data protection
Privacy Policy
As of March 2026
Contents
- Foreword and Selected Terminology
- Data Controller and Data Protection Officer
- Quick Overview
- Legal Basis for the Processing of Personal Data
- Your rights under the General Data Protection Regulation
- External Hosting
- Automatic Server Log Files
- Use of Cookies
- Processing in connection with establishing contact
- Wish List and Request for Quote
- Return Authorization Form (RMA Form)
- Form for Requesting Information Materials
- Analysis Tools
- External plugins and content delivery networks
- Integration of CAD data and lead generation via TraceParts
- Direct marketing
- Audio and video conferencing
- Privacy Notice for Job Applicants
- Social media presence
- Privacy Notice for Business Partners
1. Introduction and Selected Terminology
This Privacy Policy informs visitors and users of our website about the online data processing activities in which personal data is processed. It also provides information about our data processing activities that do not primarily take place online.
- GDPR isthe acronym for the General Data Protection Regulation.
- BDSG isthe abbreviation for the Federal Data Protection Act, as amended.
- Personal data refers toany information that can be used to identify a natural person (see Article 4(1) of the GDPR for the definition). This includes, for example, names, email addresses, and phone numbers, as well as data such as IP addresses and customer numbers.
- Theprocessing of personal data includesall operations, such as the collection, storage, transmission, archiving, or erasure of personal data (definition in Article 4(2) of the GDPR).
- Adata subject, as defined by data protection law, is any natural person whose personal data is processed.
- Furtherdefinitions of terms canbe foundin the General Data Protection Regulation; these are primarily set forth in Article 4 of the GDPR (Definitions).
2. Data Controller and Data Protection Officer
Data Controller
Novotechnik Messwertaufnehmer OHG
P.O. Box 4220
73745 Ostfildern (Ruit)
Horbstraße 12
73760 Ostfildern (Ruit)
Phone: (+49) 711 / 44 89 – 0
Email: datenschutz@novotechnik.de
Data Protection Officer
DSB External Data Protection Officer Stuttgart
Fabian Henkel
Bachelor of Business Administration (FH)
Certified Data Protection Officer
Phone: +49(0)176 32744172
Email:info@externer-datenschutzbeauftragter-stuttgart.de
Web:https://www.externer-datenschutzbeauftragter-stuttgart.de
3. Brief Overview
The following information provides a brief overview of how we process personal data; for more detailed information, please refer to the respective sections.
Security on our website
Our website is secured with a TLS certificate, which encrypts data transmission. This occurs, for example, when you send us a message via a form. However, we would like to point out that 100% security in electronic data processing is not possible and that a residual risk always exists.
Data you provide to us
On this page, we process, on the one hand, the data you enter yourself, for example in a form. In this case, the purpose of the processing is determined by the nature of the form and, on the other hand, by this Privacy Policy. Even if you send us a message via email, for example, or contact us in any other way, we process your data in accordance with the purpose of your contact.
Automatic Server Log Files
Additionally, our server automatically records all access attempts, including IP addresses (log files). This is done to defend against attacks, analyze traffic volumes, and ensure smooth operation.
Newsletter / Direct Marketing
Direct marketing to existing customers based on legitimate interest
We reserve the right to send our customers newsletters in accordance with Section 7(3) of the German Unfair Competition Act (UWG) in conjunction with Article 6(1)(f) of the General Data Protection Regulation (GDPR). You may, of course, opt out of receiving direct marketing communications at any time.
Other data recipients
Affiliates Based on joint controllership (Art. 26 GDPR) and our legitimate interests (Art. 6(1)(f) GDPR), the following applies within the Siedle Group (
, a data processor: In accordance with the provisions of Article 28 of the GDPR, we engage data processors, for example in the areas of IT services, web hosting, email hosting, or printing services. These processors process personal data on our behalf in accordance with our instructions.
Third-Party Services
If necessary (for example, to fulfill a contract), we may share your data with banks, shipping providers, our tax advisor, or our attorney.
Legal Obligations
We are subject to legal obligations, such as commercial laws or tax laws; in this context, we are required to disclose certain data to tax authorities, for example.
Investigation of Criminal Offenses
If necessary for the investigation of a criminal offense, we will share data with law enforcement authorities.
General Information on Retention Periods for Personal Data
We process data for as long as necessary to fulfill the respective purpose. Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract; furthermore, we are obligated to comply with statutory retention requirements. If data processing is based on your consent, we will delete your data upon your withdrawal of consent.
Transfer of Personal Data to a Third Country
We strive to use service providers and services based within the European Union whenever possible. A transfer to a third country may occur if you have given us your consent and/or we have entered into a data processing agreement in accordance with Article 28 of the GDPR, taking into account appropriate safeguards pursuant to Articles 44 et seq. of the GDPR.
Obligation to Provide Personal Data
You are free to decide whether to provide personal data on our website for specific purposes. However, the provision of personal data is contractually required for the initiation and execution of legal transactions.
