CERATIZIT Group
Contact

Privacy Policy

Data Protection Officer:

 

Dr. Gerhard KERCKHOFF
Head of Legal Department
Tel.: +352 31 20 85-1
E-mail: gerhard.kerckhoff@ceratizit.com

 

In this Privacy Policy we aim to inform you of which personal data we process. It applies to all digital services offered by CERATIZIT, be it websites, apps or other benefits. We therefore request that you read through the following explanations carefully.

 

Personal data means all information relating to an identified or identifiable natural person. This includes your name, address and communication data or your e-mail address.

 

We use the term “services” in the following since we process your personal data in a similar way most of the time - whether you use our websites, apps, transactions, social networks or other channels.

 

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, both with or without automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Data subject means each identified or identifiable natural person whose personal data is processed by the controller.

 

Controller means the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

 

User covers all categories of data subject affected by data processing. This includes our business partners and other visitors using our services.

 

The terms we use are supplemented by the definitions set out in Article 4 of the General Data Protection Regulation (GDPR).

 

1. Name and address of the controller

 

CERATIZIT S.A.
101, route de Holzem
8232 Mamer
Luxembourg

 

Tel.: +352 31 20 85-1
E-mail: info@ceratizit.com

 

Share capital:
EUR 17,700,000.00

 

VAT-No.:
LU19417061

 

Registration:
Luxembourg Register of Commerce, Register number: B-4610

 

Operating License Number 736
Ministry of the Economy of the Grand Duchy of Luxembourg
19-21 Boulevard Royal 
L-2449 Luxembourg

 

2. Data protection responsibility

All questions on data protection can be addressed to: dataprotectionofficer@ceratizit.com or using our postal address with the addition of "FAO Data Protection ".

 

3. Processing of personal data

3.1. Visits to our websites and apps

3.1.1. Scope of data processing

When you use our services, your device transmits certain data to our web server for technical reasons. This information comprises the following data (known as "server log files"):

 

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Operating system and its access status/HTTP status code
  • The volume of data transferred
  • Website from which the request is received ("referrer URL")
  • Browser used, as well as the language and version of the browser software

 

3.1.2. Purpose of data processing

It is necessary to store this data in log files in order to safeguard functionality of our services. We also use it to optimize our services and ensure that our IT systems remain secure.

 

3.1.3. Legal basis for processing

We collect this data on the basis of our legitimate interest within the meaning of Article 6(1f) GDPR, in order to display our services and guarantee your security.

 

3.1.4. Storage period

For security reasons (e.g., for clarifying misuse or acts of fraud), information in the log files is stored for a maximum of fourteen days and is then erased. Data that must be stored for longer for evidence purposes is exempted from erasure until the incident in question has been definitively resolved.

 

3.1.5. Options for objecting and erasure of data

For technical reasons, the collection of data for the purpose of providing the services and its subsequent storage in log files is essential for the operation of the services. Consequently, the user does not have the option to object.

 

3.2. Contact form and e-mail contact

3.2.1. Scope of data processing

We process the following data when you use the contact forms: first name, surname, company, street, house number, postcode, town/city, country, e-mail address and the message you sent.

 

Alternatively, depending on the issue, you can contact us using the e-mail addresses we have provided. In this case, the sender's personal data transmitted in the e-mail will be processed.

 

No data is disclosed to third parties in this context. The data is solely used to process the conversation and resolve the issue.

 

3.2.2. Purpose of data processing

The personal data from the input screen is processed so that we can make contact with you. This also constitutes the necessary legitimate interest in processing the data in the event that we contact you by e-mail. Any other personal data processed when you submit the form (e.g., IP address, date, time, etc.) is used to prevent misuse of the contact form and ensure that our IT systems remain secure.

 

3.2.3. Legal basis for processing

When a user contacts us (using the contact form or by e-mail), their details are processed for the purpose of handling and concluding the contact enquiry in accordance with Article 6(1b) GDPR.

