Privacy Policy & Statement

Thank you very much for visiting our website or getting in touch with us some other way.

We take the protection of your personal data particularly seriously. It is in principle possible to visit the website without entering any personal data. If you wish to respond to an offer made by our company online, though, it may be necessary to process personal data. If personal data has to be processed and there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, will always be carried out in conformity with the current German Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (GDPR), which came into force on 25/05/2018, and the German Telemedia Act (TMG).

The purpose of this Data Privacy Statement is to set out the nature, extent and purpose of the personal data we process and inform data subjects of the rights they have.

Our company has taken many technical and organisational measures to ensure the most comprehensive protection possible of the processed personal data. Gaps in security may arise when transmitting data over the internet, however, so it is not possible to guarantee absolute protection.

I. Definition of terms
II. Controller
III. Data protection officer
IV. Provision of the website
V. Log files
VI. Cookies
VII. Google Analytics
VIII. Social media plugins
IX. Image processing
X. Youtube
XI. Facebook Pixel / Custom Audience
XII. Contact form and e-mail contact
XIII. User registration
XIV. Online applications
XV. Information on our presence on social media platforms
XVI. Newsletter
XVII. Google Tag Manager
XVIII. Google Fonts
XIX. Fast.Fonts
XX. Hotjar
XXI. Matomo
XXII. Google Maps
XXIII. Learning Management System
XXIV. Instruction on the rights of data subjects

I. Definition of Terms

Our company's Data Privacy Statement is based on the GDPR. The Data Privacy Statement should be easy to read and understand. To ensure this, we begin by explaining the terms used.

1. Personal data

Personal data means "any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" (Art. 4(1) GDPR).

2. Data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for their processing.

3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7. Controller or party responsible for processing

Controller or party responsible for the processing means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

8. Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. Recipient

Recipient means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

10. Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11. Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

II. Controller

The controller within the meaning of the General Data Protection Regulation, other national data protection legislation of the Member States and sundry data protection regulations is:

HORSCH Maschinen GmbH Sitzenhof 1
92421 Schwandorf Germany
Tel.: +49 9431 7143-0
Fax.: +49 9431 7143-9200

E-mail: info@horsch.com
Website: www.horsch.com

III. Data Protection Officer

BCCO GmbH
Hermann-Köhl-Straße 14
93049 Regensburg

Tel.: +49 941 69800800
E-Mail: datenschutz@horsch.com

IV. Provision of Website

1. Every time our website is accessed, our system automatically records data and information from the system of the accessing computer.

The following data are collected:

the user's operating system
the user's internet service provider
the user's IP address
the date and time of access
websites from which the user's system gains access to our website
websites accessed by the user's system via our website
the file accessed
the quantity of data sent

The legal basis for the temporary storage of the data is point (f) of Art. 6(1) GDPR.

2. The system has to store the IP address temporarily in order to enable the website to be delivered to the user's computer. This requires the user's IP address to be stored for the duration of the session. These purposes constitute a legitimate interest of ours pursuant to point (f) of Art. 6(1) GDPR.

3. The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected. Where the data are collected for the purpose of providing the website, this is the case when the respective session ends.

4. The recording of data required for provision of the website is essential for operation of the website, which is why the user does not have the option to object.

V. LOGFILES

1. The data will likewise be stored in the log files of our system. These data will not be stored together with other personal data of the user. The legal basis for the creation of log files is point (f) of Art. 6(1) GDPR.

2. Data are stored in log files in order to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. The data will not be analysed for marketing purposes in this regard. These purposes also constitute a legitimate interest of ours in the processing of personal data pursuant to point (f) of Art. 6(1) GDPR.

3. The data in the log files will be erased after not more than seven days. It is possible for them to be stored for longer, in which case the users’ IP addresses will be erased or anonymised so that the IP address can no longer be traced back to the respective client.

4. Storage of the data in log files is essential for operation of the website, which is why the user does not have the right to object.

VI. COOKIES

1. Our website uses cookies. Cookies are text files that are stored either in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a distinct character string that allows unique identification of the browser the next time the website is accessed.

The following data are stored and transmitted in the cookies:

language settings
login information
items in a shopping cart

On our website we also use cookies that enable the browsing behaviour of users to be analysed. The following data can be transmitted in this way:

search terms entered
frequency of page views
use of website functions

2. The legal basis for the processing of personal data using cookies is point (f) of Art. 6(1) GDPR.

3. Cookies are used for the purpose of simplifying use of the website for our users. Analysis cookies are used in order to improve the quality of the website, because knowing exactly how the website is used enables us to constantly optimise what we offer. This also constitutes a legitimate interest of ours in processing personal data pursuant to point (f) of Art. 6(1) GDPR.

