Privacy Policy & Statement

Thank you very much for visiting our website or getting in touch with us some other way.

We take the protection of your personal data particularly seriously. It is in principle possible to visit the website without entering any personal data. If you wish to respond to an offer made by our company online, though, it may be necessary to process personal data. If personal data has to be processed and there is no legal basis for such processing, we will generally obtain the consent of the data subject.

Personal data, such as the name, address, e-mail address or telephone number of a data subject, will always be processed in compliance with the current version of the German Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (GDPR) in force since 25.05.2018 and the German Telecommunications and Telemedia Data Protection Act (TTDSG).

The purpose of this Data Privacy Statement is to set out the nature, extent and purpose of the personal data we process and inform data subjects of the rights they have.

Our company has taken many technical and organisational measures to ensure the most comprehensive protection possible of the processed personal data. Gaps in security may arise when transmitting data over the internet, however, so it is not possible to guarantee absolute protection.

I. Definition of terms

Our company's Data Privacy Statement is based on the GDPR. The Data Privacy Statement should be easy to read and understand. To ensure this, we begin by explaining the terms used.

1. Personal data

Personal data means "any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" (Art. 4(1) GDPR).

2. Data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for their processing.

3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7. Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

8. Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. Recipient

Recipient means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

10. Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11. Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

II. Controller

The controller within the meaning of the General Data Protection Regulation, other national data protection legislation of the Member States and sundry data protection regulations is:

HORSCH Maschinen GmbH Sitzenhof 1
92421 Schwandorf Deutschland
Tel.: +49 9431 7143-0
Fax.: +49 9431 7143-9200

E-mail: info@horsch.com
Website: www.horsch.com

III. Data protection officer

BCCO GmbH
Hermann-Köhl-Straße 14
93049 Regensburg

Tel.: +49 941 69800800
E-mail: datenschutz@horsch.com

IV. Provision of the website

1. Hosting the website

This website is operated through what is known as a hosting service provider, on whose European servers the content of the internet presence is stored.

The hosting service provider was selected carefully; in addition, all necessary measures were taken to ensure that data processing conforms to data protection laws (such as the conclusion of a commissioned data processing agreement).

Every time our website is accessed, our system automatically records data and information from the system of the accessing computer.

The following data are collected:

the user's operating system
the user's internet service provider
the user's IP address
the date and time of access
websites from which the user's system gains access to our website
websites accessed by the user's system via our website
the file accessed
the quantity of data sent

The legal basis for the temporary storage of the data is point (f) of Art. 6(1) GDPR.

2. The system has to store the IP address temporarily in order to enable the website to be delivered to the user's computer. This requires the user's IP address to be stored for the duration of the session. These purposes constitute a legitimate interest of ours pursuant to point (f) of Art. 6(1) GDPR.

3. The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected. Where the data are collected for the purpose of providing the website, this is the case when the respective session ends.

4. The recording of data required for provision of the website is essential for operation of the website, which is why the user does not have the option to object.

V. Log files

1. The data will likewise be stored in the log files of our system. These data will not be stored together with other personal data of the user. The legal basis for the creation of log files is point (f) of Art. 6(1) GDPR.

2. Data are stored in log files in order to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. The data will not be analysed for marketing purposes in this regard. These purposes also constitute a legitimate interest of ours in the processing of personal data pursuant to point (f) of Art. 6(1) GDPR.

3. The data in the log files will be erased after not more than seven days. It is possible for them to be stored for longer, in which case the users’ IP addresses will be erased or anonymised so that the IP address can no longer be traced back to the respective client.

4. Storage of the data in log files is essential for operation of the website, which is why the user does not have the right to object.

VI. Cookies

1. Our website uses cookies. Cookies are text files that are stored either in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a distinct character string that allows unique identification of the browser the next time the website is accessed.

The following data are stored and transmitted in the cookies:

language settings
login information
items in a shopping cart

On our website we also use cookies that enable the browsing behaviour of users to be analysed. The following data can be transmitted in this way:

search terms entered
frequency of page views
use of website functions

2. If you have given us consent, the legal basis for the processing of personal data using cookies is point (a) of Art. 6(1) GDPR and section 25(1) TTDSG. You can withdraw your consent at any time with effect for the future by disabling this service in the “Data privacy settings” on this page. If the processing is founded on our legitimate interests, the legal basis is point (f) of Art. 6(1) GDPR.

3. Cookies are used for the purpose of simplifying use of the website for our users. Analysis cookies are used in order to improve the quality of the website, because knowing exactly how the website is used enables us to constantly optimise what we offer. This also constitutes a legitimate interest of ours in processing personal data pursuant to point (f) of Art. 6(1) GDPR.

4. Cookies are stored on the user's computer and are sent by that computer to our website. That means you as the user also have full control over the use of cookies. You can disable or restrict the transmission of cookies by making the corresponding settings in your internet browser. Cookies that are already stored can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, you may no longer be able to make full use of all the functions of the website.

VII. Consent Management Tool

When someone accesses our website, we show a “Data privacy settings” window through which we manage the necessary consents.

Our Consent Manager is controlled through the necessary “CookieConsent” cookie. This mechanism enables you to manage your consent to the use of cookies on our website.

If the “CookieConsent” cookie is not present, the Consent Manager will be displayed. If you reject the use of optional cookies, the “CookieConsent” cookie will be given the value “mandatory” and various standard erasure cookies will be set. When you restart the browser, you will be shown the Consent Manager again.

If you give consent for technically necessary services in the Consent Manager, the “mandatory” value in the “CookieConsent” cookie will be stored with a “|” separator. If you consent to all services, for instance, the value will be “mandatory|Marketing|Stats|External|Unclassified”.

External media such as Google Maps or YouTube are blocked by default. If the “CookieConsent” cookie contains the “External” character string, these external media will then be loaded. If you give your consent in the blocked media container, the value in the “CookieConsent” cookie will be extended with “External” and the corresponding content will then be loaded.

If the value of the “CookieConsent” cookie contains the “Marketing”, “Stats” or “Unclassified” character strings, Google Tag Manager will be launched to control the corresponding services on the basis of the given value. Google Tag Manager will otherwise remain inactive. If consent has already been given, the last step will be executed immediately.

Your consent applies until the end of the browser session.

The legal basis for the use of a consent management tool is point (c) of Art. 6(1) GDPR.

You can change your settings or withdraw your consent with effect for the future at any time by disabling the relevant category in the “Data privacy settings”.

VIII. Contact form and e-mail contact

a) There is a contact form on our website which can be used for getting in touch electronically. If a user takes advantage of this opportunity, the data entered on the input template will be sent to us and we will store them. These data are your first name, surname, e-mail address and phone number.

Your consent will be obtained for the processing of data as part of the send process and reference will be made to this Privacy Policy & Statement.

You can alternatively contact us using the e-mail address provided. In this case the user’s personal data transmitted with the e-mail will be stored.

These data will not be forwarded to third parties, but will instead be used solely in order to process the conversation.

b) The legal basis for the processing of the data based on the user's consent is point (a) of Art. 6(1) GDPR.
The legal basis for the processing of the data transmitted when an e-mail is sent is point (f) of Art. 6(1) GDPR. If you contact us by e-mail in order to conclude a contract, point (b) of Art. 6(1) GDPR is an additional legal basis for processing.

c) The personal data from the input template will be processed solely so that we can respond to your contact. If you contact us by e-mail, this also gives us the necessary legitimate interest in processing the data.

