Jump to the content of the page

Information on data protection

In this data privacy policy, we inform you about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). ZwickRoell GmbH & Co. KG (hereinafter referred to as “we” or “us”) is responsible for data processing.

I. General information

1. Contact

If you have questions or suggestions in relation to this information or if you want to contact us regarding the assertion of your rights, please send your inquiry to

ZwickRoell GmbH & Co. KG
August-Nagel-Strasse 11

89079 Ulm
Germany
Tel.: +49 7305 10 -0
Email: info@zwickroell.com

2. Legal bases

The term “personal data” in data protection law designates all information in relation to an identified or identifiable natural person. We process personal data in compliance with the relevant data protection regulations, especially GDPR and BDSG. Data processing by us takes place only on the basis of a legal permission. We process personal data only with your consent (Section 15 (3) of the German Telemedia Act (TMG) or Article 6 (1) (a) GDPR) to perform a contract in which you are the contracting party, or on your request for the implementation of precontractual measures (Article 6 (1) (b) GDPR), for compliance with a legal obligation (Article 6 (1) (c) GDPR), or if the processing is necessary for the purposes of protecting our legitimate interests or the legitimate interests of a third party, provided that your interests or fundamental rights and freedoms that require the protection of personal data are not overriding (Article 6 (1) (f) GDPR).

3. Duration of storage

Unless stated otherwise below, we store the data only for so long as this is necessary to achieve the processing purpose or for the fulfillment of our contractual or statutory obligations. Such statutory retention obligations may arise in particular from regulations under commercial or tax law. As of the end of the calendar year in which the data was collected, we will retain such personal data that is contained in our accounting data for ten years and will retain personal data contained in commercial correspondence and contracts for six years. Otherwise, we will retain data in connection with consents for which proof must be provided and in connection with complaints and receivables claims for the duration of the statutory limitation periods. We will erase data stored for advertising purposes if you object to processing for this purpose.

4. Categories of data recipients

In principle, we will not pass your personal data on to third parties, unless you have consented to the forwarding of the data or we are entitled or obliged to pass on the data based on statutory provisions or administrative or judicial orders. This can refer here, in particular, to issuing information for the purpose of criminal prosecution, for averting of a danger or for the enforcement of intellectual property rights.

We engage processors for processing your data. The processing processes executed by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, purchase order processing, accounting and payroll, marketing measures or the destruction of records and durable media. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller responsible for data processing. Processors do not use the data for their own purposes but, instead, carry out the data processing exclusively for the processor and are contractually obliged to ensure suitable technical and organizational measures for data protection. Otherwise, we may, if necessary, transmit your personal data to bodies such as postal and delivery services, our company’s main bank, tax consultants/auditors or fiscal authorities. Further recipients may, if applicable, arise from the information below.

5. Data transfer to third countries

Visiting our website may be connected with the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate data protection level is in place in such a third country. In the absence of an adequacy decision by the European Commission, a transfer of personal data to a third country shall only take place if suitable guarantees in accordance with Article 46 GDPR are provided or if one of the conditions of Article 49 GDPR is met.

Unless stated otherwise below, we use the EU standard contractual clauses as suitable guarantees for the transfer of personal data to processors in third countries: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32010D0087E.

If we obtain your consent for the transfer of personal data to third countries, the transfer takes place on the legal basis of Article 49 (1) (a) GDPR.

6. Processing when you exercise your rights

If you exercise your rights pursuant to Articles 15 to 22 GDPR, we process the transferred personal data for the purpose of implementing these rights and in order to be able to provide proof of this. With regard to data stored for the provision of information and preparation for this, we shall only process this data for this purpose as well as for the purposes of data protection monitoring and shall otherwise restrict the processing in accordance with Article 18 GDPR.

This processing relies on the legal basis of Article 6 (1) (c) GDPR in conjunction with Articles 15 to 22 GDPR and Section 34 (2) BDSG.