4. Cookies are stored on the user's computer and are sent by that computer to our website. That means you as the user also have full control over the use of cookies. You can disable or restrict the transmission of cookies by making the corresponding settings in your internet browser. Cookies that are already stored can be deleted at any time. This can also be done automatically. If cookies for our website are disabled, you may no longer be able to make full use of all the functions of the website.

You have the option of disabling the relevant cookies under VII. GOOGLE ANALYTICS.

VII. GOOGLE ANALYTICS

1. Upon your consent, we use Google (Universal) Analytics, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), on our website. Google (Universal) Analytics uses what are known as cookies, which are text files that are stored on your device and enable your use of the website to be analysed. The information generated by the cookie about your use of this website (including the abbreviated IP address) will normally be sent to a Google server and stored there. This may entail transmission to the servers of Google LLC. in the USA.
The Google (Universal) Analytics service processes the data solely with anonymisation of the IP address by abbreviation. This is to ensure that the data cannot be associated directly with a person. Only in exceptional circumstances will the full IP address be sent to a Google LLC server in the USA and abbreviated there. On our behalf, Google will use this information to evaluate your use of our website, to compile reports on the website activities and to provide additional services to us in connection with the use of the website and the internet. The IP address transmitted by your browser as part of Google (Universal) Analytics will not be associated with other Google data.

2. All the processing described above, in particular the setting of Google Analytics cookies to enable information to be read on the device used, will only be carried out if you have given us your express consent pursuant to point (a) of Art. 6(1) GDPR. If such consent is not given, Google Analytics will not be used while you are visiting our site.

3. The web analysis services and the cookies of Google are used in order to improve the efficiency of our website through the perfected analysis of user behaviour so that we can take proper heed of the needs and interests of our users.

4. Once given, you can withdraw consent at any time with effect for the future. To exercise your right to withdraw consent, please disable this service in the "cookie notice" provided on the website. We have entered into a processing contract with Google for the use of Google Analytics under which Google is obliged to protect the data of visitors to our site and not to pass them on to third parties.
For the transmission of data from the EU to the USA, Google uses what are known as standard data protection clauses of the European Commission. These are intended to ensure the European level of data protection in the USA as well.
Further information about Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de

As an alternative to the browser plugin previously mentioned (browser add-on for disabling Google Analytics), you can also disable data recording via Google Analytics using the following button:

Click to disable tracking

VIII. SOCIAL MEDIA PLUGINS

1. Facebook button

a) This website uses plugins of the social network Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. All Facebook plugins used on this site can be identified by the Facebook logos or the "Like" button. You can obtain a list of the plugins that are provided by Facebook and may be used on this site on an official information page of the social network:

developers.facebook.com/docs/plugins/

Facebook uses these plugins to collect information on the website visited and the services on the website. The information collected includes, for instance, the operating system, the hardware version, device settings, file and software names and types, battery and signal strength, device IDs, device locations, including specific geographical locations, such as via GPS, Bluetooth or WLAN signals, connection information such as the name of the mobile phone or internet service provider, browser type, language, time zone, mobile phone number and IP address. Facebook can associate information that is collected from a device with information collected from other devices.

We use the "Shariff" method where social media plugins are used.

This plugin is just a graphic containing a simple HTML link to the social network Facebook. If you click on the corresponding graphic, you will be forwarded to the services of the respective network. The button does not establish direct contact between the social network and our visitors until the visitor actively clicks on the Share button. Only then will your data be sent to the respective social network. If you do not click on the button, however, no data will be exchanged between you and the social network.

We should expressly advise you that we, as the operator of the website, do not have any information about the extent to which Facebook uses these data. Facebook provides information on this itself. You can view this information in the official data privacy policy of Facebook, which can be accessed at

http://de-de.facebook.com/policy.php

b) The legal basis for the use of Facebook plugins within the Shariff solution after prior consent is point (a) of Art. 6(1) GDPR.

c) The Facebook plugin is used in order to improve the efficiency of our website and increase its ease of use.

d) If you want to prevent Facebook from being able to link your visit to our site to your Facebook user account, you can do so by logging off your Facebook account after reading this notice.

2. Twitter button

a) Functions of the Twitter service are integrated on our website. The provider of these functions is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

We use the "Shariff" method where social media plugins are used.

This plugin is just a graphic containing a simple HTML link to the social network Twitter. If you click on the corresponding graphic, you will be forwarded to the services of the respective network. The button does not establish direct contact between the social network and our visitors until the visitor actively clicks on the Share button. Only then will your data be sent to the respective social network. If you do not click on the button, however, no data will be exchanged between you and the social network.

