Skip to main content
Your Data, Protected GDPR Compliant

Privacy Policy

This policy explains how we collect, use, and safeguard your information in line with GDPR and other privacy laws.

Introduction

At FRAMOS, we take your privacy seriously. This Privacy Policy outlines how we collect, use, and protect your personal data in compliance with global data protection regulations, including the GDPR. Whether you’re browsing our website, downloading resources, or engaging with our team, we are committed to ensuring transparency, security, and full control over your information.

GENERAL DATA PROTECTION NOTICE

Thank you for visiting our website and for your interest in our company. Protecting your personal data is very important to us, and we want you to feel secure during your visits to our web pages. This Policy outlines which information we collect when you visit our website and how this data is used.

Our contact information

FRAMOS GmbH

Tölzer Straße 1

81379 Munich

Germany

Email: info@framos.com

Data protection officer contact information

PROLIANCE GmbH

Leopoldstraße 21

80802 Munich

Germany

datenschutzbeauftragter@datenschutzexperte.de

Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32. of the General data protection regulation (hereinafter: GDPR), taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons.

This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

Storage period

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

Your rights

In the following, you will find information about your data subject rights, which the current data protection law grants you against the data controller concerning the processing of personal data. If you wish to exercise any of the rights referred in the point 3.1.-3.7. you can contact us by an e-mail: legal@framos.com.

Right of access

You may request confirmation from us as to whether or not your personal data are being processed and request detailed information about the processing, in particular the purpose of the processing, the type/categories of personal data processed, including access to your personal data, the recipients or categories of recipients and the expected period for which the personal data will be stored.

Right to rectification

You have the right to request that we immediately correct any inaccurate or incomplete personal data.

Right to erasure

You have the right to request that your personal data be deleted. If the request is justified and we are not legally obliged to store it, the data will be deleted immediately.

Right to restricted processing

You have the right to ask us to restrict the processing of your personal data if you contest the accuracy of that data (for a period enabling us to verify the accuracy of the personal data), if the processing is unlawful and you object to the erasure of your data and if we no longer need the data and we can extract it, but you need it to establish, exercise or defend legal claims and you therefore want us to continue storing it.

Right for Withdraw

Where the processing of personal dana is based on your consent, you have the right to withdraw your consent at any time.

The Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

To withdraw your consent, you may contact us at legal@framos.com or use the available opt-out mechanisms provided within our services.

Right to complain

If you have any complaints about the processing of personal data, you can contact us at any time by email: legal@framos.com. We will carefully examine your complaint and respond within 30 days.

Complain to the supervisory body

If you believe that the collection and processing of personal data has violated your rights, you can file a complaint with the supervisory authority:

Federal Commissioner for Data Protection and Freedom of Information

Graurheindorfer Str. 153

53117 Bonn

Notification of changes

We review Privacy policy regularly, but at least once a year.

Please check back from time to time for any changes or updates to our privacy policy, which will be posted here and include an updated effective date and date.

The last review and update was performed on June 01 , 2026.

Webhosting

This website is hosted by an external service provider, Scala Hosting LLC (hoster), and the data is stored within the European Union (Bulgaria).

Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to:

  • IP addresses,
  • contact requests,
  • meta and communication data,
  • web page accesses,
  • other data generated by a website.

We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you.

The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR.

We have concluded a Data Processing Agreement (DPA) with the provider in accordance with the requirements of Art. 28 GDPR, in which the provider commits to protect the data of our customers and not to pass them on to third parties.

1.1. Access to and storage of information in terminal equipment

By using our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.

In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of § 25 para. 1 s. 1, para. 2 no. 2TDDDG.

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of § 25 para. 1 TDDDG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.

1.2. Server-Logfiles

To ensure proper functioning of our website, when you visit the site we process personal data that is transmitted to us by your browser.

This information are:

  • IP address,
  • the date and time of the request,
  • the difference between your time zone and Greenwich Mean Time (GMT),
  • the content of the request (specific page visited),
  • the access status/HTTP status code,
  • the volume of data transferred in each case,
  • the website that is the source of the request,
  • your browser,
  • operating system and its interface,
  • the language and version of the browser software.