Other personal data will be processed during the send process in order to prevent misuse of the contact form and to ensure the security of our information technology systems.

d) The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected. For the personal data from the input template of the contact form and the personal data that were sent by e-mail, this will be the case when the relevant conversation with the user has come to an end. The conversation is ended if the circumstances permit the conclusion that the matter at hand has definitely been resolved.

The personal data additionally collected during the send process will be erased after not more than seven days.

The user can withdraw their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case the conversation can no longer be continued.

All personal data saved in the course of the contact will be erased.

IX. User registration

1. On our website we offer users the option of registering by entering personal data. The data are entered on an input template and sent to us and stored. The data are not forwarded to third parties. The following data are collected as part of the registration process: first name, surname, e-mail address, place of residence.

The following data will also be stored when the message is sent: IP address of the user and date and time of registration.

The consent of the user to the processing of these data will be collected as part of the registration process.

2. The legal basis for processing of the data based on the user's consent is point (a) of Art. 6(1) GDPR.

3. Registration of the user is necessary for the provision of certain content and services on our website or in order to fulfil a contract with the user or to take steps prior to entering into a contract.

The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected.

4. This is the case for the data collected during the registration process if registration on our website is cancelled or amended.

For the data collected during the registration process in order to perform a contract or to take steps prior to entering into a contract, this is the case when the data are no longer necessary for the performance of the contract. It may be necessary to store personal data of the other party to the contract even after it has been concluded in order to comply with contractual or legal obligations.

Users can cancel their registration at any time. You can have the data stored about you modified at any time.

If the data are necessary in order to perform a contract or to take steps prior to entering into a contract, it will only be possible to erase the data early if contractual or legal obligations do not prohibit erasure.

X. Online applications

1. Horsch career portal

a) On our website we offer the option of applying online for vacancies. The data required for proceeding with an application, such as your first name, surname, place of residence, address, education, etc., will be collected as part of this process. An online application requires the user to log in by registering.

The user's express consent is obtained in the online application process.

b) We will process these data for the purpose of conducting the application process. If you have given us consent, the legal basis for the processing of the data is point (a) of Art. 6(1) GDPR. If the above data are to be processed in order to initiate a contractual relationship, the legal basis is point (b) of Art. 6(1) GDPR.

c) The purpose of the data processing is to make the application process faster and more effective.

d) The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected. For the case that the application process leads to employment, training, a placement or other service relationship, the data will continue to be stored and transferred to the personal file. The application process will otherwise end on receipt of a rejection. In this case the data will be erased once the vacancy has been filled. Your personal data will not be erased if their further processing or storage is necessary in the individual case for the establishment, exercise or defence of legal claims. In this case we will have a legitimate interest in the continued processing and storage of your personal data. The legal basis is point (f) of Art. 6(1) GDPR. They will also not be erased if we are obliged by law to continue to store your personal data.

2. Other job portals

We also use various external job portals in order to publish job vacancies and receive applications. If you click on a link in these job opportunities, you will be forwarded to the relevant job portal. Please note that we do not have any influence on the processing of your personal data by the job portal. The job portal itself is responsible for how it processes your personal data.

We sometimes use the hub of the relevant job portal to process applications and communicate with applicants. To that end we have concluded a commissioned data processing agreement with the job portals. Your personal data will be processed by us and the job portal on the basis of point (b) of Art. 6(1) GDPR (steps prior to entering into a contract) and/or point (f) of Art. 6(1) GDPR (legitimate interest). Our legitimate interest consists in finding suitable applicants for vacancies and ensuring that applications are handled effectively.

Further information about the processing of your personal data by the relevant job portal can be found in the portal’s own data privacy statement.

XI. Newsletter

a) We offer a newsletter to which you can subscribe on our website. Details about the newsletter, particularly its possible content, will be given in the declaration of consent. If you subscribe to our newsletter, the data you provide on the input template when registering for the newsletter will be sent to us. To register for the newsletter, you must provide us with your e-mail address. This is mandatory information.

If you provide other personal information when registering, this is done on a voluntary basis.

We use what is known as the double opt-in procedure for registering for our newsletter. Once you have registered, we will send an e-mail to the email address you gave asking you to confirm that you want us to send you the newsletter in future. If you do not confirm your registration within the period stated in the e-mail, the data you provided will be blocked and then erased after five weeks. We also store your IP address, the time and date you registered for the newsletter and the time and date of confirmation. These data will be used solely in order to send the newsletter.

We use rapidmail to send our newsletter. Your data will therefore be sent to rapidmail GmbH. rapidmail GmbH is prohibited from using your data for any purposes other than sending the newsletter. rapidmail GmbH is not permitted to sell or communicate your data to third parties. rapidmail is a German certified newsletter software provider that was selected carefully in accordance with the requirements of the GDPR and the Federal Data Protection Act BDSG.

If you have given us consent, the legal basis for the processing is point (a) of Art. 6(1) GDPR. If the processing is founded on our legitimate interests in other respects, the legal basis is point (f) of Art. 6(1) GDPR.

c) The data you entered on the input template when registering will be processed for the purpose of addressing you personally. Following your confirmation, we will store your e-mail address for the purpose of sending the newsletter. We will store the respective IP address and the dates and times of registration and confirmation so that we can prove your registration and investigate any possible misuse of your personal data. This is a legitimate interest of ours.

d) These data will be erased as soon as they are no longer necessary for achievement of these purposes. We will therefore only store the above data for as long as you subscribe to the newsletter. Once you unsubscribe from the newsletter, we will store these data anonymously and for statistical purposes only.

You can at any time withdraw the consent you gave to dispatch of the newsletter by unsubscribing from the newsletter. You can do so by clicking on the link contained in every newsletter e-mail we send you.

XII. Google Tag Manager

We use Google Tag Manager on our website to implement and manage tracking codes and other scripts through an interface. Google Tag Manager is a solution from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Tag Manager itself does not set any cookies or record personal data. It only ensures that other tags which may record data under certain circumstances are executed properly on our website.

The legal basis for the processing of personal data using Google Tag Manager is point (f) of Art. 6(1) GDPR. Our legitimate interest consists in analysing and optimising the use of our website and improving the effectiveness of our marketing measures.

You can disable the use of Google Tag Manager by disabling JavaScript in your browser or using a tool such as the browser add-on Ghostery. Please note, however, that this can impair the proper functioning of our website.

Further information about data protection can be found on the following Google web pages:

Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
Google Tag Manager FAQs: https://www.google.com/intl/de/tagmanager/faq.html
Google Tag Manager terms of use: https://www.google.com/intl/de/tagmanager/use-policy.htm

XIII. Google Fonts

On our website we use "Google Web Fonts", a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter "Google"). Google Web Fonts enables us to use external fonts, known as Google Fonts. When you access our website, your web browser loads the required Google Font into the browser cache. This is required so that your browser can display an optically improved view of our texts. If your browser does not support this function, your computer will use a standard font for display. These web fonts are integrated by means of a server request, usually through a Google server in the USA. In the process, the server will be told which of our web pages you have visited. Google will store the IP address of the browser of your device. We do not have any influence on the extent and the further use of the data that are collected and processed by Google through the use of Google Web Fonts.