4. Legal Basis for the Processing of Personal Data
The legal bases for the processing of personal data are specific exceptions that permit the processing of personal data. The key legal bases are set forth in particular in Article 6 of the GDPR. The legal bases under which we process personal data are described in the individual processing activities outlined in this Privacy Policy.
Consent (Art. 6(1)(a) GDPR)
Consent is one of these legal bases and requires that the individual giving consent do so in an informed manner and on a voluntary basis. Consent given pursuant to Art. 6(1)(a) GDPR may generally be withdrawn at any time without providing a reason.
Data processing for contractual purposes (Art. 6(1)(b) GDPR)
The processing of personal data for the purpose of entering into or performing contracts also constitutes a legal basis and is defined in Art. 6(1)(b) GDPR.
Legal obligation (Art. 6(1)(c) GDPR)
The exception regarding data processing based on a legal obligation is set forth in Art. 6(1)(c) GDPR; for example, we are required to comply with certain retention periods under commercial and tax law.
Legitimate Interests (Art. 6(1)(f) GDPR)
The processing of personal data based on a balancing of interests pursuant to Art. 6(1)(f) GDPR permits such processing following a careful weighing of financial or legal interests against the legitimate interests of the data subject.
5. Your rights under the General Data Protection Regulation
Every natural person is entitled to certain rights, which are defined in particular in Articles 15 through 21 and 77 of the GDPR. You generally have the following rights, which you may exercise by contacting us.
Right to withdraw consent under Article 7 of the GDPR
You may withdraw your consent at any time without giving a reason, effective for the future.
Right of access under Article 15 of the GDPR (restrictions under Section 34 of the BDSG may apply)
You have the right at any time to request information about the data processed about you and the purposes of such processing.
Right to rectification under Article 16 of the GDPR
If you discover that we are processing inaccurate or incomplete personal data about you, you have the right to have it rectified.
Right to erasure under Article 17 of the GDPR (restrictions under Section 35 of the BDSG may apply)
You have the right at any time to request the erasure of your personal data that we process about you. If complete erasure is not possible—for example, because we must comply with legal retention obligations or can assert legitimate interests for other reasons—we will restrict your data until these grounds no longer apply.
Right to restriction of processing under Article 18 of the GDPR
You have the right to request that the processing of your personal data be restricted. To do so, you may contact us at any time at the address provided in the legal notice. The right to restriction of processing applies in the following cases:
- If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the verification process, you have the right to request that the processing of your personal data be restricted.
- If the processing of your personal data was or is unlawful, you may request that the processing be restricted instead of having the data erased.
- If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deleted.
- If you have lodged an objection under Article 21(1) of the GDPR, a balancing of your interests against ours must be carried out. Until it is determined whose interests prevail, you have the right to request that the processing of your personal data be restricted.
- If you have restricted the processing of your personal data, such data may—apart from storage—be processed only with your consent, or for the purpose of establishing, exercising, or defending legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a Member State.
Right to data portability under Article 20 of the GDPR
You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, either for yourself or for a third party, in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
Right to object to certain processing activities and direct marketing under Article 21 of the GDPR
If data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right at any time to object to the processing of your personal data on grounds relating to your particular situation; this also applies to profiling based on these provisions. The specific legal basis on which processing is based can be found in this Privacy Policy. If you object, we will no longer process your personal data in question unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims (objection under Article 21(1) of the GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21(2) GDPR).
Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR in conjunction with § 19 BDSG
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place where the alleged violation occurred. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
6. External Hosting
This website is hosted externally. The personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, contact requests, metadata and communication data, contract data, contact information, names, website visits, and other data generated through the website.
External hosting is carried out for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of ensuring the secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). Our hosting provider will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.
We host our website with Raidboxes GmbH, located at Hafenstraße 32, 48153 Münster, Germany. You can find Hetzner’s privacy policy at https://raidboxes.io/legal/privacy/.
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
7. Automatic Server Log Files
Our web server automatically logs all visits, including visitors' IP addresses. This is done to defend against attacks, analyze traffic statistics, and ensure smooth operation. We have a legitimate interest in doing so (Art. 6(f) GDPR).
In addition to the IP address, the server log typically records other metadata about the session; this information is provided below.
- Date and time of access
- Information about the browser type and version
- Information about the operating system used
- Device (client)
- Referrer URL (the page that led you to our site)
- Hyperlinks accessed
We process this data solely for the purposes stated above. We delete server log files after one week at the latest, unless we need to retain them longer to investigate cases of misuse or attacks.
8. Use of Cookies
8.1 General Information
When you visit our website, information is stored on your device in the form of cookies. A cookie is a small data record in the form of a file in which data such as personal page settings and login information are stored. By using cookies, we make it easier for you to use our online services through various service functions (such as recognizing previous visits) and can thus better tailor the website to your needs.