We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you. The log files are processed for the purpose of evaluating system security and stability as well as for administrative purposes. The log files serve to evaluate system security and stability as well as administrative purposes.

The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. It is not possible for us to draw conclusions about individual persons on the basis of this data.

After 60 days at the latest, the data is made anonymous by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. This data is not evaluated in anonymous form except for statistical purposes. This data is not combined with data from other data sources.

1.3. Cookies and Plugins

We use what are known as “cookies” to make our website more user friendly.

Cookies are small text files that are saved on your hard drive by your browser. They enable certain information to be provided to the entity (in this case, us) sending the cookie.

Cookies are used to make our website easier to use and to make possible the functions that you use. If we also use cookies for other purposes, we explain in this Privacy Policy what we use them for.

In your browser, you can change various settings relating to cookies as well as prohibit cookies from being accepted and delete already accepted cookies. However, please note that without cookies, you may not be able to use all of the services on our website.

Insofar as cookies are used by third parties on this site, additional information is provided through the services implemented here.

Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR.

We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services.

Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.

Insofar as cookies are used for analysis purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent.

You can set your browser to:

  • be informed about the setting of cookies,
  • only allow cookies in individual cases,
  • exclude the acceptance of cookies for certain cases or generally,
  • activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioral advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Additionally, you can prevent the loading of so-called scripts by default. “NoScript” allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser.

Please note that if you disable cookies, the functionality of our website may be limited.

1.3.1. Change cookie settings

You can revoke or change your cookie settings at any time. To do so, access the cookie settings again via this link: https://www.framos.com/en/privacy-policy.

2. Our external service providers

2.1. Google services

2.1.1. Google Analytics

We use “Google Analytics” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.

Scope of data processing?

Google Analytics will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google.

We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.

Legal basis of data processing?

Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.

Recipients/Data transfer?

We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.

More information?

The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms/

https://policies.google.com/privacy

2.1.2. Google Ads

We use “Google Ads” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.

Scope of data processing?

Google Ads is used by us for marketing and optimisation purposes, in particular to display ads that are relevant and interesting to you.

If you have given us your consent, we can use Google Ads to draw attention to our attractive offers by using advertising material on external websites. This enables us to determine how successful individual advertising measures are.

These advertising media is delivered by Google Ads via so-called “AdServers”. We use AdServer cookies for this purpose, through which certain parameters for measuring success, such as the display of the ads or clicks by users, can be measured.

If you reach our website via a Google Ads, it will store a cookie on your PC.

These cookies usually expire after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie:

  • Unique cookie ID,
  • number of ad impressions per placement (frequency),
  • last impression (relevant for post-view conversions),
  • opt-out information (marking that the user no longer wishes to be contacted).

Legal basis of data processing?

Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.

More information?

Further information on data use by Google, on setting and objection options as well as on data protection can be found on the following Google websites:

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser.

Please note that in this case you may not be able to use all functions of our website to their full extent.

2.1.3. Google Ads Remarketing

We use "Google Ads Remarketing" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Scope of data processing?

This function makes it possible to link the advertising target groups created with Google Ads Remarketing with the cross-device functions of Google AdWords and Google DoubleClick.

In this way, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have given your consent, Google Ads Remarketing will link your web and app browsing history with your Google account for this purpose. In this way, the same personalized advertising messages can be served on every end device on which you log in with your Google account.

Legal basis of data processing?

Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.

Recipients/Data transfer?

To support this feature, Google Analytics-authenticated IDs of users are collected and temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.

More information?

You can permanently opt-out of cross-device remarketing/targeting by disabling personalized advertising in your Google account; follow this link: https://adssettings.google.com/.

2.1.4. Google Maps

We use "Google Maps" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Scope of data processing?

This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.

To use the functionalities of Google Maps, it is necessary to store your IP address.

Google uses cookies to collect information about user behavior.

Legal basis of data processing?

Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.

2.1.5. Google Fonts

We use "Google Fonts" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Scope of the data processing?