7. Your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights in this regard:

  • In accordance with Article 15 GDPR and Section 34 BDSG, you have the right to request information on whether or not we are processing your personal data and, if yes, to what extent.
  • In accordance with Article 16 GDPR, you have the right to demand that we rectify your data.
  • In accordance with Article 17 GDPR and Section 35 BDSG, you have the right to demand that we erase your personal data.
  • In accordance with Article 18 GDPR, you have the right to have the processing of your personal data restricted.
  • In accordance with Article 20 GDPR, you have the right to receive the personal data concerning you, which you provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller.
  • If you have given us specific consent for data processing, you can withdraw this consent at any time in accordance with Article 7 (3) GDPR. The legality of the processing that took place up to the time of the revocation on the basis of the consent shall remain unaffected by such revocation.
  • If you are of the view that a processing of personal data concerning you breaches the provisions of the GDPR, you have the right in accordance with Article 77 GDPR to complain to a supervisory authority.

8. Right to object

In accordance with Article 21 (1) GDPR, you have the right to object, on grounds relating to your particular situation, to processing that relies on the legal basis of Article 6 (1) (e) or (f) GDPR. If we process personal data concerning you for the purpose of direct advertising, you can object to this processing pursuant to Article 21 (2) and (3) GDPR.

9. Data protection officer

You can reach our data protection officer using the following contact details:

ZwickRoell GmbH & Co. KG
Attn: Mr. Jörg Zimmerman
August-Nagel-Strasse 11
89079 Ulm
Germany
Email: datenschutz@zwickroell.com

II. Data processing on our website

When you use this website, we record information that you yourself provide. Furthermore, while you are visiting the website, we automatically record certain information on your use of the website. Under data protection law, the IP address is also deemed to be a piece of personal data. An IP address is assigned by the Internet service provider to each device connected to the Internet so that the device can send and receive data.

1. Processing of server log files

When our website is used for purely informational purposes, general information that your browser transmits to our servers is initially stored in an automated manner (i.e. not via a registration). This includes the following information as standard: browser type/version, operating system used, page called, the referrer URL, IP address, date and time of the server request and HTTP status code. The processing takes place to protect our legitimate interests and relies on the legal basis of Article 6 (1) (f) GDPR. This processing is carried out for the technical administration and security of the website. The stored data is erased after seven days if no justified suspicion of unlawful use exists based on specific indications and no further examination and processing of the information for this reason is required. The stored information does not enable us to identify you as a data subject. Articles 15 to 22 GDPR therefore do not apply pursuant to Article 11 (2) GDPR, unless you provide additional information for the exercise of your rights laid down in these articles, thus allowing you to be identified.

2. Cookies 

We use cookies and similar technologies (“cookies”) on our website. Cookies are small text files that your browser stores when you visit a website. They identify the browser you are using and can be recognized by web servers. Through your browser, you have full control over the use of cookies. You can delete the cookies in your browser security settings at any given time. In your browser settings, you can reject the use of cookies altogether or block them for certain cases. Further information on this is provided by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik):
https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html

The use of cookies is, to some extent, necessary for technical reasons for the operation of our website and is therefore permissible without the user’s consent. Furthermore, we might use cookies to provide certain functions and content, as well as for analysis and marketing purposes. These may also include third-party cookies. Regarding such cookies that are not necessary for technical reasons, we only use them with your consent pursuant to Section 15 (3) TMG or Article 6 (1) (a) GDPR.
Information on the storage period for single cookies is available here.

3. Consent Management Tool

The Consent Management Tool enables users of our website to consent to certain data processing processes, to withdraw consent that has been given, or to object to data processing. Furthermore, the Consent Management Tool supports us in being able to provide proof of your declarations. For this, log data on your declarations is processed. The processing of this data is necessary so as to be able to provide proof of consent given. The legal basis is Article 6 (1) (c) GDPR in conjunction with Article 7 (1) GDPR. Further information can be found in the settings for the Consent Management Tool.

4. Ways to contact us and inquiries

There are several places on our website where you can contact us directly. Our website contains contact forms for this purpose, and you can use these to send us messages. When you contact us in this way, your data is transferred in encrypted format (which you can tell from the “https” in your browser’s address bar). All data fields indicated as mandatory are required in order for your request to be processed. If you do not fill in these fields, we will be unable to process your request. The provision of further data is voluntary. Alternatively, you can also send us a message using the contact email address.
We process the data for the purpose of replying to your inquiry. If your inquiry is aimed at the conclusion or performance of a contract with us, Article 6 (1) (b) GDPR is the legal basis for the data processing. Otherwise, we process the data on the basis of our legitimate interest to contact persons making an inquiry. The legal basis for the data processing is then Article 6 (1) (f) GDPR.