In addition, with your consent, we use third-party cookies for analytical purposes and to integrate third-party content, such as videos.
You can prevent cookies from being stored and delete existing cookies by adjusting the settings in your browser. The help function of most browsers explains how to adjust these settings. However, if you do not accept cookies, this may impair the service functions of the website.
8.2 Explanations Regarding the Use of Cookies
Types of cookies by duration
Session Cookies: Session cookies are deleted at the latest when you leave our website and close your browser.
Persistent cookies: These cookies remain stored even after you leave our website and close your browser. Persistent cookies can have different lifespans, ranging from one day to several years. These cookies can serve various functions; for example, your login credentials may be stored so that you are automatically logged in when you visit our website again. Other persistent cookies are used—subject to your consent—for analytics, tracking, and marketing purposes.
Types of cookies by origin
We use both first-party cookies and third-party cookies. First-party cookies are cookies that originate directly from us. Third-party cookies are cookies that are placed via a third party. We use various third-party cookies for analytics, tracking, and marketing purposes.
Types of cookies by function
Technically necessary cookies
These cookies enable the operation of our website; without them, our site would be unusable or only usable to a very limited extent. For example, such cookies are used when you log in to our site or add a product to your shopping cart. In some cases, necessary cookies also serve security purposes.
Analytics and statistics cookies
Analytics cookies collect information about visitor behavior, providing insights into how long visitors stay on the site and which information is accessed. Additionally, information is collected about which websites visitors come from, how many visitors the websites have, and how long users stay on the websites. The purpose of these cookies is to optimize our website based on the information collected.
Cookies set in connection with the integration of third-party content
For example, if a video from YouTube is embedded on our site, that service may also place cookies. These cookies can serve various functions; some are functional, analytical, or tracking cookies.
Legal Basis and Information on Setting Your Preferences
We use technically necessary cookies to ensure that our website functions properly and remains stable as part of our public service obligations (Art. 6(1)(e) GDPR in conjunction with §25(2) TDDDG). We may only use non-essential technical cookies with your consent (Art. 6(1)(a) GDPR in conjunction with §25(1) TDDDG). The specific legal bases for the use of various tools that utilize cookies can be found in the relevant sections of our Privacy Policy.
Consent Management
We use the consent management tool consentmanager on our website. The provider is consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden.
Consentmanager is used to obtain, manage, and document consent for the storage of information on end devices and for access to information already stored, in accordance with Section 25 of the German Telemedia Act (TDDDG), as well as for the subsequent processing of personal data in accordance with the GDPR. In particular, the tool enables us to activate cookies and similar technologies that are not technically necessary only after obtaining the appropriate consent, as well as to maintain proof of the consents granted for supervisory authorities.
When you visit our website for the first time, a consent banner will appear. Your selection will be stored in a cookie so that we can respect your decision on future visits. Unless consent has been granted, cookies that are not technically necessary, as well as external services (in particular analytics, marketing, and payment services), will be blocked by consentmanager. Consent is logged in an audit-proof manner.
When using consentmanager, the following data in particular is processed:
- Consent status (granted, denied, revoked)
- Time of consent
- pseudonymous user identifier (Consent ID)
- truncated or anonymized IP address
- Browser Information
- Device Information
Your data is processed solely for the purpose of managing consent and maintaining records. This does not involve any direct identification of you as an individual.
The processing is based on Section 25(2)(2) of the Telecommunications and Digital Services Data Protection Act (storage of the consent decision), as well as Article 6(1)(f) of the GDPR (legitimate interest in legally compliant, auditable documentation of consent) and Article 6(1)(c) of the GDPR (fulfillment of legal obligations regarding consent management).
Retention period
Consent data is stored for up to 12 months in order to comply with the legal record-keeping requirements under Article 7(1) of the GDPR. After that, consent will be obtained again.
Order Processing
ConsentManager is engaged as a data processor within the meaning of Article 28 of the GDPR. A corresponding data processing agreement has been concluded.
Transfer to a third country
Personal data is not transferred to third countries outside the European Union. Processing takes place exclusively within the European Union.
Withdrawal and Modification of Consent
You may withdraw or modify your consent at any time, effective for the future. You can do so at any time by using the appropriate settings on our website.
9. Processing in connection with establishing contact
Contact us via the contact form
If you contact us using the contact form provided on our website, we will process the personal data you provide in order to handle your inquiry.
In particular, the following personal data is processed:
– First and last name
– Email address
– Phone number (if provided)
– Message content
– Information regarding products, services, or inquiries (if applicable)
– Date and time of transmission
– IP address
– Technical metadata of the transmission (e.g., browser, operating system)
The data is processed for the following purposes:
– Processing and responding to your inquiry
– Carrying out pre-contractual measures
– Initiating and executing contractual relationships
– Ensuring system security and preventing misuse
– Documenting business transactions
The legal basis is Article 6(1)(b) of the GDPR, provided that your inquiry relates to an existing or prospective contractual relationship. In all other cases, processing is based on Article 6(1)(f) of the GDPR, as we have a legitimate interest in the structured handling of inquiries and in the security of our systems. If consent is requested via the form, processing is additionally based on Article 6(1)(a) of the GDPR.