Google Fonts enables us to use external fonts. For this purpose, the required Google Fonts are loaded into your browser cache by your web browser when you access our website. This is necessary so that your browser can also display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display.

We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly.

Legal basis of data processing?

Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.

Recipients/ Data transfer?

The integration of these Google Fonts is done by a server call, usually a Google server in the U.S. This transmits to the server which page of our website you have visited.

Also, the IP address of the browser of the end device of the visitor is stored by Google.

More information?

Further information on Google Fonts can be found at https://fonts.google.com/.

2.1.6. Google Tag Manager

We use "Google Tag Manager" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Scope of data processing?

This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user's IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it will remain for all tracking tags as long as they are implemented with the Google Tag Manager.

Legal basis of data processing?

Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.

2.1.7. Google Photos

We use "Google Photos" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Scope of data processing?

Google Photos allows us to integrate and display image galleries on our website. The images are loaded by a server call, usually a Google server in the U.S. This transmits to the server which page of our website you have visited. Also, the IP address of the browser of the terminal device of the visitor is stored by Google.

We use Google Photos for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly.

Legal basis of data processing?

Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.

2.1.8. Youtube

We use components of the "YouTube" video platform on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Legal basis of data processing?

Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. This consent can be revoked at any time with effect for the future.

More information?

Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/privacy

2.1.9. Appropriate safeground during the data transfer to Google

Since a transfer of personal data by Google LLC to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR.

For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework.

Google LLC is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search.

For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR.

These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe. For general information about Google's privacy policy, please visit https://www.google.de/intl/de/policies/privacy.

2.2. Hotjar

We use Hotjar on our website a service provided by Hotjar Ltd. Hotjar Ltd 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe.

Scope of data processing?

This tool allows us to track movements on the websites where Hotjar is used. The tool also allows us to get feedback directly from the users of the website. Most importantly, Hotjar’s services can improve the functionality of the Hotjar-based website by making it more user-friendly, more valuable and easier for end users to use.

When using this tool, we take special care to protect your personal data. Therefore, we can only track which buttons are clicked, the mouse history, how far it scrolls, the screen size of the device, device type and browser information, geographic location (country only) and the preferred language to display our website. Areas of the websites where personal information about you or third parties is displayed are automatically hidden by Hotjar and therefore cannot be traced at any time.

In order to exclude the possibility of direct personal references, IP addresses are only stored and processed anonymously. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that are transmitted by your browser as part of web page requests.

Legal basis of data processing?

This processing is carried out in accordance with Art. 6 para. 1 a of GDPR on the basis of your consent for the purpose of statistical analysis of user behaviour for optimisation and marketing purposes.

More information?

Hotjar stores the customer data in the European Union. In a few cases, customer data may be accessed from the USA or other countries whose data protection laws differ from the data protection laws at your place of residence, or other data (e.g. e-mail) may be transferred to such countries. Hotjar has taken reasonable precautions to ensure that your personal data remains protected and requires that Hotjar’s third party service providers and partners also take reasonable precautions.

For more information about Hotjar Ltd. and about the Hotjar tool, please visit: https://www.hotjar.com

You can find the privacy policy of Hotjar Ltd: https://www.hotjar.com/privacy.

2.3. Linkedln Analytics

We use conversion tracking technology on our website as well as the retargeting feature of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Scope of data processing?

This allows us to serve personalized ads to visitors to our website on LinkedIn. For this purpose, a cookie, LinkedIn Insight tag, is set in your browser with a validity of 120 days.

This cookie enables LinkedIn to recognize you if you visit this website and are simultaneously logged in to your LinkedIn account. LinkedIn uses this data to generate anonymous reports on ad performance and website interaction information. The information generated by the cookie is usually transferred to a server in the USA and stored there.

Legal basis of data processing?

The legal basis for the processing is your consent pursuant to Art. 6 (1) lit. a GDPR.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have

More information?

You may opt-out of LinkedIn Insight conversion tracking and interest-based personalized advertising by following this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

For more information about LinkedIn's privacy policy, please visit following link: https://www.linkedin.com/legal/privacy-policy.

