- Basic information about data processing (2.);
- The use of data that you intentionally provide to us (3.);
- Data processing that is performed automatically (4.);
- Special forms of data processing that we do not perform directly but rather are performed by third parties (5.);
Finally, we discuss specifics about your rights (6.).
1. Controller and data protection officer
The controller within the meaning of the GDPR is;
Technoform Caprano + Brunnhofer GmbH
34117 Kassel, Germany
info [at] technoform [dot] com
We have appointed a third-party data protection officer for our company:
He may be reached at:
Pietsch IT GmbH
Wilhelmshöher Strasse 1
34590 Wabern, Germany
T: +49 (0)5683-923440
Email: datenschutz [at] pietsch-it [dot] de
2. Basic information about data processing
We take the protection of your personal data very seriously. Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics which express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.1. Processing personal data
In particular, we collect and use personal data from users of our website to provide our website(s) and their contents as well as our services. For example, this is the case if you send us a contact request via our website, e.g. because you are interested in our products or services or have any other questions. On the basis of your consent, we also use usage data for analytical purposes in order to learn more about the use of our online offerings; this enable us to continuously improve our website.
We handle your personal data in a confidential manner and in accordance with applicable data protection laws and regulations such as the GDPR.
This website uses TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or requests that you send to us as the site operator. You can recognise an encrypted connection in your browser’s address bar when it changes from ‘http://’ to ‘https://’ and the padlock icon is displayed in your browser’s address bar. Data you transmit to us cannot be read by third parties if TLS encryption is enabled. Data you transmit to us cannot be read by third parties if TLS encryption is enabled.
2.2. Data processing in third countries
In some cases, data from users of our website is also processed in so-called third countries. This refers to countries outside the European Union (‘EU’) or the European Economic Area (‘EEA’). This is done either to perform our (pre-)contractual obligations, on the basis of consent, on the basis of a legal obligation or in pursuit of our legitimate interests. However, processing in this manner is only performed if the special requirements of Art. 44 et seq. GDPR have been satisfied. An adequate level of data protection is also ensured in such cases. This is because, in such cases, either there are adequate safeguards in place to ensure that a level of data protection comparable to that in the EU (e.g. by means of an adequacy decision from the European Commission), or we conclude special contractual obligations with our service providers that ensure this level of data protection (so-called EU standard contractual clauses and additional contractual measures if applicable).
3. Data that you provide us voluntarily
We require personal data in cases where you voluntarily make use of certain services, for example by contacting us via our contact form. If you provide us personal data for such purposes, we will process it in order to respond to your request (Art. 61)(b) GDPR). In some cases, we offer you additional services in this context. For example, you can receive updates concerning products, technologies, materials or events. We will ask for your consent before we process your data for these purposes (Art. 6(1)(a) GDPR).
4. Data that is processed automatically
4.1. Server log files
The hosting provider for our website automatically collects and stores information automatically transferred by your browser in so-called server log files. This information comprises
- Name of the website/file accessed;
- Date and time of access;
- The quantity of data transmitted;
- Report of successful access;
- Browser type and version, user’s operating system;
- Referrer URL (the previously visited website);
- IP address and the requesting provider.
This is done to protect us from abuse (e.g. detecting attacks on our websites or fraud attempts). Accordingly, this data is not aggregated with other data sources. Our hosting provider retains this data for a period of two weeks. This data is then deleted. The basis for data processing in this context is our legitimate interest in the secure operation of our website; Art. 6(1)(f) GDPR.
4.2. Data collected by cookies
This website uses so-called cookies in some instances. Cookies do not cause any damage to your computer and do not contain any viruses. The purpose of cookies is to make our website more user-friendly, functional and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies. They are automatically deleted at the end of your visit.
You can set your browser so that you are informed about the placement of cookies and only allow cookies in individual cases, exclude the acceptance of cookies generally, or just for certain cases, and activate the automatic deletion of cookies when closing your browser. Disabling cookies may limit your ability to use some of the functions of this website.
5. Third-party data processing
We commission service providers in connection with the operation of our website. In some cases, third parties also process personal data. This is done solely in conformance with applicable legal requirements.
5.1. Google Analytics and Google Tag Manager
We use Google Analytics, a web analytics service provided by Google Ireland Ltd, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’), on our website. We use this analysis tool on the basis of your consent (Art. 6(1)(a) GDPR), which we asked you to provide when you visited our website. You may withdraw your consent at any time by opting out as described below. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Google Analytics uses persistent cookies that are stored on your device and enable the analysis of your usage behaviour. Google Analytics records how the website is used (e.g. when the website is accessed), your interactions with the website (e.g. page views, clicked links, visitor flow), technical data and some user characteristics (e.g. which device is used with which operating system and, if applicable, demographic user information such as language).
On our behalf, Google will use this information to evaluate the use of our services by you and other users, and to provide us the relevant analysis reports, and to provide us other services associated with use of the website and the internet. The data sent by us that is linked to cookies, user IDs or advertising IDs is automatically deleted after 14 months. This data is automatically deleted once a month once the relevant retention period has been reached.
