We detected, that your browser supports another langugae than the called one. This page is also available in your language! Would you switch to this page in your language?
(1) This data protection statement clarifies the nature, scope and purpose of the processing of personal data as part of our online offering and the associated websites, functions and content (hereinafter collectively referred to as “online offering” or “website”). The data protection statement shall apply irrespective of the domains, systems, platforms and devices (e.g. PC or mobile) used to provide the online offering.
(2) The terms used in this data protection statement correspond to the wording of the General Data Protection Regulation (GDPR), in particular the definitions in Article 4 of the GDPR. For a better understanding, we have defined the terms relevant for this statement below:
a. Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural Person.
b. Data subject
The data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d. Restriction of processing
Restriction of processing refers to the marking of stored personal data with the aim of limiting its processing in the future.
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g. Controller or person responsible for processing
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by European Union or member state law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
A recipient is a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or member state law shall not be regarded as recipients.
j. Third Party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent means any specific, informed and unambiguous indication given freely by the data subject of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Users' personal data which is processed as part of this online offering includes user-related data (e.g. customer names and addresses), contract data (e.g. services provided, names of administrators, payment information), usage data (e.g. our websites visited, interest in our products) and content data (e.g. details in the contact form).
(3) We also use the term “user” in this statement. This has the same meaning as the term “data subject” as defined in the GDPR. All of our online visitors are to be included here, regardless of whether we already have contractual associations with them or not.
(4) All terminology used in this statement, such as “user”, shall be neutral in gender.
(5) We abide by the pertinent data protection regulations within the scope of our business activities. We therefore only process users' personal data if legal permission has been granted. In accordance with statutory regulations, we are permitted specifically to process personal data if this processing is required to perform our contractual services (e.g. order processing) and online services, or the processing is based on the statutory obligations imposed on us. We are also permitted to process this data if the data subject has given consent and/or if we process the data in view of legitimate interests (e.g. for tracking (cyber) attacks on our (computer) system that could result in prosecution).
(6) Data processing Controller:
Ehinger Straße 34
Tel.: +49 (0) 7351 571 0
Fax: +49 (0) 7351 571 130
Registered office: Biberach
Ulm District Court, HRB 640007
VAT ID No.: DE 144889422
Tax no.: 54001/00142
Authorized representative CEO: Dr.-Ing. Stefan Brand
Chairman of the Supervisory Board: Martin Kapp
Our data protection officer can be contacted as follows:
Data protection officer
Ehinger Straße 34
(7) The legal basis for data processing in the context of consent from the data subject is Article 6 (1a) and Article 7 GDPR, for processing to perform our services and implement contractual measures Article 6 (1b) GDPR, for processing to fulfill our legal obligations Article 6 (1c) GDPR, and for the legal basis for processing to safeguard our legitimate interests Article 6 (1f) GDPR.
(1) With regard to safeguarding the personal data of our users, we have implemented the very latest organizational, contractual and technical security measures.
(2) These security measures include in particular the encrypted transmission of data between the browser of the respective user and our Server.
(3) However, we would like to point out that e-mails can be saved and sent without encryption.
(1) Data shall only be disclosed to third parties in line with legal requirements. In general, we shall only disclose user data to (outside) third parties if required for contractual use, e.g. based on Article 6 (1b) GDPR, if we are legally required to do so or if it is in our legitimate interests in accordance with Article 6 (1f) GDPR.
(2) When we employ subcontractors to provide our services, we take the appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the pertinent legal regulations. We also require our subcontractors to comply with data protection regulations, in particular by taking the necessary technical and organizational measures.
(3) If our Internet offering includes content, tools or other material from other providers (hereinafter collectively referred to as “third-party providers”) and their headquarters are located in a country outside the scope of GDPR (in other words, outside the European Union, or European Economic Area), it should be assumed that a data transfer (also) takes place in this country. The transfer of data in such countries (“third countries”) will only take place if there is an adequate level of data protection in these countries, if the users have given their consent regarding this transfer or if legal permission has been granted.
(4) We currently use the following third-party provider applications on our Website:
a. Google Analytics
On our website, we use Google Analytics, a web analysis service provided by Google Inc. (“Google”). This application supports our interest in the analysis, optimization and efficient operation of our online offering and is therefore permitted based on our legitimate interests (i.e. in line with Article 6 (1f) GDPR).