5. Customer portal

In the event that you want to use the ZwickRoell customer portal, we will also need your email address for verification purposes during activation. We then send an opt-in email to the email address provided to us, which contains a confirmation link. You will find further information in the Terms of Use.
The data provided is processed for the purpose of providing a service. The processing relies on the legal basis of Article 6 (1) (b) GDPR.

6. Newsletter

Subscribing and unsubscribing:
On our website, you have the option to subscribe to our newsletter. Once you subscribe, you will receive up-to-date news on our offers on a regular basis. A valid email address is required to subscribe to the newsletter. For verification of the email address, you will firstly receive a registration email that you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your email address and your name on the basis of the consent that you gave. The processing relies on the legal basis of Article 6 (1) (a) GDPR. You can withdraw consent at any time with effect for the future, for example via the “Unsubscribe” link in the newsletter or by contacting us via the aforementioned channels. The legality of the data processing processes that have already taken place shall remain unaffected by the withdrawal.

When you subscribe to the newsletter, we store your registration data and the registration date. The processing of this data is necessary so as to be able to provide proof of consent given. The legal basis is our legal obligation to document your consent (Article 6 (1) (c) GDPR in conjunction with Article 7 (1) GDPR).

Analysis
Our newsletter uses what are called web beacons or tracking pixels to analyze your reading behavior. Tracking pixels are small image files that are integrated into the newsletter email, thus allowing a log file to be recorded and analyzed.

When you open the newsletter email, the tracking pixel from the server hosting the newsletter service is loaded and some information about you is transmitted at the same time, e.g. whether the email was opened, the time it was called and the associated IP address. In addition, links in the email can provide information on which products are more interesting – that is, which ones are clicked more frequently than others.

Both the respective web beacon/tracking pixel as well as the links in the email can be uniquely assigned to the email address used to send the newsletter, which means that the respective newsletter recipient can therefore be inferred.

This analysis takes place on the basis of the consent that you have given. The processing relies on the legal basis of Article 6 (1) (a) GDPR. You can withdraw consent at any time with effect for the future, for example via the “Unsubscribe” link in the newsletter or by contacting us via the aforementioned channels. The legality of the data processing processes that have already taken place shall remain unaffected by the withdrawal.

Service provider
We use an external service provider, which enables us to provide you with up-to-date information and offers and simplifies newsletter administration for us.

For subscriber management, newsletter distribution and analysis, we use the “HubSpot” service provided by HubSpot Germany GmbH (Germany). We therefore pass your e-mail address on to HubSpot. Data processing takes place on our behalf, with its legal basis being Article 6 (f) GDPR; it serves our legitimate interest in connection with the optimization and economic distribution of our newsletter. 

With HubSpot services, the transfer of data to HubSpot Inc. in the USA cannot be ruled out. Please refer to the information in the section entitled “Data transfer to third countries”.

For some newsletters, we also use the “Evalanche Marketing Automation” service provided by SCNetworks GmbH (Germany). We therefore pass your e-mail address on to SCNetworks. Data processing takes place on our behalf, with its legal basis being Article 6 (f) GDPR; it serves our legitimate interest in connection with the optimization and economic distribution of our newsletter.

7. Adobe Fonts 

On our website, we use Adobe Fonts from Adobe Systems Software Ireland Limited (Ireland/EU) for the uniform display of fonts. When you call a page, your browser loads the required web fonts into the browser cache so as to display texts and fonts correctly. For technical reasons, it is necessary to process your IP address for such an integration so that the content can be sent to your browser. Your IP address is therefore transmitted to Adobe. For legal reasons related to licensing, it is necessary to count the page visits, which is why your browser transmits our Adobe customer ID as website operator, among other information. No cookies are set during this process. You can object to this data processing at any time via the settings in the browser that you are using or via certain browser extensions. One such extension, for example, is the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may lead to functional restrictions on the website. If your browser does not support web fonts, a default font from your computer will be used.

This data processing takes place to protect our legitimate interests of having a uniform and appealing display of our website and relies on the legal basis of Article 6 (1) (f) GDPR.

When using Adobe services, transfer of data to Adobe Inc. in the USA cannot be excluded. Please refer to the information in the section entitled “Data transfer to third countries.” Users can find further information on data protection at Adobe in Adobe’s data privacy policy available at https://www.adobe.com/de/privacy/policies/adobe-fonts.html

8. Google Tag Manager

We use Google Tag Manager from the provider Google Ireland Limited (Ireland/EU) on our website.