2.4. Linkedln Ads

We use conversion tracking technology on our website as well as the retargeting feature of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Scope of data processing?

This allows us to serve personalized ads to visitors to our website on LinkedIn. For this purpose, a cookie, LinkedIn Insight tag, is set in your browser with a validity of 120 days. This cookie enables LinkedIn to recognize you if you visit this website and are simultaneously logged in to your LinkedIn account. LinkedIn uses this data to generate anonymous reports on ad performance and website interaction information. The information generated by the cookie is usually transferred to a server in the USA and stored there.

Legal basis of data processing?

The legal basis for the processing is your consent pursuant to Art. 6 (1) lit. a GDPR.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR.

More information?

You may opt-out of LinkedIn Insight conversion tracking and interest-based personalized advertising by following this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

For more information about LinkedIn's privacy policy, please visit the following link: https://www.linkedin.com/legal/privacy-policy.

2.5. Zapier

We use the integration service Zapier to link tools together on our website. Zapier is a service of Zapier Inc. 243 Buena Vista Ave #508, Sunnyvale, CA 94086, USA.

Scope of data processing?

Zapier is used in the interest of integrating the tools used by us as effectively as possible.

Legal basis of data processing?

This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR.

More information?

We have concluded a contract on commissioned data processing with Zapier, in which we oblige Zapier to protect our customers’ data and not to pass it on to third parties.

You can find more information about Zapier at https://zapier.com and in Zapier’s privacy policy: https://zapier.com/privacy.

2.6. WooCommerce

We use WooCommerce on our website provided by the WooCommerce Ireland Ltd. Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86.

Scope of data processing?

We use the WooCommerce e-commerce platform to design our web shop with the help of Wordpress plug-ins.

Legal basis for data processing?

We process the data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to ensure the optimal design of our online shop.

We have concluded a data processing agreement with the provider WooCommerce Ireland Ltd. in accordance with the requirements of Art. 28 GDPR, in which we oblige it to protect our customers' data and not to pass it on to third parties.

More informations?

For the purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options to protect your privacy, please refer to the privacy notices of WooCommerce Automatic Inc.

2.7. Microsoft Clarity

We use Microsoft Clarity on our website, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Scope of data processing?

“Microsoft Clarity" is a Microsoft procedure in which analysis is carried out on the basis of a pseudonymous user ID, such as the evaluation of performance data for certain designs and mouse movements on the website. The analysed data should be used to be able to send you personalised and interest-based advertising on the basis of the user profile created, as well as to carry out conversion and reach measurement.

The following data is processed in pseudonymised form:

  • Usage data (page visited, time of access)
  • Device information
  • IP address
  • location data
  • Movement data (mouse and scroll movements)

The settings of Clarity are configured in such a way that the data collection by Microsoft already takes place via so-called IP-masking in pseudonymised form.

Legal basis of data processing?

Data processing takes place on the basis of your freely given consent in the form in accordance with Art. 6 para. 1 lit. a GDPR. Consent is freely given and can be withdrawn at any time. Please note, however, that the enquiry in the contact form cannot be sent without consent.

More information?

Since a transfer of personal data by Microsoft to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search.

For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR.

These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.

You can find more information on data protection and the cookies used at Microsoft on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement.

We use the Consent management Plattform “Cookieboot” on our website, provided by the company Usercentrics A/S, Havnegade 39,1058 Kopenhagen, Dänemark.

Scope of data processing?

When visiting our website we use this service in order mange the consent to the use of cookies and similar technologies on our website.

If we use technically necessary cookies and similar technologies as part of the integration of the service, this is done in accordance with § 25 (2) of the Telecommunications Digital Services Data Protection Act (TDDDG).

Legal basis of data processing?

Subsequent data processing by Cookiebot is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR wit a purpose in form of our legitimate interest of using cookies and similar technologies on our websites in compliance with data protection regulations and to enable you to easily revoke your declarations of consent.