 

3.2.4. Storage period

We erase personal data once it is no longer required to achieve the purpose for which it was collected. For personal data taken from the input screen of the contact form and the data transmitted via e-mail, this is the case if the relevant conversation with the user is terminated. The conversation is ended if it can be inferred from the circumstances that the issue in question or the request for information has been fully resolved.

 

3.2.5. Options for objecting and erasure of data

You have the option of withdrawing your consent to the processing of your personal data at any time.

 

If you contact us by e-mail, you can object to the storage of your personal data at any time. Please note that doing so will naturally mean that our conversation cannot be continued. Please communicate any withdrawal of this nature to dataprotectionofficer@ceratizit.com. All personal data that has been stored in the course of this communication will then be erased.

 

3.3. Cookies

3.3.1. Scope of data processing

Our services are using cookies. Cookies are small text files that are stored on your device when you access our services. Cookies do not harm your device and do not contain any malware, such as viruses. Cookies contain a distinctive string of characters that allows your browser or applications to be uniquely identified when it requests our services again in future. Some elements of our services require the requesting browser or application to be identified after moving to a new page.

 

This does not work by association with you personally, but rather by assigning an identification number to the cookie ("cookie ID"). This cookie ID is not linked with your name, IP address or similar data that would enable the cookie to be linked to you.

 

Our services are using transient and persistent cookies.

 

a) Transient cookies are automatically deleted when you close your browser. These primarily include session cookies. These store a session ID, which is used to assign different requests from your browser to the session as a whole. This means that your device can be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

 

b) Persistent cookies are automatically deleted after a specified time period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings for your browser.

 

c) In particular, the following cookies are used: Adobe Analytics, Hotjar, Optin Monster, Facebook Pixel, LinkedIn Insight Tag, YouTube Pixel, Google Analytics, Taboola Germany GmbH., Adobe Marketo Engage, TrustArc   

 

3.3.2. Purpose of data processing

We use cookies in order to design our services in an attractive and user-friendly way, to improve it and to speed up enquiries.

 

Some elements of our services require the requesting browser to be identified after moving to a new page. In these cases, it is necessary for the browser to be recognized after accessing a new page.

 

3.3.3. Legal basis for the data processing

Article 6(1f) GDPR provides the legal basis for the processing of personal data using cookies that are necessary from a technical perspective.

 

3.3.4. Storage period

Session cookies are deleted as soon as the browser is closed.

Persistent cookies are automatically deleted after a specified time period.

 

3.3.5. Options for objecting and erasure of data

To enable you to configure your cookie preferences, we use the cookie management solution of TrustArc Inc, 111 Sutter Street, Suite 600 San Francisco, CA, 94104, USA. You can use this solution to configure your cookie preferences at any time.

 

In addition, almost all internet browsers can be configured to block cookies in their entirety, remove cookies that already exist, warn you about cookies to prevent them from being placed on your device or have them deleted at the end of your browsing session.

 

However, please note that if you block or delete cookies, you may not be able to use of all the features on our services.

 

You can access your personal cookie settings by clicking the link of the same name at the bottom / footer of every page.

 

3.4. Google Analytics

3.4.1. Scope of data processing

We use Google Analytics, which is a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

 

Google analyses your use of our services on our account. We use cookies, in addition to other tools, for this purpose; for an explanation of what cookies are and how to delete them, please refer to the "Cookies" section above.

 

The data collected by Google in this process that concerns your use of our services (e.g., the pages you visit on our website) is transmitted to a Google server in the USA and stored and analyzed there, and the results are made available to us in anonymized form.

 

We use the IP anonymization feature provided by Google. This means that your IP address is truncated prior to processing by Google within member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA, where it is truncated.

 

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

 

3.4.2. Purpose of data processing

Google uses this information on our behalf in order to evaluate use of our services and to compile reports about user activity. This enables us to improve your online experience to and increase the user-friendliness of our digital offerings.

