Privacy Policy
Thank you for visiting our website and for your interest in our company. Protecting your personal data is very important to us, and we want you to feel secure during your visits to our web pages. This Policy outlines which information we collect when you visit our website and how this data is used.
Our contact information
FRAMOS GmbH
Mehlbeerenstr. 2
82024 Taufkirchen
Germany
Phone: +49.(0).89.710667-0
Fax: +49.(0).89.710667-66
Email: info@framos.com
Data protection officer contact information
PROLIANCE GmbH
Leopoldstraße 21
80802 Munich
Germany
datenschutzbeauftragter@datenschutzexperte.de
- Data security
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32. of the General data protection regulation (hereinafter: GDPR), taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons.
This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
- Storage period
The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.
- Your rights
In the following, you will find information about your data subject rights, which the current data protection law grants you against the data controller concerning the processing of personal data. If you wish to exercise any of the rights referred in the point 3.1.-3.5. you can contact us by an e-mail: legal@framos.com.
- Right of access
You may request confirmation from us as to whether or not your personal data are being processed and request detailed information about the processing, in particular the purpose of the processing, the type/categories of personal data processed, including access to your personal data, the recipients or categories of recipients and the expected period for which the personal data will be stored.
- Right to rectification
You have the right to request that we immediately correct any inaccurate or incomplete personal data.
- Right to erasure
You have the right to request that your personal data be deleted. If the request is justified and we are not legally obliged to store it, the data will be deleted immediately.
- Right to restricted processing
You have the right to ask us to restrict the processing of your personal data if you contest the accuracy of that data (for a period enabling us to verify the accuracy of the personal data), if the processing is unlawful and you object to the erasure of your data and if we no longer need the data and we can extract it, but you need it to establish, exercise or defend legal claims and you therefore want us to continue storing it.
- Right to complain
If you have any complaints about the processing of personal data, you can contact us at any time by email: legal@framos.com. We will carefully examine your complaint and respond within 30 days.
- Complain to the supervisory body
If you believe that the collection and processing of personal data has violated your rights, you can file a complaint with the supervisory authority:
Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153
53117 Bonn
- Notification of changes
We review Privacy policy regularly, but at least once a year.
Please check back from time to time for any changes or updates to our privacy policy, which will be posted here and include an updated effective date and date.
The last review and update was performed on October 04, 2024.
1.Webhosting
This website is hosted by an external service provider, Profihost AG (hoster) and it is hosted in Germany.
Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to:
- IP addresses,
- contact requests,
- meta and communication data,
- web page accessess,
- other data generated by a website.
We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you.
The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR.
We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.
1.1 . Access to and storage of information in terminal equipment
By using our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.
In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of § 25 para. 1 s. 1, para. 2 no. 2TDDDG.
In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of § 25 para. 1 TDDDG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.
For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.
1.2. Server-Logfiles
To ensure proper functioning of our website, when you visit the site we process personal data that is transmitted to us by your browser.
This information are:
- IP address,
- the date and time of the request,
- the difference between your time zone and Greenwich Mean Time (GMT),
- the content of the request (specific page visited),
- the access status/HTTP status code,
- the volume of data transferred in each case,
- the website that is the source of the request,
- your browser,
- operating system and its interface,
- the language and version of the browser software.
We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you. The log files are processed for the purpose of evaluating system security and stability as well as for administrative purposes. The log files serve to evaluate system security and stability as well as administrative purposes.
The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.
For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. It is not possible for us to draw conclusions about individual persons on the basis of this data.
After 60 days at the latest, the data is made anonymous by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. This data is not evaluated in anonymous form except for statistical purposes. This data is not combined with data from other data sources.
1.3. Cookies and Plugins
We use what are known as “cookies” to make our website more user friendly.
Cookies are small text files that are saved on your hard drive by your browser. They enable certain information to be provided to the entity (in this case, us) sending the cookie.
Cookies are used to make our website easier to use and to make possible the functions that you use. If we also use cookies for other purposes, we explain in this Privacy Policy what we use them for.
In your browser, you can change various settings relating to cookies as well as prohibit cookies from being accepted and delete already accepted cookies. However, please note that without cookies, you may not be able to use all of the services on our website.
Insofar as cookies are used by third parties on this site, additional information is provided through the services implemented here.
Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR.
We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services.
Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
Insofar as cookies are used for analysis purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent.
You can set your browser to:
• be informed about the setting of cookies,
• only allow cookies in individual cases,
• exclude the acceptance of cookies for certain cases or generally,
• activate the automatic deletion of cookies when the browser is closed.
The cookie settings can be managed under the following links for each browser:
• Safari
• Opera
Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioral advertising and the like.
For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:
Additionally, you can prevent the loading of so-called scripts by default. “NoScript” allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser.
Please note that if you disable cookies, the functionality of our website may be limited.
1.3.1. Change cookie settings
You can revoke or change your cookie settings at any time. To do so, access the cookie settings again via this link: https://www.framos.com/en/privacy-policy.
2. Our external service providers
2.1. Unbounce
We use on our website the services provided from Unbounce Marketing Solutions Inc. 400-401 West Georgia Street Vancouver, BC, Canada, for certain promotions and advertising campaigns (certain landing pages).
Scope of data processing?
These landing pages are hosted by Unbounce and the user’s browser communicates directly with Unbounce in the process, so that the user’s IP address is transmitted and cookies can be set. The activities of landing page visitors can be evaluated via Unbounce. We receive an evaluation of these activities from unbounce.
Legal basis of data processing?
Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.
Recipients/Data transfer?
All information entered by the user on these pages is stored by Unbounce.
More information?
The EU Commission has classified Canada as a safe third country, with an adequate level of data protection, and we have concluded a data processing agreement with Unbounce.
