STEINEL | Principles of data protection

Principles of Data Protection

1. DATA PRIVACY AT A GLANCE

General Information

The following information provides you with a simple overview of what happens to your personal data when you visit this website. Personal data are all data that can be used to identify you personally. For detailed information about the subject of data protection, refer to our Data Privacy Statement which is provided below.

Recording of data on this website

Who is responsible for the recording of data on this website?

The data on this website are processed by the website operator. You will find this party's contact details in the Publication Details provided on this website.

How do we record your data?

On the one hand, your data are collected as a result of your communicating such to us. This may, for example, be data you enter in our contact form.

Other data will be recorded by our IT system automatically after you give your consent on visiting the website. Primarily, these are technical data (e.g. web browser, operating system or the time at which the site was accessed). These data are recorded automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to guarantee the error-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have in relation to your data?

You have the right at all times to be informed free of charge on the origin and recipients of your personal data as well as on the purpose for which they were stored. You also have the right to demand that these data be rectified or erased. If you have given your consent to your data being processing, you can withdraw this consent at any time with effect for the future. Under specific circumstances, you also have the right to obtain restriction of the processing of your personal data. Furthermore, you are entitled to lodge a complaint with the responsible supervisory authority.

You can contact us at any time at the address given in the Publication Details if you have questions about the above or any other aspect of data privacy.

Analyse tools and tools of third-party providers

When you visit this website, your browsing patterns may undergo statistical analysis. In most cases, this is done using analysis programs.

You will find detailed information about these analysis programs in the following data privacy statement.

2. HOSTING AND CONTENT DELIVERY NETWORKS (CDN)

External hosting

This website is hosted by an external service provider (host). The personal data recorded on this website are stored on the host's servers. Primarily, these may be IP addresses, contact requests, metadata and communication data, contract data, contact details, names, web page access and other data generated via a website.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (point b of Art. 6(1) of the GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (point f of Art. 6(1) of the GDPR).

Our host will only process your data to the extent that is necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

We use the following host:

Laudert GmbH + Co. KG

Von-Braun-Strasse 8

48691 Vreden

Germany

To ensure that processing takes place in compliance with data protection regulations, we have entered an order processing contract with our host.

3. GENERAL AND MANDATORY INFORMATION

Data privacy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection provisions as well as in compliance with this data privacy statement.

When you use this website, various personal data will be collected. Personal data are data that can be used to identify you personally. This data privacy statement explains which data we collect and what we use them for. It also explains how, and for which purpose this is done.

We wish to point out that data communicated on the Internet (e.g. in communication by email) may be vulnerable to security loopholes. Data cannot be fully protected from access by third parties.

Information on the controller

The controller responsible for processing data on this website is:

STEINEL Vertrieb GmbH

Dieselstrasse 80 -84

33442 Herzebrock-Clarholz, Germany

Phone: +49 (0) 5245 448-0

E-mail: info@steinel.de

Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data (e.g. names, email addresses etc.).

Period for which data are stored

Unless a more specific storage period has been specified within this data privacy statement, your personal data will remain with us until the purpose for processing such ceases to exist. If you assert a legitimate request for erasure or withdraw your consent to your data being processed, your data will be erased unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be erased once these reasons cease to exist.

Data protection officer as mandated by law

We have appointed a data protection officer for our company.

Aulinger Datenschutz & Consulting GmbH

Dr. Ralf Heine

Frankenstrasse 348

45133 Essen

Germany

Phone: +49 (0) 201 9598662

Email: info@aulinger-dc.eu

Information on data transfer to the USA

Among the tools integrated into our website are some from companies based in the USA. When these tools are activated, your personal data may be forwarded to the US servers of these companies. We point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are required to release personal data to security authorities without you, as the data subject, being able to take legal action against such. For this reason, it cannot be ruled out that US authorities (e.g. secret services) could process, evaluate and permanently store your data on US servers for monitoring purposes. Such processing activities are beyond our control.

Withdrawal of your consent to the processing of data

Many data-processing operations are only possible with your express consent. You can at any time withdraw any consent you have already given. This shall be without prejudice to the lawfulness of any data collection having taken place prior to withdrawal.

Right to object to the collection of data in special cases as well as the right to object to direct advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF POINT E OR F OF ART. 6(1) OF THE GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION; THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO IDENTIFY THE PARTICULAR LEGAL BASIS ON WHICH ANY PROCESSING OF DATA IS BASED, REFER TO THIS DATA PRIVACY STATEMENT. IF YOU FILE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA AFFECTED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR SUCH PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR PROCESSING SERVES THE PURPOSE OF ESTABLISHING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) OF THE GDPR).

WHERE YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU SHALL HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) OF THE GDPR).

RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

In the event of any infringement of the GDPR, the data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint shall be given without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to demand that we hand over to you or any third party in a commonly used, machine-readable format any data we automatically process on the basis of your consent in order to fulfil a contract. If you demand any direct transfer of data to another controller, this will be done only if it is technically feasible.