Your data will not be disclosed to third parties unless required by law.
The retention period depends on the specific purpose of the processing. As a general rule, we store your personal data only for as long as is necessary to process your request.
If your inquiry contains information relevant to tax or commercial law (particularly in connection with offers, orders, or invoices), it may be archived in an audit-proof manner. In such cases, the retention period is typically eight years, in accordance with the relevant commercial and tax law requirements as well as the GoBD.
In addition, the data is regularly deleted once processing is complete, provided that no legal retention requirements or legitimate interests prevent such deletion.
Contact via email, phone, or fax
You can contact us via the email address provided, by phone, or by fax. In this context, we process the personal data you provide.
Depending on how contact is initiated, the following personal data in particular will be processed:
- First and last name
- Email address
- Phone number or fax number
- Subject of the inquiry / Communication
- Date and time of contact
- Communication metadata (e.g., duration of a phone call, delivery information)
- other information you voluntarily provide
The data is processed for the following purposes:
- Processing and responding to your inquiry
- Implementation of pre-contractual measures
- Initiating and managing contractual relationships
- internal forwarding to the appropriate contact person
- Documentation of business transactions
Your data will be shared internally only with the departments responsible for handling your inquiry. It will not be disclosed to third parties beyond this, unless required by law.
We do not record phone calls.
Legal basis
The legal basis is Article 6(1)(b) of the GDPR, provided that your inquiry relates to an existing or prospective contractual relationship. In all other cases, processing is based on Article 6(1)(f) of the GDPR, as we have a legitimate interest in the efficient and structured handling of inquiries and in the proper organization of our business.
The retention period depends on the specific purpose of the processing. As a general rule, we store your personal data only for as long as is necessary to process your request.
Please note that incoming and outgoing email correspondence, to the extent that it pertains to business documents or accounting records relevant under tax or commercial law, is archived in an audit-proof manner. In such cases, the retention period is generally eight years. The legal basis and scope of retention are governed in particular by commercial and tax law regulations, as well as the principles for the proper maintenance and retention of books, records, and documents in electronic form (GoBD).
If a contractual relationship arises from the communication or if other statutory retention obligations apply, the data will be stored in accordance with the applicable statutory retention periods. Otherwise, the data will be deleted on a regular basis once processing is complete, provided that no statutory retention obligations or legitimate interests preclude deletion.
10. Wish List and Request for Quote
How the Wish List Works and Its Legal Basis
The wish list is available without a user account and is intended solely for temporarily compiling products for a quote request. The wish list is stored exclusively locally in the user’s browser (session storage) without any server-side association with an identified individual.
Legal basis
The use of the wish list is technically necessary for the function explicitly requested by the user (compiling a quote request). The legal basis is Article 6(1)(f) of the GDPR (legitimate interest in providing a user-friendly and functional request interface).
Retention period
The data in the wish list is automatically deleted when the browser session ends.
Request a quote via the form to add to your wish list
On our website, you can add products to a wish list with no obligation and then submit a customized quote request using a form.
Your personal data is processed for the following purposes:
- Enabling the wish list feature for selected products
- Processing and responding to your request for a quote
- Preparation of a customized quote based on the selected products
- Contacting you to clarify any questions regarding your inquiry
The data will not be used for any other purposes.
The following personal data is processed as part of the request for a quote:
- Personal information (last name, first name)
- Contact information (email address, phone number)
- Address information (street, house number, ZIP code, city, country)
- Company information (company name, industry—if provided)
- Details of the request (selected products from the wish list)
- technical metadata (time of the request, IP address if applicable)
The fields marked as required are necessary for processing your request. Without this information, we cannot process your request.
The processing is based on Article 6(1)(b) of the GDPR (implementation of pre-contractual measures at the request of the data subject) and Article 6(1)(f) of the GDPR (legitimate interest in the structured processing of inquiries, as well as in preventing abuse and ensuring system security).
Retention period for requests for quotes
We store your personal data related to requests for quotes only for as long as necessary for the respective purposes. Inquiry data is generally stored for up to 6 months after the inquiry has been fully processed and is subsequently deleted, provided there are no further legal retention requirements. If the inquiry leads to further business contact, the data is stored for up to 12 months after the last contact. If a contractual relationship subsequently arises, the data is stored for 6 or 8 years in accordance with statutory retention obligations (Section 257 of the German Commercial Code (HGB), Section 147 of the German Fiscal Code (AO)).
11. Return Authorization Form (RMA Form)
On our website, you can request a return using an RMA form.