If you give your consent via our consent banner, Usercentrics processes the following data:

  • The IP address of the requesting computer,
  • the description of the web browser and operating system used
  • the address of the website from which your consent was sent
  • the date and time of consent,
  • a pseudonymous, random and encrypted consent key (consent ID).
  • your consent status, which serves as proof of your consent

More information?

This data is logged on Usercentrics’s servers. Your IP address is shortened by removing the last three digits so that a personal reference can no longer be established.

In this way, our websites are able to check your consent status for all subsequent and future page views and to activate or deactivate cookies and other technologies in accordance with your decision to use them when you return to the site.

The check is carried out by comparing the consent key and the consent status from the “CookieConsent” cookie with the values transmitted to Usercentrics when you gave your consent to ensure that the status of your original consent has not changed.

We transmit your data to Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Further information on how Usercentrics handles personal data can be found at https://www.cookiebot.com/en/privacy-policy/.

Your consent ID and your consent status will also be stored both in the browser of your end device in the “CookieConsent” cookie and on Usercentrics’s servers for a period of 12 months.

2.9. Meta Ads (Facebook and Instagram)

We use services provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”) to display advertisements on Facebook and Instagram and to measure their effectiveness.

In this context, Meta may process personal data such as device information, cookie data, usage behavior, and interactions with our advertisements or website. This data may be used by Meta to enable the delivery of targeted advertising, measure ad performance, and create aggregated insights about ad campaigns.

We use Meta advertising tools (e.g., Meta Pixel and Conversions API, where applicable) to analyze user interactions with our website and to optimize our advertising campaigns. This helps us show more relevant ads and measure their effectiveness.

The processing of your data in this context is based on your consent (Art. 6 para. 1 lit. a GDPR), where required, and/or on our legitimate interest in analyzing and optimizing advertising measures (Art. 6 para. 1 lit. f GDPR).

Meta may combine this data with other information collected through Facebook and Instagram accounts and may transfer data to third countries, including the United States. Where such transfers occur, Meta relies on appropriate safeguards, including the EU-U.S. Data Privacy Framework or Standard Contractual Clauses.

For more information on how Meta processes personal data, please refer to Meta’s Privacy Policy.

DATA PROTECTION NOTICE FOR CONTACT, REGISTRATION & NEWSLETTER

CONTACT FORM

Scope of data processing?

If you send us requests via one of our contact forms or email, your details from the contact form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions.

We are processing:

  • Your first and last name,
  • Your e-mail address,
  • Your company name and job title,
  • County and phone number,
  • Application.

Under no circumstances will we pass on this data without your consent.

Legal basis of data processing?

The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract.

More information?

Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary.

You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.

Newsletter (Salesforce & Pardot)

Scope of data processing?

If you would like to receive the newsletter offered on our website with regular information about our offers and products, we need the following information:

  • Your first and last name,
  • Company name,
  • E-mail address,
  • Country and application

For the dispatch of the newsletter we use the so-called double opt-in. This means that we will only send you our newsletter via email, if you have expressly confirmed that you agree to receive newsletters. In the first step, you will receive an email with a link to confirm that you, as the owner of the corresponding email address, wish to receive newsletters in the future.

When you register for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address by which you registered for the newsletter as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later point in time.

Legal basis of data processing?

With the confirmation you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.

More information?

You can unsubscribe from the newsletter at any time by clicking on the link included in each newsletter or by sending an email to the controller as described above. Once you have cancelled your subscription, your email address will be deleted from our newsletter list immediately, unless you have expressly consented to the continued use of the data collected.

Our email newsletters are sent via a technical service provider Pardot to whom we pass on the data you provide when you register for the newsletter. Pardot is a service provider by the Salesforce.com, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA.

Privacy policy: https://www.salesforce.com/de/company/privacy/.

We have concluded a data processing agreement with our e-mail service provider in which we bind him to protect the data of our customers and not to pass them on to third parties.

If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

Whitepappers & Case Study

Scope of data processing?

If you are interested in a whitepaper, you can request it by providing your first and last name, company name, job title, and e-mail address.

After you have requested the whitepaper, we will send it to the e-mail address you provided.