Information on the third-party provider: Google Ireland Limited, Google Building, Gordon House, Barrow St, Dublin 4, Ireland

Further information about data protection can be found in the Google privacy policy: https://policies.google.com/privacy?hl=de&gl=de.

Further information about Google Web Fonts can be found at https://fonts.google.com/, https://developers.google.com/fonts/faq?hl=de-DE&csw=1 and https://www.google.com/fonts#AboutPlace:about.

b) The legal basis is your consent pursuant to point (a) of Art. 6(1) GDPR.

c) We use Google Web Fonts for optimisation purposes, in particular to improve your use of our website and make its design more user-friendly.

XIV. Fast.Fonts

a) To ensure consistency in the presentation of fonts, we use web fonts provided by Monotype GmbH (fonts.com or fast.fonts.net). When a page is accessed, your browser loads the necessary web fonts in your browser cache so that text and fonts can be displayed correctly.

This requires the browser you are using to establish a connection to fonts.com’s servers. fonts.com therefore learns that our website was accessed from your IP address. fonts.com web fonts are used in order to present our online products in a consistent and appealing way.

If your browser does not support web fonts, your computer will use a standard font.

Further information about these web fonts can be found at www.fonts.com/info/legal and in the privacy policy of Fonts.com: https://www.fonts.com/info/legal/privacy and the privacy policy of Monotype GmbH: https://www.monotype.com/legal/privacy-policy.

b) The legal basis is your consent pursuant to point (a) of Art. 6(1) GDPR.

c) We use Fast.Fonts for optimisation purposes, in particular to improve your use of our website and make its design more user-friendly.

XV. Google Maps

We use the Google Maps API in order to display geographical information. When Google Maps is used, Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) also collects, processes and uses data about the use of the maps function by visitors to the website. Your data will only be forwarded if you have given us your consent to do so pursuant to point (a) of Art. 6(1) GDPR and section 25(1) TTDSG.

When someone accesses our website, we display a “Data privacy settings” window.

This gives you the option of consenting to data processing by clicking on "Accept". If you only accept essential cookies, Google Maps will only be shown if you consent to data processing by clicking on the information text in the map window. You can withdraw your consent at any time with effect for the future by disabling this service in the “Data privacy settings” on this page. If you do not want any direct link to your Google profile, you should log out of your user account before enabling the service.

Google will collect and store data as exploitable user profiles, even for users who are not logged in, on the basis of their legitimate interest (point (f) of Art. 6(1) GDPR) in personalised marketing, market analysis or improving the design of Google websites. If you want to exercise your right to object to the creation of these user profiles, you must contact Google directly.

You can disable the service completely by switching off the JavaScript application in your browser. However, if you do so you will no longer be able to view maps on this site.

For the transmission of data from the EU to the USA, Google uses what are known as standard data protection clauses of the European Commission. These are intended to ensure the European level of data protection in the USA as well.

Further information about data processing by Google can be found in Google's data privacy statements: https://policies.google.com/privacy?hl=de.

Google's terms of use can be found at https://www.google.de/intl/de/policies/terms/regional.html, the additional terms of use for Google Maps at https://www.google.com/intl/de_US/help/terms_maps.html.

XVI. Hotjar

a) On our website we use "Hotjar", a web analysis service of Hotjar Ltd., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta (hereinafter "Hotjar").
We use Hotjar in order to better understand the needs of our users and optimise our offer on this website. The technology of Hotjar enables us to get a better understanding of the experience of our users (e.g. how much time users spend on which pages, what links they click on, what they like and what they do not like, etc.), which helps us to customise what we offer to the feedback from our users. Hotjar works with cookies and other technologies in order to collect information about the behaviour of our users and about their devices (particularly the IP address of the device (this is only collected and stored in anonymised form), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), and preferred language in which our website is displayed). Hotjar stores this information in a pseudonymised user profile. Neither we nor Hotjar use the information in order to identify individual users or combine it with other data about individual users.
Hotjar uses cookies, among other things, which are small text files that are stored locally in the clipboard of your device's web browser and enable your use of our website to be analysed, as well as what is known as a tracking code. The cookies used by Hotjar are stored on your device for different periods of time, some only for the duration of your visit and others for 365 days. The information collected in this way is sent to a Hotjar server in Ireland and stored there. The information that the tracking code allows to be collected is device-dependent data which are recorded by your device and web browser:

IP address of your device (collected and stored in anonymised format)
E-mail address, including your first name and surname, if you have provided this through our website
Screen size of your device
Device type and browser information
Geographical data (country only)
Language for viewing our website
User interactions
Mouse commands (movement, position and clicks)
Keyboard inputs

Log data which are automatically used by our server if Hotjar is used:

Referring domain
Websites visited
Geographical data (country only)
Language for viewing our website
Date and time of access

Hotjar uses this information in order to analyse your use of our website, prepare reports on usage and provide other services associated with the analysis of our website. Hotjar also makes use of services of third parties (e.g. Google Analytics and Optimizely) in order to provide the services. These third parties may store or otherwise process information which your browser sends when you visit our website (including the IP address in certain circumstances).

Information on the third-party provider: Hotjar Ltd., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta. Further information on the use of data by Hotjar, setting options, ways to object and data privacy can be found on the following Hotjar page: https://www.hotjar.com/legal/policies/privacy.

b) The legal basis is your consent pursuant to point (a) of Art. 6(1) GDPR and section 25(1) TTDSG.

c) We use Hotjar in order to analyse the use of our website and continually improve individual functions and offers as well as the user experience as a whole. The statistical analysis of user behaviour enables us to improve what we offer and make it more interesting for users.

d) You can consent to the storage by Hotjar of a user profile and of information about your visit to our website and the setting of Hotjar tracking cookies in our cookie notice and also withdraw your consent there at any time.

XVII. Matomo

On our website we use the open-source software Matomo (formerly Piwik), which is hosted on our own servers, in order to record and analyse statistics about the use of our website. No personal data are passed on to third parties in this process.

With your consent, Matomo (InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand) uses cookies that are stored on your computer and enable analysis of the use of our website. The information relating to your use of our website that is generated by the cookie is stored on our server and are not passed on to third parties.

Before storing the IP addresses, we abbreviate and anonymise them in order to protect your privacy. The anonymised IP address cannot be used to identify the user.

The data that Matomo records on our server are used solely for statistical purposes and enable us to optimise our website and its content. They are not forwarded to third parties.

You can prevent the storage of cookies on your computer by making the corresponding settings in your browser software. Please note, however, that if you do so you may not able to make full use of all functions of our website.

If you do not agree to the storage and analysis of these data, you can object to their storage and use in the data privacy settings at any time. In this case an opt-out cookie will be stored in your browser to prevent Matomo from saving usage data. If you delete your cookies, however, the opt-out cookie will also be deleted, requiring you to enable it again.

