1. Preface and Selected Terms

This Privacy Policy serves two purposes: first, it informs visitors and users of our website about data processing activities that occur online and involve personal data; second, it explains how we process personal data in other, primarily offline, contexts.

• GDPR stands for the General Data Protection Regulation of the European Union.
• BDSG refers to the Federal Data Protection Act (Bundesdatenschutzgesetz) in its current version.
• Personal data means all information relating to an identified or identifiable natural person (see Art. 4 (1) GDPR). Examples include names, email addresses, telephone numbers, as well as data such as IP addresses or customer numbers.
• Processing of personal data includes any operation performed on personal data, such as collection, storage, transmission, archiving, or deletion (Art. 4 (2) GDPR).
• The data subject under data protection law is any natural person whose personal data is being processed.
• Further definitions can be found in Article 4 of the GDPR (“Definitions”).

2. Controller and Data Protection Officer

Controller

The controller is the natural or legal person that, alone or jointly with others, determines the purposes and means of processing personal data.

Novotechnik Messwertaufnehmer OHGP.O. Box 4220
73745 Ostfildern (Ruit)
Horbstraße 12
73760 Ostfildern (Ruit)
Phone: (+49) 711 / 44 89 – 0
Email: datenschutz@novotechnik.de

Data Protection Officer

External Data Protection Officer Stuttgart
Fabian Henkel
Kantstraße 14
1277 Rutesheim
E-Mail: info@externer-datenschutzbeauftragter-stuttgart-nospam.de
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de

3. Overview

The following section provides a brief summary of the processing of personal data. Detailed explanations can be found in the respective sections below.

Website Security (TLS Encryption)
Our website uses a TLS certificate to encrypt data transmissions—for example, when you send us a message via form submission. However, absolute security in electronic communication cannot be guaranteed; a residual risk always remains.

Data You Provide to Us
We process the data you provide—for instance, when you fill out a form. The purpose of processing arises from the type of form used and from this Privacy Policy. If you contact us by email or through other means, we process your data for the purpose of responding to your inquiry.

Automatic Server Log Files
Our server automatically logs all accesses, including IP addresses (log files). This serves to defend against attacks, analyze access patterns, and ensure stable operation.

Use of Cookies
Cookies assist us in providing various services. Further information can be found in the corresponding section of this Privacy Policy.

Plugins and Content Delivery Networks
We sometimes use plugins and content delivery networks—e.g., YouTube for video services or Google Maps for map display. When such services are embedded, your access data (such as IP address, time, and date) are transmitted to the provider, often through cookies.

Newsletter / Direct Marketing
Direct marketing to existing customers under legitimate interest

We may send newsletters to our customers under Section 7 (3) UWG in conjunction with Art. 6 (1)(f) GDPR. You can object to receiving marketing communications at any time.

Other Data Recipients

a) Processors under Art. 28 GDPR
e.g., IT, web hosting, and email hosting providers who act under our instructions.

b) Joint system use within the Siedle Group
Data is processed on shared systems under joint controllership.

c) Professional service provider
e.g., banks, shipping providers, tax advisors.

d) Legal obligation
e.g., providing data to tax authorities.

e) Criminal investigations
If required by law enforcement authorities.

General Rules on Deletion
We process data for as long as required for the respective purpose. Where necessary, we process personal data for the duration of our business relationship, which also includes contract initiation and execution. If processing is based on your consent, we delete your data upon withdrawal.

Transfers to Third Countries
We primarily use providers within the European Union. Transfers to third countries occur if you have consented and/or if we have concluded a processing agreement under Art. 28 GDPR with appropriate safeguards. In individual cases, we may use plugins or tools hosted in third countries based on our legitimate interests; where applicable, we will point this out.

Legal or Contractual Obligation to Provide Data
This website can generally be used without providing personal data. For purchases in our online shop, personal data are required to conclude a purchase contract.

4. Legal Bases for the Processing of Personal Data

The legal bases for the processing of personal data are exceptions that permit such processing under the GDPR. The most important legal bases are listed in Article 6 of the GDPR. The specific legal bases used in each processing activity are described in the respective sections of this Privacy Policy.

Consent (Art. 6 (1)(a) GDPR)
Consent serves as a legal basis if it is given voluntarily and in an informed manner. Consent granted under Art. 6 (1)(a) GDPR can be withdrawn at any time without providing reasons.