If you use Twitter and the "Retweet" function, for instance, the websites you have visited will be linked with your Twitter account and disclosed to other users. Data will also be sent to Twitter.

We should point out that we, as the mere provider of our site, are not given any information about the content of these data or their use by Twitter. However, further information can be found in the Twitter privacy policy under

http://twitter.com/privacy.

You can change your privacy settings on Twitter via the following link:

http://twitter.com/account/settings.

b) The legal basis for the use of Twitter plugins within the Shariff solution after prior consent is point (a) of Art. 6(1) GDPR.

c) The Twitter plugin is used in order to improve the efficiency of our website and increase its ease of use.

d) If you want to prevent Twitter from being able to link your visit to our site to your Twitter profile, you can do so by logging off your Twitter profile after reading this notice.

3. LinkedIn button

a) This website uses a plugin of the social network LinkedIn, registered in Wilton Place, Dublin 2, Ireland.

We use the "Shariff" method where social media plugins are used.

This plugin is just a graphic containing a simple HTML link to the social network LinkedIn . If you click on the corresponding graphic, you will be forwarded to the services of the respective network. The button does not establish direct contact between the social network and our visitors until the visitor actively clicks on the Share button. Only then will your data be sent to the respective social network. If you do not click on the button, however, no data will be exchanged between you and the social network.

We should expressly advise you that we, as the operator of the website, do not have any information about the extent to which LinkedIn uses these data. LinkedIn provides information on this itself. You can view this information in the official privacy policy of LinkedIn, which can be accessed at

https://www.linkedin.com/legal/preview/privacy-policy.

b) The legal basis for the use of LinkedIn plugins within the Shariff solution after prior consent is point (a) of Art. 6(1) GDPR.

c) The LinkedIn plugin is used in order to improve the efficiency of our website and increase its ease of use.

d) If you want to prevent LinkedIn from being able to link your visit to our site to your LinkedIn profile, you can do so by logging off your LinkedIn profile after reading this notice.

4. Xing button

a) This website uses a plugin of the social network Xing SE, registered in Dammtorstraße 30, 20354 Hamburg, Germany.

We use the "Shariff" method where social media plugins are used.

This plugin is just a graphic containing a simple HTML link to the social network Xing . If you click on the corresponding graphic, you will be forwarded to the services of the respective network. The button does not establish direct contact between the social network and our visitors until the visitor actively clicks on the Share button. Only then will your data be sent to the respective social network. If you do not click on the button, however, no data will be exchanged between you and the social network.

We should expressly advise you that we, as the operator of the website, do not have any information about the extent to which Xing uses these data. Xing provides information on this itself. You can view this information in the official data privacy policy of Xing, which can be accessed at
https://privacy.xing.com/de/datenschutzerklaerung.

b) The legal basis for the use of Xing plugins within the Shariff solution after prior consent is point (a) of Art. 6(1) GDPR.

c) The Xing plugin is used in order to improve the efficiency of our website and increase its ease of use.

d) If you want to prevent Xing from being able to link your visit to our site to your Xing user account, you can do so by logging off your Xing account after reading this notice.

5. Instagram button

a) Information on data processing by Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.

We use the "Shariff" method where social media plugins are used.

This plugin is just a graphic containing a simple HTML link to the social network Instagram. If you click on the corresponding graphic, you will be forwarded to the services of the respective network. The button does not establish direct contact between the social network and our visitors until the visitor actively clicks on the Share button. Only then will your data be sent to the respective social network. If you do not click on the button, however, no data will be exchanged between you and the social network.

We should expressly advise you that we, as the operator of the website, do not have any information about the extent to which Instagram uses these data. Instagram provides information on this itself. You can view this information in the official data privacy policy of Instagram, which can be accessed at
For further information, please refer to the Instagram privacy policy: https://instagram.com/about/legal/privacy/.

b) The legal basis for the use of Instagram plugins within the Shariff solution after prior consent is point (a) of Art. 6(1) GDPR.

c) The Instagram plugin is used in order to improve the efficiency of our website and increase its ease of use.

d) If you want to prevent Instagram from being able to link your visit to our site to your Instagram user account, you can do so by logging off your Instagram account after reading this notice.

IX. Image Processing

a) Under the "BE A HERO" function on our website, we offer every user the option of uploading a photo of themselves, which will then be edited with a template. The user will then receive an individual URL for sharing or downloading the image.

Before the photo is uploaded, the user will be informed of this data processing. In sending the photo, the user consents to this processing.

b) Based on the consent given, the legal basis for this data processing is point (a) of Art. 6(1) GDPR.

c) The purpose of this data processing is to make the website attractive and entertaining.

d) An uploaded image can be deleted again at any time.