Legal basis of data processing?

After you request a whitepaper, we use your email address to send our newsletter. The legal basis for this is your consent pursuant to Art. 6 (1) para. 1 lit a) GDPR.

If you do not want to receive the newsletter or no longer want to receive it, you can object to the sending at any time.

More information?

Our whitepapers are sent via the platform of the provider Pardot.

Eventbrite

Scope of data processing?

For the organization of events we use the technical solution “Eventbrite”, which is operated by Eventbrite, Inc., 155 5th Street, Floor 7, San Francisco, CA 94103, USA.

Which data is being processed?

If you want to register for an event, you will be redirected to the Eventbrite website for this purpose.

Eventbrite usually collects:

  • your first and last name,
  • e-mail address,
  • ticket type
  • the event ID when you provide this information as part of a registration and then transmits this data to us as the event organizer.

We, as the event organizer, receive access from Eventbrite to the above data of the participants of the booked event.

Legal basis of data processing?

The legal basis for the processing of your personal data is the performance of the contract, Art. 6 (1) para. 1 lit. b) GDPR.

More information?

We have concluded a data processing contract with Eventbrite, in which we oblige the provider to protect our customers’ data and not to pass it on to third parties.

Data processing outside the EU?

Since a transfer of personal data by Eventbrite to affiliates and sub-processors to countries outside the EU and EEA is possible, further appropriate safeguards are required to ensure the level of data protection under the GDPR. For the U.S., there is an adequacy decision of the EU Commission pursuant to Art. 45. (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Eventbrite Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to compliance with adequate data protection standards, which can be verified via the following link: https://www.dataprivacyframework.gov/s/participant-search.

For potential transfers to other countries outside the EU and the EEA, for which no adequacy decision of the EU Commission exists, we have concluded standard contractual clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the country outside the EU to process the data in accordance with the level of protection in Europe.

For the purpose and scope of the data collection and the further processing and use of the data by the provider, as well as your rights in this regard and setting options for protecting your privacy, please refer to the Eventbrite privacy policy.

GoTo Webinar

Scope of data processing?

We use the tool "GoTo Webinar" to conduct online webinars, virtual events, presentations, and related online sessions (hereinafter: "Webinars"). "GoTo Webinar" is a service provided by GoTo Technologies Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland, and its affiliated companies within the GoTo group.

We use "GoTo Webinar" to conduct webinars. If we intend to record a webinar, we will inform you transparently in advance and, where required, obtain your consent. The fact that a recording is taking place will also be displayed within the GoTo Webinar application.

If it is necessary for the purpose of documenting the results of a webinar, we may process questions, comments, chat content, survey responses, and other contributions submitted by participants during the webinar. In the case of webinars, we may also process questions asked by participants for the purpose of conducting and following up on the webinar.

If you are registered as a user of GoTo Webinar, reports relating to webinars (e.g., webinar metadata, participation information, questions and answers, survey responses, and attendance reports) may be stored by GoTo for a limited period in accordance with the applicable retention settings.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

Note: To access a webinar, it may be necessary to visit websites operated by GoTo. In this respect, GoTo is responsible for the processing of personal data carried out on its websites. Accessing such websites is generally required only for registration, downloading software, or joining a webinar. You may also participate via a web browser without installing software, depending on the functionality offered by GoTo Webinar.

Which data is being processed?

Various types of data are processed when using GoTo Webinar. The scope of the processing depends in part on the information you provide before or during participation in a webinar.

The following personal data may be processed:

  • User details: first name, last name, email address, company name and job title.
  • Webinar metadata: title and description of the webinar, participant information, attendance duration
  • If recording is enabled: audio recordings, video recordings, shared screen content, presentations, chat content, questions and answers, survey responses, and other content contributed during the webinar.
  • For dial-in participation by telephone: information on incoming and outgoing telephone numbers, country information, start and end times
  • Text, audio and video data: During a webinar, users may have the opportunity to use chat, Q&A, polling, survey, or feedback functions. To this extent, the information you enter will be processed in order to display it during the webinar and, where necessary, to document webinar results.
  • To participate in a webinar, users must generally provide at least your name and email address.