Contractual Processing (Art. 6 (1)(b) GDPR)
Processing of personal data necessary for the initiation or performance of a contract is lawful under Art. 6 (1)(b) GDPR.

Legal Obligation (Art. 6 (1)(c) GDPR)
Processing may also be required to comply with a legal obligation, such as retention duties under commercial or tax law.

Legitimate Interests (Art. 6 (1)(f) GDPR)
Processing based on legitimate interests is permitted when our financial, operational, or legal interests outweigh the data subject’s rights and freedoms.

5. Your Rights Under the General Data Protection Regulation (GDPR)

Every natural person has certain rights under Articles 15 to 21 and 77 of the GDPR. You may exercise these rights at any time.

Right to Withdraw Consent (Art. 7 GDPR)
You may withdraw any consent you have given to us at any time, with effect for the future.

Right of Access (Art. 15 GDPR; restrictions under § 34 BDSG may apply)
You have the right to obtain information about the personal data we process and the purposes of such processing.

Right to Rectification (Art. 16 GDPR)
If you find that the data we hold about you is inaccurate or incomplete, you have the right to request correction.

Right to Erasure (Art. 17 GDPR; restrictions under § 35 BDSG may apply)
You have the right to request the deletion of your personal data at any time. If deletion is not possible due to legal retention duties or overriding legitimate interests, your data will be restricted from further processing until those reasons cease to apply.

Right to Restrict Processing (Art. 18 GDPR)
You have the right to request the restriction of processing of your personal data. This applies in particular if the accuracy of the data is contested, processing is unlawful, the data are required for legal claims, or a balance of interests is pending. While restricted, processing may occur only with your consent, for legal claims, or for important public interests of the EU or a Member State.

Right to Data Portability (Art. 20 GDPR)
You may request that data processed on the basis of your consent or a contract be provided to you or a third party in a structured, machine-readable format. Direct transmission to another controller is possible where technically feasible.

Right to Object (Art. 21 GDPR)
If we process your personal data under Art. 6 (1)(e) or (f) GDPR, you may object at any time for reasons relating to your particular situation. We will stop processing unless we can demonstrate compelling legitimate grounds or the processing serves legal claims. If your data is processed for direct marketing, you may object at any time and your data will no longer be used for that purpose.

Right to Lodge a Complaint (Art. 77 GDPR; § 19 BDSG)
You may lodge a complaint with a supervisory authority, particularly in your country of residence, workplace, or where the alleged infringement occurred, without prejudice to other administrative or judicial remedies.

6. External Hosting

This website is hosted externally. The personal data collected on this website are stored on the servers of the hosting provider(s). This may include IP addresses, contact inquiries, metadata and communication data, contract data, contact details, names, website access logs, and other data generated via the website.

External hosting serves the purposes of contract fulfillment for potential and existing customers (Art. 6 (1)(b) GDPR) and our legitimate interest in secure, fast, and efficient website provision (Art. 6 (1)(f) GDPR). Where consent has been obtained, processing occurs solely on the basis of Art. 6 (1)(a) GDPR. Consent can be withdrawn at any time.

Our hosting provider(s) will process your data only to the extent necessary to fulfill their performance obligations and under our instructions.

Hosting Provider

Brotz Medien
Wolterdinger Str. 9
78052 Villingen-Schwenningen

Data Processing Agreement (DPA)
We have concluded a Data Processing Agreement with our hosting provider under Art. 28 GDPR. Personal data are processed only in accordance with our instructions and in compliance with the GDPR. This instruction also applies to the subcontractor Amazon Web Services.

7. Automatic Server Log Files

Our web server automatically logs all access events, including the IP addresses of visitors. This serves to protect against attacks, analyze visitor numbers, and ensure smooth operation. We have a legitimate interest in this processing (Art. 6 (1)(f) GDPR).

The server log typically records the following metadata:

• Date and time of access
• Information about the browser type and version used
• Details about the operating system
• Device information (client)
• Referrer URL (the page from which you accessed our site)
• Accessed hyperlinks

We process these data solely for the purposes stated above. Server log files are deleted after no more than three months.

8. Use of Cookies

Our website uses so-called “cookies.” Cookies are small data packages that do not harm your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after you leave the site. Persistent cookies remain on your device until you delete them or your browser removes them automatically.

