
Compliance
Data privacy statement
- ↩ Back to the overview
- Code of conduct
- Supplier code of conduct of the Brand Group
- Return of electrical equipment
- Disposal of used batteries
- Minimum wage law (MiLoG)
- Toxic substances control act (TSCA))
- California proposition 65
- REACH regulation
- Regulation on ecodesign - IE2 statement
- Corporate due diligence in supply chains
- Conflict minerals
- Modern slavery and human trafficking statement
- Data privacy statement
- Imprint
- Disclaimer
- Ip
Data privacy statement
We thank you for visiting our website and for your interest in our company and our products.
As the operator of this website, we take the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with the statutory data protection regulations and this data privacy statement.
When you visit this website, various personal data is collected. Personal data is data that can be used to identify you personally. This data privacy statement explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
1 Who we are and how you can contact us
2 General information
3 Information on the transfer of personal data to third countries
4 Which of your data is processed when you visit our website and interact with us
5 Your rights
6 Changes to our data privacy statement
1 Who we are and how you can contact us
Provider and responsible office as defined in the Data Protection Act
VACUUBRAND GMBH + CO KG
Alfred-Zippe-Straße 4
97877 Wertheim
Telefon: +49 9342 808-0
Fax: +49 9342-808 5555
www.vacuubrand.com
Please send general inquiries about data protection, such as the enforcement of data subject rights, to the following email address, which will redirect your inquiry to the data protection officer and our data protection team:
Confidential data protection inquiries can be sent to our data protection officer by telephone, regular mail, or email:
Ronald Baranowski
SIX DATENSCHUTZ GmbH
Marktplatz 6
61118 Bad Vilbel, Germany
Phone: +49 6101 982 9422
rb@six-datenschutz.de (for confidential inquiries)
2 General information
2.1 Area of applicability:
This data privacy statement applies to the following offers:
- our website, available in particular https://shop.vacuubrand.com and https://www.vacuubrand.com
- whenever reference is made to this data privacy statement from one of our offers (e.g. websites, subdomains, mobile applications, web services, or integrations into third-party sites), regardless of how you access or use it.
All of these offers are also referred to collectively as “services”.
2.2 Integration of third-party services and content
Our website sometimes includes content and services from other providers. In order for this data to be accessed and displayed in the user’s browser, the transmission of the IP address is mandatory. The providers (hereinafter referred to as “third-party providers”) therefore perceive the IP address of the respective user.
Even if we endeavor to only use third-party providers who only need the IP address to be able to deliver content, we have no influence on whether the IP address may be stored for statistical purposes, among other things. Insofar as we are aware that the IP address is being stored, we will inform our users of this.
2.3 Transfer of data to third parties
Your data will not be transferred to unauthorized third parties. Insofar as external service providers receive your personal data, we have ensured that they implement appropriate technical and organizational measures and that they comply with the applicable data protection regulations and laws.
2.4 Data economy
We store personal data in accordance with the principles of data avoidance and data minimization and only for as long as is necessary or prescribed by law (statutory retention period). If the purpose of the data collected no longer applies or the storage period ends, we block or delete the data.
3 Information on the transfer of personal data to third countries
If we transfer data to third countries, i.e. countries outside the European Union, the transfer takes place exclusively in compliance with the legally regulated admissibility requirements.
If the transfer of data to a third country does not serve to fulfill our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defense of legal claims and no other exception under Art. 49 of the General Data Protection Regulation (GDPR) applies, we will only transfer your data to a third country if an adequacy decision pursuant to Art. 45 GDPR or suitable guarantees pursuant to Art. 46 GDPR exist.
An adequate level of data protection in the USA was last stated by the adequacy decision “Data Privacy Framework (DPF)” adopted in July 2023. US companies must be certified in order to be listed in it. You can find the adequacy decision here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Alternatively or additionally, the EU standard data protection clauses issued by the European Commission create suitable guarantees with the recipient body in accordance with Art. 46 para. 2(c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available on the European Commission’s website, available here.
We have agreed EU standard data protection clauses with providers in third countries and in some cases data processing on servers in Germany and the EU. Timely deletion of data reduces the risk of unauthorized access.
4 Which of your data is processed when you visit our website and when you interact with us
In the following, we inform you for what purpose, in what way, and to what extent your personal data may be processed when you visit our website and when you interact with us.