Your personal data is processed for the following purposes:
- Review and processing of your return request
- Handling warranty, guarantee, or repair processes
- Mapping returns to existing orders or deliveries
- Communication in Connection with the Reversal of the Transaction
The data will not be used for any other purposes.
The following data, in particular, is processed as part of the RMA request:
- Personal information (last name, first name)
- Contact information (email address, phone number)
- Address information (shipping or return address)
- Company information (company name, if provided)
- Product-related data (item, serial numbers, error description, purchase details)
- Transaction data (RMA number, processing status)
- technical metadata (time stamp, IP address if necessary for fraud prevention)
The information marked as required fields is necessary to process the return. Without this information, the return cannot be processed.
Data will only be disclosed to the extent necessary for order processing, in particular to internal service and logistics departments, to manufacturers or repair service providers if necessary, and to shipping service providers in connection with order cancellations.
Legal basis
The processing is based on Article 6(1)(b) of the GDPR (performance of a contract or the implementation of pre-contractual measures in connection with a purchase, warranty, or repair) as well as Article 6(1)(c) of the GDPR (compliance with legal obligations, in particular commercial and tax law documentation requirements) and Art. 6(1)(f) of the GDPR (legitimate interest in the efficient handling of service and return processes, as well as IT security and the prevention of misuse).
Retention period
RMA and service data are retained for up to 3 years after the case is closed (for the purpose of defending against and asserting civil claims, Section 195 of the German Civil Code (BGB)). Documents relevant under commercial and tax law are retained for 6 and 8 years, respectively (Section 257 of the German Commercial Code (HGB), Section 147 of the German Fiscal Code (AO)).
12. Form for Requesting Information Materials
On our website, you can request informational materials about our products.
Your personal data is processed for the following purposes:
- Processing your request and providing the requested information
- Contacting us to clarify any questions
- Assigning your inquiry to the selected product categories
Your data will not be used for any other purposes.
The following personal data is processed in connection with the inquiry:
- Personal information (last name, first name)
- Contact information (email address, phone number)
- Address information (street, house number, ZIP code, city, country)
- Company information (company name, industry—if provided)
- Selecting product interests (e.g., sensor categories)
- technical metadata (time of the request, IP address if necessary for fraud prevention)
The fields marked as required are necessary to process your request. Without this information, your request cannot be processed.
Legal basis
Data processing is based on Article 6(1)(b) of the GDPR (implementation of pre-contractual measures at the request of the data subject) and Article 6(1)(f) of the GDPR (legitimate interest in the structured processing of inquiries, as well as ensuring IT operations and preventing misuse).
Retention Period
Inquiry data is stored for up to 6 months after final processing. If we have further contact with you, we will store your data for up to 12 months after the last contact. If the inquiry relates to a contract, we will store your data for 6 or 8 years in accordance with Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO).
13. Analysis Tools
Matomo
We use the web analytics service Matomo on our website. We use Matomo to analyze and evaluate user behavior on our website. This helps us optimize our website technically, improve our offerings, and make the website more user-friendly.
Matomo is activated only after you have given your consent via our consent management tool. This involves the use of cookies that enable user recognition and allow for the analysis of usage behavior across multiple page views. Without your consent, no data processing for analytical purposes takes place.
When using Matomo, the following data in particular is processed:
- IP address (in anonymized form)
- Pages and subpages viewed
- Referrer URL
- Date and time of access
- Duration
- Browser and operating system used
- Cookie ID for recognition
- Screen resolution
Your identity will not be directly identified.
IP anonymization
We use Matomo with IP anonymization enabled. This means that your IP address is truncated before processing, so that it can no longer be linked to you personally.
Hosting and Data Processing
Matomo is hosted on our own servers or on servers located within the European Union. No data is transferred to third parties.
Legal basis
The storage of information on your device and access to information already stored are based solely on your consent in accordance with Section 25(1) of the TDDDG. The subsequent processing of personal data is based on Article 6(1)(a) of the GDPR (consent).
You may withdraw your consent at any time, effective for the future. To do so, you can adjust your settings using our consent management tool.
14. External Plugins and Content Delivery Networks
Google Maps
We use Google Maps, a mapping service provided by Google Ireland Limited, on our website. The parent company is Google LLC.
In order to use the features of Google Maps, the following personal data in particular is processed:
– IP address
– Date and time of page view
– Subpages viewed
– Location data (if shared by the user)
– Device information
– Browser information
– Cookie ID
– Google Account data (if logged in)
The data is processed for the following purposes:
– Interactive maps
– Location display
– Improved user experience
The legal basis is your consent pursuant to Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG. The retention period is determined by Google’s internal retention policies. Cookies may generally be stored for up to 6 months.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. For more details, please visit: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on how user data is handled, please see Google's Privacy Policy: https://policies.google.com/privacy?hl=de.