Information about data protection at Unbounce can be found here:
https://unbounce.com/de/dsgvo/
2.2. Google services
2.2.1. Google Analytics
We use “Google Analytics” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
Scope of data processing?
Google Analytics will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google.
We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.
Legal basis of data processing?
Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.
Recipients/Data transfer?
We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.
More information?
The terms of use of Google Analytics and information on data protection can be accessed via the following links:
http://www.google.com/analytics/terms/
https://policies.google.com/privacy
2.2.2. Google Ads
We use “Google Ads” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
Scope of data processing?
Google Ads is used by us for marketing and optimisation purposes, in particular to display ads that are relevant and interesting to you.
If you have given us your consent, we can use Google Ads to draw attention to our attractive offers by using advertising material on external websites. This enables us to determine how successful individual advertising measures are.
These advertising media is delivered by Google Ads via so-called “AdServers”. We use AdServer cookies for this purpose, through which certain parameters for measuring success, such as the display of the ads or clicks by users, can be measured.
If you reach our website via a Google Ads, it will store a cookie on your PC.
These cookies usually expire after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie:
- Unique cookie ID,
- number of ad impressions per placement (frequency),
- last impression (relevant for post-view conversions),
- opt-out information (marking that the user no longer wishes to be contacted).
Legal basis of data processing?
Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.
More information?
Further information on data use by Google, on setting and objection options as well as on data protection can be found on the following Google websites:
- Privacy policy: https://policies.google.com/privacy
- Google website statistics: https://services.google.com/sitestats/en.html
You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser.
Please note that in this case you may not be able to use all functions of our website to their full extent.
2.2.3.Google Ads Remarketing
We use "Google Ads Remarketing" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Scope of data processing?
This function makes it possible to link the advertising target groups created with Google Ads Remarketing with the cross-device functions of Google AdWords and Google DoubleClick.
In this way, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have given your consent, Google Ads Remarketing will link your web and app browsing history with your Google account for this purpose. In this way, the same personalized advertising messages can be served on every end device on which you log in with your Google account.
Legal basis of data processing?
Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.
Recipients/Data transfer?
To support this feature, Google Analytics-authenticated IDs of users are collected and temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.
More information?
You can permanently opt-out of cross-device remarketing/targeting by disabling personalized advertising in your Google account; follow this link: https://adssettings.google.com/.
2.2.4. Google Maps
We use "Google Maps" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Scope of data processing?
This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.
To use the functionalities of Google Maps, it is necessary to store your IP address.
Google uses cookies to collect information about user behavior.
Legal basis of data processing?
Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.
2.2.5 Google Marketing Platform (formerly DoubleClick)
We use "Google Marketing Platform" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Scope of data processing?
Google Marketing Platform uses cookies to serve ads that are relevant to you.
This involves assigning a pseudonymous identification number (ID) to your browser or device to help us verify which ads have been displayed on your browser and which ads have been viewed.
This can improve campaign performance or, for example, prevent you from seeing the same ad more than once. Google may also use cookie IDs to track conversions related to ad requests.
Legal basis of data processing?
Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.
Recipients/Data transfer?
Due to the technology used, your browser automatically establishes a direct connection with the Google server.
More information?
For more information about the Google Marketing Platform, please visit https://marketingplatform.google.com/about/.
2.2.6. Google AdSense
We use "Google AdSense" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Scope of data processing?
Google AdSense uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site.
Google AdSense also uses so-called web beacons (invisible graphics). Through these web beacons, information such as visitor traffic on these pages can be analysed.
Legal basis of data processing?
Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.
Recipients/Data transfer?
The information generated by cookies and web beacons about the use of this website (including your IP address) and delivery of advertising formats will be transmitted to and stored by Google on servers in the United States.
This information may be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with other data stored by you.
More information?
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
For more information on Google AdSense, please see Google's privacy notice:
https://www.google.com/policies/privacy/.
2.2.7. Google Fonts
We use "Google Fonts" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Scope of the data processing?
Google Fonts enables us to use external fonts. For this purpose, the required Google Fonts are loaded into your browser cache by your web browser when you access our website. This is necessary so that your browser can also display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display.
We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly.
Legal basis of data processing?
Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.
Recipients/ Data transfer?
The integration of these Google Fonts is done by a server call, usually a Google server in the U.S. This transmits to the server which page of our website you have visited.
Also, the IP address of the browser of the end device of the visitor is stored by Google.
More information?
Further information on Google Fonts can be found at https://fonts.google.com/.
2.2.8. Google Tag Manager
We use "Google Tag Manager" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Scope of data processing?
This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user's IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it will remain for all tracking tags as long as they are implemented with the Google Tag Manager.
Legal basis of data processing?
Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.
2.2.9. Google Photos
We use "Google Photos" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Scope of data processing?
Google Photos allows us to integrate and display image galleries on our website. The images are loaded by a server call, usually a Google server in the U.S. This transmits to the server which page of our website you have visited. Also, the IP address of the browser of the terminal device of the visitor is stored by Google.
We use Google Photos for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly.
Legal basis of data processing?
Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.
2.2.10. Youtube Video Plugins (Google)
We use "Youtube Video Plugins" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Legal basis of data processing?
Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.
More information?
Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/privacy
2.2.11. Appropriate safeground during the data transfer to Google
Since a transfer of personal data by Google LLC to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR.
For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework.
Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search.
For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR.
These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.For general information about Google's privacy policy, please visit https://www.google.de/intl/de/policies/privacy.
2.3. Hotjar
We use Hotjar on our website a service provided by Hotjar Ltd. Hotjar Ltd 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe.
Scope of data processing?