Cookies can originate from us (first-party cookies) or from third-party providers (third-party cookies). Third-party cookies enable the integration of services provided by external companies within websites (e.g., payment processing).

Cookies serve different functions. Many are technically necessary (e.g., shopping cart or video display). Others can be used for analytics or marketing purposes.

You can configure your browser to inform you about the placement of cookies, allow cookies only in individual cases, exclude the acceptance of certain cookies or all cookies, and enable the automatic deletion of cookies when closing the browser. Disabling cookies may restrict website functionality.

The cookies and services used on this website are listed in this Privacy Policy.

Legal Bases for Cookies
Cookies required for electronic communication, to provide certain features requested by you (e.g., the shopping cart), or to optimize the website (e.g., audience measurement) are stored on the basis of Art. 6 (1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically correct and optimized provision of its services. Where consent has been obtained for the storage of cookies and similar recognition technologies, processing occurs solely on the basis of this consent (Art. 6 (1)(a) GDPR and § 25 (1) TTDSG); consent may be withdrawn at any time.

Cookie Consent Management

We offer you the ability to choose whether and which cookies and services you permit. A consent banner is displayed automatically on your first visit or after the preference cookie expires. When you confirm your selection, a preference cookie storing your choices is set in your browser. More information about this cookie can be found in our cookie list.

We use consent management based on our legitimate interest (Art. 6 (1)(f) GDPR) to obtain the legally required (Art. 6 (1)(c) GDPR) consent for the use of non-essential cookies and similar technologies.

9. Email Communication and Phone

Email Communication
If you send us an email, we process your data according to the content and purpose of your message. Processing generally takes place to perform pre-contractual measures or fulfill contractual obligations under Art. 6 (1)(b) GDPR and Art. 6 (1)(f) GDPR—our legitimate interest is to handle your inquiry efficiently.

If your message concerns a product or service, we generally process your data on the basis of our legitimate interests under Art. 6 (1)(f) GDPR.

Please note that we store all incoming emails for ten years in accordance with accounting principles, starting from the first day of the following calendar year. If you request deletion, we will restrict processing and retain your data only to comply with retention obligations.

Phone
If you contact us by telephone or fax, we process your data either to initiate and perform contractual relationships (if product- or service-related) and/or under our legitimate interests, analogous to email contact. We do not record calls, but we may make notes necessary to handle your inquiry. These are stored only as long as needed. Statistical information may be stored in anonymized form. You may request deletion at any time.

10. Forms

Requesting Information Materials

You can request informational materials via a form on our website. When you submit the form, the data you provide, including your contact details, will be stored for the purpose of processing your request and for possible follow-up questions.Processing of form data is based on your consent (Art. 6 (1)(a) GDPR) and the performance of pre-contractual measures (Art. 6 (1)(b) GDPR).

You may withdraw your consent at any time by sending an informal email to (datenschutz@novotechnik.de).

The lawfulness of processing prior to withdrawal remains unaffected. Data will be erased when no longer needed, unless legal retention duties apply.

RMA Return Form

If you wish to return goods, please use the RMA form available on our website to request a return number and provide information. We use the information you submit, including your contact details, to process the complaint and for possible follow-up questions. We will not share this data without your consent.

Your data are processed on the basis of the performance of contractual services (Art. 6 (1)(b) GDPR). The data you enter in the RMA form will be retained until the purpose for storage no longer applies. For evidentiary purposes, we store your data in our legitimate interest until the purpose ceases to apply (e.g., expiration of the warranty period). Mandatory legal provisions—particularly retention periods—remain unaffected.

11. Dealer-Area Registration

Our sales representatives can register on our website to use additional features such as the media server or the FAQ section. The data entered during registration are used solely for enabling the service requested. Mandatory fields must be completed; otherwise registration will be declined. For major changes, such as service scope or technical updates, we use the email address provided to inform you.

Processing of the data entered during registration is based on your consent (Art. 6 (1)(a) GDPR) and within the scope of contractual processing and the terms of use (Art. 6 (1)(b) GDPR). You may withdraw consent at any time by sending an informal email to (datenschutz@novotechnik.de).The lawfulness of processing prior to withdrawal remains unaffected. The data collected during registration are stored as long as you are registered on our website, until you request deletion, or until the processing purpose no longer applies. Statutory retention periods remain unaffected. Other processing purposes remain unaffected.