Google is certified under the Privacy Shield agreement, which guarantees compliance with European data protection law.
Google will use the information retrieved on our behalf to evaluate the usage of our online offering by the users, to compile reports about the activities within this online offering and to provide us with further services associated with the use of this online offering and Internet usage. The processed data can then be used to create usage profiles under pseudonyms for the users.
We use Google Analytics only with activated IP anonymization. This means that the user's IP address is truncated by Google within member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and abbreviated there.
The IP address transmitted from the user's browser is not combined by Google with any other data. Users can prevent the storage of cookies using the corresponding setting in their browser software; users can also prevent the data generated by the cookie and related to their use of the online offering from being collected and processed by Google by downloading and installing the browser plugin available under the following link:
You can also prevent data from being recorded by Google Analytics by clicking on the following link. An opt-out cookie will be applied, which will prevent the future recording of your data when you visit this Website:
For more information about data usage by Google, setting options and appeal procedures, please visit the Google websites:
b. Google Tag Manager
Our website uses Google Tag Manager. This service is used to manage website tags via a single interface. Google Tag Manager implements tags only. This means that cookies are not used and no personal data is collected. Google Tag Manager does activate other tags that may, in turn, capture data, but Google Tag Manager does not itself access this data. If a deactivation is carried out at domain or cookie level, it remains in place for all tracking tags, provided these are implemented with Google Tag Manager.
For more information on Google Tag Manager, visit:
c. Google Fonts
Our website uses web fonts provided by Google to display fonts in a uniform fashion. When you access a site, your browser loads the required web fonts in your browser cache in order to correctly display text and Fonts.
The browser you use must establish a connection to Google servers for this purpose. As a result, Google will be able to see that our website was accessed from your IP address. We use Google Fonts in the interests of displaying our online services in a uniform and appealing way. This constitutes a legitimate interest in accordance with Article 6(1f) GDPR.
If your browser does not support web fonts, one of your computer's standard fonts will be used.
For more information about Google Fonts, visit
and see the data privacy statement from Google:
d. Facebook plugin
Based on our legitimate interests (i.e. interest in the analysis, optimization and efficient operation of our online offering pursuant to Article 6 (1f) GDPR), we use social plugins (“plugins”) from the social network site facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interaction elements or content (e.g. videos, graphics or text) and are recognizable by one of the Facebook logos (white “f” on a blue tile, the word “Like” or a “thumbs-up” sign) or are indicated with the addition of “Facebook Social Plugin”. The list and the appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield agreement, which guarantees compliance with European data protection law.
When a user calls up a function provided by this online offering, and it contains such a plugin, their device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and then embedded from this into the online offering. The processed data can then be used to create usage profiles for the users. We therefore have no influence over the scope of data that Facebook collects with the help of this plugin and inform the users based on our level of knowledge.
With the integration of plugins, Facebook receives the information that a user has visited the corresponding page of the online offering. If the user is logged on to Facebook, Facebook can allocate the visit to their Facebook account. When users interact with the plugins, e.g. by pressing the Like button or posting a comment, the corresponding information is transmitted from their device directly to Facebook and saved there. If a user is not registered on Facebook, it is still possible for Facebook to discover their IP address and then save it. According to Facebook, an IP address can only be saved in anonymized form in Germany.
To learn more about the purpose and extent of data collection and the further processing and use of the data by Facebook, as well as the relevant rights and settings available to protect user privacy, please see Facebook's data protection policy: https://www.facebook.com/about/privacy/.
If a user is registered on Facebook and does not want Facebook to collect data about him/her via this online offering and then link it with the data stored on his/her Facebook account, 264e/she must log out of Facebook before visiting our online offering and delete his/her cookies. Further settings and objections to the use of data for advertising purposes are possible in the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US Website http://www.aboutads.info/choices/ or the EU Website http://www.youronlinechoices.com/.
The settings are applied regardless of the platform, i.e. they are adopted for all devices, whether a desktop computer or mobile device.
e. YouTube plugin
We also use a plugin from the provider YouTube. YouTube is run by YouTube LLC, which has its principal place of business at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., which has its headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
When you open web pages featuring this plugin from our websites or click on the YouTube logo, a link to the YouTube servers is established and the plugin is shown. The YouTube server will then receive information regarding which of our web pages you have visited. If you are logged on as a YouTube user, YouTube will assign this information to your personal user account. When you use the plugin, e.g. by clicking the start button on a video, this information will also be assigned to your user account. You can prevent this assignment by logging out of your YouTube user account, and any other user accounts run by the companies YouTube LLC or Google Inc., before using our web page and deleting the relevant company Cookies.