 

3.4.3. Legal basis for processing

For the purposes indicated above, we have a legitimate interest in data processing carried out by Google Analytics. The legal basis in this instance is Article 6(1f) GDPR.

 

3.4.4. Storage period

Sessions and campaigns are ended after a certain period of time has elapsed. By default, sessions are ended after 30 minutes of inactivity and campaigns after six months. The maximum time limit for campaigns is two years.

 

3.4.5. Options for objecting and erasure of data

The IP address relayed by your device is not combined with other Google data. You may prevent the saving of cookies by selecting the appropriate settings in your browser software or configuring them via TrustArc as described above in the "Cookies" section. Furthermore, you can prevent the collection of data generated by the cookie and related to your usage of our services being sent to and processed by Google by downloading and installing Google's browser plug-in: https://tools.google.com/dlpage/gaoptout.

 

If you wish to prevent future collection of your data by Google Analytics when you visit our website via different devices (particularly mobile devices such as smartphones and tablets), you must perform this opt-out on each system you use. https://tools.google.com/dlpage/gaoptout

 

Please note that this opt-out cookie will only prevent web analytics as long as you do not delete it. You can find additional information about Google Analytics in the Google Analytics Terms of Service, Google Analytics data privacy and security information and Google Privacy Policy.

 

3.5. Adobe Analytics

3.5.1. Scope of data processing

Our services use Adobe Analytics, a web analytics service provided by Adobe Systems Software Ireland Limited (“Adobe”).

 

Adobe Analytics uses the local storage and “cookies”, which are text files placed on your device, in order to help to analyze overall traffic patterns throughout our services.

 

When transmitting usage information about our services to Adobe, you IP-address will be anonymized before geo-location and replaced by a generic IP-address before storage.

You may refuse the use of tracking by selecting the appropriate settings on your device. However, please note that if you do, you may not be able to use the full functionality of the website. Furthermore, you can prevent Adobe’s collection and use of data (cookies and IP address) in your browser by downloading and installing the browser plug-in available under http://www.adobe.com/privacy/opt-out.html.

 

3.5.2. Purpose of data processing

Adobe uses this information on our behalf in order to evaluate use of our services and to compile reports about user activity. This enables us to improve your online experience to and increase the user-friendliness of our digital offerings.

 

3.5.3. Legal basis for processing

For the purposes indicated above, we have a legitimate interest in data processing carried out by Adobe Analytics. The legal basis in this instance is Article 6(1f) GDPR.

 

3.5.4. Storage period

Sessions and campaigns are ended after a certain period of time has elapsed. By default, sessions are ended after 30 minutes of inactivity and campaigns after six months. The maximum time limit for campaigns is two years.

 

3.5.5. Options for objecting and erasure of data

Adobe will not associate your IP address with any other data held by Adobe.  You may prevent the saving of cookies by selecting the appropriate settings in your device or, in case of the website configuring them via TrustArc as described above in the "Cookies" section. 

 

3.6. Google Ads 

3.6.1. Scope of data processing

We use Google Ads (formerly Google Adwords) to advertise our products and related services on external platforms by means of advertising materials (Google Ads). These advertising materials are provided by Google via Ad Servers. To this end, we use Ad Server cookies, which enable the measurement of certain parameters for assessing performance, such as advertisement displays or clicks from users. If you reach our services via a Google advertisement, Google Ads saves a cookie on your device. 

 

For information explaining what cookies are and how they can be deleted, see above. These cookies allow Google to recognize your web browser. If a user visits certain pages on the AdWords customer’s website and the cookie saved on their device has not yet expired, Google and the customer will be able to detect that the user clicked on the advert and was redirected to this page. Each AdWords customer is assigned a different cookie. Cookies cannot, therefore, be tracked through AdWords customers’ websites. We do not collect or process any personal data as part of these advertising measures; we solely receive statistical analyses from Google. These analyses enable us to identify which of the advertising measures we use that are most effective. We do not obtain additional data from the use of advertising materials, and in particular we cannot identify users on the basis of this information.