4.1 Collection of personal data when you visit our website
If you use the website purely for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis for this is Art. 6 para. 1 sentence 1(f) GDPR, legitimate interest):
the IP address, host name, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request originates (referrer), the specific pages of our website that you have accessed, browser: type, version, and set language, operating system: type and version
If JavaScript is activated, also the screen resolution, color depth, size of the browser window, installed browser plugins
4.2 Cookies
This website uses “cookies”. These are text files that are stored on your computer by the server. They may contain information about the browser, IP address, operating system, and internet connection. We do not pass this data on to third parties or link it to personal data without your consent.
Cookies fulfill two main tasks. They help us to make it easier for you to navigate through our website and enable the website to be displayed correctly. They are not used to introduce viruses or launch programs.
Users have the option of accessing our website without cookies. To do this, the corresponding settings must be changed in the browser. Please use the help function of your browser to find out how to deactivate cookies. However, we would like to point out that this may impair some of the functions of this website and limit the ease of use.
The websites www.aboutads.info/choices/ (USA) and www.youronlinechoices.com/uk/your-ad-choices/ (Europe) allow you to manage interest-based advertising.
4.2.1 Use of essential cookies
Essential cookies do not require your consent and are processed by us in accordance with Art. 6 para. 1(f) GDPR. Our legitimate interest here is the smooth and optimal use and presentation of our website.
4.2.2 Consent to cookies / consent required for the use of services by third-party providers
On our website, we use the cookie consent tool “Cookiebot” from Usercentrics A/S, Danneskiold-Samsøes Allé 41, 1434 Copenhagen, Denmark. The purpose of this processing is to obtain your consent for the technically unnecessary cookies used on our website and to document them in accordance with applicable data protection regulations and laws.
When you visit our website, a cookie is stored in your browser in which the consents you have given or the revocation of these consents are documented.
The legal basis for this data processing is Art. 6 para. 1(c) GDPR – legal obligation, which consists in the fact that consent must be obtained for technically unnecessary cookies before they are used in accordance with the ECJ ruling of October 1, 2019, AZ C-673/17.
The data collected will be stored until you ask us to delete it or delete the cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Further details on data processing by the provider can be found here.
4.2.3 Google Analytics web analytics service
We only use the Google Analytics service, a web analysis service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (belonging to Google Inc., headquartered at 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA, “Google”), once you have given your consent.
Google Analytics uses “cookies”. These are text files that are stored on your computer and enable your use of the website to be analyzed.
The information generated by the cookie about your use of this website, such as the browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), and time of the server request, is usually transmitted to a Google server in the USA and stored there.
However, we only use Google Analytics if IP anonymization is activated, i.e. your IP address will be previously abbreviated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide us with other services relating to website and internet use.
The IP address transmitted by your browser within the context of Google Analytics is not merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this, you might not be able to use the full functionality of this website.
This analysis tool is used on the basis of Art. 6 para. 1(f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior, in order to optimize its web content and its advertising.
If a corresponding consent has been requested (e.g. consent to store cookies), processing takes place on the basis of Art. 6 para. 1(a) GDPR; consent can be revoked at any time.
The data will be deleted as soon as it is no longer needed for our recording purposes. This is the case after 7 days.
For more information about Google’s terms of use and privacy, please visit
https://marketingplatform.google.com/about/analytics/terms/de/ or https://policies.google.com/?hl=de&gl=de.
Google Analytics Version 4.0
We also use Google Analytics Version 4.0 from Google Ireland Ltd (see above). In doing so, Google processes personal user data insofar as you have not previously objected to this use in your Google account. In this case, Google creates user profiles based on various data, including that of Google Signals, which collects and analyzes cross-device tracking data. Google can use this information to evaluate, for example, whether users first came across our website and how this was done – for example via an advertisement – or whether further interactions followed after the website visit – e.g. the installation of an app or purchases. We only receive statistical, anonymized information from Google in order to optimize our websites and our offer.
You can find more information about Google’s data protection here: https://policies.google.com/privacy?hl=de&gl=de
4.2.4 Google Marketing Platform (formerly DoubleClick by Google)/Campaign Manager
This website uses the online marketing tool Campaign Manager from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (part of Google Inc., headquartered at 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA, “Google”).
Campaign Manager uses cookies to display ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Campaign Manager can use cookie IDs to record “conversions” that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser’s website with the same browser and makes a purchase there. According to Google, Campaign Manager cookies do not contain any personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating Campaign Manager, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. Insofar as you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and store it.