Legal basis of data processing?

The legal basis for the processing of personal data in connection with webinars is Art. 6 para. 1 sentence 1 lit. b GDPR where the webinar is conducted in the context of a contractual relationship or pre-contractual measures.

Where no contractual relationship exists, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the effective and efficient conduct of webinars and online events.

Where recordings are made or other processing activities require consent, the processing is based on Art. 6 para. 1 sentence 1 lit. a GDPR.

More information?

Personal data processed in connection with participation in webinars is generally not disclosed to third parties unless such disclosure is necessary for the purpose of the webinar. Please note that webinar content, similar to information exchanged during in-person events, is often intended to be shared with participants, customers, interested parties, or other recipients.

Other recipients: The provider of GoTo Webinar necessarily receives access to personal data to the extent required for the provision of its services. We have concluded a data processing agreement with GoTo that meets the requirements of Art. 28 GDPR.

Further information on data protection at GoTo can be found in GoTo's Privacy Policy.

Data processing outside the EU?

GoTo Webinar is provided by an international service provider. Personal data may therefore be processed in countries outside the European Union (EU) and the European Economic Area (EEA).

For transfers of personal data to the United States, GoTo has certified compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework. These frameworks provide an adequate level of protection for personal data transferred from the EU, EEA, Switzerland, and the United Kingdom.

For transfers to other countries for which no adequacy decision of the European Commission exists, appropriate safeguards, including the European Commission's Standard Contractual Clauses pursuant to Art. 46 para. 2 lit. c GDPR, are implemented where required to ensure an adequate level of data protection.

DATA PROTECTION INFORMATION FOR CLIENTS, CONTRACTING PARTIES AND OTHER INTERESTED PARTIES

We process your personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, implementation or performance of a contract or for the implementation of precontractual measures, including the management of claims.

Insofar as personal data is required for the initiation or implementation of a contractual relationship or in the context of the implementation of precontractual measures, processing is lawful pursuant to Art. 6 (1) para. 1 lit b) GDPR.

If you give us express consent to process personal data for specific purposes (e.g., disclosure to third parties, evaluation for marketing purposes, or addressing you by e-mail for advertising purposes), the lawfulness of this processing is based on your consent pursuant to Art. 6 (1) para. 1 lit. a) GDPR. Consent given can be revoked at any time with effect for the future.

If necessary and legally permissible, we process your data beyond the actual contractual purposes for the fulfillment of legal obligations pursuant to Art. 6 para. 1 lit. c GDPR. In addition, processing may be carried out to protect the legitimate interests of us or third parties and to defend and assert legal claims pursuant to Art. 6 para. 1 lit. f GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.

2. Categories of personal data

We only process data that is related to the establishment of the contract or the pre-contractual measures.

This can be general data about:

  • you or persons in your company (name, address, contact details, etc.)
  • any other data that you provide to us in the context of the establishment of the contract.

3. Sources of data

We process personal data that we receive from you in the course of contacting you or establishing a contractual relationship or in the course of precontractual measures.

4. Recipients of data

We disclose your personal data within our company exclusively to those areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interests.

We may transfer your personal data to companies affiliated with us, insofar as this is permissible within the framework of the purposes and legal bases set out in this section of this data protection information sheet.

Your personal data is processed on our behalf based on data processing agreements pursuant to Art. 28. GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients are providers of customer management systems and software.

More information on providers used in the area of communication tools can be found in Data protection information for FRAMOS website.

Otherwise, data is only passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for processing and thus fulfilling the contract or, at your request, for carrying out pre-contractual measures, if we have your consent or if we are authorized to provide information.

Under these conditions, recipients of personal data may be, for example:

  • External tax advisor,
  • Public bodies and institutions (e.g. public prosecutor’s office, police, supervisory authorities, tax office) if there is a legal or official obligation,
  • Recipients to whom the disclosure is directly necessary for the purpose of establishing or fulfilling a contract, e.g. payment service providers, trading partners.