To learn more about the purpose and extent of data collection and the further processing and use of the data by YouTube, as well as your rights in this regard and the settings available to protect your privacy, please see the data protection information from YouTube: www.google.de/intl/de/policies/privacy/
(1) If personal data is sent to us via e-mail, we use it exclusively within the framework of the legal permissions, i.e. to process any inquiry or within the scope of the given consent (Article 6 (1a) GDPR) or – if the e-mail contact results in the conclusion of a contract – to fulfill our contractual obligations in accordance with Article 6 (1b) GDPR. During processing, users' personal data gained in this way is kept separately from other personal data gained in other business operations.
(2) If applications are sent to us electronically, we process the personal data included solely for the purpose of handling the application process (Article 6 (1a) GDPR). If we then go on to conclude an employment contract with the applicant, the data submitted is processed and stored for the purpose of handling the employment relationship while taking the legal requirements into account. If an employment contract does not materialize, the application documents are deleted if and so long as there are no legitimate interests against this on our part, such as a burden of proof in a procedure according to the General Act on Equal Treatment (AGG).
(3) With the following information, we would like to inform you about the content of our newsletter and the registration, shipping and statistical evaluation procedures as well as your rights to object:
a. By subscribing to our newsletter, the user agrees to receive the newsletter and to the procedure described below. This is therefore a matter of consent based on data protection regulations, which we log for verification purposes.
b. Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional material (hereinafter referred to as the “newsletter”) only with the recipient's consent or legal permission. If during subscription to the newsletter its content is specifically rewritten, this is significant as regards user consent. Our newsletter also contains information about our products, offers, activities and our Company.
c. Double opt-in and logging: Registration for our newsletter requires a double opt-in process. Users therefore receive an e-mail after registration, asking them to confirm their registration. This confirmation is required so as to prevent people from registering using e-mail addresses which are not their own. Newsletter registrations are logged in order to be able to verify the registration process in accordance with legal requirements. This includes saving the time of registration and confirmation, along with the IP address. Likewise, any changes to the data saved by the mailing provider are also logged.
d. Mailing provider: The newsletter is distributed using a software solution from Inxmail GmbH, Wentzinger Straße 17, 79106 Freiburg, Germany (“Inxmail”) subsequently referred to as the “mailing provider”. The data protection policy of the mailing provider can be viewed here.
Furthermore, the mailing provider can use this data pseudonymously, i.e. without assignment to a user, to optimize or improve its own services, e.g. for technical optimization of distribution and to display the newsletter or for statistical purposes to determine which countries the recipients come from. The mailing provider does not, however, use the data from our newsletter recipients to contact them or to pass on to third parties.
e. Registration data: To register for the newsletter, only the user's e-mail address is required. It is also possible to submit other optional personal data. The latter is used solely for a personal address in the actual Newsletter.
f. Statistical survey and analyses: Our newsletters contain a “web beacon”, i.e. a pixel-size file that is retrieved from the mailing provider server when the newsletter is opened. As part of this retrieval process, technical information, such as details about the browser and your system, your IP address and the time of retrieval are collected first. This information is used to make technical improvements to services using the technical data or the target groups and their reading behavior based on their places of retrieval (determined using the IP address) or the access times. The statistical surveys also determine whether the newsletters were opened, when they were opened and which links were clicked. For technical reasons, this information can be assigned to the individual newsletter recipients, however, it is not our intention, or that of the mailing provider, to monitor individual users. Instead, the evaluations help us by identifying the reading habits of our users so we can customize our content to suit them or send different content based on the interests of our users.
g. Use of the mailing provider, performance of the statistical surveys and analyses and logging the registration procedure are all based on our legitimate interests in accordance with Article 6 (1f) GDPR. We are particularly interested in deploying a user-friendly and secure newsletter system, which both protects our business interests and meets the expectations of the users.
h. Cancellation/withdrawal: Users can unsubscribe from our newsletter at any time, i.e. withdraw their consent. This withdraws their consent not only to receive the newsletter from the mailing provider but also to the statistical analyses. Unfortunately, it is not possible to withdraw consent separately for either being contacted by the mailing provider or for the statistical evaluation. A link to unsubscribe from the newsletter can be found at the end of each newsletter. If the user is subscribed to the newsletter only and then cancels their subscription, their personal data is erased. Please be aware that receiving and/or canceling the newsletter normally incurs only the transmission costs, charged at the basic rate.
i. User requirements: Each user has rights and claims, as described in more detail in section VI, which can be enforced against us at any time – also in view of consent as regards mailing of the newsletter.