Die bei der Registrierung erfassten Daten werden von uns gespeichert, solange Sie auf unserer Website registriert sind, uns zur Löschung auffordern oder der Zweck der Verarbeitung nicht mehr gegeben ist. Gesetzliche Aufbewahrungsfristen bleiben unberührt. Andere Verarbeitungszwecke bleiben unberührt.

12. TraceParts CAD Database Downloads

Our website links to the TraceParts CAD component library provided by TraceParts S.A., Parc Eco Normandie, 76430 Saint Romain, France (“TraceParts”). When you access CAD downloads, a pop-up window from TraceParts appears. In this context, log files are transmitted to TraceParts as required to establish the connection.

If you want to download a CAD file, you must register with TraceParts. By setting up a user account, you also agree to the TraceParts terms of use. If you want to delete your TraceParts account, please contact TraceParts; we cannot delete TraceParts user accounts. Please read the TraceParts terms of use and privacy notices carefully in advance: info.traceparts.com/de/legal/allgemeine-nutzungsbedingungen/.

We receive access from TraceParts to the data you enter during registration in order to download the files we provide. Access to user data is restricted both physically and electronically, and user passwords are encrypted. Any access to these user data is logged and archived with full details. These logs are regularly reviewed by the TraceParts security team and checked for unusual activities. TraceParts uses security notification procedures to ensure that extended reporting can be produced promptly in the event of a data breach.

As part of registration, you can also indicate whether you agree to receive direct marketing content by email or to be contacted by us or one of our sales representatives. The legal basis is your consent (Art. 6 (1)(a) GDPR). You can withdraw your consent at any time without providing reasons—in your TraceParts account settings or by sending us a short message.

We use the integration of TraceParts services on the basis of our legitimate interests. The legal basis is Art. 6 (1)(f) GDPR.

13. Direktmarketing and Newsletter

Direct Marketing to Existing Customers (Legitimate Interest)

We reserve the right to use data collected in connection with a purchase or service contract for direct advertising by email or post in accordance with § 7 (3) UWG, provided that you do not object. Direct advertising covers only offers for products or services similar to those already purchased. We use your data for direct marketing for up to five years after the last purchase under our legitimate interest (Art. 6 (1)(f) GDPR). Of course, you may object to receiving direct marketing at any time. Please address your objection to the controller named above. You will find a link in every newsletter to unsubscribe.

Postal Advertising to Existing Customers (Legitimate Interest)

We reserve the right to use your first and last name and postal address for our own advertising purposes—for example, to send interesting offers and product information by mail. This serves our legitimate interest in advertising communication with our customers under Art. 6 (1)(f) GDPR. Mailings are carried out by a service provider acting on our behalf, to whom we transmit your data for this purpose. You can object to receiving direct advertising by email at any time by contacting the controller named above.

14. Privacy Information for Applicants

If you apply to us—whether for a posted position or on your own initiative—we process your data to conduct the selection process, regardless of whether you apply by post, by email, or, if available for the position, via an online form.

As a rule, we process only the data you provide to us. Consulting additional sources will be considered only after informing you and obtaining your consent—for example, whether we may contact a former employer.

The legal basis for conducting an application process is § 26 BDSG in conjunction with Art. 6 (1)(b) GDPR (initiation of an employment contract). If you consent to longer-term storage of your data, the legal basis is Art. 6 (1)(a) GDPR.

Deletion Periods for Applicant Data

We delete applicant data no later than four months after the selection process has been completed (when a candidate has been selected and all applicants have been informed of the outcome). The purpose of processing generally no longer applies at the end of the selection process; however, we have a legitimate interest (Art. 6 (1)(f) GDPR) in being able to defend ourselves against potential claims by rejected applicants. If you believe that your interest in immediate deletion outweighs ours, you can ask us to delete your data; we will review your request and provide feedback. This may result in deletion or restriction of processing, depending on the content of the correspondence.

After the expiry of the above-mentioned period, your data will be deleted unless we need to defend ourselves in an ongoing proceeding—for example, due to an action under the General Equal Treatment Act. In this case, we will delete your data after the proceeding is concluded, unless statutory retention periods apply.