The legal basis for the processing of personal data with the aid of Matomo is point (f) of Art. 6(1) GDPR. The legitimate interest consists in the statistical analysis of user behaviour in order to improve the website and its content and to optimise its user-friendliness. If the corresponding consent has been requested, processing will be performed solely on the basis of point (a) of Art. 6(1) GDPR and section 25(1) TTDSG if the consent encompasses the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. You can withdraw your consent at any time with effect for the future by disabling the corresponding category in the “Data privacy settings” on this page.

Further information about data protection in connection with Matomo can be found in Matomo’s data privacy statement at https://matomo.org/privacy.

XVIII. Google Analytics

1. Upon your consent, we use Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), on our website. Google Analytics uses what are known as cookies, which are text files that are stored on your device and enable your use of the website to be analysed. The information generated by the cookie about your use of this website (including the abbreviated IP address) will normally be sent to a Google server and stored there. This may entail transmission to the servers of Google LLC. in the USA.
The Google Analytics service processes the data solely with anonymisation of the IP address by abbreviation. This is to ensure that the data cannot be associated directly with a person. Only in exceptional circumstances will the full IP address be sent to a Google LLC server in the USA and abbreviated there. On our behalf, Google will use this information to evaluate your use of our website, to compile reports on the website activities and to provide additional services to us in connection with the use of the website and the internet. The IP address transmitted by your browser as part of Google Analytics will not be associated with other Google data.

2. All the processing described above, in particular the setting of Google Analytics cookies to enable information to be read on the device used, will only be carried out if you have given us your express consent pursuant to point (a) of Art. 6(1) GDPR and section 25(1) TTDSG. If such consent is not given, Google Analytics will not be used while you are visiting our site.

3. The web analysis services and the cookies of Google are used in order to improve the efficiency of our website through the perfected analysis of user behaviour so that we can take proper heed of the needs and interests of our users.

4. You can withdraw your consent at any time with effect for the future by disabling this service in the “Data privacy settings” on this page.
We have entered into a processing contract with Google for the use of Google Analytics under which Google is obliged to protect the data of visitors to our site and not to pass them on to third parties.
For the transmission of data from the EU to the USA, Google uses what are known as standard data protection clauses of the European Commission. These are intended to ensure the European level of data protection in the USA as well.
Further information about Google Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de.

Information for visitors of websites and apps on which Google Analytics is used can be found here: https://support.google.com/analytics/answer/6004245#info_for_visitors.

Google’s data privacy statement and terms of use describe how Google handles personal data when Google products such as Google Analytics are used: http://www.google.com/intl/de/policies/privacy/.

You can withdraw your consent to the processing of your data at any time with effect for the future. To do so, you can set an opt-out cookie via a browser plug-in (an add-on to disable Google Analytics) to prevent data being recorded through Google Analytics. This prevents activity data being shared with Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de.

XIX. SEMrush

SEMrush (800 Boylston Street, Suite 2475, Boston, MA 02199, USA) is an all-in-one marketing platform that provides tools and data for digital marketing, SEO (search engine optimisation), PPC (pay-per-click) and content marketing. Semrush enables us to analyse our online presence, carry out keyword research, analyse competitors, verify backlink profiles and run advertising campaigns. We use SEMrush for the purpose of improving our online marketing strategies, increasing our visibility in search engines and optimising our online performance in general.

SEMrush does this using the anonymised data that Google Analytics provides for further analysis.

XX. Friendly Captcha

To protect our website from spam and abuse, we use the Friendly Captcha widget. The legal basis is both a legitimate interest pursuant to point (f) of Art. 6(1) GDPR and our legal obligation under point (c) of Art. 6(1) GDPR, since we as operators of the website have to ensure the availability of the service.
Friendly Captcha is based on proof-of-work and does not perform any tracking, store any personal data or use any cookies. When a user visits the protected page, the widget directs their device to the servers of Friendly Captcha, which requires the execution of an arithmetic task. This task is solved on the visitor's device and the result is transmitted to the web server of the protected page.

Friendly Captcha collects the following protocol data:

The User Agent, Origin and Referrer request headers.
The puzzle itself, which contains the information about the account and the website key to which the puzzle relates.
The version of the widget.
A timestamp.

More information about how the data are processed and stored can be found in the data privacy provisions for end users of Friendly Captcha GmbH at https://friendlycaptcha.com/de/legal/privacy-end-users/.

XXI. Social media

If you visit one of our pages on social media, doing so will result in your personal data being processed. In this case we, together with the operator of the respective social network, will be responsible for the data processing operations within the meaning of Art. 26 GDPR if we actually reach a joint decision with the operator of the social network on the data processing and we can also exert an influence on the data processing. Where possible, we have reached agreements with the operators of the social network on joint control pursuant to Art. 26 GDPR.

Please note that, despite joint control with the operators of social networks pursuant to Art. 26 GDPR, we do not have complete influence over the data processing performed by the individual social networks. The business policy of the respective provider has the determining influence on our options. In the event that rights as data subjects are asserted, we can only pass these queries on to the operator of the social network.

You can contact us through various channels of our social media presence. Personal data are only collected if you give them to us voluntarily when making contact with us. In the absence of your separate consent, we will use the data you provide solely for the purpose of fulfilling and processing your contact enquiry. They will not be passed on to third parties, or will only be provided on the basis of your enquiry.

1. Facebook and Instagram

Our website contains links to our profiles on Facebook and Instagram, which are operated by Meta. If you click on one of these links, you will be forwarded to our presence on the relevant platform. When you visit them, your personal data will always be processed by Meta Ireland Ltd. If you use interactive functions such as commenting, sharing or rating, the data will be processed solely by Meta.

Joint controllers within the meaning of Art. 26 GDPR

We have joint responsibility with Meta for the processing of your personal data obtained through our Facebook and Instagram pages:

Meta Platforms Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

If you visit our Facebook or Instagram page, Meta will collect and process your personal data. Further information can be found in Meta’s data privacy policy at https://www.meta.com/privacy. We do not have any influence on data processing by Meta and cannot assume any responsibility for it.

Please note that Facebook and Instagram have their own data privacy policies, over which we have no influence. We recommend that you read the data privacy statements of these platforms carefully before disclosing personal data on the platforms:

https://help.instagram.com/519522125107875

https://www.facebook.com/policy.php

You can contact the data protection officer of Facebook and Instagram by completing the appropriate contact form via the following link:

https://www.facebook.com/help/contact/540977946302970

Our Facebook and Instagram pages are provided by Meta Platforms Ireland Limited (hereinafter “Meta”). We manage them through a corresponding user account. These pages give us the opportunity to present ourselves to the users of Facebook and Instagram and get in contact with them.

We may collect personal data through our Facebook and Instagram pages. Your data will normally be recorded and processed in pseudonymised form, which means we cannot associate your data directly with your name or e-mail address. To that extent processing will be performed using a profile based on an ID or cookie. You can have a prevailing influence on how your data are processed. To do so, simply click on the Settings menu item on your Facebook or Instagram profile.

The data collected when you access and use the pages and the information you provided when making contact will be sent to Meta and stored there. In addition, your data may also be viewed by employees who are involved in maintaining our Facebook and Instagram pages and answering your messages.

Meta does not clearly and finally state, and we do not know, the extent to which Meta uses the data collected on visits to Facebook and Instagram pages for its own purposes, the extent to which activities on the Facebook and Instagram pages are attributed to individual users, for how long Meta stores these data and whether data collected on a visit to the relevant pages are passed on to third parties.