5. Transfer of data to our Partners

For the purpose of concluding business we may need to transfer your information to our partners.

In case we may transfer your personal data like:

  • first name,
  • address.

The legal basis is Art. 6 para. 1. lit. b) GDPR, as the information is required in the context of your purchase contract and the services to be provided. This data will only be used by our partners for this purpose.

6. Transfer to a third country (outside EU)

A transfer to a third country is not intended.

A transfer of personal data to countries outside the EEA (European Economic Area) or to an international organization will only take place if this is necessary for the processing and thus the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, the transfer is required by law or you have given us consent. In these cases, recipients may include, among others, payment providers.

Storage period

As far as necessary, we process and store your personal data for the duration of our business relationship or for the fulfillment of contractual purposes. This includes, among other things, the initiation and execution of a contract.

In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods prescribed there for storage or documentation are two to ten years.

Finally, the storage period also depends on the statutory periods of limitation, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.

Your rights

For detailed information about your rights, please refer to the section General data protection notice, point 3. of this privacy policy.

Necessity of providing personal data

The provision of personal data for the decision on the conclusion of a contract, the performance of a contract or for the implementation of precontractual measures is voluntary. However, we can only make a decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the performance of the contract or precontractual measures.

DATA PROTECTION INFORMATION FOR APPLICANTS

If you apply for a job via our careers page or by e-mail, we collect personal data.

This particularly includes your contact data:

  • first and last name,
  • telephone number,
  • e-mail address,
  • other data you provide about your background (e.g., resume, qualifications, degrees, and work experience) and yourself (e.g., cover letter, personal interests). This may also include special categories of personal data (e.g. information about a severe disability).

As a rule, your personal data is collected directly from you as part of the application process and encrypted during electronic transmission.

The primary legal basis for this is Art. 6 (1) lit. b GDPR in conjunction with §26 para. 1 BDSG. In addition, consent pursuant to Art. 6 (1) lit. a GDPR in conjunction with § 26 para. 2 BDSG can be used as a data protection permission provision.

If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.

2. Sources and recipients of data - Personio

We use a so-called “iFrame” of Personio GmbH (“Personio”), Rundfunkplatz 4, 80335 Munich, Germany for our career page.

Here, content from Personio is displayed on our website (job ads). You can send us applications via the online application form created there. The data is then transferred to our applicant tool, which is provided to us by Personio.

Personio uses cookies to ensure functionality. For more information on cookies, please refer to the data protection information on our website (see point 1 of this privacy policy). We have concluded a Data Processing Agreement with Personio, in which we oblige Personio to protect our customers’ data and not to pass it on to third parties. You can find more information on Personio’s data protection here.

Within our company, only those persons and departments (e.g. Human Resources) that absolutely need your personal data to carry out the application process or to fulfill our legal obligations have access to it. If necessary, your applications will be forwarded to the relevant responsible persons for examination. Under no circumstances will your personal data be passed on to third parties without authorization.

3. Storage period

Your data relating to an application for a specific job posting will be stored and processed by us during the ongoing application process.

After completion of the application process (e.g. in the form of an acceptance or rejection), the application process, including all personal data, will be deleted from the system no later than six months after completion of the application process. The data of selected applicants will be stored securely for up to 2 years, provided that the applicants have given their consent to this in accordance with Art. 6 (1) lit. a GDPR.

You can revoke your consent at any time with effect for the future. An informal e-mail using the contact details of the responsible person listed above is sufficient for this purpose. If you will get accepted, your application documents will be transferred to the personnel file.

4. Your rights

For further information on data protection, in particular your rights under the GDPR, please also General data protection notice, point 3. of this privacy policy.

SOCIAL MEDIA

If your personal data is processed by one of the providers listed below, this provider is responsible for data processing within the meaning of the GDPR. For the assertion of your rights, please contact the respective provider. Only they have access to the data collected from you. However, if you need any assistance, please contact us any time.

The pages and profiles we manage on social networks (Facebook, Linkedln, X and Youtube) are always under the exact name and control of FRAMOS.