SSL and/or TLS encryption

For security reasons and to protect the communication of confidential content, such as purchase orders or enquiries you submit to us as the website operator, this site uses either an SSL or a TLS encryption program. You can recognise an encrypted connection in the browser's address lines when it changes from “http://” to “https://” and also by the lock symbol in your browser bar.

When SSL or TLS encryption is activated, the data you communicate to us cannot be read by third parties.

Encrypted payment transactions on this website

If entering a fee-based contract involves any obligation to communicate your payment data to us (e.g. account number in the case of direct debit authorisation), such data will be required for handling payment.

Payment transactions via the commonly used means of payment (Visa/MasterCard, direct debit) will be made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection in the browser's address lines when it changes from “http://” to “https://” and also by the lock symbol in your browser bar.

With encrypted communication, your payment data you submit to us cannot be read by third parties.

Information, erasure and rectification

Within the scope of the applicable statutory provisions, you have the right at any time to demand information about your stored personal data, their origin and recipients as well as the purpose for which your data are processed and, if applicable, also have a right to have your data rectified or erased. You can contact us at any time at the address given in the Publication Details if you have questions about the above or any other aspect of personal data.

Right to restriction of processing

You shall have the right to obtain restriction of the processing of your personal data. You can contact us at any time in this regard at the address given in the Publication Details. The right to restriction of processing exists in the following cases:

· If you contest the accuracy of the personal data stored with us, we will usually need time to verify such. For the time such verification takes, you have the right to obtain restriction of the processing of your personal data.

· If your personal data have been or are being processed unlawfully, you have the right to obtain restriction of the processing of your personal data rather than having them erased.

· If we no longer need your personal data, but you require them for the establishment, exercise or defence of legal claims, you shall have the right, instead of erasure, to obtain restriction of the processing of your personal data.

· If you have filed an objection under Art. 21(1) of the GDPR, your interests must be weighed up against ours. Until such time as it is established whose interests override, you have the right to obtain restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Rejection of advertising emails

The use of contact data published within the scope of the obligation to provide Publication Details for sending advertising and information material that has not been expressly requested is hereby rejected. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as by spam mails.

4. RECORDING OF DATA ON THIS WEBSITE

Cookies

Our websites and pages use "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are either stored on your terminal device temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use specific services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are necessary for technical reasons as specific website functions would not work without them (e.g. the shopping basket function or displaying videos). Other cookies have the purpose of evaluating user behaviour or of displaying advertising.

Cookies which are required for carrying out the process of electronic communication (required cookies) or for providing specific functions you wish to use (functional cookies, e.g. for the shopping basket function) or for optimising the website (e.g. cookies for measuring the web audience) are stored on the basis of point f of Art. 6(1) of the GDPR unless any other legal basis is specified. The website operator has a legitimate interest in storing cookies to provide its services in a technically sound and optimised manner. If any consent has been requested for storing cookies, the cookies concerned will be stored exclusively on the basis of this consent (point a of Art. 6(1) of the GDPR); this consent may be withdrawn at any time.

You can configure your browser in such a way that you are notified when cookies are set and only permit cookies on a case-by-case basis, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. The disabling of cookies can restrict the functionality of this website.

If cookies are used by third-party companies or for analysis purposes, we will inform you separately of such within the scope of this data privacy statement and, if necessary, request your consent.

Consenting to cookies with Consent Manager Provider

Our website uses the cookie consent technology of OneTrust PreferenceChoice to obtain your consent for storing specific cookies on your terminal device and for documenting such in compliance with data-protection requirements. The provider of this technology is OneTrust, LLC (headquarters in the United Kingdom: Cannon Green, 27 Bush Lane, London EC4R 0AA, UK and headquarters in the USA: 1350 Spring Street NW, Suite 500, Atlanta, Georgia 30309, USA ) (referred to below as "OneTrust").

When you enter our website, a connection will be set up with OneTrust's servers for obtaining your consents and any other declarations needed for the use of cookies. OneTrust will then store a cookie in your browser as a way of linking given consents or their withdrawal to you. The data recorded in this way will be stored until you request us to erase them, you delete the oneTRust cookie yourself or the purpose for which they are stored ceases to exist. Mandatory statutory retention periods remain without prejudice.

OneTrust is used to obtain the consent required in law for using cookies. The legal basis for this is point c of Art. 6(1) of the GDPR.

We have entered an order processing contract with OneTrust. This is a contract prescribed in data-protection law, which ensures that OneTrust only processes the personal data of our website visitors in line with our instructions and in compliance with the GDPR.

Server Log Files

The provider of these pages automatically collects and stores information in server log files, which your browser communicates to us automatically. These are:

· Browser type and browser version

· Operating system used

· Referrer URL

· Host name of the accessing computer

· Time of server request

· IP address

This data will not be merged with other data sources.

