Privacy Policy

In accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR), this Privacy Policy provides you with information concerning the processing of your personal data.

We will first introduce ourselves as the controller (1.) before explaining how we handle your data and discussing your rights in this Privacy Policy. We will then explain the following topics in the order listed below:

  • Basic information about data processing (2.);
  • The use of data that you intentionally provide to us (3.);
  • Data processing that is performed automatically (4.);
  • Special forms of data processing that we do not perform directly but rather are performed by third parties (5.);

Finally, we discuss specifics about your rights (6.).

 

1. Controller and data protection officer

The controller within the meaning of the GDPR is;  

Technoform Caprano + Brunnhofer GmbH
Friedrichsplatz 8
34117 Kassel, Germany
info [at] technoform [dot] com
 
We have appointed a third-party data protection officer for our company:

Stefan Pietsch

He may be reached at:

Pietsch IT GmbH
Wilhelmshöher Strasse 1
34590 Wabern, Germany
T: +49 (0)5683-923440
Email: datenschutz [at] pietsch-it [dot] de

 

2. Basic information about data processing

We take the protection of your personal data very seriously. Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics which express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

2.1. Processing personal data

In particular, we collect and use personal data from users of our website to provide our website(s) and their contents as well as our services. For example, this is the case if you send us a contact request via our website, e.g. because you are interested in our products or services or have any other questions. On the basis of your consent, we also use usage data for analytical purposes in order to learn more about the use of our online offerings; this enable us to continuously improve our website.

We handle your personal data in a confidential manner and in accordance with applicable data protection laws and regulations such as the GDPR.
This website uses TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or requests that you send to us as the site operator. You can recognise an encrypted connection in your browser’s address bar when it changes from ‘http://’ to ‘https://’ and the padlock icon is displayed in your browser’s address bar. Data you transmit to us cannot be read by third parties if TLS encryption is enabled. Data you transmit to us cannot be read by third parties if TLS encryption is enabled.

 

2.2. Data processing in third countries

In some cases, data from users of our website is also processed in so-called third countries. This refers to countries outside the European Union (‘EU’) or the European Economic Area (‘EEA’). This is done either to perform our (pre-)contractual obligations, on the basis of consent, on the basis of a legal obligation or in pursuit of our legitimate interests. However, processing in this manner is only performed if the special requirements of Art. 44 et seq. GDPR have been satisfied. An adequate level of data protection is also ensured in such cases. This is because, in such cases, either there are adequate safeguards in place to ensure that a level of data protection comparable to that in the EU (e.g. for the US by means of the ‘EU-US Privacy Shield’) or we conclude special contractual obligations with our service providers that ensure this level of data protection (so-called EU standard contractual clauses).

 

3. Data that you provide us voluntarily

We require personal data in cases where you voluntarily make use of certain services, for example by contacting us via our contact form. If you provide us personal data for such purposes, we will process it in order to respond to your request (Art. 61)(b) GDPR). In some cases, we offer you additional services in this context. For example, you can receive updates concerning products, technologies, materials or events. We will ask for your consent before we process your data for these purposes (Art. 6(1)(a) GDPR).

 

4. Data that is processed automatically

 

4.1. Server log files

The hosting provider for our website automatically collects and stores information automatically transferred by your browser in so-called server log files. This information comprises

  • Name of the website/file accessed;
  • Date and time of access;
  • The quantity of data transmitted;
  • Report of successful access;
  • Browser type and version, user’s operating system;
  • Referrer URL (the previously visited website);
  • IP address and the requesting provider.

This is done to protect us from abuse (e.g. detecting attacks on our websites or fraud attempts). Accordingly, this data is not aggregated with other data sources. Our hosting provider retains this data for a period of two weeks. This data is then deleted. The basis for data processing in this context is our legitimate interest in the secure operation of our website; Art. 6(1)(f) GDPR.

 

4.2. Data collected by cookies

This website uses so-called cookies in some instances. Cookies do not cause any damage to your computer and do not contain any viruses. The purpose of cookies is to make our website more user-friendly, functional and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies. They are automatically deleted at the end of your visit.