Facebook Insights and Instagram statistics

Meta provides us with statistical data about the visitors to our Facebook and Instagram pages through the “Insights” and “Instagram statistics” functions. We cannot establish any personal link through this. This information is purely functional and helps us better analyse our page or adapt it to your needs and interests. To the extent that we process your personal data when you visit our Facebook and Instagram pages, we are allowed to do so under point (f) of Art. 6(1) GDPR (legitimate interest). We would like to analyse the anonymised Insights data in order to track user behaviour on the respective fan page and optimise the content. Meta itself processes these data in a more detailed manner; you can find more information about this under the following link:

https://help.instagram.com/788388387972460?helpref=uf_permalink

https://www.facebook.com/iq/tools-resources/audience-insights

Insights in the Meta Business Suite: https://www.facebook.com/business/help/700570830721044?id=765488040896522

Some of the Insights data will be sent to the servers of Meta in the USA and stored there. This transfer to a third country is allowed if standard data protection clauses are agreed. Further information can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum

Meta has also published an addendum to the data protection agreement, which you can find here:

https://www.facebook.com/legal/terms/page_controller_addendum

Further information about Insights, the use of cookies and setting options can be found at:

https://www.facebook.com/legal/terms/information_about_page_insights_data

https://www.facebook.com/policies/cookies

Please note that Insights also enables personal data of people who do not have a profile with Facebook or Instagram to be collected.

Information on the legal basis and purpose of the processing by Meta and the duration of the relevant storage can be viewed here:
https://de-de.facebook.com/about/privacy/update

Service providers for Facebook and Instagram marketing

To the extent that we use service providers for the data processing of our Facebook and Instagram pages, we conclude appropriate commissioned data process agreements with them. In these we regulate the extent to which and the security conditions under which the data are processed and specify the necessary rights of instruction pursuant to Art. 28 GDPR.

We use the Facelift tool of Facelift brand building technologies GmbH (Facelift bbt, Gerhofstr. 19, 20354 Hamburg) to make it easier to manage our social media channels. As Facelift is primarily used in order to make it easier for us to manage all the social media channels we run, no personal data are collected through the mere link between Facelift and our Facebook or Instagram page. If, however, a user uses the comment function on one of our pages to ask a question defined in more detail in Facelift, particularly concerning advertising purposes, the text will be merged with the user's user name in the tool and will be shown to us. The sent text and the user name will be erased as soon as the query has been answered. The legal basis for the data processing is point (f) of Art. 6(1) GDPR. Facelift is used for the purpose of simplifying communication between us and the visitor to our Facebook or Instagram page. This gives us a better overview of user comments, facilitating communication with visitors to our Facebook or Instagram page. This also constitutes a legitimate interest of ours in processing personal data pursuant to point (f) of Art. 6(1) GDPR.

Comment function on our Facebook and Instagram pages

We regularly publish news on our Facebook and Instagram pages. To enable you to engage in active exchanges with us, we have enabled the corresponding comment function of Facebook and Instagram. We reserve the right to immediately remove inappropriate posts (e.g. with racist, illegal or similar content). To this end all comments are reviewed for inappropriate content. In doing so we can see from which Facebook or Instagram profile the relevant comment was posted. We have access to

the content of the comment
the time it was created
the user ID
the Facebook or Instagram user name

and can establish a link to the previous posts and comments. These data are not normally passed on to third parties, but in exceptional cases a legal requirement or a corresponding court order may compel us to surrender such data.

Making contact

You can get in contact with us through various channels of our Facebook and Instagram pages and by direct messages, likes or comments. When you contact us, the user name stored in your account will be shown. This processing is allowed under point (f) of Art. 6(1) GDPR because we have a legitimate interest in answering questions, responding to criticism, establishing a relationship and exchanging information. This enables us to improve our services and respond to the needs of our customers. Communication via social media is particularly important, particularly for reaching younger customers. Direct messages are stored indefinitely; comments on the fan page and likes are stored permanently and can be seen by other users.

Rights of data subjects

If you use our Facebook and Instagram pages, you have the right to pursue all rights that are described in the section entitled “Rights of data subjects” both vis-à-vis Meta and vis-à-vis us. In accordance with our agreement with Meta, we will forward your enquiry to Meta immediately if it concerns Meta alone.

2. Twitter

Our website uses links to our Twitter account in order to present the latest news and information about our company.

HORSCH Maschinen GmbH uses the technical platform and services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, for the short messaging service it offers. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for the processing of data of persons living outside the United States.
Please note that you yourself are responsible for your use of the Twitter short messaging service and its functions offered here. This particularly applies for your use of the interactive functions (e.g. sharing or rating).

Joint controllers within the meaning of Art. 26 GDPR

We have joint responsibility with Twitter for the processing of your personal data obtained through our Twitter account.

Information on which data are processed by Twitter and for what purposes can be found in Twitter's data privacy policy: twitter.com/de/privacy.
The information collected through the cookies of this provider is normally sent to a server in the USA and stored there. In the case that the data are transferred to the USA, this is done on the basis of the standard contractual clauses.
We do not have any influence over the nature and extent of the data processed by Twitter, the type of processing and use or the passing on of these data to third parties. To that extent we also do not have any effective control options. If you use Twitter, your personal data will be recorded, transmitted, stored, disclosed and used by Twitter Inc. Regardless of your place of residence, they will be transferred to the United States, Ireland or any other country in which Twitter Inc. has business operations, where they will be stored and used. Twitter will, firstly, process the data you provide voluntarily when you upload or synchronize them, such as your name and handle, e-mail address, telephone number and contacts in your address book. However, Twitter will also analyse the content you have shared and the topics you are interested in, store and process confidential messages that you send directly to other users, and can determine your location using GPS data, information on wireless networks or your IP address in order to send you advertising or other content.
Under certain circumstances Twitter Inc. will use analysis tools such as Twitter or Google Analytics for this analysis. We do not have any influence over the use of such tools by Twitter Inc., nor have we been informed of any such potential use. Should Twitter Inc. use tools of this kind for the account of HORSCH Maschinen GmbH, we have neither instructed it to do so nor agreed to this nor supported this in any other form. The data obtained from the analysis will not be made available to us either. Our account only enables us to see certain non-personal information about tweeting activities, such as the number of profile or link clicks resulting from a particular tweet. In addition, we do not have any way of preventing or suspending the use of such tools on your Twitter account.
Finally, Twitter receives information when you view content, for instance, even if you have not created an account. These "log data" may be the IP address, browser type, operating system, information on the website previously accessed and the pages you access, your location, mobile phone provider, the device you are using (including the device ID and application ID), the search terms you entered and cookie information.
Twitter buttons or widgets integrated in websites and the use of cookies enable Twitter to record your visits to these websites and attribute them to your Twitter profile. These data allow targeted content or advertising to be offered to you. The fact that Twitter Inc. is a non-European provider which only has a European branch in Ireland means that it does not consider itself bound by German data protection regulations. This affects, for instance, your right to access, block or erase data or to object to the possibility of usage data being used for advertising purposes.
You have ways of restricting the processing of your data in the general settings of your Twitter account and under "Data protection and security". With mobile devices (smartphones, tablets), you can also restrict Twitter's access to contact and calendar data, photos, location data etc. using the settings available on them. However, this depends on the operating system used.
Further information about these topics can be found on the following Twitter support pages:

https://support.twitter.com/articles/105576#
https://help.twitter.com/de/search?q=datenschutz

To find out how you can see the data Twitter holds about you, click here: https://support.twitter.com/articles/20172711#.
Information on what Twitter does with the information it holds about you can be found here: https://twitter.com/settings/your_twitter_data

Information on the available personalisation and data privacy setting options can be found here (with further cross-references): twitter.com/personalization.
You also have the option of requesting information using the Twitter data privacy form or archive request:
https://support.twitter.com/forms/privacy.
https://support.twitter.com/articles/20170320#

Regarding match data, we and Twitter are subject to the obligations set out in the addendum on data processing by processors. This can be found here: https://privacy.twitter.com/en/for-our-partners/global-dpa.