These data are recorded on the basis of point f of Art. 6(1) of the GDRP. The website operator has a legitimate interest in optimising its website and in displaying it in a technically sound manner – this makes it necessary to record the server log files.

Contact form

If you submit requests to us via the contact form, your details from the request form, including the contact details you provide in it, will be stored by us for the purpose of processing your request and for asking any further questions we may have. We will not pass on these data without your consent.

These data will be processed on the basis of point b of Art. 6(1) of the GDPR if your request is connected with fulfilling a contract or needs to be made for implementing pre-contractual measures. In all other cases, processing is based on our legitimate interest in processing requests submitted to us (point f of Art. 6(1) of the GDPR) or on your consent (point a of Art. 6(1) of the GDPR) insofar as such was requested.

The data entered by you in the contact form will remain with us until such time as you ask us to erase them, withdraw your consent to store them or the purpose for which they are stored ceases to exist (e.g. after we have finished dealing with your request). This shall not affect any mandatory statutory provisions – in particular statutory retention periods.

Request by email, telephone or fax

If you contact us by email, telephone or fax, your request, including all of the personal data provided in it (name, request) will be stored and processed by us for the purpose of dealing with your concern. We will not pass on these data without your consent.

The data you send us by contact requests will remain with us until such time as you ask us to erase them, withdraw your consent to store them or the purpose for which they are stored ceases to exist (e.g. after we have finished dealing with your concern). This shall not affect any mandatory statutory provisions – in particular statutory retention periods.

Communication via WhatsApp

Among other options, we use the WhatsApp instant messaging service for communication with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland.

Communication takes place via end-to-end encryption (peer-to-peer) which prevents WhatsApp or other third parties from gaining access to communication content. WhatsApp does, however, gain access to metadata that is generated in the course of the communication process (e.g. sender, recipient and time). We would also like to point out that, by its own admission, WhatsApp does share personal data of its users with its US-based parent company Facebook. You will find further details on data processing in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

WhatsApp is used on the basis of our legitimate interest in communicating as quickly and effectively as possible with customers, interested parties and other business and contracting parties (sentence 1, point f of Art. 6(1) of the GDPR). If any consent has been requested in this regard, data will be processed exclusively on the basis of that consent; this can be withdrawn at any time with effect for the future.

Communication contents exchanged between and on WhatsApp will remain with us until such time as you ask us to erase them, withdraw your consent to store them or the purpose for which they are stored ceases to exist (e.g. after we have finished dealing with your request). This shall not affect any mandatory statutory provisions – in particular statutory retention periods.

We have set our WhatsApp accounts in such a way that no automatic matching of data takes place with the address book on the smartphones being used.

Registration on this website

You can register on this website to use its additional functions. We will only use the data entered to do this for the purpose of using the particular offering or service for which you have registered. The mandatory information requested for registration must be provided in full. If it is not, registration will be denied.

In the event of major changes, e.g. in the scope of the services offered or in the event of changes that are necessary for technical reasons, we will use the email address provided at the time of registration to inform you of such.

The data entered at the time of registration will be processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (point b of Art. 6(1) of the GDPR).

The data recorded at the time of registration will be stored by us for as long as you are registered on this website and will then be erased. This shall not affect any statutory retention periods.

5. ANALYSE TOOLS AND ADVERTISING

Google Analytics

This website uses functions of the Google Analytics web analysis service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

Google Analytics enables the website operator to analyse the usage patterns of website visitors. For this purpose, the website operator receives various usage data, e.g. pages opened, length of stay, operating systems used and origin of the user. These data may be collated by Google in a profile that is matched up to the particular user or his/her terminal device.

Google Analytics uses technologies that permit user identification for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information about the use of this website recorded by Google is usually transmitted to a Google server in the USA and saved there.

This analysis tool is used on the basis of point f of Art. 6(1) of the GDRP. The website operator has a legitimate interest in analysing user behaviour for optimising both its website offering and its advertising. If any consent has been requested in this regard (e.g. any consent for storing cookies), processing will take place exclusively on the basis of point a of Art. 6(1) of the GDPR; this consent may be withdrawn at any time.

The communication of data to the USA is based on the EU Commission's standard contractual clauses. This is where you will find details: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

We have activated the IP anonymisation function on this website. This means that before your IP address is sent to the USA it will be shortened by Google within the member states of the European Union or in countries that are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website for compiling reports on website activities and for providing further services associated with the use of the website and of the Internet for the website operator. The IP address transferred from your browser within the framework of Google Analytics will not be merged with other data from Google.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available from the following link: https://tools.google.com/dlpage/gaoptout?hl=en

You will find further information on the handling of user data at Google Analytics in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en

Order processing

We have entered an order processing contract with Google and fully implement the stringent requirements of the German data-protection authorities when using Google Analytics.