Other cookies remain stored on your device until you delete them (so-called persistent cookies). These cookies make it possible to recognise your browser the next time you visit our website. Cookies we use also include so-called third-party cookies. These are cookies that we do not use ourselves, but are rather used by service providers who provide services on our behalf (e.g. Google). If other cookies (e.g. to analyse your surfing behaviour) are also placed on your device, they will be treated separately in this Privacy Policy.

You can set your browser so that you are informed about the placement of cookies and only allow cookies in individual cases, exclude the acceptance of cookies generally, or just for certain cases, and activate the automatic deletion of cookies when closing your browser. Disabling cookies may limit your ability to use some of the functions of this website.

 

5. Third-party data processing

We commission service providers in connection with the operation of our website. In some cases, third parties also process personal data. This is done solely in conformance with applicable legal requirements.

 

5.1. Google Analytics and Google Tag Manager

We use Google Analytics, a web analytics service provided by Google Ireland Ltd, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’), on our website. We use this analysis tool on the basis of your consent (Art. 6(1)(a) GDPR), which we asked you to provide when you visited our website. You may withdraw your consent at any time by opting out as described below. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Google Analytics uses persistent cookies that are stored on your device and enable the analysis of your usage behaviour. Google Analytics records how the website is used (e.g. when the website is accessed), your interactions with the website (e.g. page views, clicked links, visitor flow), technical data and some user characteristics (e.g. which device is used with which operating system and, if applicable, demographic user information such as language).
On our behalf, Google will use this information to evaluate the use of our services by you and other users, and to provide us the relevant analysis reports, and to provide us other services associated with use of the website and the internet. The data sent by us that is linked to cookies, user IDs or advertising IDs is automatically deleted after 14 months. This data is automatically deleted once a month once the relevant retention period has been reached.
Information generated by Google Analytics is generally transmitted to a Google server in the United States and stored there.

We have enabled the IP anonymisation process (code extension ‘anonymizeIp’) which abbreviates the IP addresses recorded by Google within the European Union before data is transferred to the United States (so-called IP masking). Only in exceptional cases will the complete IP address be transferred to a Google server in the United States and shortened there. The (abbreviated) IP address transmitted by your browser within the scope of Google Analytics is not associated with other data held by Google. Google only transfers this data to third parties on the basis of statutory provisions or in the context of contract data processing.
You can object to the collection and processing of the information stored by the Google cookie at any time and prevent both by setting an opt-out cookie. Simply click here to opt out: Disable Google Analytics.

Alternatively, you can also install a browser plugin which you can find here: https://tools.google.com/dlpage/gaoptout/.
For more information about how Google handles the information we transmit to it, please visit: https://www.google.com/intl/de/policies/privacy/partners/.
For more information on terms of use and data protection, please visit http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/.
In addition, we use Google Tag Manager on our website. Google Tag Manager permits the administration of so-called tags. A tag is a code snippet that is integrated into a web page and activated by a defined event. For example, such an event can be a visit of a certain page on our website. Google Tag Manager merely implements tags, meaning that Google Tag Manager itself does not use cookies and does not collect personal information. In some cases, a tag triggers the collection of data. However, Google Tag Manager does not access this data. In fact, Google Tag Manager ensures that a tag that may trigger the collection of personal data is not activated if you have disabled it at the domain or cookie level or, if applicable, refused to provide consent to data processing.

 

5.2. Hotjar

We use Hotjar, analytics software provided by Hotjar Ltd. (‘Hotjar’), Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, to better understand the interests of our users and optimise our website. We use this analysis tool on the basis of your consent (as defined in Art. 6(1)(a) GDPR), which we asked you to provide when you visited our website. You may withdraw your consent at any time by opting out as described below. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Hotjar’s technologies (tracking code and/or cookie) give us a better understanding of users’ behaviour on our website (e.g. how much time users spend on which pages, which links they click, what they like and dislike, etc.). This helps us to adapt our offerings under consideration of user feedback. Hotjar uses cookies and other technologies to collect information about the behaviour of our users and their devices (including, but not limited to, the IP address of the device (collected and stored only in an anonymous form), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), preferred language used to view our website, mouse events (movement, position and clicks), keyboard input excluding, however, specific text). Hotjar stores this information in a pseudonymous user profile. The information will not be used by Hotjar or by us to identify individual users or merged with other data about individual users.