 

Due to the marketing tools used, your browser will automatically establish a direct connection to Google servers. We have no influence on the scope and further use of data collected by Google as a result of the use of this tool, and therefore inform you that, to our current knowledge: The integration of AdWords conversion tracking means that Google is informed that you have requested the corresponding section of our website or clicked on one of our adverts. If you are registered with a Google service, Google can attribute the visit to your account. Even if you are not registered with Google or have not logged in to your Google account, there is a possibility that this provider will discover your IP address and store that information.

 

3.6.2. Purpose of data processing

Data from advertising campaigns enables us to determine the level of success of individual advertising measures. In this context, our interest lies in showing you advertisements that will interest you, in making our services more engaging for you and in calculating advertising costs fairly.

 

3.6.3. Legal basis for processing

This data processing serves our legitimate interest in designing our advertising in a targeted way. The legal basis in this instance is Article 6(1f) GDPR.

 

3.6.4. Storage period

In general, these cookies expire after 30 days and are not used to identify you personally. As a rule, the unique cookie ID, number of advertisement impressions per placement (frequency), latest impression (relevant for post-view conversions) and opt-out information (to indicate that the user does not wish to be targeted any more) are stored as analytical values for this cookie.

 

3.6.5. Options for objecting and erasure of data

You can opt out of this tracking process in various ways:

 

a) By changing your browser's software settings; accordingly, rejecting third-party cookies in particular will result in you not receiving advertisements from third-party providers, 

 

b) By deactivating conversion tracking cookies by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked, https://www.google.com/settings/ads; note that this setting will be reversed if you delete your cookies.

 

c) By deactivating personalized advertising from providers participating in the self-regulatory program “About Ads”, via the link http://www.aboutads.info/choices; note that this setting will be reversed if you delete your cookies.

 

d) By permanently deactivating it in Firefox, Internet Explorer or Google Chrome, using the link https://www.google.co.uk/settings/ads/plugin.

 

You can find further information on data protection at Google here: https://policies.google.com/privacy and https://services.google.com/sitestats/en.html

 

Alternatively, you can visit the Network Advertising Initiative (NAI) website at https://www.networkadvertising.org

 

3.7. Adobe Marketo Engage 

3.7.1. Scope of data processing

We use Adobe Marketo Engage, a marketing automation software from Marketo, an Adobe Company, at 901 Mariner Island Blvd, San Mateo, CA 94404, USA (“Marketo”).

 

Marketo captures your IP address and associates your browser cookie with the e-mail address that you provided to us to record your browsing and buying activities on our websites and apps.

 

The information generated by these cookies will be securely transmitted to a Marketo server (generally sited in the EU/EEA) and stored there. In the case of data transfers to the USA, Marketo undertakes to comply with a data protection standard comparable to the European standard based on standard contractual clauses of the European commission.

 

Tracking will not be performed to personally identify you without your separate consent.

 

3.7.2. Purpose of data processing

The processing of the data mentioned above is for the purpose of optimizing our services and products, conduct e-mail marketing and sales activities and improve your web experience and email activity with more segmented, targeted, and relevant information.

 

3.7.3. Legal basis for processing

This data processing serves our legitimate interest in designing our advertising in a targeted way. The legal basis in this instance is Article 6(1f) GDPR.

 

3.7.4. Storage period

Generally, Marketo stores certain high activity data for 90 days and other lead activity data for 25 months. More about Marketo's data retention policy here: https://nation.marketo.com/t5/knowledgebase/marketo-activities-data-retention-policy-under-the-hood/ta-p/251191

 

3.7.5. Options for objecting and erasure of data

You may prevent the saving of cookies by selecting the appropriate settings in your browser software or configuring them via TrustArc as described above in the "Cookies" section.

 

For more information about Marketo's privacy and cookie policies, please read Marketo’s privacy policy.

