy policy.
2.5.5 Hubspot
With your consent, we use the provider HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA on our website. HubSpot is a user database management service provided by HubSpot, Inc. We use HubSpot on this website for our online marketing activities.
Click here for the privacy policy: https://legal.hubspot.com/privacy-policy
Legal basis: The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG. Further information on consent (e.g. revocation etc.) can be found under point 4- of this privacy policy.
The company has DPF certification. Further information on the DPF can be found under point 3.3 of this privacy policy.
2.5.6 LinkedIn Insights
With your consent, this website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
LinkedIn Insight Tag is deactivated on our website by default and is only activated with your consent – by clicking on the LinkedIn plugin symbol. With your consent, LinkedIn Insight Tag creates a “browser cookie”, which collects the following data IP address, timestamp, page activity and LinkedIn demographic data if the user is an active LinkedIn member. If you are logged in to LinkedIn while visiting our website, a connection to the LinkedIn server is established using the LinkedIn Insight tag. With the help of the LinkedIn Insight tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyse the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that we can use to display targeted advertising to visitors to our website outside the website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.
LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised).
However, we cannot rule out the transmission of the data collected by LinkedIn to a LinkedIn server in the USA. The USA is considered as an unsafe third country (see point 3.2 below).
The data collected by LinkedIn cannot be assigned to specific data subjects by us as the website operator. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes.
Details can be found in LinkedIn’s privacy policy at
https://www.linkedin.com/legal/privacy-policy#choices-oblig.
Legal basis: The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG. Further information on consent (e.g. revocation etc.) can be found under point 4 of this privacy policy.
Data transfer to the USA is based on the standard data protection clauses of the EU Commission. See point 3.2 below.
The company also has DPF certification. Further information on the DPF can be found under point 3.3 of this privacy policy.
Details can be found here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.
Alternatively, you can object to the analysis of user behaviour and targeted advertising by LinkedIn by clicking on the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, members of LinkedIn can control the use of their personal data for advertising purposes in the account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
2.5.7 Contact forms set up on our website
2.5.8 Sample order form
To process your sample orders, we process the following data using HubSpot: Title, first name, surname, company, email address, telephone number, country, city, address and postcode as well as the content of your order-related messages to us. We cannot process your order without this information. Further details are optional. The data collected as part of these services is stored on HubSpot servers.
The data will be stored for 12 months after the enquiry has been completed.
Legal basis: Art 6 (1) (b) GDPR – for the performance of a contract.
2.6.2 General contact form
We process the personal data provided via the contact form (title, first name, surname, company and email address, telephone number, subject and content of the contact message) using HubSpot. The data collected as part of these services is stored on HubSpot servers. It can be used by us to contact you and process your enquiries.
The data will be stored for 12 months after the enquiry has been completed.
Legal basis: Art 6 (1) (b) GDPR – for the performance of a contract.
2.6.3 Newsletter form
If you subscribe to our newsletter via our website, the personal data you provide (title, first name, surname, company, email, telephone number, newsletter usage data: [newsletter delivery status, opening rate, click behaviour, response rate) will be processed by HubSpot in order to send the requested newsletter with customer-specific information about our products, services and news. The information collected as part of these services is stored on HubSpot’s servers. It can be used by us to contact you and identify services that may be of interest to you. However, we cannot rule out the possibility that the data collected will be transmitted to HubSpot servers in the USA. However, the company has DPF certification. Further information on the DPF can be found under point 3.3 of this privacy policy.
Newsletter usage is also analysed. The information collected in the analysis is used exclusively to optimise our own marketing measures and is not shared with third parties.
More information about HubSpot’s privacy policy. More information from HubSpot regarding EU data protection regulations.
This data is stored for 24 months.
Legal basis: The processing is based on your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent by clicking on the corresponding link in the newsletter or by informing us of the revocation via our contact details (see above 1.1).
Further information on consent can be found under point 4 of this privacy policy.
Sending newsletters to existing customers
If you order goods or services from us and enter your e-mail address, this e-mail address may subsequently be used by us to send you newsletters, provided we inform you of this in advance and you have not objected or refused. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. You can cancel the sending of this newsletter at any time. For this purpose, you will find a corresponding link both when your contact details are collected for the first time and in every newsletter.
In this case, the legal basis for sending the newsletter is Art. 6 (1) (f) GDPR in conjunction with § 174 (4) TKG.