The processing is carried out with your consent in accordance with Art. 6 para. 1(a) GDPR. You can revoke your consent at any time in the cookie settings.
In addition, you can prevent participation in this tracking process in various ways:
- by setting your browser software accordingly; in particular, suppressing third-party cookies will result in you not receiving ads from third-party providers;
- by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain googleadservices.com, www.google.de/settings/ads, whereby this setting is deleted when you delete your cookies;
- by deactivating the interest-based ads of the providers that are part of the “About Ads” self-regulation campaign via the link www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies;
- by permanently deactivating them in your Firefox, Internet Explorer, or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin,
- using the appropriate cookie setting. We would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
In addition, you can prevent Google from collecting the data generated by the cookies about your use of the websites and the processing of this data by Google by downloading and installing the browser plug-in available at https://support.google.com/adsense/answer/142293?hl=en under “Display settings”, “Campaign Manager deactivation extension”.
The data sent by us and linked to cookies is automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.
Further information on the Google Marketing Platform can be found at https://marketingplatform.google.com/about and on data protection at Google in general: https://policies.google.com/privacy?hl=en. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.
4.2.5 Google Ads
This website uses the Google Ads service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (affiliated with Google Inc., headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google”).
Google Ads enables us to place advertisements both in Google search engine results and in the Google advertising network. In this context, we use the functions conversion tracking and remarketing.
Google Ads & conversion tracking allow an advertiser to define certain keywords in advance so that ads are displayed for relevant search queries. If you reach our site via an ad, a “conversion cookie” is set. This is used to create visitor statistics and to determine how many users have performed certain actions (e.g., a purchase or a contact request). This helps us optimize the effectiveness of our advertising measures. The validity period is generally 30 days.
Google Ads remarketing is used to address users again based on their previous interactions with our website. Users are categorized into audience lists (e.g., visitors to certain product pages) in order to display interest-based advertising to them on other websites within the Google advertising network or in Google Search.
By using Google Ads, data such as your IP address, device information, browser details, and information about your interaction with our website (e.g., pages visited, time and duration of the visit) are transmitted to Google servers in the USA. The retention period for remarketing purposes is a maximum of 540 days (or up to 26 months if linked with Google Analytics). Please also note the section on the web analytics service Google Analytics.
The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by changing this in the cookie settings.
It cannot be ruled out that personal data will be transferred to insecure third countries (USA) where the level of data protection is lower than in the EU. We have concluded a data processing agreement with Google that ensures personal data are processed only in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU–US Data Privacy Framework, which regulates the secure processing of EU citizens’ data in the USA.
Further information about Google’s products and privacy can be found at https://policies.google.com/privacy?hl=en&gl=en and https://business.safety.google/adsprocessorterms/.
4.2.6 Google Tag Manager
This website uses the Google Tag Manager of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (part of Google Inc., headquartered at 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA, “Google”).
Google Tag Manager provides a technical platform to run and bundle other web services and web tracking programs using “tags”. In this context, Google Tag Manager stores cookies on your computer and analyzes your surfing behavior (“tracking”) if web tracking tools are executed by Google Tag Manager.
This data sent by individual tags integrated in Google Tag Manager is combined, stored and processed by Google Tag Manager under a uniform user interface. All embedded tags are listed separately in this privacy statement.
When using our website with activated integration of Google Tag Manager tags, data such as your IP address and your user activities are transferred to servers of Google Ireland Ltd. and processed and stored outside the European Union, e.g. in the USA.
On our behalf, Google will use this information to evaluate your visit to the website, to compile reports on website activity and to provide us with other services relating to website and internet use.
The IP address transmitted by your browser within the context of Google Tag Manager is not merged with other Google Ireland Ltd. data.
The storage and analysis of the data are carried out on the basis of Art. 6(1)(a) GDPR (consent), either as part of registration with Google (creation of a Google account and acceptance of the privacy notices implemented there) or on the basis of Art. 6(1)(f) GDPR, based on our legitimate interest when you open our site. Our legitimate interest lies in the efficient management of web analytics and other online advertising systems.
4.2.7 Friendly Captcha
We use Friendly Captcha on our websites. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee (hereinafter referred to as "Friendly Captcha").