If we are permitted to store your data longer on the basis of your consent, we will delete your data when you ask us to do so and revoke your consent. We may also delete your data before you withdraw consent if it is foreseeable that no position will be available.

Inclusion in Our Applicant Pool
If we cannot offer you a position at the current time, we may ask for your consent to retain your data. The purpose is to offer you a suitable position at a later date. The legal basis for processing your data in our applicant pool is your consent (Art. 6 (1)(a) GDPR). Of course, you may withdraw your consent at any time with effect for the future. If you do not withdraw consent within two years, we will delete your data from our applicant pool after two years at the latest.

15. Analyse Tools

Matomo

We use the open-source web analytics service Matomo. With the help of Matomo, we can collect and analyze data on how visitors use our website. Among other things, we can determine when page views occur and from which regions visitors come. We also record various log files (e.g., referrer or the browsers and operating systems used) and can measure whether visitors perform certain actions.

The use of this analytics tool is based on Art. 6 (1)(f) GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our marketing activities.

If consent is required, processing takes place solely on the basis of Art. 6 (1)(a) GDPR to the extent the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). Consent may be withdrawn at any time. To do so, delete the cookies and website data set by our website from your browser.

Hosting

We host Matomo exclusively on our own servers, so all analytics data remain with us and are not shared with third parties.

IP-Anonymisierung

When using Matomo, we employ IP anonymization. Your IP address is truncated before analysis so it can no longer be clearly attributed to you.

16. Social-Media Presences

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks such as Facebook, Twitter, etc. can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Numerous data-processing operations are triggered when you visit our social media presences. In particular:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can associate this visit with your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the social media portal. This data collection may take place, for example, via cookies stored on your device or by recording your IP address.

With the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. This can result in interest-based advertising being displayed to you both on and off the respective social media presence. If you have an account with the social network, this interest-based advertising can be displayed across all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, additional processing may be carried out by the operators. For details, please refer to the terms of use and privacy policies of the respective providers.

Legal Basis

Our social media presences serve to ensure the broadest possible presence on the internet. This constitutes a legitimate interest within the meaning of Art. 6 (1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which the operators of the social networks must specify (e.g., consent under Art. 6 (1)(a) GDPR).

Controller and Exercising Your Rights

If you visit one of our social media presences (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data-processing operations triggered by this visit. You may generally exercise your rights (access, rectification, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal.

Please note that despite joint responsibility with the social media portal operators, we do not have full influence on the data-processing operations of the portals. Our options are largely determined by the policies of the respective providers.

Retention Period

The data collected directly by us via the social media presence will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Cookies remain on your device until you delete them. Mandatory statutory provisions—particularly retention periods—remain unaffected.

We have no influence on the storage period of your data, which are stored by the operators of the social networks for their own purposes. For details, please contact the operators directly (e.g., in their privacy policies; see below).

Soziale Netzwerke im Einzelnen
 

Twitter / now „X“

We use the Twitter short message service. Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. You can adjust your Twitter privacy settings in your user account: twitter.com/personalization. Transfers to the USA rely on the EU Commission’s Standard Contractual Clauses. Details: gdpr.twitter.com/en/controller-to-controller-transfers.html. Privacy policy: twitter.com/de/privacy.

LinkedIn

We maintain a profile on LinkedIn. Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you want to disable LinkedIn advertising cookies, use https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

. Transfers to the USA rely on the EU Commission’s Standard Contractual Clauses. Details: www.linkedin.com/legal/l/dpa and 

. Privacy policy: : www.linkedin.com/legal/privacy-policy. 

XING

We maintain a profile on XING. Provider: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Privacy policy: privacy.xing.com/de/datenschutzerklaerung.

YouTube

We maintain a profile on YouTube. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: policies.google.com/privacy.

17. Online Meetings with Microsoft Teams

We use the tool “Microsoft Teams” to conduct teleconferences, online meetings, video conferences, and/or webinars (collectively: “online meetings”). “Microsoft Teams” is a service provided by Microsoft Operations Ireland Ltd., a subsidiary of the Microsoft Corporation, which is based in the USA.

Please note: If you access the “Microsoft Teams” website, Microsoft is the controller for data processing. Visiting the website is only necessary to download the software. You can also use “Microsoft Teams” by entering the meeting ID and any additional access data directly in the app. If you do not want to—or cannot—use the app, basic functions are available via a browser version, which you will also find on the Microsoft Teams website.