Regarding conversion data which we share with Twitter, we and Twitter are subject to the obligations set out in the addendum on data processing. This can be found here: https://gdpr.twitter.com/en/conversion-api-dpa.html.

We use reports only for internal business purposes and to optimise our Twitter advertising campaigns.

Regarding non-aggregated reports, we and Twitter are subject to the obligations set out in the addendum on data processing. This can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

HORSCH Maschinen GmbH also processes your data. Although we do not ourselves collect any data via our Twitter account, we will process the data you enter on Twitter, in particular your handle and the content published under your account, to the extent that we retweet or answer your tweets or send tweets that refer to your account. The data you voluntarily publish and disseminate on Twitter will thus be included in our offer and made accessible to our followers.

3. LinkedIn

On our website we have integrated links to our LinkedIn profile. If you click on this link, you will be forwarded to our LinkedIn page.

We use LinkedIn to get in contact with our customers, business partners, potential employees and other interested parties and to present our company and our products. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

If you are in the EU, the EEA or Switzerland, LinkedIn Ireland Unlimited Company is the controller of your personal data which are provided, collected or processed in connection with the LinkedIn services.

If you are outside these countries, LinkedIn Corporation is the controller of your personal data which are provided, collected or processed in connection with the LinkedIn services.

The data privacy policy of LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy.

You can contact the data protection officer of LinkedIn by completing the appropriate contact form via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

Your personal data will be processed by us and LinkedIn on the basis of point (f) of Art. 6(1) GDPR (legitimate interest). Our legitimate interest consists in maintaining and expanding our business relations and improving our marketing and PR work.

When you visit or use our LinkedIn presence, information about you can be recorded by LinkedIn and us. This may also include personal data such as your name, e-mail address or IP address. Please note that we do not have any influence over which precise data LinkedIn collects and how they are processed. However, we have ensured that LinkedIn has undertaken to comply with the data protection regulations of the GDPR. More information on this can be found at: https://legal.linkedin.com/dpa.

To find out more about the nature, extent and purpose of data processing by LinkedIn and to know your rights and the setting options for protecting your privacy, please refer to the data privacy policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy and the cookie policy of LinkedIn at https://www.linkedin.com/legal/cookie-policy.

Comment function on our LinkedIn page

We regularly publish news on our LinkedIn page. To enable you to engage in active exchanges, we have enabled the corresponding comment function of LinkedIn. We reserve the right to immediately remove inappropriate posts (e.g. with racist, illegal or similar content). To this end all comments are reviewed for inappropriate content. In doing so we can see from which LinkedIn profile the relevant comment was posted. We have access to

the content of the comment
the time it was created
the user ID
the LinkedIn user name

4. Xing

On our website we have integrated links to our Xing profile. If you click on this link, you will be forwarded to our Xing page.

Joint controllers within the meaning of Art. 26 GDPR

We have joint responsibility with Xing for the processing of your personal data obtained through our Xing profile:

New Work SE
Dammtorstraße 30
D-20354 Hamburg
Tel.: +49 40 419 131-0
info@xing.com

Please note that you yourself are responsible for your use of the Xing profile and its functions offered here. This particularly applies for your use of the interactive functions (e.g. sharing, rating). We do not have any influence over the type and extent of the data processed by Xing.

Xing processes the data you enter voluntarily and may analyse content you have shared or viewed.

Information on which data are processed by Xing and for what purposes can be found in Xing's data privacy policy: privacy.xing.com/de/datenschutzerklaerung.

XING is a social network operated by New Work SE, registered in Hamburg. It enables members to manage mainly business but also private contacts and link to new contacts. Organisations can set up a page on this platform with a logo and brief profile, post news items and initiate discussion groups.
A personal profile with administrator rights must be assigned to the company profile. Conversations in groups can only be conducted using the personal profile of a natural person.
Users must register in order to use the network function. There is a free basic version and a chargeable version with additional functions. In contrast to other social networks, XING is based more strongly on the combination of personal and electronic contact, is less commercial and is less visually oriented. It is focused on professional networking on specialist issues with people who have the same professional interests. XING is also frequently used by companies and other organisations to recruit staff and present themselves as an attractive employer. To that end XING is linked with the employer rating platform kununu.
XING provides further information: https://corporate.xing.com/de/unternehmen/
HORSCH Maschinen GmbH currently makes only very limited use of XING through a brief profile and occasional posting of news items that relate primarily to current job opportunities. No topic-related discussion group is offered at present, but is conceivable in the future.
Current information about data privacy can be found at https://privacy.xing.com/de/datenschutzerklaerung.
We do not collect or process any personal data via XING.

5. YouTube

YouTube, LLC is a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Unless otherwise indicated in the data privacy notice for a particular service, the data controller responsible for processing the information of users of Google services who have their habitual place of abode in the European Economic Area or Switzerland is Google Ireland Limited, registered in Gordon House, Barrow Street, Dublin 4, Ireland.

Joint controllers within the meaning of Art. 26 GDPR

We have joint responsibility with YouTube/Google for the processing of your personal data obtained through our YouTube page.

YouTube LLC 901
Cherry Ave.
San Bruno, CA 94066
USA

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Irland

The data privacy policy of YouTube can be found here: https://policies.google.com/privacy?hl=de&gl=de.

You can contact the data protection officer of YouTube by completing the appropriate contact form via the following link:

https://support.google.com/policies/contact/general_privacy_form

a) Links to YouTube videos
Our website contains links to our YouTube channel, on which we provide videos and information about our company. If you click on a link to our YouTube channel, you will be directed to the YouTube platform.
YouTube processes your personal data on the basis of your consent pursuant to point (a) of Art. 6(1) GDPR and section 25(1) TTDSG if you have a YouTube account and log in to YouTube, or on the basis of legitimate interests pursuant to point (f) of Art. 6(1) GDPR if you do not have a YouTube account. Please note that we do not have any influence on the nature and extent of the processing of your personal data by YouTube.

b) Embedded videos

1. YouTube videos are also embedded in this website, but they will only be loaded if you have given your consent.
As soon as you give your consent, the “privacy-enhanced mode” option provided by YouTube will be used.
If a user clicks to confirm their consent to the embedded YouTube video being loaded, a connection with YouTube will be created and a connection to the Google Double Click network will be established.
According to YouTube, in "privacy-enhanced mode" data will only be sent to the YouTube server, in particular which of our web pages you visited, when you view the video. If you are logged in to YouTube at the same time, this information will be assigned to your YouTube account. You can prevent this by logging off your account before visiting our website.
As soon as you start the playback of an embedded video by clicking on it, in privacy-enhanced mode YouTube will only store cookies that do not contain any personally identifiable data, unless you are currently logged in to a Google service. You can prevent these cookies via the corresponding browser settings and add-ons.