This tool allows us to track movements on the websites where Hotjar is used. The tool also allows us to get feedback directly from the users of the website. Most importantly, Hotjar’s services can improve the functionality of the Hotjar-based website by making it more user-friendly, more valuable and easier for end users to use.
When using this tool, we take special care to protect your personal data. Therefore, we can only track which buttons are clicked, the mouse history, how far it scrolls, the screen size of the device, device type and browser information, geographic location (country only) and the preferred language to display our website. Areas of the websites where personal information about you or third parties is displayed are automatically hidden by Hotjar and therefore cannot be traced at any time.
In order to exclude the possibility of direct personal references, IP addresses are only stored and processed anonymously. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that are transmitted by your browser as part of web page requests.
Legal basis of data processing?
This processing is carried out in accordance with Art. 6 para. 1 a of GDPR on the basis of your consent for the purpose of statistical analysis of user behaviour for optimisation and marketing purposes.
More information?
Hotjar stores the customer data in the European Union. In a few cases, customer data may be accessed from the USA or other countries whose data protection laws differ from the data protection laws at your place of residence, or other data (e.g. e-mail) may be transferred to such countries. Hotjar has taken reasonable precautions to ensure that your personal data remains protected and requires that Hotjar’s third party service providers and partners also take reasonable precautions.
For more information about Hotjar Ltd. and about the Hotjar tool, please visit:
You can find the privacy policy of Hotjar Ltd:
https://www.hotjar.com/privacy.
2.4. Linkedln Analytics
We use conversion tracking technology on our website as well as the retargeting feature of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Scope of data processing?
This allows us to serve personalized ads to visitors to our website on LinkedIn. For this purpose, a cookie, LinkedIn Insight tag, is set in your browser with a validity of 120 days.
This cookie enables LinkedIn to recognize you if you visit this website and are simultaneously logged in to your LinkedIn account. LinkedIn uses this data to generate anonymous reports on ad performance and website interaction information. The information generated by the cookie is usually transferred to a server in the USA and stored there.
Legal basis of data processing?
The legal basis for the processing is your consent pursuant to Art. 6 (1) lit. a GDPR.
Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have
More information?
You may opt-out of LinkedIn Insight conversion tracking and interest-based personalized advertising by following this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
For more information about LinkedIn's privacy policy, please visit https://www.linkedin.com/legal/privacy-policy.
2.5. Linkedln Ads
We use conversion tracking technology on our website as well as the retargeting feature of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Scope of data processing?
This allows us to serve personalized ads to visitors to our website on LinkedIn. For this purpose, a cookie, LinkedIn Insight tag, is set in your browser with a validity of 120 days. This cookie enables LinkedIn to recognize you if you visit this website and are simultaneously logged in to your LinkedIn account. LinkedIn uses this data to generate anonymous reports on ad performance and website interaction information. The information generated by the cookie is usually transferred to a server in the USA and stored there.
Legal basis of data processing?
The legal basis for the processing is your consent pursuant to Art. 6 (1) lit. a GDPR.
Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR.
More information?
You may opt-out of LinkedIn Insight conversion tracking and interest-based personalized advertising by following this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
For more information about LinkedIn's privacy policy, please visit https://www.linkedin.com/legal/privacy-policy.
2.6. Zapier
We use the integration service Zapier to link tools together on our website. Zapier is a service of Zapier Inc. 243 Buena Vista Ave #508, Sunnyvale, CA 94086, USA.
Scope of data processing?
Zapier is used in the interest of integrating the tools used by us as effectively as possible.
Legal basis of data processing?
This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.
More information?
We have concluded a contract on commissioned data processing with Zapier, in which we oblige Zapier to protect our customers’ data and not to pass it on to third parties.
You can find more information about Zapier at https://zapier.com and in Zapier’s privacy policy: https://zapier.com/privacy.
2.7. WooCommerce
We use WooCommerce on our website provided by the WooCommerce Ireland Ltd. Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86.
Scope of data processing?
We use the WooCommerce e-commerce platform to design our web shop with the help of WordPress plug-ins.
Legal basis for data processing?
We process the data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to ensure the optimal design of our online shop.
We have concluded a data processing agreement with the provider WooCommerce Ireland Ltd. in accordance with the requirements of Art. 28 GDPR, in which we oblige it to protect our customers' data and not to pass it on to third parties.
More informations?
For the purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options to protect your privacy, please refer to the privacy notices of WooCommerce Automatic Inc.
2.8. Spam protection via CleanTalk
We use the ‘CleanTalk’ service on our website, provided by the provider CleanTalk, Inc, 711 S Carson street, suite 4, Carson city, NV, 89701, USA.
Scope of data processing?
CleanTalk is used to check whether data is entered on our website (e.g. in a contact form) by a human or by an automated programme. This analysis begins automatically as soon as the website visitor submits a form on our website. To analyse this, CleanTalk compares the visitor's IP address with IP addresses known for spam.
The data collected during the analysis is forwarded to CleanTalk and stored there for 7 days.
The CleanTalk analyses run completely in the background.
We do not store any personal data from the use of CleanTalk. As a general rule, personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies.
Legal basis of data processing?
Data processing takes place on the basis of your freely given consent in the form in accordance with Art. 6 para. 1 lit. a GDPR. Consent is freely given and can be withdrawn at any time. Please note, however, that the enquiry in the contact form cannot be sent without consent.
More information?
In principle, CleanTalk only stores the data on servers within the EU.
However, since a transfer of personal data to the USA cannot be ruled out, further protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA.
Further information on CleanTalk and CleanTalk's privacy notice can be found at the following links:
https://cleantalk.org/publicoffer#privacy
https://cleantalk.org/publicoffer#cleantalk_gdpr_compliance.