Demographics in Google Analytics

This website uses Google Analytics' "Demographics" function to show website visitors appropriate advertisements within the Google advertising network. This provides the basis for creating reports that contain information on the age, gender and interests of site visitors. These data come from interest-based advertising from Google as well as from visitor data from third-party providers These data cannot be traced back to any specific person. You can deactivate this function at any time via the ad settings in your Google account or prohibit in general the recording of your data by Google Analytics, as described under "Objection to the recording of data".

Google Analytics E-Commerce Tracking

This website uses the Google Analytics' "E-Commerce Tracking" function. E-commerce tracking enables the website operator to analyse the purchasing behaviour of website visitors with a view to enhancing its online marketing campaigns. This records information, such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. These data may be collated by Google in a transaction ID that is matched up to the particular user or his/her device.

Period for which data are stored

Data stored by Google at user and event level and linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or erased after 26 months. For details, go to the following link: https://support.google.com/analytics/answer/7667196?hl=en

Google Ads

The website operataor uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms in Google (keyword targeting). Furthermore, targeted advertisements can be displayed on the basis of the user data (e.g. location data and interests) available at Google (target group targeting). As website operator, we can evaluate these data in quantitative terms, e.g. by analysing which search terms have resulted in our advertisements being displayed and how many advertisements have prompted clicks.

Google Ads is used on the basis of point f of Art. 6(1) of the GDRP. The website operator has a legitimate interest in marketing its products service as effectively as possible.

The communication of data to the USA is based on the EU Commission's standard contractual clauses. This is where you will find details: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Remarketing

This website uses functions of the Google Analytics Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

Google Remarketing analyses your user behaviour on our website (e.g. clicking on specific products) to put you in specific advertising target groups and then show you advertising messages that suit your interests when you visit other online offerings (remarketing or retargeting).

Furthermore, those advertising target groups generated with Google Remarketing can be linked to Google's cross-device functions. This way, interest-related, personalised advertising messages matched to you on the basis of your prior usage and browsing behaviour on a terminal device (e.g. mobile phone) can also be displayed on any other of your terminal devices (e.g. tablet or PC).

If you have a Google account, you can object to personalised advertising under the following link: https://www.google.com/settings/ads/onweb/.

Google Remarketing is used on the basis of point f of Art. 6(1) of the GDRP. The website operator has a legitimate interest in marketing its products as effectively as possible. If any consent has been requested in this regard, processing will take place exclusively on the basis of point a of Art. 6(1) of the GDPR; this consent may be withdrawn at any time.

You will find further information and the data privacy provisions in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=en

Target-group formation with Customer Match

Among the options available to us for forming target groups, we use Customer Match in Google Remarketing. Here, we transfer specific customer data (e.g. email addresses) from our customer lists to Google. If the customers concerned are Google users and logged in to their Google account, they will be shown advertising messages that suit their interests within the Google network (e.g. on YouTube, in Gmail or in the search engine).

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

Google Conversion Tracking enables Google and us to identify whether the user has carried out specific actions. This way, we can evaluate how often which buttons have been clicked on our website and which products have been viewed or purchased particularly frequently. This information is used to generate conversion statistics. We learn the total number of users who have clicked our ads and which actions they have taken. We do not receive any information that makes it possible for us to identify the users personally. Google itself uses cookies or comparable recognition technologies for identification purposes.

Google Conversion Tracking is used on the basis of point f of Art. 6(1) of the GDRP. The website operator has a legitimate interest in analysing user behaviour for optimising both its website offering and its advertising. If any consent has been requested in this regard (e.g. any consent for storing cookies), processing will take place exclusively on the basis of point a of Art. 6(1) of the GDPR; this consent may be withdrawn at any time.

You will find further information on Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=en

Google DoubleClick

This website uses functions of Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Republic of Ireland, (referred to below as "DoubleClick").

DoubleClick is used to show you interest-related advertisements throughout the Google advertising network. Using DoubleClick, the advertisement can be targeted and matched to the interests of the particular viewer. This way, our advertisements can be displayed in Google search results or in advertising banners linked to DoubleClick.

To show interest-related advertising to users, DoubleClick must be able to recognise them and match them up with the websites visited, clicks and other information on user behaviour. To do this, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). To show interest-based advertising to the user concerned, the information recorded is collated into a pseudonymous user profile.

Google DoubleClick is used in the interest of providing targeted advertising measures. This constitutes a legitimate interest within the meaning of point f of Art. 6(1) of the GDRP. If any consent has been requested in this regard (e.g. any consent for storing cookies), processing will take place exclusively on the basis of point a of Art. 6(1) of the GDPR; this consent may be withdrawn at any time.

For further information on ways of objecting to advertisements displayed by Google, go to the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

Facebook Pixel

This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Republic of Ireland. However, according to Facebook, the data recorded is also transferred to the USA and to other third countries.

This way, the behaviour of site visitors can be tracked after they have been redirected to the provider's website as a result of clicking a Facebook advertisement. This makes it possible to evaluate the effectiveness of Facebook advertisements for statistical and market-research purposes and to optimise future advertising measures.