Google acts as an independent data controller.
hCaptcha
We use the hCaptcha service provided by Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA, on our website. You can find hCaptcha’s privacy policy at https://www.hcaptcha.com/privacy.
hCaptcha is integrated as an external service. This involves establishing a connection to hCaptcha’s servers. hCaptcha is used to verify whether entries on our website (e.g., in forms) are made by a human user or by automated programs. This helps protect our website from misuse, particularly from automated attacks (spam, bots).
In connection with the use of this service, the following data in particular may be processed:
- IP address
- Information about the device and browser used
- Mouse movements, keyboard inputs, and interaction patterns
- Date and time of the request
- Page visited (referrer URL)
- Additional data required for bot detection
Data is also processed to analyze user behavior and detect automated access.
Legal basis
The integration of hCaptcha is based on Article 6(1)(f) of the GDPR
(legitimate interest in securing our website and protecting it from misuse). To the extent that access to information on the end device occurs in connection with the use of hCaptcha, this is based on Section 25(2)(2) of the Telecommunications, Digital Services, and Data Protection Act
(access strictly necessary to provide a service expressly requested by the user).
Order Processing
We have entered into a data processing agreement with hCaptcha.
Weglot
We use the "Weglot" service on our website to provide translations of our content into various languages. The provider is Weglot SAS, 7 Cité Paradis, 75010 Paris, France. For information on data processing by Weglot, please visit
https://weglot.com/privacy/.
To display the translated content, a connection is established with Weglot’s servers when the website is accessed. In particular, the following data is processed:
- the IP address of the requesting device
- Information about the browser and device used
- the page being accessed (URL)
- User language settings
This data is processed in order to display the content of our website in the selected language.
The use of Weglot is based on Article 6(1)(f) of the GDPR and Section 25(2)(2) of the TTDSG. Our legitimate interest lies in providing our online services in multiple languages.
It cannot be ruled out that data may be transferred to third countries (in particular the United States) in the course of use. In such cases, the transfer is based on the European Commission’s standard contractual clauses pursuant to Article 46 of the GDPR.
Product Display with WooCommerce (Catalog-Only Mode)
We use the WooCommerce software on our website to display our products. WooCommerce is used solely for the technical presentation and structured display of our product catalog. Our website does not offer any ordering or payment processing functions.
When using the website, only technically necessary data required to provide the website is processed, specifically pages visited and product views, technical access data (e.g., IP address, time of access), and server log data to ensure technical operation. Order, payment, or customer account data is not processed.
In pure catalog mode, WooCommerce is configured so that no cookies typically used in ordering processes (such as shopping cart or session cookies) are set.
If technically necessary cookies are used in specific cases, this is done solely to ensure the website functions properly.
Legal basis
Data processing is based on Article 6(1)(f) of the GDPR ( legitimate interest in a functional, structured presentation of our product range and in the stable and secure operation of the website). Where technically necessary cookies are used, this is based on Section 25(2)(2) of the TDDDG.
15. Integration of CAD data and lead generation via TraceParts
We use content provided by TraceParts S.A.S., Parc Eco Normandie, 76430 Saint-Romain-de-Colbosc, France, to provide CAD data and generate leads. TraceParts’ privacy policy can be found at https://info.traceparts.com/de/legal/allgemeine-nutzungsbedingungen and https://info.traceparts.com/de/dsgvo-konformitat/.
Integration of external content from Traceparts
The CAD data is loaded from external TraceParts servers and integrated into our website. A connection to the TraceParts servers is established only after you have given your consent; this consent can be provided—where technically feasible—via the Consent Manager or the Consent Layer.
Processing of server log data by TraceParts
As part of this integration, TraceParts, acting as the sole data controller, processes technical access data in the form of server log files.
- IP address
- Date and time of access
- Page visited (referrer URL)
- Information about the browser you are using
- Information about the operating system used
- Additional technical log data (server log files)
This data is technically necessary to provide the content and ensure the stability and security of the systems.
Legal basis:
This content is displayed only after you have given your consent in accordance with Section 25(1) of the German Telemedia Act (TDDDG) and Article 6(1)(a) of the General Data Protection Regulation (GDPR). Without your consent, no connection will be established to TraceParts’ servers.
Data processing under the responsibility of TraceParts
The registration, use, and download of CAD data are subject to TraceParts’ sole responsibility under data protection laws.
Data Sharing and Transfers to Third Countries
We have no control over how TraceParts processes the data. It cannot be ruled out that TraceParts may use other service providers or process data outside the European Union.
Data transmission to our company (lead generation) via Traceparts
TraceParts provides us with information about users who have downloaded our CAD data or expressed interest in our products.
In particular, the following data may be transmitted:
- Name
- Email address
- The company
- job title
- Information about downloaded products
- Usage interests
Purpose of processing
We process this data to handle inquiries, contact you regarding our products, and for sales and quotation processes.
Source of the data
The data is provided to us by TraceParts. The initial collection of this data takes place when users register for and use the platform.