After you unsubscribe from the newsletter distribution list, we may store your e-mail address in a blacklist to prevent future mailings to you. The data from the blacklist will only be used for the purpose of preventing the newsletter from being sent and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR).
2.5.11 Application form
We offer you the opportunity to apply to us (e.g. by e-mail, post or online application form). Below we inform you about the scope, purpose and use of your personal data collected as part of the application process.
Scope and purpose of data collection
If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) to the extent that this is necessary to decide on the establishment of an employment relationship.
Legal basis: Art. 6 (1) (b) GDPR (general contract initiation) and – if you have given your consent – Art. 6 (1) (a) GDPR.
Your personal data will only be passed on within our company to persons who are involved in processing your application. If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Art. 6 (1) (b) GDPR for the purpose of performing the employment relationship.
Inclusion in the applicant pool
If we do not make you a job offer, you may have the opportunity to be included in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that you can be contacted in the event of suitable vacancies.
Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 (1) (a) GDPR). Giving consent is voluntary and is not related to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.
Data retention period
We process the data for the duration of the application process and beyond, insofar as legal claims can be asserted against us (therefore at least for 7 months after a rejection due to possible claims under the GlBG). The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 7-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.
In addition, your data may be stored if you give your consent for further record keeping in our applicant pool. The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given. Once the retention periods have expired, the data will be deleted and the physical application documents destroyed.
2.6 Customer-Relationship-Management – Hubspot CRM
With your consent, we use Hubspot CRM on this website. The provider is HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany (hereinafter Hubspot CRM).
Among other things, Hubspot CRM enables us to manage existing and potential customers and customer contacts. With the help of Hubspot CRM, we are able to record, sort and analyse customer interactions via email, social media or telephone across various channels. The personal data collected in this way can be analysed and used for communication with potential customers or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyse the user behaviour of our contacts on our website. We use all the information collected exclusively to optimise our own marketing measures and do not share this information with third parties.
However, we cannot rule out the transmission of the collected data to a HubSpot server in the USA. However, the company is certified in accordance with the DPF. Further information on the DPF can be found under point 3.3 of this privacy policy.
Legal basis: The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 165 (3) TKG. Further information on consent (e.g. revocation etc.) can be found under point 4 of this privacy policy.
Details can be found in Hubspot’s privacy policy:
https://legal.hubspot.com/de/privacy-policy.
Furthermore, the data transfer to the USA is additionally based on standard contractual clauses of the EU Commission. See point 3.2.
Details can be found here:
https://www.hubspot.de/data-privacy/privacy-shield.
2.7 Enquiry by e-mail, telephone or fax
If you contact us by email, telephone or fax, your enquiry, including all resulting personal data (name, contact details such as email address, telephone number, fax number or address and enquiry) will be stored and processed by us for the purpose of processing your request. This data is processed on the basis of Art. 6 (1) (b) GDPR, provided that your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR). The data you send to us via contact requests will remain with us until the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory retention periods remain unaffected.
2.8 Online shop on our website
2.8.1 WooCommerce
On our website we use the open source shop system “WooCommerce”, which is integrated as a plugin. This plugin is based on the WordPress content management system, a subsidiary of Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. Data is sent, stored and processed using the functions of the plugin.
The WooCommerce plugin was developed in 2011 as a compatible online shop system specifically for WordPress websites and is a customisable and open-source e-commerce platform.
You can find more general information about WooCommerce here: https://woocommerce.com/de/?tid=135675752 .
2.8.2 Nature and purpose of processing
By using WooCommerce, we can offer you our physical or digital products or services in the best possible way. Our aim is to make our offer easily accessible for our customers.
However, we cannot rule out the transmission of the collected data to a server of Automattic Inc. in the USA. However, the company is certified in accordance with the DPF. Further information on the DPF can be found under point 3.3. of this privacy policy.
2.8.3 As part of the operation and processing of our online shop, we collect certain personal customer and contract data that you personally provide to us to establish our contractual relationship in the course of an order
This personal data includes
(i) personal information (title, first name, surname, company name, VAT number, address, telephone number, contact details, user name, (ii) business-related information (your enquiry/order, credit card number, account details, payment amount, delivery details, contract details, order history, etc.).
This data is processed on the basis of Art. 6 (1) (b) GDPR, as your data is required for performing of a contract or for the implementation of pre-contractual measures. Without the provision of this data, it is not possible for us to conclude a purchase contract and deliver the goods to you. The customer data collected is generally deleted after conclusion of the contract or termination of the business relationship and expiry of any existing statutory retention periods (see also below in point 4) are deleted.