The data collected is anonymous to us as the operator of this website; we are unable draw any conclusions as to the identity of users. However, these data are stored and processed by Facebook, making it possible to trace them back to the particular user profile and enabling Facebook to use the data for its own advertising purposes under Facebook's data usage guideline. This means Facebook can place advertisements on Facebook pages and also beyond Facebook. This use of data is beyond our control as site operator.

Facebook Pixel is used on the basis of point f of Art. 6(1) of the GDRP. The website operator has a legitimate interest in effective advertising measures, including the social media. If any consent has been requested in this regard (e.g. any consent for storing cookies), processing will take place exclusively on the basis of point a of Art. 6(1) of the GDPR; this consent may be withdrawn at any time.

The communication of data to the USA is based on the EU Commission's standard contractual clauses. This is where you will find details: https://www.facebook.com/legal/EU_data_transfer_addendum and https://www.facebook.com/help/566994660333381

You can find further information on protecting your privacy in Facebook's data privacy information: https://www.facebook.com/about/privacy/

You can also deactivate the "Custom Audiences" remarketing function in the ad settings screen at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate use-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/uk/your-ad-choices

LinkedIn Insight Tag

This website uses the Insight Tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Republic of Ireland.

Data processed by LinkedIn Insight Tag

We use the LinkedIn Insight tag to obtain information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyse aspects such as our website visitors' key occupational data (e.g. career level, company size, country, location, industry, job title) and, in this way, optimise the way in which our site addresses the various target groups. Furthermore, we can use LinkedIn Insight tags to measure whether visitors to our websites make a purchase or perform other actions (conversion measurement). Conversion measurement can also take place at cross-device level (e.g. from PC to tablet). LinkedIn Insight Tag also provides a retargeting function that allows us to show targeted advertising to our website's visitors beyond the website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members at cross-device level) hashed (pseudonymised). The direct identifiers of LinkedIn members are erased by LinkedIn after seven days. The remaining pseudonymised data are then be deleted within 180 days.

The data recorded by LinkedIn cannot be traced back by us, as website operator, to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use them for its own advertising measures. For details on the processing of personal data, refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis

LinkedIn Insight is used on the basis of point f of Art. 6(1) of the GDRP. The website operator has a legitimate interest in effective advertising measures, including the social media. If any consent has been requested in this regard (e.g. any consent for storing cookies), processing will take place exclusively on the basis of point a of Art. 6(1) of the GDPR; this consent may be withdrawn at any time.

The communication of data to the USA is based on the EU Commission's standard contractual clauses. This is where you will find details: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Objection to the use of LinkedIn Insight Tag

You can object to LinkedIn analysing user behaviour and targeting advertising by going to the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for promotional purposes in the account settings. To prevent LinkedIn from linking information collected on our site to your LinkedIn account, you must log out of your LinkedIn account before you visit our website.

Entering a contract on order processing

We have entered an order processing contract with LinkedIn.

6. NEWSLETTER

Newsletter data

If you wish to receive the newsletter that is offered on this website, we will need an email address from you as well as information that enables us to verify that you are the owner of the email address provided and agree to receiving the newsletter. No further data will be collected or, if they are, only on a voluntary basis. We will only use these data for sending the information requested and not pass them on to any third parties.

The data entered in the newsletter registration form will only be processed on the basis of your consent (point a of Art. 6(1) of the GDPR). You can at any time withdraw your consent to storing your data and email address as well as to using such for the purpose of sending the newsletter, e.g. by clicking the "Unsubscribe" link in the newsletter. This shall be without prejudice to the lawfulness of any data processing operations already having taken place.

The data you provide us with for the purpose of receiving the newsletter will be stored by us or by the newsletter service provider until such time as you deregister from the newsletter and are taken off the newsletter mailing list after you unsubscribe from the newsletter. This shall be without prejudice to any data we store for any other purposes.

After you have been taken off the newsletter mailing list, your email address may be blacklisted by us or by the newsletter service provider to prevent future mailshots. The data from the blacklist will only be used for this purpose and not merged with other data. This is both in your interest and in our interest in terms of complying with the legal requirements on sending newsletters (legitimate interest within the meaning of point f of Art. 6(1) of the GDPR). Blacklisting will be indefinite. You may object to this blacklisted status if your interests override our legitimate interest.

MailChimp

This website uses the services of MailChimp to dispatch its newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Among other purposes, MailChimp is a service that can be used for organising and analysing the way in which newsletters are dispatched. When you enter data for the purpose of subscribing to a newsletter (e.g. your email address), such will be stored on MailChimp servers in the United States.

MailChimp lets us analyse our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (web beacon) connects to MailChimp's servers in the USA. This provides the capability of determining whether a newsletter message has been opened and which links, if any, have been clicked. Technical information is also recorded (e.g. time of opening, IP address, browser type and operating system). This information cannot be traced back to any newsletter recipient. It is used solely to analyse newsletter campaigns for statistical purposes. The results of these analyses can be used to enhance the way in which future newsletters are tailored to the interests of their recipients.