Legal Bases

If personal data of employees are processed, § 26 BDSG is the legal basis. If personal data are not required for establishing, performing, or terminating the employment relationship but are still an essential part of using Microsoft Teams, Art. 6 (1)(f) GDPR is the legal basis. Our interest in such cases is the effective conduct of online meetings.

Otherwise, the legal basis for processing in the context of online meetings is Art. 6 (1)(b) GDPR to the extent that meetings are held within contractual relationships. If no contractual relationship exists, the legal basis is Art. 6 (1)(f) GDPR. Here, our interest likewise lies in the effective conduct of online meetings.

Scobe of Processing 

When using Microsoft Teams, various types of data are processed. The scope depends on which data you provide before or during participation. To enter an online meeting, you must at least provide your name.

User details: first name, last name, telephone (optional), email address, password (if single sign-on is not used), profile picture (optional), department (optional).

Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information.

For dial-in via telephone: incoming and outgoing phone numbers, country, start and end time. Additional connection data (e.g., device IP) may be stored.

Text, audio, and video data: You may use chat, Q&A, or polling features in an online meeting. Text entries are processed to display them in the meeting and, if necessary, to record them. To enable video display and audio playback, the data from your device’s microphone and camera are processed during the meeting. You can switch off the camera or microphone at any time in the application. If necessary for documentation, we may log chat content—however, this is usually not the case.

Recordings

We use Microsoft Teams to conduct online meetings. If we wish to record meetings, we will inform you transparently in advance and—where required—ask for your consent. The recording will also be shown in the app. Recordings may include an MP4 file of all video, audio, and presentation recordings, an M4A audio file, and a text file of the meeting chat.

Meeting Metadata

If you are registered as a user of Microsoft Teams, reports about online meetings (meeting metadata, telephone dial-in data, Q&A in webinars, and poll functions in webinars) may be stored by Microsoft Teams for up to one month.

Automated Decision-Making

No automated decision-making within the meaning of Art. 22 GDPR takes place.

Other Recipients

The provider of Microsoft Teams necessarily gains knowledge of the above data insofar as this is provided for in our processing agreement with Microsoft Teams. Personal data processed in connection with participation in online meetings are generally not passed on to third parties unless they are intended for disclosure. Please note that the content of online meetings, as with in-person meetings, often serves to communicate information with customers, interested parties, or third parties and is therefore intended to be shared.

Data Processing Outside the European Union

Microsoft Teams is a service provided by a company headquartered in the United States. Personal data may therefore be processed in a third country. We have concluded a data processing agreement with Microsoft that meets the requirements of data protection law.

18. Supplementary Privacy Information for Our Business Partners

Categories of Data and Purposes of Processing

We process personal data of our service providers and partners that we receive directly in the course of our business relationship. We generally process these data only for the purposes for which we received or collected them.

We typically process the following categories of data:

Name, first name; address and/or company address; telecommunications data; email address; company; professional function and/or position; bank details or other payment information; data on the history of the business relationship.

During the business initiation phase and during the business relationship, in particular through personal, telephone, or written contacts initiated by you or by one of our employees, additional personal data are generated—for example, information about the contact channel, date, reason, and result; (electronic) copies of correspondence; and information about participation in direct marketing activities.

We also process personal data that we have obtained permissibly from publicly accessible sources (e.g., commercial and association registers, press, media, internet) and are allowed to process.

Processing for Other Purposes

Processing for purposes other than those for which the personal data were originally collected will be considered only if the legal requirements of Art. 6 (4) GDPR are met. Any information obligations under Art. 13 (3) GDPR and Art. 14 (4) GDPR will, of course, be observed.

Legal Bases for Processing

On the basis of your consent (Art. 6 (1)(a) GDPR)

We process personal data for one or more specific purposes if you have given us consent. If personal data are processed on the basis of your consent, you have the right to withdraw consent at any time with effect for the future.

Data processing to fulfill contracts (Art. 6 (1)(b) GDPR)

We process personal data to fulfill contracts. This includes, for example, conclusion, execution, and termination of a contract. We also process personal data required to carry out pre-contractual measures, such as contract initiation, upon your request.

Data processing due to a legal obligation (Art. 6 (1)(c) GDPR)

Like any company, we must fulfill retention and other documentation obligations, which may also concern documents with personal information. Where we process data for these purposes, processing is based on a legal obligation.