Address and link to the privacy policy of the third-party provider:
Google/YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

- Data privacy policy: https://policies.google.com/privacy
- Opt-out: https://adssettings.google.com/authenticated
- Data privacy settings: https://www.youtube.com/intl/de_be/howyoutubeworks/user-settings/privacy

If you view YouTube videos embedded in our website, YouTube will use cookies and other technologies to collect data about your usage. The data collected by YouTube may also be linked with other data collected by other Google services such as Google Analytics.

It is also possible that YouTube will set DoubleClick cookies if you view a YouTube video on our website. DoubleClick is a Google technology that enables personalised advertising to be activated on YouTube. This can also lead to personal data being collected and processed by YouTube. However, we have no control over the use of cookies by YouTube or Google.

2. The legal basis of this data processing is point (a) of Art. 6(1) GDPR and section 25(1) TTDSG. You can withdraw your consent at any time with effect for the future by disabling this service in the “Data privacy settings” on this page.

3. The purpose of the data processing is to enable access to high-quality videos directly on the website and ensure an improvement in the ease of use through rapid availability.

c) Our YouTube channel
We have set up a YouTube channel in order to present our products and services and provide you with useful information. The YouTube channel is operated by YouTube (YouTube LLC is a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) (“YouTube”). When you visit our YouTube channel, data will be transmitted to YouTube and stored there.

If you visit our YouTube channel, YouTube may process your personal data. This can, for instance, include your IP address, information about the device you are using or information about your use of the YouTube channel. We have no influence over what data are processed by YouTube and how YouTube uses these data.

Further information about data processing by YouTube can be found in the data privacy statement of YouTube at

https://policies.google.com/privacy?hl=de&gl=de

YouTube processes your personal data on the basis of your consent pursuant to point (a) of Art. 6(1) GDPR if you have a YouTube account and log in to YouTube, or on the basis of legitimate interests pursuant to point (f) of Art. 6(1) GDPR if you do not have a YouTube account. Our legitimate interest consists in presenting our company in an attractive way and communicating with customers and interested parties.

Please note that we do not have any influence on the nature and extent of the processing of your personal data by YouTube.

Please also note that your personal data may be processed in Ireland or the USA, because YouTube is a company of Google Ireland registered in Ireland, but also uses servers in the USA. However, YouTube has implemented standard data protection clauses pursuant to point (c) of Art. 46(2) GDPR in order to guarantee an adequate level of data protection:

Further information about the processing of your personal data by YouTube and about your rights and setting options for protecting your privacy can be found in the data privacy statement of YouTube at https://www.google.de/intl/de/policies/privacy/.

Comment function on our YouTube page

We regularly publish news on our YouTube page. To enable you to engage in active exchanges, we have enabled the corresponding comment function of YouTube. We reserve the right to immediately remove inappropriate posts (e.g. with racist, illegal or similar content). To this end all comments are reviewed for inappropriate content. In doing so we can see from which YouTube profile the relevant comment was posted. We have access to

the content of the comment
the time it was created

6. Prize draws

We regularly hold prize drawings through our social media presence. If you wish to take part in these prize draws, we need to collect and store your personal data and user name. Your consent to the data processing will be expressly obtained if you participate in the prize draw. The stored data will be erased as soon as they are no longer needed in order to hold the prize draw. The legal basis for this data processing is point (a) of Art. 6(1) GDPR. The purpose of the data processing lies in the holding of the prize draw we offer.

7. Facelift

We use the Facelift tool of Facelift brand building technologies GmbH (Facelift bbt, Gerhofstr. 19, 20354 Hamburg) to make it easier to manage our social media channels. As Facelift is primarily used in order to make it easier for us to manage all the social media channels we run, no personal data are collected through the mere link between Facelift and our Facebook or Instagram page. If a user interacts in the form of a comment or message with one of our profiles on the pages we provide through Meta, the content, including information on the user's profile, will be transmitted to the Facelift cloud. The sent text and the user name will be erased from the Facelift cloud as soon as the query has been answered. The legal basis for the data processing is point (f) of Art. 6(1) GDPR. Facelift is used for the purpose of simplifying communication between us and the visitor to our Facebook or Instagram page. This gives us a better overview of user comments, facilitating communication with visitors to our Facebook or Instagram page. This also constitutes a legitimate interest of ours in processing personal data pursuant to point (f) of Art. 6(1) GDPR.

8. Quintly

Quintly is a social media analytics tool that helps us analyse and optimise our social media activities. It offers functions for monitoring and analysing social media data, including but not limited to the performance of posts, growth of follower numbers, engagement rates and demographic information. Quintly enables us to obtain important findings for improving our social media strategies, identifying trends and better understanding our target group. We use Quintly for the purpose of collecting data from various social media platforms, comparing them and creating user-friendly reports.

For this further processing Quintly uses anonymised data which are provided through our social media platforms.

XXII. Prize draws and surveys

a) Our website sometimes offers the possibility of giving feedback on events, e.g. in the form of a survey and taking part in a prize draw.

Surveys are conducted through the processor LimeSurvey and are anonymous. Any access code that may be set is not stored together with the data. It is held in a separate table and only updated for the purpose of storing information as to whether or not this survey was completed. There is no way of combining the access codes with the survey results.
We do not process any personal data when conducting surveys.

For a prize draw, the data necessary for conducting the prize draw, e.g. e-mail address and confirmation of full legal age, are collected.

b) We will process prize draw data for the purpose of conducting the prize draw. If you have given us consent, the legal basis for the processing of the data is point (a) of Art. 6(1) GDPR. If the above data are to be processed in order to initiate a contractual relationship, the legal basis is point (b) of Art. 6(1) GDPR.

c) The purpose of the data processing lies in the possibility of making contact in the event of a prize and confirming full legal age.

d) The data will be erased not later than 30 days after the prize draw has ended. Your personal data will not be erased if their further processing or storage is necessary in the individual case for the establishment, exercise or defence of legal claims. In this case we will have a legitimate interest in the continued processing and storage of your personal data. The legal basis is point (f) of Art. 6(1) GDPR. They will also not be erased if we are obliged by law to continue to store your personal data.

XXIII. Image processing

a) Under the "BE A HERO" function on our website, we offer every user the option of uploading a photo of themselves, which will then be edited with a template. The user will then receive an individual URL for sharing or downloading the image.

Before the photo is uploaded, the user will be informed of this data processing. In sending the photo, the user consents to this processing.

b) Based on the consent given, the legal basis for this data processing is point (a) of Art. 6(1) GDPR.

c) The purpose of this data processing is to make the website attractive and entertaining.

d) An uploaded image can be deleted again at any time.