We use Friendly Captcha to protect our website and online services from spam and misuse and to check whether data entries on our websites (e.g. in a contact form) are made by a human or by an automated program. For this purpose, Friendly Captcha presents the user's browser with a calculation task that is solved by the user's device in the background. The solution to the calculation task together with connection and interaction data transmitted by the user's browser are analyzed by Friendly Captcha to determine whether it is a human user or a bot.
The analyses run completely in the background. Website visitors are not informed that an analysis is taking place. Friendly Captcha does not use the data obtained to identify individuals or for marketing purposes, but only to identify and deal with possible threats to our website. Data that can identify users (such as IP addresses) is anonymized using one-way hashing.
Data processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR to ensure the security and functionality of our website.
Further information about Friendly Captcha and how it handles your data can be found here.
4.2.8 Conent Delivery Network
For the purpose of shorter loading times, we use a so-called Content Delivery Network (“CDN”) for certain services. With this service, content (e.g., large media files) is delivered via regionally distributed servers of external CDN providers. Therefore, access data (e.g., IP address, date and time of access) are processed on the providers’ servers. The retention period is determined by the respective provider; we have no influence on this.
This service is provided by the following providers:
- Open-source service jsdelivr.com of the software company Volentio JSD Limited (“jsdelivr”), based at Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB. Further information can be found in jsDelivr’s privacy notices and terms of use. The service provider expressly states in its privacy notice that no cookies or other tracking methods are used by the provider.
When using these services, personal data may be transmitted to servers that are not located in the EU, e.g., in the USA. This is done in accordance with section 3 of this privacy notice.
If you want to prevent the use of this service, you have the option of installing a JavaScript blocker. Please note, however, that this may mean that our website can no longer be used fully and in the usual way.
The legal basis for this processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR in the technical stability, security, and loading speed of our website.
4.2.9 Microsoft Advertising (formerly Bing Ads)
Microsoft Advertising (formerly Bing Ads) is a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland and associated companies.
The purposes of processing include: viewing time analysis, display of personalized advertising, measurement of advertising success, billing of advertising. Bing Ads processes the IP address, as the search history, and the click path. This processing takes place with your consent in accordance with Art. 6 para. 1(a) GDPR. It is also possible to prevent processing: opt-out.
Data may be transferred to the following countries: Australia, Austria, Brazil, Canada, Chile, Finland, France, Germany, Hong Kong (PR China), India, Ireland, Japan, South Korea, Luxembourg, Malaysia, Netherlands, Singapore, South Africa, United Kingdom, and other countries. Please refer to item 1.4 of this data privacy statement for information on transfers to third countries.
Further information about this service and the protection of your data can be found here: https://privacy.microsoft.com/de-de/privacystatement
4.2.10 Magento Commerce
An online store is offered on our website. For this purpose, we use the Magento Commerce platform, a service provided by Adobe Systems Software Ireland Limited (4-6 Riverwalk, City West Business Campus, Saggart D24, Dublin, Ireland). The aim is to ensure reliable and efficient processing of your purchase and to provide a user-friendly and secure shopping platform.
The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR (fulfillment of a contract), Art. 6 para. 1 sentence 1 lit. c GDPR (fulfillment of legal obligations) and Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interest).
Further information on data protection in the context of the Magento Commerce application can be found in the provider's privacy policy: https://www.adobe.com/privacy.html.
4.2.11 Vimeo
We embed Vimeo videos on some of our websites, which you can access by clicking on the play button and thus consenting to the connection to the Vimeo server. The operator of the corresponding plug-in is Vimeo Inc, 555 West 18th Street, New York 10011, USA (hereinafter: Vimeo). Vimeo enables us to provide you with interesting video material about our company and our products.
As soon as you click on the play button of an embedded video, a connection to the Vimeo server in the USA is established and Vimeo collects, stores and processes, among other things, your IP address, technical information about your browser, operating system and device information, website from which you use the Vimeo service and other web activities. This information is used, among other things, to improve user-friendliness, to communicate with you or to implement targeted advertising measures.
The legal basis for the processing is your consent given by clicking on the play button (legal basis is Art. 6, 1 lit. a GDPR). If you do not wish to give your consent, do not play the video. Your consent can be revoked at any time for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Further information on data protection at Vimeo can be found in the provider's privacy policy at: https://vimeo.com/privacy
4.2.12 Social media
We maintain publicly accessible profiles in social networks, to which we provide links on our website.