If you do not wish any analysis on the part of MailChimp, you must unsubscribe from the newsletter. In every newsletter message we provide a link that lets you do this. Furthermore, you can also unsubscribe directly on the website.

Data is only ever processed on the basis of your consent (point a of Art. 6(1) of the GDPR). You can at any time withdraw this consent by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing operations already having taken place.

The communication of data to the USA is based on the EU Commission's standard contractual clauses. This is where you will find details: https://mailchimp.com/legal/data-processing-addendum/#9._Jurisdiction-Specific_Terms.

For further details, refer to MailChimp's data privacy statament at: https://mailchimp.com/legal/terms/.

Entering a data-processing agreement

We have entered a Data-Processing Agreement with MailChimp in which we place MailChimp under the obligation to protect our customers' data and not to pass them on to third parties.

Pipedrive

We manage leads and newsletter subscribers in the Pipedrive CRM system (Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia). Pipedrive stores the information you provide in the forms on the website.

For further details, refer to Pipedrive's data privacy statament at: https://www.pipedrive.com/en/privacy.

Outfunnel

Outfunnel (Outfunnel OÜ, Telliskivi 60a (Lift99), B-building, 10412 Tallinn, Estonia) connects Pipedrive and Mailchimp. Doing such, Mailchimp tells Pipedrive which lead has received and opened which email. In addition, Outfunnel can use the email openers' IP address to track when these newsletter subscribers visit our homepage at a later time independently of the newsletter and transmit this information to Pipedrive in the form of lead tracking.

For further details, refer to Outfunnel's data privacy statement at: https://outfunnel.com/privacy/.

7. PLUGINS AND TOOLS

YouTube

This website incorporates videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

When you visit one of our websites on which YouTube is integrated, a connection will be made with YouTube's servers. This tells the YouTube server which of our pages you have visited.

Furthermore, YouTube may store various cookies on your terminal device or use comparable recognition technologies (e.g. device fingerprinting). This way, YouTube can obtain information about visitors to our website. Among other purposes, this information is used to collect video statistics, enhance user-friendliness and prevent attempted fraud.

When you are logged in to your YouTube account, you make it possible for YouTube to link your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of presenting our online offerings in an appealing manner. This constitutes a legitimate interest within the meaning of point f of Art. 6(1) of the GDRP. If any consent has been requested in this regard, processing will take place exclusively on the basis of point a of Art. 6(1) of the GDPR; this consent may be withdrawn at any time.

You will find further information on the handling of user data in YouTube's data privacy statement at: https://policies.google.com/privacy?hl=en

Vimeo

This website uses plugins of the Vimeo video portal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our websites on which a Vimeo video is integrated, a connection will be made with Vimeo's servers. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. This is also the case if you are not logged in to Vimeo or do not have any account with Vimeo. The information collected by Vimeo is communicated to the Vimeo server in the USA.

When you are logged in to your Vimeo account, you make it possible for Vimeo to link your browsing behaviour directly to your personal profile. You can prevent this by logging out of your Vimeo account.

To recognise website visitors, Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting).

Vimeo is used in the interest of presenting our online offerings in an appealing manner. This constitutes a legitimate interest within the meaning of point f of Art. 6(1) of the GDRP. If any consent has been requested in this regard, processing will take place exclusively on the basis of point a of Art. 6(1) of the GDPR; this consent may be withdrawn at any time.

The communication of data to the USA is based on the EU Commission's standard contractual clauses and, as Vimeo states, on "legitimate business interests". This is where you will find details: https://vimeo.com/privacy.

You will find further information on the handling of user data in Vimeo's data privacy statement at: https://vimeo.com/privacy.

Google Web Fonts (local hosting)

This site uses Web Fonts provided by Google to ensure that typefaces are always displayed in a consistent manner. Google Fonts are installed locally. No connection is made to Google servers.

You will find further information on Google Web Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=en

Google Maps

This site uses Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and saved there. The operator of this website has no control over this data transfer.

Google Maps is used in the interest of presenting our online offerings in an appealing manner and to make it easy to find the locations referred to on our website. This constitutes a legitimate interest within the meaning of point f of Art. 6(1) of the GDRP. If any consent has been requested in this regard, processing will take place exclusively on the basis of point a of Art. 6(1) of the GDPR; this consent may be withdrawn at any time.

The communication of data to the USA is based on the EU Commission's standard contractual clauses. This is where you will find details: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

You will find further information on the handling of user data in Google's data privacy statement: https://policies.google.com/privacy?hl=en

Google reCAPTCHA

We use "Google reCAPTCHA"(referred to below as CAPTCHA“) on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

The purpose of reCAPTCHA is to determine whether data entered on this website (e.g. on a contact form) is being provided by a human being or by an automated program. To do this, reCAPTCHA analyses the website visitor's behaviour on the basis of various parameters. This analysis begins automatically as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates a variety of information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data recorded during the analysis process is forwarded to Google.

reCAPTCHA analyses take place entirely in the background. Website visitors are not informed that any analysis is taking place.