Google Tag Manager is used for the purpose of being able to manage our website tags via a single interface. Google Tag Manager is a domain without cookies that does not record or store any personal data. Google Tag Manager is used only to trigger other tags, which in turn record data under certain circumstances. Google Tag Manager itself does not access this data. If a deactivation took place at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

9. Google Analytics

We use the Google Analytics service from the provider Google Ireland Limited (Ireland/EU) on our website.

Google Analytics is a web analysis service that enables us to collect and analyze data on the behavior of visitors to our website. Google Analytics uses cookies for this, enabling the usage of our website to be analyzed. In this process, personal data in the form of online IDs (including cookie IDs), IP addresses, device IDs and information on the interaction with our website is processed.

To some extent, this data comprises information that is saved in the end device that you are using. Furthermore, the cookies used also store further information on the end device that you are using. Such storage of information by Google Analytics or access to information that is already stored on your end device only takes place with your consent.

Google Ireland processes the data collected in this way on our behalf to analyze usage of our website by users, to compile reports on activities within our website and to provide us with other services related to the usage of our website and to Internet usage. Pseudonymous user profiles of users may be created from the processed data.
We only use Google Analytics when IP anonymization is activated. This means that, within member states of the European Union or in other countries that are signatories to the Agreement on the European Economic Area, Google Ireland truncates the user’s IP address on this website. The IP address transmitted by the user’s browser is not combined with other data.

We use the Google Universal Analytics variant. This allows us to assign a unique user ID to interaction data from various devices and from different sessions. By doing this, we can place individual user actions in context and analyze long-term relationships.
The data on user actions is stored for a period of 14 months and is then automatically erased. Data for which the storage period has expired is automatically erased once per month.

The setting of cookies and the further processing of personal data as described here takes place with your consent. The legal basis for the data processing is therefore Article 6 (1) (a) GDPR.

When using Google services, transfer of data to Google Inc. in the USA cannot be excluded. Please refer to the information in the section entitled “Data transfer to third countries.” Users can find further information on data protection at Google in Google’s data privacy policy available at: https://www.google.com/policies/privacy.

HubSpot Analytics 

To analyze the visits to our website, we use HubSpot, a service provided by HubSpot Germany GmbH (Germany). HubSpot uses cookies and other similar technologies that facilitate an analysis of how you use our website. In this process, personal data in the form of online IDs (including cookie IDs), IP addresses and device IDs is processed. On our behalf, HubSpot will use this information to analyze how users use our online presence and to compile reports for us about activities within our website. User profiles of the users may be created from the processed data.

Further information about this data processing activity, the technologies used, the data saved and the time period that it is saved for can be found in the settings of our Consent Management Tool.
The setting of cookies and the further processing of personal data as described here only takes place with your consent. The legal basis for data processing in connection with the HubSpot service is thus Section 15 (3) of the German Telemedia Act (TMG) or Article 6 (1), (a) GDPR. 

With HubSpot services, the transfer of data to HubSpot Inc. in the USA cannot be ruled out. Please refer to the information in the section entitled “Data transfer to third countries”.

10. Matomo

Our accessories catalog https://parts.zwickroell.com uses Matomo.

Matomo is open-source software for website optimization that uses cookies to anonymously analyze access by website visitors. In this process, the IP address is anonymized immediately after it has been processed and before it is stored. Further processing of personal data therefore does not take place when using Matomo. The information on your usage of this offering that is generated by the cookies is not used for person-related analysis or profiling and is also not passed on to third parties. This data processing takes place to protect our legitimate interest in reach measurement and the statistical analysis of our website.

The setting of cookies and the further processing of personal data as described here takes place with your consent. The legal basis for the data processing is therefore Article 6 (1) (a) GDPR.

11. Hotjar

We use the Hotjar service from the provider Hotjar Ltd. (Malta/EU) on our website.

Using Hotjar, we can perform an analysis of your movements on our website with the aid of “heatmaps”. We can therefore see how far users scroll and which buttons the users click on most often. In addition, it is also possible to use the tool to obtain feedback directly from the website users. In this way, we obtain valuable information for making our website faster and more user-friendly.

Using Hotjar, we can now track which buttons were clicked, the mouse movements, how far the user scrolled, the screen size of the device, the device type and browser information. In addition, we receive information on your geographical location (country) and the preferred language for displaying our website. Areas of the website in which your personal data or that of third parties is displayed are automatically hidden by Hotjar and therefore cannot be traced by the tool at any time.