 

3.8. LinkedIn Insight Tag 

3.8.1. Scope of data processing

We use the LinkedIn Insight Conversion Tool of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, which enables us to receive information on the use of our services and offer you advertising content matched to your interests from other websites.

 

3.8.2. Purpose of data processing

LinkedIn uses these data to create anonymous reports for us on advertising activities and information on how you interact with our digital services.

 

3.8.3. Legal basis for processing

This data processing serves our legitimate interest in designing and optimizing our advertising in a targeted way. The legal basis in this instance is Article 6(1f) GDPR.

 

3.8.4. Storage period

For this a cookie with a 120-day term is set in your browser which enables LinkedIn to recognize you when you visit a website.

 

3.8.5. Options for objecting and erasure of data

You can deactivate the LinkedIn Insight Conversion Tool and interest-based advertising by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

 

If you are a LinkedIn member, click on the field "Decline on LinkedIn". Other visitors click on "Decline".

 

On our websites or apps, you can prevent the saving of cookies by LinkedIn via the TrustArc Cookie Settings on the bottom of each page.

 

You can find further information on data protection at LinkedIn here: https://www.linkedin.com/legal/privacy-policy#choices-oblig

 

3.9 TrustArc

3.9.1. Scope of data processing

We use the TrustArc Cookie Preference Manager from TrustArc Inc, 835 Market Street, Suite 800, San Francisco, CA, USA, (TrustArc) on our websites and apps. The purpose is to enable you to manage your personal cookie preferences in an intuitive and user-friendly way.

 

3.9.2. Purpose of data processing

The TrustArc Cookie Preference Manager enables you to manage and save cookie preference settings for our services according to your wishes. For this purpose, you will be asked for your cookie preferences when you visit our websites or apps for the first time and can agree to the use of cookies or reject them.

 

Your IP address is used so that the Cookie Preference Manager can process your cookie preferences accordingly. When using mobile devices (e.g., smartphone), the advertising identifier stored there is used.

 

3.9.3. Legal basis for processing

To protect our legitimate interests pursuant Article 6(1f) GDPR. Our legitimate interest here is to take your cookie preference requests into account when providing our services, thereby ensuring the protection of your privacy and personal data as you choose, and to ensure the proper operation of the website, in particular to implement appropriate technical and organizational measures and to fulfil a legal obligation to which we are subject, Article 6(1c) GDPR.

 

As a basis for data processing, TrustArc uses so-called standard contractual clauses (pursuant to Article 46 (2) and (3) GDPR), which ensure that data processing complies with European standards even without an adequacy decision.

 

3.9.4. Storage period

TrustArc stores your cookie preferences for a maximum of 3 months or until you delete your internet browsing history. TrustArc cookies are classified as required cookies.

 

3.9.5. Options for objecting and erasure of data

If you delete your Internet browsing history, all cookies (including opt-out cookies) will be deleted. In this case, you will be asked again for your cookie preferences when you visit our services again.

For detailed information about TrustArc's data processing privacy policy, please visit: https://trustarc.com/privacy/.

 

3.10 Hotjar

3.10.1. Scope of data processing

On our websites we use Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe.

 

Using the Hotjar tool we analyze your user behavior on our services. It gives us the possibility to record, among other things, your mouse movements, scrolling movements and clicks.

 

Hotjar is able to create so-called heatmaps by tracking for how long your mouse pointer has been staying on the same spot. This information enables us to determine which areas of our website are of particular interest for you. Furthermore, we can determine for how long you stayed on a page and when you left it.

 

3.10.2. Purpose of data processing

The purpose of using Hotjar is analyzing user behavior on our websites by utilizing technologies that enable the recognition of the user (e.g., cookies or use of device fingerprinting).

 

3.10.3. Legal basis for processing

This data processing serves our legitimate interest in optimizing user experience on our websites as well as designing our advertising in a targeted way. The legal basis in this instance is Article 6(1f) GDPR.

 

3.10.4. Storage period

Your activity data is retained for 365 days from the day of capture.