2.9. Microsoft Advertising (Bing Ads and Bing Conversion)
We use the Bing Ads on our website, provided by Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft") for marketing and analytics purposes.
Scope of data processing?
This service allows us to track activity on our site when you visit our site from a Bing ad. This is done by placing a cookie (small text file) on your device when you click on a Microsoft Bing ad.
We also use a UET tag on our websites. This is a code that, in combination with the cookie, is used to store pseudonymised data about the use of the website in the event of your consent. The tag, in combination with the cookie, collects pseudonymised data to track what actions you take on our websites after clicking on a Microsoft Ads advertisement. The information collected may include the time you spent on the site, the areas of the site you visited, and the ad that brought you to the site. In particular, Microsoft and we learn the total number of users who clicked on an ad and reached a predefined landing page. Microsoft processes and uses the cookies to create usage profiles using pseudonyms, to analyse user behaviour and to display advertisements. In addition, Microsoft may track your usage across several of your electronic devices through cross-device tracking.
Legal basis of data processing?
Data processing takes place on the basis of your freely given consent in the form in accordance with Art. 6 para. 1 lit. a GDPR. Consent is freely given and can be withdrawn at any time. Please note, however, that the enquiry in the contact form cannot be sent without consent.
More information?
Microsoft stores this information for 180 days.
Since a transfer of personal data to Microsoft Corporation based in the U.S. takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework and is thus committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search.
For potential transfers to any other countries outside the EU and EEA, for which no EU Commission adequacy decision is in place, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR additionally. These oblige the recipient of the data in the country outside the EU to process the data according to the level of protection in Europe.
For more information about Microsoft's privacy practices, visit https://privacy.microsoft.com/de-de/privacystatement.
2.10. Microsoft Clarity
We use Microsoft Clarity on our website, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Scope of data processing?
“Microsoft Clarity" is a Microsoft procedure in which analysis is carried out on the basis of a pseudonymous user ID, such as the evaluation of performance data for certain designs and mouse movements on the website. The analysed data should be used to be able to send you personalised and interest-based advertising on the basis of the user profile created, as well as to carry out conversion and reach measurement.
The following data is processed in pseudonymised form:
• Usage data (page visited, time of access)
• Device information
• IP address
• location data
• Movement data (mouse and scroll movements)
The settings of Clarity are configured in such a way that the data collection by Microsoft already takes place via so-called IP-masking in pseudonymised form.
Legal basis of data processing?
Data processing takes place on the basis of your freely given consent in the form in accordance with Art. 6 para. 1 lit. a GDPR. Consent is freely given and can be withdrawn at any time. Please note, however, that the enquiry in the contact form cannot be sent without consent.
More information?
Since a transfer of personal data by Microsoft to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search.
For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR.
These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.
You can find more information on data protection and the cookies used at Microsoft on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement.
2.11. Cookiebot Consent Management Platform
We use the Consent management Plattform “Cookieboot” on our website, provided by the company Usercentrics A/S, Havnegade 39,1058 Kopenhagen, Dänemark.
Scope of data processing?
When visiting our website we use this service in order mange the consent to the use of cookies and similar technologies on our website.
If we use technically necessary cookies and similar technologies as part of the integration of the service, this is done in accordance with § 25 (2) of the Telecommunications Digital Services Data Protection Act (TDDDG).
Legal basis of data processing?
Subsequent data processing by Cookiebot is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR wit a purpose in form of our legitimate interest of using cookies and similar technologies on our websites in compliance with data protection regulations and to enable you to easily revoke your declarations of consent.
If you give your consent via our consent banner, Usercentrics processes the following data
- The IP address of the requesting computer,
- the description of the web browser and operating system used
- the address of the website from which your consent was sent
- the date and time of consent,
- a pseudonymous, random and encrypted consent key (consent ID).
- your consent status, which serves as proof of your consent
- the address of the website from which your consent was sent
- the date and time of consent,
- a pseudonymous, random and encrypted consent key (consent ID).
- your consent status, which serves as proof of your consent.
More information?
This data is logged on Usercentrics’s servers. Your IP address is shortened by removing the last three digits so that a personal reference can no longer be established.
In this way, our websites are able to check your consent status for all subsequent and future page views and to activate or deactivate cookies and other technologies in accordance with your decision to use them when you return to the site.
The check is carried out by comparing the consent key and the consent status from the “CookieConsent” cookie with the values transmitted to Usercentrics when you gave your consent to ensure that the status of your original consent has not changed.
We transmit your data to Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark,
Further information on how Usercentrics handles personal data can be found at https://www.cookiebot.com/en/privacy-policy/.
Your consent ID and your consent status will also be stored both in the browser of your end device in the “CookieConsent” cookie and on Usercentrics’s servers for a period of 12 months.
- CONTACT FORM
Scope of data processing?
If you send us requests via one of our contact forms or email, your details from the contact form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions.
We are processing:
- Your e-mail adress.
Under no circumstances will we pass on this data without your consent.
Legal basis of data processing?
The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract.
More information?
Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary.
You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.
- Newsletter (Salesforce & Pardot)
Scope of data processing?
If you would like to receive the newsletter offered on our website with regular information about our offers and products, we need your email address as mandatory information.
Additional data is provided in order to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.
For the dispatch of the newsletter we use the so-called double opt-in. This means that we will only send you our newsletter via email, if you have expressly confirmed that you agree to receive newsletters. In the first step, you will receive an email with a link to confirm that you, as the owner of the corresponding email address, wish to receive newsletters in the future.
When you register for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address by which you registered for the newsletter as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later point in time.
Legal basis of data processing?
With the confirmation you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.
More information?