(1) We collect data about each access to the server containing this service (server log files). The access data includes the name of the visited website, file, date and time of retrieval, transferred data volume, confirmation of successful retrieval, browser type and version, the user's operating system, referrer URL (previously visited page), IP address and the requesting Provider.
(2) For security reasons (e.g. to clarify any misuse or fraudulent behavior), log file information is stored for a maximum of seven days and then erased. If data has to be kept as evidence, it is excluded from erasure until the specific incident has been conclusively clarified.
(3) This data has to be collected for technical reasons in order to provide our Internet offering, so that data collection is based on our legitimate interests pursuant to Article 6 (1f) GDPR.
You can configure the settings for your browser to inform you if a website places cookies in it. You can also use this option to allow cookies on a case-by-case basis only, prohibit cookies from being saved in certain cases or in general and activate a function for automatically deleting cookies when you close your browser. Deactivating cookies may restrict the functionality of this website. In some circumstances, you will no longer be able to use certain functions or access certain sections of the Website.
Session data (session cookies) must be saved. This data is required for various modules, such as user login, the product finder and language selection.
This saves your preference for accepting cookies.
(1) Users have the right to receive information free of charge at any time about:
a. The purposes for which we process personal data;
b. The categories of personal data that we process;
c. The recipients or categories of recipients to whom the personal data was disclosed or is currently being disclosed;
d. The planned duration of storage of the personal data concerning them or, if accurate details are not possible, criteria used to determine the storage period;
e. All available information about the origin of the data, if the personal data is not collected from the data subject;
f. The existence of an automated decision-making process including profiling in accordance with Article 22 (1 and 4) GDPR and – in these cases at least – meaningful information about the involved logic as well as the scope and intended effects of such processing for the data subject.
(2) The users also have the following rights:
a. Right to rectification
The users have a right to rectification and/or completion against us, in cases where the processed personal data that relates to them is inaccurate or incomplete. We will carry out the rectification immediately.
b. Right to the restriction of processing
Subject to the following conditions, the users can request to restrict the processing of the personal data that relates to them:
i. If they contest the accuracy of the personal data that relates to them for a period which allows us to verify the accuracy of the personal data;
ii. The processing is unlawful and they oppose erasure of the personal data but instead request to restrict the use of the personal data;
iii. We no longer require the personal data for processing purposes, but they require it to assert, exercise or defend legal claims, or
iv. If they have filed an objection to the processing in accordance with Article 21 (1) GDPR and it is not yet clear whether our legitimate reasons outweigh the reasons given by the users.
If processing of the users' personal data has been restricted, this data may only be processed – other than to save it – with the consent of the users or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest for the EU or a member state.
If the processing was restricted based on the conditions above, we will inform the users before the restriction is lifted.
c. Right to erasure
i. Obligation of erasure
The users can request us to erase the personal data relating to them immediately, and we are obligated to erase this data immediately, if one of the following reasons applies:
The relevant personal data is no longer required for the purposes for which it was collected or otherwise processed.
The users withdraw their consent which supported processing in accordance with Article 6 (1a) or Article 9 (2a) GDPR, and there is no other legal basis for processing.
The users object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or they object to the processing in accordance with Article 21 (2) GDPR.
The personal data relating to the users was unlawfully processed.
The erasure of personal data relating to the users is required in order to meet a legal obligation under European Union law or the laws of member states with which the controller must comply.
The personal data relating to the users was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
ii. Information to third parties
If we have made a user's personal data public and we are obliged to erase it in accordance with Article 17 (1) GDPR, then we will take appropriate measures (including those of a technical nature) in consideration of the available technology and the implementation costs, to inform other data processing controllers who are processing the personal data, that the user as the data subject has requested that all links to this personal data, or copies or replications of such data are erased.