As a rule, social networks comprehensively analyze your user behavior when you visit their websites. Visiting social media sites therefore triggers a number of data protection-related processing operations over which we have no influence.
If you are logged into your social media account and visit a social media platform, the operator of the social network can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social network. In this case, data is collected, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data thus collected, the operators of the social networks can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you within and outside the respective social networks. Insofar as you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
Please also note that we cannot track all of the social networks’ processing operations. Depending on the provider, further processing operations may therefore be carried out. For details, please refer to the terms of use and privacy policy of the respective social network (see below). Please note that when using the following services, personal data may be transferred outside the European Union. Further information can be found under item 3 of this data privacy statement.
The specific social networks:
We have a profile on Instagram. The provider is
Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Instagram”).
For details on how they handle your personal data, please refer to Instagram’s data privacy statement:
help.instagram.com/519522125107875
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin4, Ireland (“YouTube”).
For details on how they handle your personal data, please refer to YouTube’s data privacy statement:
We have a profile on LinkedIn. The provider is LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland)
For details on how they handle your personal data, please refer to LinkedIn’s data privacy statement:
https://www.linkedin.com/legal/privacy-policy
4.3 Which of your data we process when you interact with us
4.3.1 Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. The disclosure of your data is completely voluntary.
This data is processed on the basis of Art. 6 para. 1 lit. b) GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the request addressed to us (Art. 6 para. 1 lit. f) GDPR). You can object to the processing of your data at any time. The legality of the data processing operations carried out up to the point of objection remains unaffected by the revocation. Your data will remain with us until you ask us to delete it, object to the processing or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
Data will not be passed on to unauthorized third parties. The data collected in this way is also not compared with data that may be collected by other components of our website. The services offered can - as far as technically possible and reasonable - also be used without providing this data or by providing anonymized data or a pseudonym.
Your data will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory statutory provisions—especially retention periods—remain unaffected.
If your request originates from a country in which we do not have our own sales organization, your data may be forwarded to the responsible local distribution partner. This may constitute a transfer of data to a third country outside the EU where a different level of data protection may apply. An overview of our local distribution partners can be found on our contact page.
4.3.2 Video conferences and telephony
To conduct virtual appointments, online meetings, and video conferences, we use the Webex service provided by Cisco Systems, Inc., 170 West Tasman Dr., San Jose, CA 95134, USA.
Depending on usage, the following data in particular are processed: name, email address, meeting metadata (e.g., topic, time, duration), communication content (audio/video/chat), and technically necessary connection data (e.g., IP address). Audio and video functions are disabled by default and can be activated by the user as needed. Meetings are generally not recorded. If we intend to record conversations, you will be transparently informed in advance and asked for your consent.
Data processing is carried out pursuant to Art. 6(1)(b) GDPR insofar as the video conference is conducted in the context of (pre-)contractual obligations, and otherwise on the basis of Art. 6(1)(f) GDPR due to our legitimate interest in efficient communication.
For the use of Webex, we have concluded a contractual agreement with Cisco pursuant to Art. 28 GDPR and additionally the EU Standard Contractual Clauses. Your data are generally processed within the EU. Depending on the configuration, processing in third countries cannot be ruled out. The information on transfers to third countries (section 3) applies.
Meeting-related data are stored only as long as required for conducting and following up on the meeting, provided no statutory retention obligations prevent deletion.
Further information on Webex and privacy can be found here: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
4.3.3 Newsletter dispatch and tracking
You can register with us to receive information about products, surveys, news and trade fair tickets ("Information"). For this purpose, we require a validated e-mail address, as well as the IP addresses and the date of your registration. This data serves as proof in the event of possible misuse, e.g. if a third-party e-mail address is used to receive information. To ensure that your e-mail address is entered correctly and not misused by third parties in our mailing list, we use the so-called "double opt-in" procedure. This involves logging the subscription/registration, the sending of the confirmation email and the receipt of the registration confirmation. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.
For sending and organizational processing and analysis, we use the services of CleverReach GmbH & Co. KG, a provider from Germany. CleverReach stores your data, such as your email address, on servers in Germany and Ireland.
Sending with CleverReach enables us to analyze the behavior of the recipients of the information and to create personalized user profiles. In particular, the following data is collected and processed: Time and frequency of email opening, links clicked, type of device and email client used and geographical location based on IP address. This data is not anonymized, but linked to your email address and any other data you provide (such as your name or company name). This creates a personalized user profile that enables us to better tailor the content of our newsletters to your individual interests and preferences.