You can unsubscribe from the newsletter at any time by clicking on the link included in each newsletter or by sending an email to the controller as described above. Once you have cancelled your subscription, your email address will be deleted from our newsletter list immediately, unless you have expressly consented to the continued use of the data collected.
Our email newsletters are sent via a technical service provider Pardot to whom we pass on the data you provide when you register for the newsletter. Pardot is a service provider by the Salesforce.com, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA.
Privacy policy: https://www.salesforce.com/de/company/privacy/.
We have concluded a data processing agreement with our e-mail service provider in which we bind him to protect the data of our customers and not to pass them on to third parties.
If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
- Whitepappers
Scope of data processing?
If you are interested in a whitepaper, you can request it by providing your e-mail address.
After you have requested the whitepaper, we will send it to the e-mail address you provided.
Legal basis of data processing?
After you request a whitepaper, we use your email address to send our newsletter. The legal basis for this is your consent pursuant to Art. 6 (1) para. 1 lit a) GDPR.
If you do not want to receive the newsletter or no longer want to receive it, you can object to the sending at any time.
More information?
Our whitepapers are sent via the platform of the provider Pardot.
- Chat (Tawk.to)
Scope of data processing?
On our website we use the provider Tawk.to for a live chat by the US company tawk.to inc, 187 East Warm Springs Rd, SB298, Las Vegas, NV, 89119.
Which data is being processed?
Through Tawk.io, messages and data received via live chat are processed and documented. Chat serves the purpose of direct, real-time communication (known as live chat) with visitors on our own website.
When you use our live chat system, the data you provide is stored to answer your questions. The data collected includes:
- Chat history,
- IP address at the time of the chat,
- Country of origin,
- Other personal information, depending on the information provided (e.g. email address, phone number).
It is possible to collect contact information through Tawk.to such as name, phone number and email address to facilitate contact. This data will not be disclosed to third parties and will only be used to process and document requests.
Legal basis of data processing?
The processing is based on Art. 6 (1) para.1 lit. f) GDPR in accordance with our legitimate interest in direct and customer-friendly communication. Insofar as the chat messages are aimed at concluding a contract, the processing is based on the initiation of a contract pursuant to Art. 6 (1) para. 1 lit. b) GDPR.
More information?
We have concluded a data processing agreement with the provider.
Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the USA.
For more information on data processing by Tawk.io, please see Tawk.io’s privacy policy at https://www.tawk.to/privacy-policy.
- Eventbrite
Scope of data processing?
For the organization of events we use the technical solution “Eventbrite”, which is operated by Eventbrite, Inc., 155 5th Street, Floor 7, San Francisco, CA 94103, USA.
Which data is being processed?
If you want to register for an event, you will be redirected to the Eventbrite website for this purpose.
Eventbrite usually collects:
- your first and last name,
- e-mail address,
- ticket type
- the event ID when you provide this information as part of a registration and then transmits this data to us as the event organizer.
We, as the event organizer, receive access from Eventbrite to the above data of the participants of the booked event.
Legal basis of data processing?
The legal basis for the processing of your personal data is the performance of the contract, Art. 6 (1) para. 1 lit. b) GDPR.
More information?
We have concluded a data processing contract with Eventbrite, in which we oblige the provider to protect our customers’ data and not to pass it on to third parties.
Data processing outside the EU?
Since a transfer of personal data by Eventbrite to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45. (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Eventbrite Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search.
For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.
For the purpose and scope of the data collection and the further processing and use of the data by the provider, as well as your rights in this regard and setting options for protecting your privacy, please refer to the Eventbrite privacy policy.
- Calendly
Scope of data processing?
In connection with Eventbrite, we use the tool “Calendly”, a service of Calendly LLC based in the USA, to arrange appointments.
For inquiries and bookings via Calendly, we process the personal data that you provide during the inquiry or booking. This data is first processed by “Calendly” and then transmitted to us.
Legal basis of data processing?
Insofar as appointments are made in the context of contractual relationships, the legal basis for the processing of your personal data is the performance of the contract, Art. 6 (1) para. 1 lit. b) GDPR. If there is no contractual relationship, the legal basis is our legitimate interest in finding appointments quickly and easily according to Art. 6 (1) para. 1 lit. f) GDPR.
More information?
We have concluded a data processing contract with Eventbrite, in which we oblige the provider to protect our customers’ data and not to pass it on to third parties.
Data processing outside the EU?
Since a transfer of personal data by Calendly to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Calendly LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search.
For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.
For more information about privacy at Calendly, please refer to the privacy policy of Calendly.
- ZOOM- Participation in webinars or online meetings
Scope of data processing?
We use the tool “Zoom” to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). “Zoom” is a service of Zoom Video Communications, Inc. which has its registered office in the USA.
We use “zoom” to conduct “online meetings”. If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed in the “Zoom” app.If it is necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case.In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and follow-up webinars.If you are registered as a user at “Zoom”, reports on “online meetings” (meeting metadata,telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at “Zoom”.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
Note: Insofar as you call up the Internet page of “Zoom”, the provider of “Zoom” is responsible for data processing. However, calling up the Internet page is only necessary to use “Zoom” in order to download the software for using “Zoom”.You can also use “Zoom” if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the “Zoom” app.
If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.
Which data is being processed?
Various types of data are processed when using “Zoom”. In this context, the scope of the data also depends on the information on data you provide before or when participating in an “online meeting”.The following personal data are subject to processing:
- User details: first name, last name, phone number (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional),
- Department (optional),
- Meeting metadata: Topic, description (optional), attendee IP addresses, device/hardware information,
- If recording (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat,
- For dial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored,
- Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. To this extent, the text entries you make are processed to display them in the “online meeting” and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “Zoom” applications,
- To participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.