Information generated by Google Analytics is generally transmitted to a Google server in the United States and stored there. We enter into special contractual arrangements with Google that ensure an appropriate level of data protection (so-called EU standard contractual clauses).
We have enabled the IP anonymization process (code extension ‘anonymizeIp’) which abbreviates the IP addresses recorded by Google within the European Union before data is transferred to the United States (so-called IP masking). Only in exceptional cases will the complete IP address be transferred to a Google server in the United States and shortened there. The (abbreviated) IP address transmitted by your browser within the scope of Google Analytics is not associated with other data held by Google. Google only transfers this data to third parties on the basis of statutory provisions or in the context of contract data processing.
You can object to the collection and processing of the information stored by the Google cookie at any time and prevent both by setting an opt-out cookie. Simply click here to opt out: Disable Google Analytics.
Alternatively, you can also install a browser plugin which you can find here: https://tools.google.com/dlpage/gaoptout/.
For more information about how Google handles the information we transmit to it, please visit: https://www.google.com/intl/de/policies/privacy/partners/.
We use Hotjar, analytics software provided by Hotjar Ltd. (‘Hotjar’), Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, to better understand the interests of our users and optimise our website. We use this analysis tool on the basis of your consent (as defined in Art. 6(1)(a) GDPR), which we asked you to provide when you visited our website. You may withdraw your consent at any time by opting out as described below. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
The cookies used by Hotjar have a different ‘life cycle’; some last up to 365 days, some are only valid during the current visit.
Using this service, we can create so called heatmaps based on use of our website. These capture scrolling, cursor movement and clicks/taps and, on this basis, create a graphical representation of the use of our website by the entire user population. Heavily used areas are displayed using different colour compared to less-used areas.
We can also create so-called visitor recordings using this tool. The live recordings of the activity capture
- HTML changes (our website and usage)
- Cursor and scroll movement
- Change in browser display (size)
In addition, it is possible to record this information across multiple pages. In such cases, recording starts on the first website where Hotjar is integrated. We do not record any text you enter. We have inhibited the recording of such text. To this end, all text will be replaced by asterisks or ones on your device.
In addition, we use this tool to evaluate so-called conversion funnels. We thus analyse the user’s path on our website until the user performs a certain predefined action (e.g. newsletter registration) (= conversion funnel).
Finally, we can use Hotjar Feedback to display surveys. The results of these surveys help us better understand various aspects of user behaviour, such as leaving our website.
You may opt out of Hotjar’s storage of a user profile and information about your visit to our website as well as Hotjar tracking cookies/technologies on other websites by clicking the opt-out link at https://www.hotjar.com/legal/compliance/opt-out.
5.3 Fastly CDN
Our website uses the Fastly Content Delivery Network (CDN) to deliver content. The Fastly CDN is operated by Fastly Inc, General Counsel 475 Brannan St, Suite 300 San Francisco, CA 94107. The Fastly CDN makes content from our website available on various servers distributed around the world. This shortens the loading time of the website, achieves higher fail-safety and provides increased protection against data loss. The content embedded on this website, such as images and videos, is obtained from Fastly CDN when the page is accessed. Through this access, information about your use of our website may will be transferred to servers of Fastly in other EU countries and stored there. When transferring data to the USA or another third country outside the EU that does not have a level of data protection equivalent to the GDPR, we conclude standard contractual clauses with the Fastly CDN and, if necessary, take other necessary measures to ensure an adequate level of data protection.
6. Your rights
If your personal data is processed, you are a data subject within the meaning of the General Data Protection Regulation. You are therefore entitled to assert the rights described below. You may contact our data protection officer presented above at any time if you have any questions about these rights, or other questions concerning the subject of personal data.
6.1. Right of access; Art. 15 GDPR
You have a right to request confirmation as to whether or not we are processing your personal data at no charge. You also have the right to obtain details about any such data processing and to receive a copy of such data.
6.2. Right to rectification; Art. 16 GDPR
You have a right to have your personal data rectified if inaccurate. In addition, you may request the completion of your data should it be incomplete.
6.3. Right to erasure and restriction of processing
Data stored by us will be erased as soon as it is no longer required for its intended purpose and erasure does not conflict with any statutory retention obligations. Otherwise, in accordance with Art. 17 GDPR, you have the right to demand that relevant data be erased immediately or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 GDPR.
6.4. Right to data portability; Art. 20 GDPR
You have the right to receive personal data concerning you that we have processed and to have such data transferred to another controller.
6.5. Right to object; Art. 21 GDPR
You may object to processing of personal data concerning you which is based on the pursuit of our legitimate interests (Art. 6(1)(f) GDPR). You also have the right to object, in particular if your data is used for direct marketing purposes or on grounds relating to your particular situation.
6.6. Right to withdraw consent; Art. 7(3) GDPR
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. In some cases, we may provide you convenient technical means to opt out. Should this not be the case in any particular situation, you may contact our data protection officer in order to withdraw your consent.
6.7. Right to lodge a complaint with a supervisory authority
We do, of course, endeavour to ensure that you may effectively enforce your rights. Should you believe that your data has been processed unlawfully, you may (without prejudice to any other legal remedy) lodge a complaint with the competent supervisory authority.