XXIV. Learning Management System

1. The Horsch Group operates a Learning Management System in order to offer training content digitally, maintain a history of training participants and manage results and requirements for further training. The data also serve as evidence of the requirements for further training.

On our Learning Management page we offer users the option of registering by entering personal data. The data are entered on an input template and sent to us and stored. The only third party to whom the data will be forwarded is your registered business. The following data are collected as part of the registration process: first name, surname, e-mail address, main address, town, postcode.

The following data will also be stored when the message is sent: IP address of the user and date and time of registration.

The consent of the user to the processing of these data will be collected as part of the registration process.

Data such as completed courses and the associated results will be processed in the course of the further use of the portal.

2. The legal basis for the processing of the data is the user's consent pursuant to point (a) of Art. 6(1) GDPR.

3. The data on registration and the use of digital training on our website are required in order to prove and keep a record of training based on your consent.

The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected.

4. This is the case for the data collected during the registration process if registration on our website is cancelled or amended.

Users can cancel their registration or withdraw their consent at any time. You can have the data stored about you modified at any time. If the data are necessary in order to perform a contract or to take steps prior to entering into a contract, it will only be possible to erase the data early if contractual or legal obligations do not prohibit erasure.

XXV. Rights of data subjects

We are aware that you have certain rights when it comes to the processing of your data. This Data Privacy Statement is intended to inform you of your rights as a data subject and how you can exercise them.

Right of access by the data subject (Art. 15 GDPR) You have the right to demand information from us on which personal data concerning you we process, and for what purpose. If you contact us to ask for information without using a contact address that is already stored in our systems, please bear in mind that we may need to ask you to provide evidence you are the person about whom you are seeking information.
Right to rectification (Art. 16 GDPR) You have the right to demand the rectification of incorrect or incomplete personal data that we have stored concerning you.
Right to erasure (Art. 17 GDPR) You have the right to demand that we erase your personal data if they are no longer required or their processing infringes data protection regulations.
Right to restriction of processing (Art. 18 GDPR): You have the right to demand the restriction of the processing of your personal data if you dispute the accuracy of the data, their processing is unlawful or you have objected to their processing.
Right to data portability (Art. 20 GDPR): You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit these data to another controller.
Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data if they are being processed on the basis of legitimate interests of ours or for the purposes of direct marketing.
Right to withdrawal of the declaration of consent under data protection law (Art. 7(3) GDPR): You have the right at any time to withdraw consent given under data protection regulations. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to the withdrawal.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint was lodged will inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Name	Purpose	Lifetime	Type	Provider
CookieConsent	Saves your consent to using cookies.	1 year	HTML	Website
PHPSessID	Retains the user's states for all page requests.	3 months	HTTP	php
fe_typo_user	This cookie is set by TYPO3 for the unmistakable identification of a user. It offers the user better user guidance	1 session	HTTP	TYPO3
be_typo_user	Used to identify a backend session when a backend user logs into the TYPO3 backend or frontend.	1 session	HTTP	TYPO3
mtm_cookie_consent	Saves your consent to use matomo tracking.	1 session	HTTP	TYPO3

Name	Purpose	Lifetime	Type	Provider
personalization_id	Marketing Used to determine the number of visitors accessing the website via Twitter advertising content and can be used for targeted advertising.	2 years	HTTP	Google Tag Manager / Twitter
ANID	Marketing Used to play out advertisements.	10 years		Google
_fbc	Marketing / Tracking Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	3 months		Google Tag Manager / Facebook
datr	Marketing / Tracking Identify the web browser used to connect to Facebook, regardless of the logged-in user. This cookie plays a key role in Facebook's security and integrity features.	2 years		Google Tag Manager / Facebook
fr	Marketing / Tracking Provides information to Facebook to associate functionality of Social Plugin. Send information to Facebook regardless if you are a member or you have logged on the social network.	3 months	HTML	Google Tag Manager / Facebook
sb	Marketing / Tracking Provides information to Facebook to associate functionality of Social Plugin. Send information to Facebook regardless if you are a member or you have logged on the social network.	3 months	HTML	Google Tag Manager / Facebook
_fbp	Marketing / Tracking Used by Facebook to display a range of advertising products, for example real-time bids from third party advertisers.	7 days	Pixel	Google Tag Manager / Facebook
_gcl_au	Marketing / Tracking Used by Google AdSense to experience the efficiency of advertising on websites that use their services.	1 day	HTML	Google Tag Manager / Google Ad
RUL	Marketing / Tracking Used by DoubleClick to determine whether website advertisement has been properly displayed	1 year		Google DoubleClick
IDE	Marketing / Tracking Contains a randomly generated user ID. Using this ID, Google can recognise the user across different websites and display personalised advertising.	1 year		Google DoubleClick
__adroll_fpc	Marketing / Tracking Used to identify the visitor across visits and devices. This allows the website to present the visitor with relevant advertisement	1 session	HTTP	Adroll
NID	Marketing / Tracking Google cookies store information about user settings and information for Google Services.	6 months		Google Ads Optimazation
__Secure-3PAPISID	Marketing / Functional Used by for targeting purposes to profile the interests of the website visitor and display relevant and personalised Google advertising.	2 years		Google
__Secure-3PSID	Marketing / Functional Used by Google for targeting purposes to profile the interests of the website visitor and display relevant and personalised Google advertising.	2 years		Google
__Secure-3PSIDCC	Marketing / Functional Used by YouTube / Google for targeting purposes to profile the interests of the website visitor and display relevant and personalised Google advertising.	1 year		YouTube / Google
CONSENT	Functional Store cookie settings.	10 years		Google / YouTube
_ar_v4	Optimises ad display based on the user's movement combined and various advertiser bids for displaying user ads.	1 year	HTTP	Google DoubleClick
MYSAPSSO2	Used by for targeting purposes to profile the interests of the website visitor and display relevant and personalised Google advertising.	1 session		SAP

Name	Purpose	Lifetime	Type	Provider
_ga	Statistics This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier.	2 years	HTML	Google Analytics
_ga_XXXXXXXXXX	Statistics Contains a unique identifier used by Google Analytics 4 to determine that two distinct hits belong to the same user across browsing sessions.	2 years	HTML	Google Analytics
_gid	Statistics Functionality to count and track pageviews.	1 day	HTML	Google Analytics
1P_JAR	Statistics Used by Google to display personalised advertising on Google websites based on current search queries and previous interactions.	1 month		Google
_hjAbsoluteSessionInProgress	Statistics This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.	30 minutes		Hotjar
_hjFirstSeen	Statistics This is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.	1 session		Hotjar
_hjTLDTest	Statistics When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.	1 session		Hotjar
_hjid	Statistics Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.	365 days		Hotjar
_hjIncludedInPageviewSample	Statistics This cookie is set to let Hotjar know whether that user is included in the data sampling defined by your site's pageview limit.	30 minutes		Hotjar
_hjIncludedInSessionSample	Statistics This cookie is set to let Hotjar know whether that user is included in the data sampling defined by your site's daily session limit.	30 minutes		Hotjar
_pk_id	Statistics Used to store a few details about the user such as the unique visitor ID.	13 months		Matomo
_pk_ses	Statistics Short lived cookie used to temporarily store data for the visit.	90 minutes		Matomo