Legal basis of data processing?
The legal basis for data processing in connection with “online meetings” is Art. 6 para. 1 s. 1 lit. b GDPR, insofar as the meetings are held within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR. Here too, we are interested in the effective implementation of “online meetings”.
In addition, your personal data may be processed on the legal basis of your given consent in accordance with Art. 6 para. 1 s. 1 lit. a GDPR (e.g. when recording webinars).
More information?
Personal data processed in connection with participation in “online meetings” is generally not passed on to third parties unless they are specifically intended to be passed on. Please note that content from “online meetings”, as well as in personal meetings, often serves precisely to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.
Other recipients: The provider of “Zoom” necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in our contract processing agreement with “Zoom”. We have concluded a data processing agreement with the provider of “Zoom” which meets the requirements of Art. 28 GDPR.Further information on data privacy can be found in Microsoft’s Privacy Policy via the following link: https://zoom.us/privacy.
Data processing outside of the EU?
“Zoom” is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country.
Since a transfer of personal data by Zoom to affiliates and sub-processors to countries outside the EU and EEA takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Zoom Video Communications, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search.
For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.
1. Purpose and legal basis of data processing
We process your personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, implementation or performance of a contract or for the implementation of precontractual measures, including the management of claims.
Insofar as personal data is required for the initiation or implementation of a contractual relationship or in the context of the implementation of precontractual measures, processing is lawful pursuant to Art. 6 (1) para. 1 lit b) GDPR.
If you give us express consent to process personal data for specific purposes (e.g., disclosure to third parties, evaluation for marketing purposes, or addressing you by e-mail for advertising purposes), the lawfulness of this processing is based on your consent pursuant to Art. 6 (1) para. 1 lit. a) GDPR. Consent given can be revoked at any time with effect for the future.
If necessary and legally permissible, we process your data beyond the actual contractual purposes for the fulfillment of legal obligations pursuant to Art. 6 para. 1 lit. c GDPR. In addition, processing may be carried out to protect the legitimate interests of us or third parties and to defend and assert legal claims pursuant to Art. 6 para. 1 lit. f GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.
2. Categories of personal data
We only process data that is related to the establishment of the contract or the precontractual measures.
This can be general data about:
- you or persons in your company (name, address, contact details, etc.)
- any other data that you provide to us in the context of the establishment of the contract.
3. Sources of data
We process personal data that we receive from you in the course of contacting you or establishing a contractual relationship or in the course of precontractual measures.
4. Recipients of data
We disclose your personal data within our company exclusively to those areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interests.
We may transfer your personal data to companies affiliated with us, insofar as this is permissible within the framework of the purposes and legal bases set out in this section of this data protection information sheet.
Your personal data is processed on our behalf based on data processing agreements pursuant to Art. 28. GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients are providers of customer management systems and software.
More information on providers used in the area of communication tools can be found in Data protection information for FRAMOS website.
Otherwise, data is only passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for processing and thus fulfilling the contract or, at your request, for carrying out pre-contractual measures, if we have your consent or if we are authorized to provide information.
Under these conditions, recipients of personal data may be, for example:
- External tax advisor,
- Public bodies and institutions (e.g. public prosecutor’s office, police, supervisory authorities, tax office) if there is a legal or official obligation,
- Recipients to whom the disclosure is directly necessary for the purpose of establishing or fulfilling a contract, e.g. payment service providers, trading partners.
5. Transfer of data to our Partners
For the purpose of concluding business we may need to transfer your information to our partners.
In case we may transfer your personal data like:
- first name,
- address.
The legal basis is Art. 6 para. 1. lit. b) GDPR, as the information is required in the context of your purchase contract and the services to be provided. This data will only be used by our partners for this purpose.
6. Transfer to a third country (outside EU)
A transfer to a third country is not intended.
A transfer of personal data to countries outside the EEA (European Economic Area) or to an international organization will only take place if this is necessary for the processing and thus the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, the transfer is required by law or you have given us consent. In these cases, recipients may include, among others, payment providers.
- Storage period
As far as necessary, we process and store your personal data for the duration of our business relationship or for the fulfillment of contractual purposes. This includes, among other things, the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods prescribed there for storage or documentation are two to ten years.
Finally, the storage period also depends on the statutory periods of limitation, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
- Your rights
For detailed information about your rights, please refer to the section General data protection notice, point 3. of this privacy policy.
- Necessity of providing personal data
The provision of personal data for the decision on the conclusion of a contract, the performance of a contract or for the implementation of precontractual measures is voluntary. However, we can only make a decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the performance of the contract or precontractual measures.
1.Online shop- Ecwid Inc.
We also offer an online store on our website.
We collect personal data if you provide it voluntarily in the context of your order or when opening a customer account. Mandatory fields are marked as such, because in these cases we need the data to process the contract or to open the customer account and you can not complete the order and / or the account opening without this information. Which data is collected can be seen in the respective input forms. We use the data you provide to process the contract and to handle your inquiries.
The legal basis for this is Art. 6 para. 1 lit. b) and Art. 6 para. 1 lit. f) GDPR.
After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement. The deletion of your customer account is possible at any time and can be done either by a message to us or via a function provided for this purpose in the customer account.
To operate our online store, we use the service provider Ecwid Inc, 144 West D Street, Suite 103, Encinitas, CA 92024 USA on some pages.
If you have activated Java Script in your browser and have not installed a Java Script blocker, your browser will transmit personal data (your IP address and, in the context of the purchase transaction, the data listed above) to servers of Ecwid including servers in the USA. This data will later be transferred to us for the purchase transaction.
Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.