Hotjar works with cookies and other technologies to collect data about the behavior of our users and about their end devices, especially the IP address of the device (this is recorded and stored in an anonymized form only while you are using the website), screen size, device type (unique device identifiers), information on the browser used, location (country only), preferred language for viewing our website.

The setting of cookies and the further processing of personal data as described here takes place with your consent. The legal basis for the data processing is therefore Article 6 (1) (a) GDPR.

Further information on the Hotjar service and on Hotjar data privacy is available on Hotjar’s Help page at https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar.

12. LeadLab

We use the LeadLab service from the provider WiredMinds GmbH (Germany/EU) on our website.

LeadLab helps us recognize which companies are visiting our website. Their respective IP addresses are transferred to WiredMinds for this purpose. Processing takes place on our behalf and exclusively for the purpose of collecting company-relevant information such as the company name. IP addresses of natural persons are excluded from further use (whitelisting). The IP address is never stored in LeadLab.

When processing the data, it is our particular interest to safeguard the privacy rights of natural persons. Our interest is based on Article 6 (1) (f) GDPR. The data we collect never allows conclusions to be drawn regarding an identifiable person. LeadLab provides us with anonymous user profiles regarding the behavior of visitors to our website. The data that is gained is not used to identify persons visiting our website. You can object to the processing at any time. In this case, a technically necessary cookie will be set to permanently prevent LeadLab from recording your visits to this website.

13. Google Ads

We use the Google marketing services of Google Ireland Limited (Ireland/EU).

By using Google Ads Conversions, we can place relevant ads for users in the Google advertising network (e.g. in search results or on other websites), improve reports on campaign performance, and avoid ads being run several times for a user. Each Ads customer sets a different conversion cookie. These cookies therefore cannot be tracked across websites of different Ads customers. A cookie ID records which ads are run in which browser. This means that it is possible to prevent the same campaign from being displayed several times. In addition, cookie IDs can be used to record what are known as conversions, i.e. whether or not a user sees an ad and later visits the website of the advertiser and purchases something there.

Remarketing allows us to connect with users who have already interacted with our website. Our ads are run if this target group visits a Google website or a website in the Google advertising network. For this purpose, Google executes a code when our website is called, and what are know as (re)marketing tabs are integrated into the website. An individual cookie is saved on the user’s device with the aid of these tags. The cookies can be set by various domains, including google.com, doubleclick.net, googlesyndication.com or googleadservices.com. A note of which websites users visited, what content they are interested in and which offers were availed of is kept in this file. In addition, technical information on the browser and the operating system, referring websites, visit time, as well as other details on usage of our online offering, are saved. All user data is only processed as pseudonymized data and does not contain any information that we can use to personally identify users. The ads displayed are therefore not displayed specifically for a person, but rather for the cookie owner.

The use of Google Marketing Services takes place only with your consent pursuant to Section 15 (3) TMG or Article 6 (1) (a) GDPR.
When using Google services, transfer of data to Google Inc. in the USA cannot be excluded. Please refer to the information in the section entitled “Data transfer to third countries.” Users can find further information on data protection at Google in Google’s data privacy policy available at https://www.google.com/policies/privacy.

14. Google Maps

On our website, we use Google Maps from Google Ireland Limited (Ireland/EU) to display country maps and for virtual tours. For technical reasons, it is necessary to process your IP address for such an integration so that the content can be sent to your browser. Your IP address is therefore transmitted to Google, and Google may possibly set its own cookies.

The use of Google Maps takes place only with your consent pursuant to Article 6 (1) (a) GDPR.

When using Google services, transfer of data to Google Inc. in the USA cannot be excluded. Please also refer to the information in the section entitled “Data transfer to third countries.” You can find further information on data protection at Google in Google’s data privacy policy available at https://www.google.com/policies/privacy.

15. YouTube 

We use the YouTube service of Google Ireland Limited (Ireland/EU) to integrate videos on our website.

For technical reasons, it is necessary to process your IP address for such an integration so that the content can be sent to your browser. Your IP address is therefore transmitted to Google, and Google may possibly set its own cookies. We use YouTube in “privacy enhanced mode” so that YouTube does not use any cookies to analyze usage behavior.

The use of YouTube takes place only with your consent pursuant to Article 6 (1) (a) GDPR.