Details on data analysis by CleverReach can be found at: https://www.cleverreach.com/en-de/newsletter-tool/newsletter-reporting/email-open-and-click-rate/
Your data is processed and profiled exclusively on the basis of your consent (Art. 6 (1) (a) GDPR), which covers both the receipt of the newsletter and the analysis by means of profiling.
You have the option to withdraw your consent to data storage, used for sending information and analysis at any time. We provide you with a link to revoke your consent in every newsletter and on the website. You also have the option of informing us of your wish to withdraw your consent via the contact options specified in this document.
After a revocation, your personal data will be deleted from the newsletter distribution list, provided that there are no statutory retention requirements.
4.3.4 Customer surveys / satisfaction surveys
We use Google Forms (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, affiliated with Google Inc., headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google”) to conduct surveys and collect feedback when we provide you with a link to a form. The purpose of the surveys is to use customer feedback for quality improvement and to optimize customer satisfaction.
The content you enter into the form (e.g., name, contact details, answers/free text), where applicable transmission metadata (e.g., timestamp), as well as technically necessary connection data (e.g., IP address) are processed by us for the performance and evaluation of the survey or the handling of your request, as well as for quality assurance and improvement of our offerings.
The legal basis is Art. 6(1)(a) GDPR (consent), insofar as you have previously given us consent to receive information about us and our products. If we send you the participation link based on your existing customer relationship, we rely on the legal basis of Section 7(3) UWG (German Act Against Unfair Competition). You can object to the processing of your data for this purpose at any time by using one of the contact options mentioned above, without incurring any costs other than the transmission costs according to basic rates.
It cannot be ruled out that personal data will be transferred to insecure third countries (USA) where the level of data protection is lower than in the EU. We have concluded a data processing agreement with Google that ensures personal data are processed only in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU–US Data Privacy Framework, which regulates the secure processing of EU citizens’ data in the USA.
Further information on Google’s privacy practices and products can be found here.
We store the collected data only as long as necessary for the respective purpose or until you revoke your consent; afterwards, the data will be deleted unless statutory retention obligations prevent deletion.
4.3.5 Online shopping
In the following, we will describe how your personal data is processed in our online shop in connection with a customer relationship existing between you and us.
For the registration as a customer and the processing of your order (disposition, dispatch, payment) we need your personal data, address data, company name, contact data and payment data.
We process your payment data for the processing of payments within the scope of orders in the online shop. Your order data is required for the processing of your order. This data is processed in accordance with Art. 6 para. 1(b) GDPR (fulfillment of contract, pre-contractual measure).
Notes on data processing by third parties in the processing of payments:
Credit card payment:
Payments by credit card are processed by BS PAYONE GmbH, Lyoner Strasse 9, 60528 Frankfurt am Main, Germany. The following personal data is processed by BS PAYONE GmbH:
- First and last name
- Contact details such as address
- The purchase price
- Order data
- Financial data such as account information, credit card details
BS PAYONE GmbH is certified according to the Payment Card Industry Data Security Standard (PCI DSS) and is approved and supervised by the Federal Financial Supervisory Authority, Graurheindorfer Strasse 108 in 53117 Bonn, Germany, as an e-money institution.
Tax-relevant data is subject to a retention period of 10 years (counting from the beginning of the year following the year of the respective data processing). Provided that other statutory retention periods do not conflict with this, the data will be deleted in accordance with data protection regulations at the end of the retention period.
We use your contact and address data for the transmission of advertising for our own offers that are in line with your interests. We process this data in accordance with Art. 6 para. 1(f) GDPR, to maintain customer relations and to market our services.
This data is subject to a retention period of 10 years; unless other legal retention periods prevent this, the data will be deleted after the retention period has expired in accordance with data protection regulations.
4.3.6 Guest Wi‑Fi
Guests of our company have the option to use internet access in our business premises via a separate guest Wi‑Fi. Access is provided via a captive portal (login page).
Processing is carried out to provide Wi‑Fi access, to ensure network and information security (e.g., error/fault analysis, detection of misuse and attacks), and to prevent or investigate legal violations.