Data are stored and analysed on the basis of point f of Art. 6(1) of the GDRP. The website operator has a legitimate interest in protecting its web offerings from abusive, automated spying and from SPAM. If any consent has been requested in this regard, processing will take place exclusively on the basis of point a of Art. 6(1) of the GDPR; this consent may be withdrawn at any time.

For further information on Google reCAPTCHA, refer to Google's privacy policy and Google's terms and conditions of use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=en

Livestorm

The website operator uses the Livestorm software for organising and holding online webinars. The provider is LIVESTORM SAS., 24 rue Rodier 75009 Paris FRANCE (referred to below as "Livestorm").

If you take part in one of our webinars, your personal data will be stored on Livestorm's servers for the purpose of holding the event. This includes the following data:

· E-mail address

· Browser and system data

· IP address

· Language and time zone

· Chat data

· Other data you enter yourself (e.g. name, telephone number or customer number, support requests, chat messages)

· Usage data from webinars (e.g. access figures, application histories, registration for and participation in a webinar, opening specific pages etc.)

These data are stored by Livestorm for a specific purpose and deleted once that purpose ceases to exist. Data will not be passed on to third parties. The legal basis for using Livestorm is point b of Art. 6(1) of the GDPR (performance of a contract) and our legitimate interest in holding our webinars (point f of Art. 6(1) of the GDPR). If any consent has been requested in this regard, processing will take place exclusively on the basis of point a of Art. 6(1) of the GDPR; this consent may be withdrawn at any time.

Entering a contract on order processing

We have entered an agreement with Livestorm in which we place Livestorm under the obligation to protect our customers' data and not to pass them on to third parties.

8. AUDIO AND VIDEO CONFERENCES

Data processing

One of the tools we use to communicate with our clients is online conferencing. The various tools we use are detailed below. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools record all information that you provide/enter to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).

In addition to this, the provider of the tool processes all of the technical data required for handling the online communication. In particular, this includes IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.

Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool provider. In particular, such content includes cloud recordings, chat/instant messages, voicemail, uploaded photos and videos, files, whiteboards and other information that is shared while using the service.

Please note that we do not have full control over the data processing operations carried out by the tools used. Our capabilities are largely determined by the business policy of the relevant provider. Further information on data processing by conference tools can be found in the data privacy statements of the tools used which we have listed below.

Purpose and legal bases

The conference tools are used for communicating with prospective or existing contractual parties or for offering specific services to our customers (sentence 1, point b of Art. 6(1) of the GDPR). Furthermore, the use of such tools has the purpose of generally simplifying and speeding up communication with us or our company (legitimate interest in the meaning of point f of Art. 6(1) of the GDPR). If any consent has been requested in this regard, the tools in question will be used on the basis of such consent; this consent may be withdrawn at any time with effect for the future.

Period for which data are stored

The data recorded directly by us via the video and conference tools will be erased from our systems as soon as the purpose for retaining them no longer applies, you request us to erase them, withdraw your consent to retain them or the purpose for which they are retained ceases to exist. Stored cookies will remain on your terminal device until such time as you erase them. This shall not affect any mandatory statutory retention periods.

The period for which the operators of the conference tools store your data for their own purposes is beyond our control. For details in this regard, please contact the operators of the conference tools direct.

Conference tools used

We use the following conference tools:

TeamViewer

We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany. For details on the processing of personal data, refer to TeamViewer's privacy policy statement: https://www.teamviewer.com/en/privacy-policy/

We have entered an order processing contract with the provider of TeamViewer and fully implement the stringent requirements of the German data-protection authorities when using TeamViewer.

Skype for Business

We use Skype for Business. The provider is Skype Communications SARL, 23-29 Rives de Clausen, L-2165 Luxembourg. For details on the processing of personal data, refer to Skype's privacy policy statement: https://privacy.microsoft.com/en-us/privacystatement

We have entered an order processing contract with the provider of Skype for Business and fully implement the stringent requirements of the German data-protection authorities when using Skype for Business.

GoToMeeting

We use GoToMeeting. The provider is LogMeIn, Inc., 320 Summer Street Boston, MA 02210, USA. For details on the processing of personal data, refer to GoToMeeting's privacy policy statement: https://www.logmeininc.com/legal/privacy

The communication of data to the USA is based on the EU Commission's standard contractual clauses. This is where you will find details: https://logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1.pdf

We have entered an order processing contract with the provider of GoToMeeting and fully implement the stringent requirements of the German data-protection authorities when using GoToMeeting.

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on the processing of personal data, refer to Microsoft Teams's privacy policy statement: https://privacy.microsoft.com/en-us/privacystatement

We have entered an order processing contract with the provider of Microsoft Teams and fully implement the stringent requirements of the German data-protection authorities when using Microsoft Teams.