2.8.4 Data transmission upon conclusion of a contract in our online shop
If you order goods from us, we will pass on your personal data to the transport company entrusted with the delivery and to the payment service provider commissioned to process the payment. Only the data required by the respective service provider to fulfil its task will be disclosed. The legal basis for the transfer of data for this is Art. 6 (1) (b) GDPR, as this is necessary for the performing of the contract. Furthermore, we base the processing on our legitimate interest in the efficient fulfilment of contracts in our online shop. If you have given your consent in accordance with Art. 6 (1) (a) GDPR, we will provide your e-mail address to the transport company entrusted with the delivery so that it can inform you by e-mail about the dispatch status of your order; you can revoke your consent at any time.
2.8.5 We use the following payment service providers to whom your data is transmitted, depending on the payment method you have selected:
(a) PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Details can be found in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
(b) Instant bank transfer
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, DE-80339 Munich, Germany (hereinafter referred to as “Sofort GmbH”). With the help of the “Sofortüberweisung” procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfil our obligations. If you have decided in favour of the “Sofortüberweisung” payment method, transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, your turnover, the credit limit of the overdraft facility and the existence of other accounts and their balances are also automatically checked. In addition to the PIN and TAN, the payment data you have entered and your personal data are also transmitted to Sofort GmbH. Your personal data includes your first and last name, address, telephone number(s), e-mail address, IP address and any other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent attempts at fraud. Details on payment with Sofortüberweisung can be found at the following link: https://www.klarna.com/sofort/.
(c) eps
The provider of this payment service is PSA Payment Services Austria GmbH (hereinafter referred to as “PSA”), Handelskai 92, Gate 2, AT-1200 Vienna. For details on data processing, please refer to PSA’s privacy policy: https://eps-ueberweisung.at/de/datenschutzhinweis
(d) Mollie
The provider of this payment service is Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, the Netherlands (hereinafter referred to as “Mollie”). With the help of Mollie, we can integrate various payment methods on our website. Details can be found in Mollie’s privacy policy: https://www.mollie.com/de/privacy.
(e) American Express
The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter referred to as “American Express”). American Express may transfer data to its parent company in the USA. The data transfer to the USA is based on the Binding Corporate Rules. Details can be found here:
https://www.americanexpress.com/en-cz/company/legal/privacy-centre/binding-corporate-rules/.
Further information can be found in the American Express privacy policy:
https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.
(f) Mastercard
The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as “Mastercard”).
Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard’s Binding Corporate Rules.
Details can be found here:
https://www.mastercard.de/de-de/datenschutz.html and
https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
(g) VISA
The provider of this payment service is Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter referred to as “VISA”). The United Kingdom is considered a secure third country under data protection law. This means that Great Britain has a level of data protection that corresponds to the level of data protection in the European Union. VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-fur-den-ewr.html.
Further information can be found in VISA’s privacy policy:
https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.
2.8.6 Your data will be transmitted to the following transport company:
• DPD Direct Parcel Distribution Austria GmbH, Arbeitergasse 46, A-2333 Leopoldsdorf, Austria
2.9 Setting up and managing a user account
You can register for the online shop on our website. We will only use the data you enter for the purpose of using the online shop. The mandatory information requested during registration must be provided in full. For the purpose of creating a user account, this includes your title, first name, surname, company name, address, telephone number, VAT number, e-mail address, user name and password.
You can call up your order status at any time using a user account.
You can also find out more at:
- menu item “Orders” to call up the “Order history” function. You can use this function to call up and display all the orders you have placed. The following data is processed: Order date, products purchased, payment method, billing and delivery address and the status of the consignments.
- menu item “Address”, call up the “Billing address and delivery address” function. You can use this function to call up your billing and/or delivery address and (subsequently) edit and save it. Address data is processed.
- menu item “Account details” to call up the “Account details” function. You can use this function to call up your account details and (subsequently) edit and save them. The following data is processed: First name, surname, display name, e-mail address and password.
In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.
The processing of the (optional) data entered during registration is based on your consent (Art. 6 (1) (a) GDPR). You have the right to withdraw your consent at any time free of charge by deactivating your user account or by sending an email to “news@iwgplating.com” to declare your cancellation. Further information on consent can be found under point 4 of this privacy policy.
We store your user account data until you delete or cancel your account. If you are inactive for longer, your data will be deleted automatically after 3 years. Statutory retention periods remain unaffected.
With regard to the transmission of your data, please refer to the explanations under 2.8 regarding the online shop.