 

3.10.5. Options for objecting and erasure of data

You may prevent the data collection by Hotjar by selecting the appropriate settings in your browser software or by configuring them via TrustArc as described above in the "Cookies" section. Furthermore, you can prevent Hotjar’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://www.hotjar.com/opt-out.

 

On our website you can prevent the saving of cookies by Hotjar via the TrustArc Cookie Settings accessible from on the bottom navigations of each page.

 

Find more information about Hotjar and the data it collects in Hotjar’s privacy policy: https://www.hotjar.com/privacy

 

3.11 Meta Pixel

3.11.1. Scope of data processing

To measure conversion rates, we use the visitor activity pixel of Meta on our websites. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta’s statement the collected data will be transferred to the USA and other third-party countries too.

 

3.11.2. Purpose of data processing

Meta uses these data to create anonymous reports for us on the effectiveness of our advertising activities as well as to provide information on how you interact with our advertising campaigns on Facebook and our website.

 

3.11.3. Legal basis for processing

This data processing serves our legitimate interest in designing and optimizing our advertising in a targeted way. The legal basis in this instance is Article 6(1f) GDPR.

 

In the case of data transfers to the USA, Meta undertakes to comply with a data protection standard comparable to the European standard based on standard contractual clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum

 

We as the operators of this website the identity cannot draw any conclusions about the identity of our users since this information is anonymized for us. The data is also archived and processed by Meta enabling the company to make a connection to respective user profiles and to then use the information for its own promotional purposes in compliance with the Meta data usage policy: https://www.facebook.com/privacy/policy

 

If personal data is collected on our website with the help of the Meta Pixel and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Article 26 GDPR). On our side this responsibility applies to the collection of data and its forwarding to Meta only. The processing of data at Meta is excluded from that responsibility.

 

Further information can be found here: https://www.facebook.com/legal/controller_addendum

 

3.12. Taboola 

3.12.1. Scope of data processing

On our website we use cookies from Taboola to provide visitors to our website with targeted advertising by displaying individualized ads for them.  The provider is Taboola Germany GmbH, Alt-Moabit 2, 10557 Berlin.

 

3.12.2. Purpose of data processing

The purpose of this data processing is to utilize targeted advertising and measuring its effectiveness.

 

3.12.3. Legal basis for processing

This data processing serves our legitimate interest in optimizing user experience on our websites as well as designing our advertising in a targeted way. The legal basis in this instance is Article 6(1f) GDPR. No personal data is stored in the case of retargeting or conversion tracking.

 

3.12.4. Storage period

Taboola stores your cookie preferences for a maximum of 13 months or until you delete your internet browsing history.

 

3.12.5. Options for objecting and erasure of data

On our website, you can prevent the saving of cookies by Taboola via the TrustArc Cookie Settings accessible from on the bottom navigations of each page.

 

The privacy policy of the data processor and to obtain further information, you will find here: https://www.taboola.com/policies/privacy-policy

 

4. Data security

We take technical, organizational, and contractual measures to safeguard the security of data processing in accordance with the state of the art. In doing so, we ensure that the provisions of data protection law, and the General Data Protection Regulation in particular, are complied with and that the data we process is protected against destruction, loss, modification and unauthorized access. These security measures include the encrypted transmission of data between your browser and our servers. Please note that SSL encryption for online data transfers is only active if the padlock symbol appears in the lower menu bar of your browser window and the address begins with "https://". SSL (Secure Socket Layer) protects data transmission against illegal access by third parties using encryption technology. If this option is not available, you may also decide not to send certain data via the Internet.

 

All information that you send to us is stored and processed on our servers in the European Union.

 

5. Disclosure of data to third parties and third-party providers

Data is only transferred to third parties in accordance with the statutory requirements. We only disclose user data to third parties if, for example, this is necessary for contractual purposes, on the basis of Article 6(1b) GDPR, or due to our legitimate interests, in accordance with Article 6(1f) GDPR, in the profitable and efficient operation of our business activities.