The right to erasure does not apply if the processing is required
to exercise the right to freedom of expression and Information;
to fulfill a legal obligation which requires processing according to the laws of the EU or its member states, which the controller is subject to, or to perform a task which is in the public interest or in the exercise of public authority, which was passed on to the Controller;
for reasons of public interest in the area of public health in accordance with Article 9 (2h, i) as well as Article 9 (3) GDPR;
for archiving purposes, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Article 89 (1) GDPR, provided that the right mentioned in section a) will likely make implementing the objectives of this processing impossible or seriously disrupt it, or
to assert, exercise or defend legal Claims.
d. Right to information
i. If a user has asserted the right to rectify, erase or restrict the processing against us, we are obligated to inform all recipients to whom the user's personal data was made public about this rectification or erasure of data or restriction of processing, unless this proves to be impossible or it involves disproportionate effort.
ii. The user is entitled to be informed by us about these recipients.
e. Right to data portability
Users have the right to the personal data relating to them, which they have given us, in a structured, conventional and machine-readable format. They also have the right to communicate this data to another controller without obstruction from us, provided that
i. processing is based on consent in accordance with Article 6 (1a) GDPR or Article 9 (2a) GDPR or on a contract in accordance with Article 6 (1b) GDPR and
ii. processing takes place using an automated procedure.
In exercising this right, users also have the right to have the personal data related to them communicated directly from one controller to another controller, where technically possible. This must not restrict the liberties and rights of other People.
The right to data portability does not apply to the processing of personal data which is required to perform a task that is in the public interest or in the exercise of public authority, which was passed on to the Controller.
f. Right to object
i. For reasons relating to their particular situations, users have the right to object at any time to the processing of their personal data, in accordance with Article 6 (1e or f) GDPR; the same applies to profiling based on these provisions.
ii. We will then cease processing the users' personal data, unless we can provide compelling legitimate reasons for doing so, which outweigh the users' interests, rights and freedoms, or unless the processing is used to assert, exercise or defend legal Claims.
iii. If the users' personal data is processed to pursue direct advertising, they have the right to object at any time to the processing of their personal data for such advertising purposes; the same applies to profiling insofar as it is linked to direct advertising. At the current time, we are not conducting any such processing.
iv. If the users object to data processing for direct advertising purposes, their personal data will cease to be processed for such purposes.
v. Users have the opportunity to exercise their right to object via automated procedures which use technical specifications, in connection with the use of information society services – irrespective of Directive 2002/58/EC.
vi. Users can also withdraw consent at any time, invariably with implications for the future, and refuse future use of their data, where permitted by the legal regulations.
g. Right to file a complaint with a supervisory authority
i. Disregarding any other administrative or judicial remedy, the users have the right to file a complaint with a supervisory authority, especially in the member state where they live, work or the location of the suspected contravention, if they believe that the processing of their personal data contravenes the GDPR.
ii. The supervisory authority where the complaint was filed informs the complainant about the status and results of the complaint, including the option of judicial remedy in accordance with Article 78 GDPR.
iii. The supervisory authority responsible for us is:
German State Commissioner for Data Protection and Freedom of Information
Postfach 10 29 32
Tel.: +49 (0) 711 61 55 41 0
Fax: +49 (0) 711 61 55 41 15
(1) The data stored with us will be erased as soon as it is no longer required for its intended purpose and the erasure does not oppose any legal retention requirements. If user data is not erased because it is required for other and legally authorized purposes, processing of such data is restricted. In other words, the data is locked and not processed for other purposes. This applies, e.g. for user data that has to be stored for commercial or fiscal reasons.
(2) According to legal requirements, data is stored e.g. for six years in accordance with Section 257, paragraph 1 of the German Commercial Code (HGB) (account books, inventories, opening balances, annual financial statements, business letters, accounting records, etc.) and for ten years in accordance with Section 147 paragraph 1 of the German Fiscal Code (AO) (accounts, records, management reports, accounting records, business and commercial letters, taxation-relevant documents, etc.).
(1) We reserve the right to amend the data protection statement in line with changed legal situations, or in the event of changes to services and to data processing. However, this only applies with regard to statements about data processing. Provided that user consent is required or parts of the data protection statement contain regulations for the contractual relationship with the users, the changes will only be made in agreement with the users.
(2) Users are requested to keep themselves up to date with the content of the data protection statement.
Data protection statement last updated May 25th, 2018