For more information, please see the ecwid privacy policy. To prevent the execution of Java Script code from ecwid altogether, you can install a Java Script blocker. However, you will then not be able to use the online store.
In case of an order in our online store, we use your e-mail address to send you our newsletter.
The legal basis for this is Art. 6 para. 1 sentence 1 lit f. GDPR in conjunction with § 7 (3) UWG. If you do not want to receive the newsletter or no longer want to receive it, you can object to the sending at any time.
For the fulfillment of the contract, we pass on your data to companies commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.
2. Payment providers
Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service.
If you choose the corresponding payment option, your payment data will be transmitted directly – without detour via us – to the corresponding company. In return, we receive a payment confirmation from the respective company and the option to (partially) return the payment if there are adjustments – e.g. due to refunds.
The payment service provider has an independent right or obligation to process your personal data. The applicable data protection provisions can be found in the privacy policy of the payment service provider.
https://stripe.com/de/privacy,
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
3. Advertising to existing customers by e-mail
If you purchase goods and/or services in our online shop and provide us with your email address, we will use this email address to send you messages about similar goods and services (existing customer advertising within the meaning of Section 7 (3) UWG).
The legal basis for the processing of data for the sending of existing customer advertising by e-mail is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR (Section 7 para. 3 UWG) in sending messages for the purpose of direct marketing for similar goods and services. You can object to the processing at any time with effect for the future by sending your objection (e.g. by email) to the Controller's contact details listed above.
You also have the option of objecting to further mailings by using the unsubscribe link in the respective message.
The data will be erased as soon as it is no longer required for the purpose for which it was collected (e.g. erasure of customer account) or if you have objected to existing customer advertising and the processing of the email address is no longer required for any other purpose (e.g. to fulfil the contract or to protect a legitimate interest on our part).
DATA PROTECTION INFORMATION FOR APPLICANTS
1. Purpose and legal basis of data processing
If you apply for a job via our careers page or by e-mail, we collect personal data.
This particularly includes your contact data:
- first and last name,
- telephone number,
- e-mail address,
- other data you provide about your background (e.g., resume, qualifications, degrees, and work experience) and yourself (e.g., cover letter, personal interests). This may also include special categories of personal data (e.g. information about a severe disability).
As a rule, your personal data is collected directly from you as part of the application process and encrypted during electronic transmission.
The primary legal basis for this is Art. 6 (1) lit. b GDPR in conjunction with §26 para. 1 BDSG. In addition, consent pursuant to Art. 6 (1) lit. a GDPR in conjunction with § 26 para. 2 BDSG can be used as a data protection permission provision.
If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.
2. Sources and recipients of data - Personio
We use a so-called “iFrame” of Personio GmbH (“Personio”), Rundfunkplatz 4, 80335 Munich, Germany for our career page.
Here, content from Personio is displayed on our website (job ads). You can send us applications via the online application form created there. The data is then transferred to our applicant tool, which is provided to us by Personio.
Personio uses cookies to ensure functionality. For more information on cookies, please refer to the data protection information on our website (see point 1 of this privacy policy). We have concluded a Data Processing Agreement with Personio, in which we oblige Personio to protect our customers’ data and not to pass it on to third parties. You can find more information on Personio’s data protection here.
Within our company, only those persons and departments (e.g. Human Resources) that absolutely need your personal data to carry out the application process or to fulfill our legal obligations have access to it. If necessary, your applications will be forwarded to the relevant responsible persons for examination. Under no circumstances will your personal data be passed on to third parties without authorization.
3. Storage period
Your data relating to an application for a specific job posting will be stored and processed by us during the ongoing application process.
After completion of the application process (e.g. in the form of an acceptance or rejection), the application process, including all personal data, will be deleted from the system no later than six months after completion of the application process. The data of selected applicants will be stored securely for up to 2 years, provided that the applicants have given their consent to this in accordance with Art. 6 (1) lit. a GDPR.
You can revoke your consent at any time with effect for the future. An informal e-mail using the contact details of the responsible person listed above is sufficient for this purpose. If you will get accepted, your application documents will be transferred to the personnel file.
4. Your rights
For further information on data protection, in particular your rights under the GDPR, please also General data protection notice, point 3. of this privacy policy.
If your personal data is processed by one of the providers listed below, this provider is responsible for data processing within the meaning of the GDPR. For the assertion of your rights, please contact the respective provider. Only they have access to the data collected from you. However, if you need any assistance, please contact us any time. The pages and profiles we manage on social networks (Facebook, Linkedln, X and Youtube) are always under the exact name and control of FRAMOS.
PRIVACY POLICY
Thank you for visiting our website and for your interest in our company. Protecting your personal data is very important to us, and we want you to feel secure during your visits to our web pages.
This Policy outlines which information we collect when you visit our website and how this data is used.
DATA CONTROLLER
FRAMOS GmbH
Mehlbeerenstr. 2
82024 Taufkirchen
Germany
Phone: +49.(0).89.710667-0
Fax: +49.(0).89.710667-66
Email: info@framos.com
DATA PROTECTION OFFICER CONTACT INFORMATION
PROLIANCE GmbH
Leopoldstraße 21
80802 München
Deutschland
datenschutzbeauftragter@datenschutzexperte.de
1. PURPOSE OF DATA COLLECTION
We may collect your personal data through this website for the purpose of selling our products in the web shop, answering your inquiry or for the purpose of fulfilling your applications for our webinars and events.
2. LEGAL PURPOSE OF PROCESSING
Processing of personal data is lawful in relation to the General Data Protection Regulation because it is necessary to perform requested service or take action so that the service could be provided.
3. LEGITIMATE INTEREST
In some situation, we may collect and process your personal data on the basis of our legitimate interest.