 

In the context of commissioned data processing in accordance with Article 28 GDPR, we engage sub-contractors for the provision of our services, in particular for the operation, maintenance and hosting of our websites and apps. We have taken suitable legal precautions and appropriate technical and organizational measures in order to provide protection for personal data in accordance with the applicable statutory provisions.

 

6. External services and content 

We use external services and content. We do so on the grounds of our legitimate interests in the analysis, optimization, and profitable operation of our online content within the meaning of Article 6(1f) GDPR.

 

Where such a service is used or third-party content is displayed, communication data such as the date, time and IP address is exchanged for technical reasons between your browser and the provider in question. This includes your IP address in particular, which is required to display content in your browser.

 

It may be the case that the provider of the services or content in question processes your data for further internal purposes. Given that we have no influence on the data collected by third parties and its subsequent processing, we are unable to provide binding information about the purpose and scope of the processing of your data.

 

Therefore, for additional information about the purpose and scope of the collection and processing of your data, please refer to the data protection information supplied by the provider of the services or content that are/is integrated by us who has responsibility under data protection law.

 

The following list provides an overview of third-party providers, their content and links to their respective privacy policies, which contain further information on the processing of data and your options for objecting.

 

6.1 YouTube

6.1.1. Scope of data processing

Occasionally, we are using embedded videos from the YouTube video platform. The operator of the respective plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter ‘YouTube’). YouTube, LLC is a subsidiary of Google LLC, 1600 Amphitheater Pkwy, Mountain View, CA 94043, USA.

 

The YouTube videos are embedded using its ‘privacy enhanced mode’. By using this mode, YouTube will not set cookies on your device until you press play on the YouTube video player. Please see https://support.google.com/youtube/answer/171780 for more information regarding YouTube’s privacy enhanced mode.

 

6.1.2. Purpose of data processing

We use YouTube to be able to embed videos. Further we use anonymous reports created by YouTube to analyze advertising activities as well as how you interact with our videos.

 

6.1.3. Legal basis for processing

For the purposes indicated above, we have a legitimate interest in data processing carried out by Google. The legal basis in this instance is Article 6(1f) GDPR.

 

If a corresponding agreement has been requested, the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR. The agreement can be revoked at any time.

 

For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy

 

6.1.4. Storage Period

Activity data will be stores from 3 months up to 18 months based on your selection in your Google account. The storage period for cookies ranges from 2 years up to unlimited. However, data can be specifically deleted at any time.

 

For details see: https://policies.google.com/technologies/retention

 

6.1.5. Options for objecting and erasure of data

You can manually delete data in your Google account. If you do not have a Google account, you can delete cookies saved by Google or prevent the automatic placement of cookies in the settings of your web browser.

 

Further information on how YouTube handles user data can be found at: 

https://policies.google.com/privacy.

 

6.2 Google reCAPTCHA

6.2.1. Scope of data processing

The online forms on our websites and apps use the “Google reCAPTCHA” service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

 

6.2.2. Purpose of data processing

The purpose of this data processing is to protect our services against fraud and abuse by determining whether data entered (e.g., information entered into a contact form) is being provided by a human user or by an automated program. 

 

6.2.3. Legal basis for processing

We have a legitimate interest in the protection of our services against abusive automated spying and against SPAM. Data are stored and analyzed on the basis of Art. 6(1f) GDPR. If a corresponding agreement has been requested, the processing takes place exclusively on the basis of Art. 6(1a) GDPR. The agreement can be revoked at any time.

 

6.2.4. Storage Period

The storage period is 30 days for cookies, and between 9 and 18 months for log files.

 

6.2.5. Options for objecting and erasure of data

To avoid the transmission of data about you and your behavior to Google, you have to log out of Google entirely and in addition delete all Google cookies before you visit our website or use the reCAPTCHA software. As soon as you visit our website, data is transmitted to Google automatically. To delete this data, you have must contact Google support at https://support.google.com. By using our website, you agree that Google LLC and its vicarious agents automatically collect, process and use data.