In particular, device and connection data are processed (e.g., internal IP address, time of connection setup/termination, access point/location area used), as well as technical and log data (e.g., technical log files, data volume; where applicable destination IP/domain) and documentation of consent to the terms of use in the captive portal.
Processing is necessary for the performance of a contract (provision of internet access via the guest Wi‑Fi) pursuant to Art. 6(1)(b) GDPR. The contract is concluded by logging into the guest Wi‑Fi.
To ensure proper operation and information security, it may be necessary to transmit your personal data to our service providers (IT providers).
Your data will be disclosed or transmitted only insofar as this is necessary for contract processing, we are legally obliged to do so, or you have given your consent to the data transfer in advance. No transfer to a third country takes place.
The data processed when using the guest Wi‑Fi are stored for up to 90 days after the last use and then automatically deleted.
4.3.7 Data protection for applications and in the application process
The controller collects and processes the personal data of applicants for the purpose of handling the application process and for the decision on the establishment of an employment relationship. This is carried out on the basis of Art. 88 para. 1 GDPR in conjunction with Section 26 of the Federal Data Protection Act (BDSG) and Art. 6 para. 1(b) GDPR – pre-contractual measures. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by email or via a web form on the website. Your data will only be forwarded to the relevant departments responsible for the application process.
If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.
If the controller does not conclude an employment contract with the applicant, the application documents will be stored for the duration of the application process and for a further six months and then deleted, insofar as deletion does not conflict with any contractual, legal, or other legitimate interests of the controller. Other legitimate interest in this sense might include, for example, a burden of proof in defense in proceedings under the General Equal Treatment Act (AGG).
The office responsible for all data arising in connection with the application process is BRAND INTERNATIONAL GMBH (BRAND INTERNATIONAL). BRAND INTERNATIONAL carries out all tasks for BRAND GMBH + CO KG, VACUUBRAND GMBH + CO KG and VITLAB GmbH which concern the services of a personnel department (e.g. personnel recruitment, personnel development and personnel administration).
5 Your rights
Information, blocking, deletion, and correction
Within the limits of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to rectify, block or delete this data. You can contact us or our data protection officer at any time at the address given in the legal notice if you have further questions on the subject of personal data.
Revoking your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time with effect for the future. All you need to do is send us an informal message by email. The legality of data processing that has already been carried out remains unaffected.
Right to object to data collection and direct advertising (Art. 21 GDPR)
If data processing is based on Art. 6 para. 1(a) or (f) GDPR (consent or legitimate interest), you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data privacy statement. If you file an objection, we will no longer process your personal data unless we can prove compelling reasons that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection according to Art. 21 para. 1 GDPR).
If you are a customer of ours, your data may also be used for direct advertising if it concerns the same or similar topics in connection with the services commissioned by you. If your personal data is processed for the purpose of direct advertising, you have the right at any time to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is in connection with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection according to Art. 21 para. 2 GDPR).
Right of complaint to the competent supervisory authority
In the event of infringements of the GDPR, those involved have the right to appeal to a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place where the suspected infringement was committed. The right of appeal is without prejudice to other administrative or judicial remedies.
The supervisory authority responsible for us is:
Der Landesbeauftragte für den Datenschutz und
die Informationsfreiheit Baden-Württemberg
Lautenschlagerstrasse 20
70173 Stuttgart
Phone: +49 711 / 61 55 41 0
Email: poststelle(at)lfdi.bwl.de
Right to data portability
You have the right to have data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only take place if this is technically feasible.
Right to limitation of processing
You have the right to request limited processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to limitation of processing exists in the following cases:
If you dispute the correctness of your personal data stored by us, we normally need time to review this. For the duration of the review process, you have the right to request limited processing of your personal data.
If your personal data was/is being processed unlawfully, you can request limited processing of your data instead of having the data deleted.
When we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request limited processing of your personal data instead of having the data deleted.
If you file an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request limited processing of your personal data.
When the processing of your personal data is limited, this data – apart from its storage – may only be processed with your consent, or in order to assert, exercise or defend legal claims, or to protect the rights of another natural person or legal entity, or for reasons of substantial public interest of the European Union or a member state.
6 Changes to our data privacy statement
We reserve the right to make changes at any time to ensure that our data privacy statements always comply with the current legal requirements. This also applies in the event that the data privacy statement has to be adapted due to new or revised services, for example new services. The new data privacy statements will then apply the next time you visit our website. This data privacy statement is valid as of May 2026.