9. OUR OWN SERVICES

Handling of applicant data

We offer you the opportunity to submit job applications to us (e.g. via email, by postal services or by online job application form). The following provides you with information on the scope, purpose and use of the personal data collected from you in conjunction with the application process. We assure you that your data will be collected, processed and used in compliance with applicable data protection law and all other statutory provisions, and that your data will be treated as strictly confidential.

Scope and purpose of collecting data

If you submit a job application to us, we will process any associated personal data (e.g. contact and communications data, application documents, notes taken during job interviews etc.) insofar they are required to reach a decision on establishing an employment relationship. The legal basis for this is Section 26 of the Federal Data Protection Act (revised) (BDSG-neu) under German Law (Initiation of an Employment Relationship), point b, Art. 6(1) of the GDPR (General contract initiation) and – provided you have given your consent – point a of Art. 6(1) of the GDPR. Consent may be withdrawn at any time. Within our company, your personal data will only be passed on to persons who are involved in processing your job application.

If your job application is successful, the data you have submitted will be stored in our data-processing systems on the basis of Section 26 of the Federal Data Protection Act (revised) (BDSG-neu) and point b of Art. 6(1) of the GDPR for the purpose of implementing the employment relationship.

Data retention period

If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the right to retain at our premises the data you have submitted on the basis of our legitimate interests (point f of Art. 6(1) of the GDPR) for up to 6 months from the end of the application procedure (rejection or withdrawal of the application). The data will then be erased, and the physical application documents will be destroyed. In particular, storage serves the purpose of providing evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), erasure will only take place when the purpose for further storage ceases to exist.

Data may also be stored for a longer period if you have consented to such (point a of Art. 6(1) of the GDPR) or if statutory data retention requirements preclude erasure.

Inclusion in the applicant pool

If we do not make you any job offer, there may be a possibility of including you in our applicant pool. If you are included, all documents and details from your application will be transferred to the applicant pool so that we can contact you in the event of suitable vacancies.

Inclusion in the applicant pool is based exclusively on your express consent (point a of Art. 6(1) of the GDPR). Providing consent is voluntary and is not related to the ongoing application procedure. The person concerned may withdraw his/her consent at any time. In this case, the data from the applicant pool will be irrevocably erased unless there are legal reasons for retaining them.

The data from the applicant pool will be irrevocably erased no later than two years after consent has been given.

Our social media sites

Data processing by social networks

We maintain publicly accessible profiles on social networks. The various social networks we use are detailed below.

Generally speaking, social networks, such as Facebook, Twitter etc., can extensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presences initiates numerous processing operations of relevance to data privacy. In detail:

When you are logged into your social media account and visit our social media presence, the operator of the social media portal can match this visit up to your user account. Under certain circumstances, however, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, for example, data of this nature are collected via cookies that are stored on your terminal device or by identifying your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles which store your preferences and interests. This makes it possible to show you advertising related to your interests both inside and outside of whichever social media presence. Insofar as you have an account with the respective social network, such interests-related advertising can be displayed on all devices that you are or were logged into.

Please also note that we are not able to track all processing operations on the social media portals. Depending on provider, this means that the social media portals may carry out further processing operations. For details, refer to the terms of use and data privacy provisions of the social media portals concerned.

Legal basis

Our social media sites are intended to ensure the broadest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6(1) f of GDRP. The analysis processes initiated by the social networks may be based on varying legal grounds which must be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6(1) a of GDRP.

Controller and assertion of rights

When you visit one of our social media sites (e.g. Facebook), we share responsibility with the operator of the social media platform for those data processing operations that are initiated during that visit. You can at all times assert your rights (to obtaining information, rectification, erasure, restriction of processing, data portability and objection) against us as well as the operator of the respective social media portal (e.g. against Facebook).

Please note that despite the responsibility we share with the social media portal operators, we do not have full control over the data processing operations carried out by the social media portals. Our capabilities are largely determined by the business policy of the relevant provider.

Retention period

The data collected directly by us via the social media presence will be erased from our systems as soon as the purpose for retaining them no longer applies, you request us to erase them, withdraw your consent to retain them or the purpose for which they are retained ceases to exist. Cookies retained on your device will remain intact until such time as you erase them. This shall not affect any mandatory statutory provisions – in particular statutory retention periods.

The period for which the operators of the social networks retain your data for their own purposes is beyond our control. For details in this regard, please contact the operators of the social networks direct (e.g. in their privacy policy statement, see below).

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.

We have entered into a joint processing agreement (Controller Ad-dendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://www.facebook.com/help/566994660333381.

Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

Instagram

We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://www.facebook.com/help/566994660333381.

For details on their handling of your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875.

We have a profile on LinkedIn. Provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Republic of Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

For details on the way in which LinkedIn handles your personal data, please refer to LinkedIn's privacy policy statement: https://www.linkedin.com/legal/privacy-policy.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube's privacy policy: https://policies.google.com/privacy?hl=en.