Legal Basis
The processing of data transmitted by TraceParts is based on Article 6(1)(f) of the GDPR (legitimate interest in processing business contact requests and product inquiries) and, where applicable, Article 6(1)(b) of the GDPR (pre-contractual measures).
Retention period
We store your data for up to 6 months if there is no further contact, and for up to 12 months if there is further contact. If a contractual relationship is established, the statutory retention periods of 6 or 8 years apply in accordance with Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO).
Initial Information Pursuant to Article 14 of the GDPR
If this is the first time we are contacting you, we will inform you about how your data is processed, including where it comes from.
Right to object
You may object to the processing of your data at any time.
16. Direct Marketing
Direct marketing to existing customers based on legitimate interest
We reserve the right to use the data collected in the course of a business relationship under a service agreement for direct marketing via email or mail in accordance with Section 7(3) of the German Unfair Competition Act (UWG), unless you object to such use. Direct marketing will consist exclusively of offers for services similar to those you have already received from us.
We have a legitimate business interest (Art. 6(1)(f) GDPR) in informing our customers about our services and in improving our services. Of course, you may object to receiving direct marketing at any time. Please direct your objection to the controller listed above. You will also find information in every newsletter on how to submit your objection.
17. Audio and Video Conferences
We use Microsoft Teams for communication. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For details on data processing, please refer to the Microsoft Teams Privacy Statement: https://privacy.microsoft.com/de-de/privacystatement.
Microsoft Teams processes all data that you provide or use to access the tools (email address and/or phone number). In addition, the conferencing tools process the duration of the conference, the start and end times of your participation in the conference, the number of participants, and other “contextual information” related to the communication process (metadata).
In addition, the tool provider processes all technical data necessary for handling online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
If content is exchanged, uploaded, or otherwise made available within the tool, it is also stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.
Please note that we do not have full control over the data processing activities of the tools we use. Our ability to influence these activities depends largely on the corporate policies of the respective providers. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools, which we have listed below.
Purpose and Legal Basis
We use Microsoft Teams to communicate with prospective or existing contractual partners or to provide certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of these tools serves to generally simplify and expedite communication with us or our company (legitimate interest within the meaning of Art. 6(1)(f) GDPR). To the extent that consent has been requested, the use of the relevant tools is based on this consent; consent may be revoked at any time with future effect.
Retention Period
The data we collect directly via video and conferencing tools is deleted from our systems as soon as you request its deletion, revoke your consent to its storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no control over how long your data is stored by the operators of the conferencing tools for their own purposes. For more details, please contact the operators of the conferencing tools directly.
Order Processing
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
18. Privacy Notice for Job Applicants
If you apply to us—whether for a posted position or as an unsolicited application—we will process your data to conduct the selection process. It makes no difference to us whether you apply by mail, email, or, if available for the position in question, via an online form.
As a general rule, we only process the data you have provided to us yourself as part of the application process. Consulting additional sources may be considered only after informing you and consulting with you. For example, whether we may contact a former employer.
The legal basis for conducting an application process is §26 BDSG in conjunction with Art. 6(1)(b) GDPR (initiation of an employment contract). To the extent that you grant us your consent to the long-term storage of your data, this is based on the legal basis of Art. 6(1)(a) GDPR.
Retention periods for applicant data
We delete applicant data no later than 4 months after the conclusion of the application process (once a candidate has been selected and all applicants have been informed of the outcome). The purpose of data processing generally no longer applies once the selection process has ended; however, we have a legitimate interest (Art. 6(1)(f) GDPR) in being able to defend ourselves against any claims from rejected applicants. If you believe that your interests in immediate deletion outweigh ours, you have the option to request this from us. We will then review your request and provide you with feedback.
After the expiration of the aforementioned period, your data will be deleted, unless we need to defend ourselves, for example, in ongoing proceedings, such as a lawsuit under the General Equal Treatment Act. In this case, we will delete your data after the proceedings are concluded, provided there are no statutory retention periods.
If we are permitted to store your data for a longer period based on your consent, we will delete your data if you request us to do so and revoke your consent. If necessary, we may also delete your data before you revoke your consent if it is foreseeable that no position will be available.
Inclusion in our applicant pool
If we are unable to offer you a position at this time, we may ask for your consent to continue storing your data. This is done so that we can offer you a suitable position at a later date. The legal basis for processing your data in our applicant pool is your consent (Art. 6(1)(a) GDPR). You may, of course, withdraw your consent at any time with future effect. If you do not withdraw your consent yourself within a period of two years, we will delete your data from our applicant pool no later than then.
19. Social Media Presence
We maintain publicly accessible profiles on social media platforms. You can find a list of the specific social media platforms we use below.
Social networks such as Facebook, LinkedIn, etc., can generally analyze your user behavior in detail when you visit their website or a website with integrated social media content (e.g., Like buttons or advertising banners). Visiting our social media pages triggers numerous data processing operations relevant to data protection. Specifically:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can associate this visit with your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, data collection takes place, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media platforms can create user profiles that store your preferences and interests. In this way, interest-based advertising can be displayed to you both within and outside the respective social media platform. If you have an account with the respective social network, interest-based advertising may be displayed on all devices on which you are logged in or have been logged in.