The cookies used by Hotjar have a different ‘life cycle’; some last up to 365 days, some are only valid during the current visit.
Using this service, we can create so called heatmaps based on use of our website. These capture scrolling, cursor movement and clicks/taps and, on this basis, create a graphical representation of the use of our website by the entire user population. Heavily used areas are displayed using different colour compared to less-used areas.

We can also create so-called visitor recordings using this tool. The live recordings of the activity capture

  • HTML changes (our website and usage)
  • Cursor and scroll movement
  • Change in browser display (size)

In addition, it is possible to record this information across multiple pages. In such cases, recording starts on the first website where Hotjar is integrated. We do not record any text you enter. We have inhibited the recording of such text. To this end, all text will be replaced by asterisks or ones on your device.
In addition, we use this tool to evaluate so-called conversion funnels. We thus analyse the user’s path on our website until the user performs a certain predefined action (e.g. newsletter registration) (= conversion funnel).

Finally, we can use Hotjar Feedback to display surveys. The results of these surveys help us better understand various aspects of user behaviour, such as leaving our website.

Hotjar works with a limited number of trusted external service providers for the purpose of analysing certain technical data and for data processing and/or storage functions. These service providers have been carefully selected by Hotjar and meet high data protection and security standards. Data will only be disclosed to service providers to the extent necessary to provide the services they offer and Hotjar will contractually require them to maintain the confidentiality of all data disclosed to them by Hotjar and to use personal data only in accordance with Hotjar’s instructions. For more information, see Hotjar’s Privacy Policy here.
You may opt out of Hotjar’s storage of a user profile and information about your visit to our website as well as Hotjar tracking cookies/technologies on other websites by clicking the opt-out link at https://www.hotjar.com/legal/compliance/opt-out.

 

5.3. Google Maps

This website uses Google Maps in order to display interactive maps. Google Maps is a map service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. No personal data is transferred to Google (with the exception of IP addresses) based on the Google Maps version we use. This information is generally transmitted to a Google server in the United States and stored there.

Additional information about how user data is handled is available in Google’s Privacy Policy: https://www.google.de/intl/de/policies/privacy/
You may access additional information about data protection at Google here: http://www.google.com/policies/privacy

 

6. Your rights

If your personal data is processed, you are a data subject within the meaning of the General Data Protection Regulation. You are therefore entitled to assert the rights described below. You may contact our data protection officer presented above at any time if you have any questions about these rights, or other questions concerning the subject of personal data.

 

6.1. Right of access; Art. 15 GDPR

You have a right to request confirmation as to whether or not we are processing your personal data at no charge. You also have the right to obtain details about any such data processing and to receive a copy of such data.

 

6.2. Right to rectification; Art. 16 GDPR

You have a right to have your personal data rectified if inaccurate. In addition, you may request the completion of your data should it be incomplete.

 

6.3. Right to erasure and restriction of processing

Data stored by us will be erased as soon as it is no longer required for its intended purpose and erasure does not conflict with any statutory retention obligations. Otherwise, in accordance with Art. 17 GDPR, you have the right to demand that relevant data be erased immediately or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 GDPR.

 

6.4. Right to data portability; Art. 20 GDPR

You have the right to receive personal data concerning you that we have processed and to have such data transferred to another controller.

 

6.5. Right to object; Art. 21 GDPR

You may object to processing of personal data concerning you which is based on the pursuit of our legitimate interests (Art. 6(1)(f) GDPR). You also have the right to object, in particular if your data is used for direct marketing purposes or on grounds relating to your particular situation.

 

6.6. Right to withdraw consent; Art. 7(3) GDPR

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. In some cases, we may provide you convenient technical means to opt out. Should this not be the case in any particular situation, you may contact our data protection officer in order to withdraw your consent.

 

6.7. Right to lodge a complaint with a supervisory authority

We do, of course, endeavour to ensure that you may effectively enforce your rights. Should you believe that your data has been processed unlawfully, you may (without prejudice to any other legal remedy) lodge a complaint with the competent supervisory authority.

 

Changes to the Privacy Policy

We reserve the right to modify the Privacy Policy in order to reflect changes in the legal environment, in the event of changes to our services or changes related to our data processing. However, this applies only with regard to statements related to data processing. Changes may only be made with your consent in the event that your consent is required or elements of the Privacy Policy contain terms of our contractual relationship with you.

We kindly request that you review the contents our Privacy Policy on a regular basis.