 

For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy

 

6.3 Google Maps

6.3.1. Scope of data processing

On our websites we are using the Google Maps mapping service. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

 

6.3.2. Purpose of data processing

By embedding Google Maps into our websites, we are able to display our international locations on an interactive map.

 

6.3.3. Legal basis for processing

For the purposes indicated above, we have a legitimate interest in data processing carried out by Google. The legal basis in this instance is Article 6(1f) GDPR.

 

To provide full Google Maps functionality, Google has to collect and store your data. According to our knowledge this includes, among others, date and time, URL of the webpage visited, search terms and your IP address as well as geolocation data.

 

In the case of data transfers to the USA, Google undertakes to comply with a data protection standard comparable to the European standard based on standard contractual clauses (SCC) of the European Commission. 

 

Details can be found here:

https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

 

6.3.4. Storage Period

The information collected via the Google functions is stored between 3 and 18 months and deleted regularly.

 

You can prevent the storage of cookies by making the appropriate setting in your browser.

 

6.3.5. Options for objecting and erasure of data

If you do not wish Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you will not be able to use the map display or certain parts of our website.

 

By using our website, you consent to the processing of data about you by Google Maps.

For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy

 

6.4 Google Web Fonts

Our services are using Google Web Fonts to ensure a uniform use of fonts. We are using Google Fonts in a locally installed way so no connection to Google’s servers has to be established to load and display them.

 

For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy

 

7. Job Applications

7.1. Scope of data processing

On our websites we offer our visitors the possibility to submit job applications to us via an embedded Haufe-Umantis online job application form. The provider is Haufe-Lexware GmbH & Co. KG, A Haufe Group company, Munzinger Straße 9., 79111 Freiburg (Germany)

 

7.2. Purpose of data processing

We will process your personal data for the following purposes:

 

  • Processing applications
  • Carrying out the application process
  • Assertion, exercise, or defense of legal claims

 

7.3. Legal basis for processing

We process your personal data on the basis of our overriding legitimate interest pursuant to Article 6(1f) of the General Data Protection Regulation ("GDPR"), which is to ensure an efficient application process and optimal staffing. Furthermore, we process your personal data insofar as this is necessary to fulfil legal obligations to which we are subject Article 6 (1c) GDPR.

 

There is no obligation to provide us with the personal data we ask you to provide. However, it will not be possible to carry out the application process if you do not provide your personal data. Should the provision of your data be legally obligatory in some cases, we will inform you of this separately.

 

7.4 Storage period, objection, and erasure of data

We store your personal data either for the duration of the application process or until you withdraw your consent (in the event that you have given your consent for us to keep a record of your application).

 

Irrespective of this, we store your data for as long as statutory retention obligations exist or any legal claims for the assertion of which or against the defense of which the personal data are required have not yet lapsed.

 

8. Your rights

If we process personal data that concerns you, this means that you are a data subject as defined in the General Data Protection Regulation (GDPR), and that you have the following rights regarding us in relation to the personal data in question:

 

  • Right of access (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object to processing (Article 21 GDPR)

 

You also have the right to lodge a complaint regarding our processing of your personal data with a data protection supervisory authority.

 

9. Links to other websites

Our services may contain links to other websites and their professional content. These other websites are not controlled by us. You visit these websites at your own risk. CERATIZIT cannot assume responsibility or liability for such other websites and their content, which it hereby excludes, nor for their data protection practices, which it does not certify. We recommend that you familiarize yourself with the privacy policies of these other websites before providing them with information about yourself or carrying out transactions with them.

 

10. Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy in order to update it in line with altered legal situations or in the event of changes to the services or data processing. However, this only applies with regard to clarifications relating to data processing. Where consent is required from the user or elements of this Privacy Policy contain provisions concerning the contractual relationship with the user, these changes will only be made with the user's consent.

 

Please familiarize yourself with the contents of this Privacy Policy on a regular basis.