In such a situation you will be entitled to formulate an object to such processing. But, we will not be able to limit or suspend such a processing when our legitimate interest for such processing go beyond interest, rights and freedoms of respondents.
The processing we perform based on our legitimate interest:
3.1. Newsletter
Purpose of processing: we are sending newsletters to provide you with information on our activities and let you know about upcoming events.
Legal basis: legitimate interest of the controller (Art.6. paragraph 1. of the General Regulation).
How do we collect data: when you subscribe to the newsletter(s).
What we collect: for sending to you newsletter we need your e-mail address as mandatory. Optionally you can also provide us with your name and name of your company.
Storage period: we keep your data as long as you have not withdrawn your consent or objected to such processing.
The collected data is not processed for any other purpose.
3.2. Base of CV’s
Purpose of processing: we collect your personal data for processing your application.
Legal basis: legitimate interest of the controller (Art.6. paragraph 1. Of the General Regulation).
How do we collect data: When you apply for job via our career page or by e-mail.
What we collect: we collect your personal data (e.g. first and last name, telephone number and e-mail address) and other date which you provide as background (e.g. resume, qualifications, degrees, work experience) and yourself (e.g. cover letter, personal interests).
Storage period: we will keep your data for 6 months after completion of application process.
The collected data is not processed for any other purpose.
3.3. Chat (Tawk.to)
Purpose of processing: we collect your personal data for processing your request for direct, real-time communication with visitors on our website.
Legal basis: legitimate interest of the controller (Art.6. paragraph 1. Of the General Regulation).
How do we collect data: When you use or live chat system.
What we collect: we collect your personal data (e.g. first and last name, e-mail address, company, country) and IP address at the time of chat.
Storage period: we will keep your data until the purpose is fulfilled.
The collected data is not processed for any other purpose.
4. RECIPIENTS OF THE PERSONAL DATA
We can forward your personal data to the computer based and communications solutions providers and services that act as our processing entities.
Those entities shall provide reasonable guarantees and shall take appropriate technical and organizational protection measures to ensure adequate data protection and compliance with the requirements of the General Regulation. We have concluded an agreement with such data processing entities as a special part of the contract which stipulates in detail the processing of personal data, so they are not able to process your personal data without a direction on our behalf and forward it to third parties.
Personal data is not forwarded to third parties for direct marketing purposes.
5. DATA STORAGE PERIOD
We will process and store your personal data until a certain point of time, when purpose for which a personal data has been provided is fulfilled. After purpose is fulfilled, we will not use your personal data anymore. However, in certain circumstances, personal data may remain on our storage system without being processed in case when we are required to do so with respect to legal norms.
6. DATA COLLECTED THROUGH SOCIAL NETWORKS
The pages and profiles we manage on social networks (Facebook, Linkedln, X, Instagram and Youtube) are always under the exact name and control of FRAMOS.
7. PAYMENT PROVIDERS FOR ONLINE SHOP
Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service.
If you choose the corresponding payment option, your payment data will be transmitted directly – without detour via us – to the corresponding company. In return, we receive a payment confirmation from the respective company and the option to (partially) return the payment if there are adjustments – e.g. due to refunds.
We don’t have any information’s about your credit card.
8. USING COOKIES
We use technical “cookies” on these websites (cookies necessary for the functioning of the website and cannot be excluded) and non-essential “cookies” in order to improve the system and to improve your user experience when you give us your consent.
You can withdraw your consent at any time and stop further processing without any negative consequences.
You can see detailed information about the “cookies” we use in our Cookie Policy.
9. SECURITY OF PROCESSING
We collect and process personal data in a way that ensures adequate security and confidentiality in their processing and enables the effective application of data protection principles, reducing the amount of data, the scope of their processing, storage period and their availability.
For this purpose, we have introduced appropriate technical and organizational protection measures that ensure a level of security commensurate with the risks posed by the processing of data and the nature of the personal data being protected, bearing in mind the characteristics and costs of their introduction.
We regularly review processing that may pose a risk to the rights and freedoms of the individual and we have taken appropriate measures to protect personal data from accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, especially in cases where processing involves the transfer of personal data.
10. YOUR RIGHTS
10.1. Right to access
You may demand from us to confirm if your personal data is being processed and require detailed information about the processing in particular about the purpose of its processing, the type / categories of personal data processed including access to your personal data, recipients or categories of recipients and the estimated period of time in which personal files will be stored.
10.2. Right to rectification
You have the right to obtain from us without delay the correction of inaccurate and incomplete personal data.
10.3. Right of deletion
You have the right to request the deletion of your personal data. If the request is justified and if the legislation does not oblige us to store data, the date will be deleted without undue delay.
10.4. Right to limited processing
You have the right to demand from us to restrict the processing of your personal data if you dispute the accuracy of this data (for a period allowing us to verify the accuracy of personal data), if the processing is illegal and you object to the deletion of your data and if we no longer need the data and we can extract them, but you need them to set, implement or defend legal claims, and therefore you want us to continue to store them.
11. RIGHT TO COMPLAIN
If you have any complaints regarding the processing of personal data, you can contact us at any time via e-mail: legal@framos.com.
We will carefully review and respond to your complaint within 30 days.
12.COMPLAINT TO THE SUPERVISORY BODY
When you believe that the collection and processing of personal data has violated your rights, you can file a complaint to the supervisory authority:
Federal Commissioner for Data Protection and Freedom Information
Graurheindorfer Str. 153
53117 Bonn
13.NOTIFICATION OF CHANGES
We conduct regular reviews of all privacy policies at least once a year.
Please check back from time to time for any changes or updates to our Privacy Policy, which will be posted here and will show an updated effective date.
The last review and update was performed on November 13, 2023.