When using YouTube, transfer of data to Google Inc. in the USA and to YouTube LLC in the USA cannot be excluded. Please refer to the information in the section entitled “Data transfer to third countries.” Users can find further information on data protection at Google in Google’s data privacy policy available at https://www.google.com/policies/privacy.

16. Matterport 

We use the Matterport service from Matterport, Inc. (USA) on our website to integrate virtual tours.

For technical reasons, it is necessary to process your IP address for such an integration so that the content can be sent to your browser. Your IP address is therefore transmitted to Matterport, and Matterport may possibly set its own cookies.

The use of Matterport takes place only with your consent pursuant to Article 6 (1) (a) GDPR.

When using Matterport, transfer of data to the USA cannot be excluded. Please refer to the information in the section entitled “Data transfer to third countries.” Users can find further information on data protection at Matterport in Matterport’s data privacy policy available at https://matterport.com/privacy-policy.

III. Data processing on our social media pages

We are represented on several social media platforms with our company page. By doing this, we want to provide additional ways for people to find out about our company and to exchange information. Our company has company pages on the following social media platforms:

  • Instagram
  • LinkedIn
  • Twitter
  • Xing
  • YouTube

When you visit a social media platform or interact with it, this can lead to processing of your personal data. The information associated with a social media profile that is used also regularly constitutes personal data. This also includes messages and statements that are made while using the profile. Furthermore, while you are visiting a social media profile, oftentimes automatically determined information on this is recorded, which may also constitute personal data.

1. Visiting a social media page

a. Instagram

When you visit our Instagram page, via which we present our company or individual products from our range, certain information about you is processed. The sole controller for this processing of personal data is Facebook Ireland Ltd (Ireland/EU – “Facebook”). Further information on the processing of personal data by Facebook is available at https://www.facebook.com/privacy/explanation. Facebook allows you to object to certain data processing; information and opt-out options in this regard are available at https://www.facebook.com/settings?tab=ads.

For our Instagram page, Facebook provides us with statistics and insights in anonymized form. We can use these to draw findings on the type of actions carried out by people on our page (known as “Page Insights”). These Page Insights are created based on specific information about people who visited our page. This processing of personal data is carried out by Facebook and by us as joint controllers. This processing serves our legitimate interest of analyzing the types of actions carried out on our page and improving our page based on these findings. The legal basis for this processing is Article 6 (1) (f) GDPR. We cannot assign the information obtained through Page Insights to individual user profiles that interact with our Instagram page. We entered into an agreement with Facebook on processing as joint controllers. The distribution of legal data protection obligations between us and Facebook is set out in this agreement. Details on the processing of personal data for creating Page Insights and the agreement concluded between us and Facebook is available at https://www.facebook.com/legal/terms/information_about_page_insights_data. In relation to this data processing, you can also assert your data subject rights (see the “Your rights” section) against Facebook. Further information in this regard can be found in Facebook’s data privacy statement, which is available at https://www.facebook.com/privacy/explanation.

Please note that in accordance with the Facebook data policy, user data may also be processed in the USA or in other third countries. Facebook only transfers user data to countries for which an adequacy decision by the European Commission in accordance with Article 45 GDPR exists, or on the basis of suitable guarantees in accordance with Article 46 GDPR.

b. LinkedIn

LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is, in principle, the sole controller for the processing of personal data for visits to our LinkedIn page. Further information on the processing of personal data by LinkedIn is available at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit our LinkedIn company page, follow this page or engage with the page, LinkedIn processes personal data so as to provide us with statistics and insights in anonymized form. We thus obtain knowledge about the types of actions carried out by users on our page (known as Page Insights). For this, LinkedIn processes, in particular, data that you have already provided to LinkedIn via the information in your profile, such as data on your role, country, sector, length of service, company size and employment status. Furthermore, LinkedIn processes information about how you interact with our LinkedIn company page, e.g. whether or not you are a follower of our LinkedIn company page. When providing Page Insights, LinkedIn does not make any of your personal data available to us. We only have access to the summarized Page Insights. The information in the Page Insights also does not enable us to draw conclusions regarding individual members. This processing of personal data within the framework of Page Insights is carried out by LinkedIn and by us as joint controllers. This processing serves our legitimate interest of analyzing the types of actions carried out on our LinkedIn company page and improving our company page based on these findings. The legal basis for this processing is Article 6 (1) (f) GDPR. We entered into an agreement with LinkedIn on processing as joint controllers. The distribution of legal data protection obligations between us and LinkedIn is set out in this agreement. The agreement can be called at: legal.linkedin.com/pages-joint-controller-addendum. The following applies according to the agreement:

  • We and LinkedIn have agreed that LinkedIn is responsible for enabling you to exercise the rights that you are entitled to under the GDPR. You can contact LinkedIn online in this regard using the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=en) or get in touch with LinkedIn via the contact details in the data privacy policy. You can contact the data protection officer at LinkedIn Ireland using the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us, using the contact details provided, with regard to the exercising of your rights in connection with the processing of personal data within the framework of Page Insights. In such cases, we will forward your inquiry to LinkedIn.
  • We and LinkedIn have agreed that the Irish Data Protection Commission is the supervisory authority in charge of monitoring processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority.

Please note that in accordance with the LinkedIn data privacy policy, personal data may also be processed by LinkedIn in the USA or in other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision by the European Commission in accordance with Article 45 GDPR exists, or on the basis of suitable guarantees in accordance with Article 46 GDPR.

c. Twitter

Twitter Inc. (USA) is, in principle, the sole controller for the processing of personal data for visits to our Twitter profile. Further information on the processing of personal data by Twitter Inc. is available at https://twitter.com/de/privacy.

d. Xing

New Work SE (Germany/EU) is, in principle, the sole controller for the processing of personal data for visits to our Xing profile. Further information on the processing of personal data by New Work SE is available at https://privacy.xing.com/en/privacy-policy.

e. YouTube

Google Ireland Limited (Ireland/EU) is, in principle, the sole controller for the processing of personal data for visits to our YouTube channel. Further information on the processing of personal data by YouTube or Google Ireland Limited is available at https://policies.google.com/privacy.

2. Comments and direct messages

We also process information that you have provided to us via our company page on the various social media platforms. Such information may be the user name used, contact details or a message to us. We are the sole controller for this processing. We process this data on the basis of our legitimate interest of contacting persons who are making inquiries. The legal basis for the data processing is Article 6 (1) (f) GDPR. Further data processing may take place if you have given consent (Article 6 (1) (a) GDPR) or if this is necessary to fulfill a legal obligation (Article 6 (1) (c) GDPR).

IV. Further data processing

1. Customer and prospective customer data

If you, as a customer or prospective customer, contact our company, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of personal master data, contractual data and payment data provided to us, as well as contact and communication data of our contact persons in the case of commercial customers and business partners. The legal basis for this processing is Article 6 (1) (b) GDPR. In addition, we process customer and prospective customer data for analysis and marketing purposes. This processing takes place on the legal basis of Article 6 (1) (f) GDPR and serves our interest in further developing our offering and informing you about our offers in a targeted manner. Further data processing may take place if you have given consent (Article 6 (1) (a) GDPR) or if this is necessary to fulfill a legal obligation (Article 6 (1) (c) GDPR).

2. Use of email address for marketing purposes

We can use the email address that you provided during registration or when ordering to inform you about similar company products and services that we offer. The legal basis is Article 6 (1) (f) GDPR in conjunction with Section 7 (3) of the Law against Unfair Competition (UWG). You can object to this at any time without incurring any costs other than the transmission costs at the basic rates. To do so, unsubscribe by clicking on the unsubscribe link contained in each mailing or send an email with this request to info@zwickroell.com.

3. Job applications

If you apply for a job at our company, we process your job application data solely for purposes connected with your interest in current or future employment at our company and for processing your job application. Your job application is processed and taken note of only by the relevant contact persons in our company. All employees entrusted with data processing are obliged to keep your data confidential. If we are unable to offer you employment, we will retain the data that you transmitted to us for up to six months after any rejection for the purpose of answering any questions in connection with your application and rejection. This does not apply insofar as statutory provisions prevent erasure, further storage is necessary for the purposes of providing proof, or you have expressly agreed to a longer storage period. The legal basis for the data processing is Article 26 (1), sentence 1, BDSG. If we retain your job application data for a period greater than six months and have expressly obtained your consent to this, we point out to you that this consent is freely revocable at any time in accordance with Article 7 (3) GDPR. The legality of the processing that took place up to the time of the revocation on the basis of the consent shall remain unaffected by such revocation.

As of: December 2020

Top