Data processing on the basis of a balance of interests (Art. 6 (1)(f) GDPR)

If we process data on the basis of a balance of interests, you as the data subject have the right to object to the processing of personal data in accordance with Art. 21 GDPR. Where feasible, we process your data in pseudonymized or anonymized form.

Other Recipients of Your Data

Transfer to affiliated companies under Art. 26 GDPR

Within the Siedle Group (S. Siedle & Söhne, Telefon- und Telegrafenwerke OHG, Bregstraße 1, 78120 Furtwangen), we process data on jointly used systems under joint responsibility on the basis of legitimate interests.

Transfer to processors under Art. 28 GDPR

Processors engaged by us (Art. 28 GDPR), in particular in the field of IT services and, for example, printing services, process your data on our instructions. When we engage service providers to fulfill our tasks, we always observe data protection regulations; in particular, data are only transferred after concluding processing agreements. We will gladly inform you which processors we use.

Transfer to providers of external professional services

Where necessary to perform the contract, legitimized by our legitimate interests, or required by law, providers of external professional services process personal data for us. These include, in particular, tax advisors, auditors, and banks.

Transfer to carry out a contractual relationship

If it is necessary to perform the contract with you, we pass on your data—for example, to our bank for payment processing or to shipping service providers.

Transfer due to a legal obligation

If there is a legal or official obligation, we pass on your data to public bodies or institutions (authorities, e.g., in the context of law enforcement).

Other parties, if you have given us consent

With explicit consent, we may also transfer your data to other parties. This is done only within the limits of demonstrable consent.

Information on Deletion Deadlines for Personal Data

Principle of Purpose Limitation and Observance of Statutory Retention Periods

We process data as long as necessary for the respective purpose. Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract.

Moreover, like any company, we must comply with statutory retention periods—for example, retention periods under commercial and tax law. Where statutory retention obligations exist, the relevant personal data are stored for the duration of the retention obligation. The storage period also depends on statutory limitation periods, which are generally three years under §§ 195 et seq. BGB but in some cases can be up to thirty years. After the retention period expires, it is assessed whether further processing is required. If not, data are deleted.

As a rule, such retention periods in the context of legal transactions (§ 147 AO / § 257 HGB / § 14b UStG) are 10 years, beginning with the year following the legal transaction.

Example

If you share your contact details with us, for example by email, telephone, or by handing over your business card, we store this data on the basis of pre-contractual measures under Art. 6 (1)(b) GDPR and our legitimate interest (Art. 6 (1)(f) GDPR) in smooth, targeted communication. If no legal transaction materializes, we delete your data when you ask us to do so or when there is no further contact within three years. If you enter into a legal transaction with us (Art. 6 (1)(b) GDPR), we store your data until the expiry of the commercial and tax-law requirements (ten years). After this period, we check whether we can delete the data and delete it if applicable.

Emails and Business Letters

We archive our entire email traffic for ten years. If you send us an email, your data and the entire email content will be stored for ten years accordingly. Most emails qualify as business letters; emails may also contain information relevant under tax law. The effort involved in checking each individual email for such relevance is, in our view, disproportionate to the benefit and the legitimate interests of the sender. Of course, you can ask us to delete your data at any time; we will conduct an individual review and inform you of the result, which may lead to deletion or restriction of processing depending on the content of the correspondence.

Withdrawal of Your Consent

If we process your data on the basis of your consent (Art. 6 (1)(a) GDPR), we delete it after your withdrawal—unless legitimate interests preclude complete deletion. For example, we generally retain consent declarations for up to three years after receipt of your withdrawal based on our legitimate interest (Art. 6 (1)(f) GDPR). We retain the consent under restricted processing solely to be able to defend ourselves in the event of a dispute.

Legal or Contractual Obligation to Provide Personal Data

Providing personal data is regularly required to initiate, conclude, perform, and unwind a contract. If you do not provide the necessary personal data, we cannot conclude or fulfill a contract with you.

Transfers to a Third Country

We generally process your personal data in data centers in the Federal Republic of Germany or the European Union. A transfer to a third country is considered only if you have given us your consent or if we have concluded a processing agreement under Art. 28 GDPR with appropriate safeguards or other suitable safeguards.