Please also note that we cannot track all processing activities on the social media platforms. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.
Legal basis
Our social media presence is intended to ensure the most comprehensive online presence possible. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6(1)(a) GDPR).
Data Controller and Exercising Rights
When you visit one of our social media pages (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered by that visit. You may generally exercise your rights (right of access, rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint) both against us and against the operator of the respective social media portal (e.g., against Facebook).
Please note that despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options depend largely on the corporate policy of the respective provider.
Retention period
The data collected directly by us via our social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you request its deletion, you revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions—in particular retention periods—remain unaffected.
We have no control over how long your data is stored by social media platform operators for their own purposes. For more details, please contact the social media platform operators directly (e.g., by reviewing their privacy policies, see below).
Social Networks in Detail
LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to disable LinkedIn advertising cookies, please use the following link:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here:www.linkedin.com/legal/l/dpaand https://www.linkedin.com/legal/l/eu-sccs. For details on how LinkedIn handles your personal data, please refer to LinkedIn’s Privacy Policy:www.linkedin.com/legal/privacy-policy. .
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how they handle your personal data, please refer to XING’s Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.
X (formerly Twitter)
We use the short-form messaging service X (formerly Twitter). The provider is the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The entity responsible for data processing for individuals residing outside the U.S. is the branch office Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. You can adjust your X privacy settings yourself in your user account. To do so, click on the following link and log in:https://x.com/settings/account/personalization. Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here:https://gdpr.x.com/en/controller-to-controller-transfers.html. For details, please refer to X’s (formerly Twitter) Privacy Policy:https://x.com/de/privacy.
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube’s Privacy Policy:https://policies.google.com/privacy?hl=de. You can obtain further information on this from the provider at the following link:https://www.dataprivacyframework.gov/participant/5780
20. Privacy Notice for Business Partners
We process personal data that we receive directly from you in connection with our business relationship. This typically includes, for example, contact and address information, records of business transactions, and any correspondence with you. Depending on the nature of the business relationship, this may also include, for example, user IDs for secure customer platforms.
Data processing is carried out for the purpose of conducting and managing all transactions relating to the controller, customers, prospective customers, business partners, or other contractual or pre-contractual relationships between these groups, as well as the controller’s legal obligations.
The processing of your personal data is based on Article 6(1)(b) of the EU GDPR, provided that you are personally a party to a contractual relationship with us or are in the process of establishing such a relationship. If the relationship involves a business relationship or the initiation thereof between the company for which you work and us, the processing of your personal data is based on Article 6(1)(f) of the EU GDPR to safeguard our legitimate interests as well as the interests of your company, which are based on the proper conduct of the mutual business relationship.
Categories of recipients
We engage data processors as defined in Article 28 of the GDPR, particularly in the IT context. Furthermore, we engage external service providers, such as banks, auditors, and similar entities. Based on joint controllership (Art. 26 GDPR) and our legitimate interests (Art. 6(1)(f) GDPR), data processing takes place within the Siedle Group (S. Siedle & Söhne
Transfer of personal data to a third country
We generally process your personal data in data centers located in the Federal Republic of Germany, the European Union, or safe third countries such as Switzerland.
A transfer to a third country that does not ensure an adequate level of data protection is only permissible if you have given us your consent or if we have entered into a data processing agreement in accordance with Article 28 of the GDPR, taking into account appropriate safeguards or other suitable safeguards.
Automated decision-making, including profiling
As a general rule, we do not use methods that involve automated decision-making, including profiling. If such methods are used in specific cases, we will inform you as necessary.
Obligation to provide personal data
If you have a direct business relationship with us, you must provide the personal data necessary for establishing and maintaining a business relationship and for fulfilling the associated contractual obligations. Without this data, we will generally have to refuse to enter into the contract or execute the order, or we will no longer be able to perform an existing contract and may have to terminate it.
If this concerns a business relationship with a company that you represent on our behalf, you must provide us with the personal data necessary for establishing and carrying out a representation/power of attorney and for fulfilling the associated contractual obligations. Without this data, we will generally have to refuse to recognize you as an authorized representative or revoke an existing power of attorney.
Retention period
Unless otherwise specified in the remaining provisions of this notice, we store the personal data we have obtained from you in connection with our business relationship for the duration of our collaboration, limited to the specific purpose for which it was collected. Based on legitimate interests, we store the data of our contacts in accordance with the standard statute of limitations under Section 195 of the German Civil Code (BGB), which is three years. Furthermore, we are regularly obligated to retain data due to mandatory statutory retention periods, e.g., under commercial or tax law, which amount to eight years pursuant to Section 257 of the German Commercial Code (HGB) and Section 147 of the German Fiscal Code (AO).