3. DATA RECEIVER
3.1 We may disclose personal data to the following recipients for the above-mentioned purposes:
- IT service providers who provide hosting, maintenance and security services for our website:
- Our web hosting is provided by netcup GmbH, based in Germany
- Our customer relationship management is provided by HubSpot Germany GmbH, based in Germany
- Advertising and web analytics partners (e.g. Google, Bing, Hotjar, Leadfeeder, WooCommerce, Hubspot) that fulfil the requirements set out in point 2.3.1 to point 2.5.7; the respective name and registered office of the company is to be indicated in the corresponding processing activity (2.3.1 to point 2.5.7) in this privacy policy.
- If a data transfer is required by law or is necessary for the exercise or defence of legal claims, we may disclose your data to competent authorities and courts as well as to other third parties who advise us in this context (e.g. lawyers, auditors, forensic experts).
- For the online shop, see above under 2.8
3.2 Some recipients may be located in a country outside the EEA that has not (yet) been certified as having an adequate level of data protection (comparable to the EU) (“third country”). This applies, for example, to the USA, where some providers of web tools are located or may process data there (see point 2.3 – 2.5 above). In particular, there is a risk that local authorities or courts may gain access to your data and that you will not have adequate legal protection options in this regard.
3.3 In accordance with Chapter V. of the GDPR, we implement appropriate safeguards when transferring personal data to such third countries. This may include (unless DPF certification already exists) the conclusion of the standard data protection clauses published by the EU Commission for the transfer of personal data (Art 46 (2) (c) GDPR) and, if necessary, obtaining your express consent (Art 49 (1) (a) GDPR). Further details on the security guarantees used and copies of the respective agreements are available on request at datenschutz@iwgplating.com.
Note on data transfer to US companies:
Among other things, we use tools from companies based in third countries that are not secure under data protection law, including tools from providers in the USA that are not certified under the EU-US Data Privacy Framework (DPF). If these tools are used, your personal data may be transferred to these countries and processed there.
The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards.
You can find further information on this under the following link:
https://www.dataprivacyframework.gov/s/participant-search/participantdetail?Contact=true&id=a2zt000000001L5AAI&status=Active
We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in third countries that are unsafe under data protection law.
Data transfer to the USA is permitted (among other things) if the recipient has DPF certification or suitable additional guarantees in accordance with Chapter V GDPR.
Information on transfers to third countries (including the USA), including the data recipients, can be found in this privacy policy in relation to the respective processing activities.
3.4 With your consent, this website uses tools offered by companies based in the USA (such as Google, HubSpot and LinkedIn). The information generated by cookies about your use of our website (including your IP address and the URLs of the web pages accessed) may be transferred to servers of these companies in the USA and stored there. See above for details.
4. CONSENT
4.1 If your consent is obtained for data processing, the following applies:
- Consent can be revoked at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal,
- If the consent to the processing of your data includes cookies, the revocation can be carried out via the cookie banner.
5. STORAGE DURATION
5.1 Personal data is stored for as long as it is required for the fulfilment of the corresponding processing purpose. In any case, we therefore process your data for the duration of the contractual or service relationship (see point 3 above). In addition, we may store data until the expiry of applicable statutory retention periods (see the 7-year retention obligation under tax and company law provisions of the Austrian Commercial Code (UGB) and Federal Fiscal Code (BAO)) or as long as other legitimate interests in storage exist (e.g. necessity of the data as evidence for the assertion, exercise or defence of claims in pending or imminent legal disputes).
5.2 For the storage period of server log data, see point 2.3.2 above and for cookies see point 2.2 above. For further information on the storage period for the online shop, see point 2.8.3 above.
6. RIGHTS OF DATA SUBJECTS
6.1 In accordance with the statutory provisions (Art. 7, 15 – 21 GDPR), you have the right to information, rectification, erasure, restriction and data portability as well as the right to object to processing.
6.2 If we process your personal data on the basis of your consent, you have the right to revoke this consent at any time with effect for the future. A revocation does not affect the legality of the processing until the revocation.
6.3 We do not process your personal data for the purpose of making decisions based solely on automated processing (e.g. profiling) (Art. 22 GDPR).
6.4 Our contact details mentioned above can be used to exercise the rights of data subjects. You also have the right to lodge a complaint with a competent supervisory authority (for Austria: Austrian Data Protection Authority, Barichgasse 40-42, A-1030 Vienna, “www.dsb.gv.at“).