X. YOUTUBE

1. Plugins

a) On this website we use plugins of the company YouTube, registered in LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

This plugin is just a graphic containing a simple HTML link to the corresponding video on YouTube. If you click on the corresponding graphic, you will be forwarded to YouTube. The button does not establish direct contact between YouTube and our visitors until the visitor actively engages on YouTube. Only then will your data be sent to YouTube. If you do not click on the button, however, no data will be exchanged between you and YouTube.

We should expressly advise you that we, as the operator of the website, do not have any information about the extent to which YouTube uses these data. YouTube provides information on this itself. You can view this information in the official data privacy policy of YouTube, which can be accessed at

https://policies.google.com/privacy?hl=de&gl=de.

b) The legal basis for the use of YouTube plugins is point (a) of Art. 6(1) GDPR.

c) The YouTube plugin is used in order to improve the efficiency of our website and increase its ease of use.

d) If you want to prevent YouTube from being able to link your visit to our site to your YouTube profile, you can do so by logging off your YouTube profile after reading this notice.

2. Embedded YouTube videos

a) Videos from YouTube can also be accessed directly on this website.

The "privacy-enhanced mode" option provided by YouTube is used.

If a user accesses a page with an embedded YouTube video, a connection to YouTube is established.

According to YouTube, in "privacy-enhanced mode" data will only be sent to the YouTube server, in particular which of our web pages you visited, when you view the video. If you are logged in to YouTube at the same time, this information will be assigned to your YouTube account. You can prevent this by logging off your account before visiting our website.

As soon as you start the playback of an embedded video by clicking on it, in privacy-enhanced mode YouTube will only store cookies that do not contain any personally identifiable data, unless you are currently logged in to a Google service. You can prevent these cookies via the corresponding browser settings and add-ons.

Address and link to the privacy policy of the third-party provider:
Google/YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated

b) The legal basis for this data processing is point (f) of Art. 6(1) GDPR.

c) The purpose of the data processing is to enable access to high-quality videos directly on the website and ensure an improvement in the ease of use through rapid availability. These also constitute a legitimate interest of ours pursuant to point (f) of Art. 6(1) GDPR.

XI. Facebook Pixel / Custom Audiences

a) This website uses the Facebook Custom Audience method, in which a Facebook pixel is implemented on our website, creating pseudonymised user profiles that are detected by Facebook. Facebook uses this information for personalised advertising. The pixel establishes a direct link to the Facebook servers when a user visits our website. This informs the Facebook server that you have visited our website. Facebook then assigns this information to your personal Facebook user account. The pseudonymised user profiles are not combined with personal data of the user.

To exchange the relevant data, your browser automatically establishes a direct connection with the Facebook server. We do not have any influence on the extent and the further use of the data that are collected by Facebook through the use of this tool, and must therefore inform you that as far as we are aware, the incorporation of Facebook Custom Audience gives Facebook the information that you have accessed the corresponding pages of our website or have clicked on an advertisement of ours. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or not logged in, it is possible that the provider will discover and store your IP address and other identifying features.

If you have given your consent, we will forward your phone number or e-mail address to Facebook so that you can be shown advertisements that reflect your interests.

You can find out how the Facebook pixel is used for advertising campaigns at https://www.facebook.com/business/learn/facebook-ads-pixel.
More information about Facebook's data policy can be found at https://www.facebook.com/policy.php.
More information about data processing by Facebook can be found at https://www.facebook.com/about/privacy.

The user of the website is informed of the data collection when accessing the website and can object to this collection by opting out.

b) We process your data because you have consented to this or we have a legitimate interest in processing your data pursuant to points (a) and (f) of Art. 6(1) GDPR.

c) We installed these functions so that we can offer advertisements reflecting your interests.

d) We will store your data for as long as we need them for the particular purpose (displaying interest-based advertising) and you have not objected to the storage of your data or withdrawn your consent.

Users who are logged in can disable the "Facebook Custom Audiences" feature under https://www.facebook.com/settings/?tab=ads#.

You can change your settings for advertisements in Facebook on https://www.facebook.com/help/109378269482053/?helpref=hc_fnav if you are logged in to Facebook.

XII. CONTACT FORM AND E-MAIL CONTACT

a) There is a contact form on our website which can be used for getting in touch electronically. If a user takes advantage of this opportunity, the data entered on the input template will be sent to us and we will store them. These data are your first name, surname, e-mail address and phone number.

Your consent will be obtained for the processing of data as part of the send process and reference will be made to this Privacy Policy & Statement.

You can alternatively contact us using the e-mail address provided. In this case the user’s personal data transmitted with the e-mail will be stored.

These data will not be forwarded to third parties, but will instead be used solely in order to process the conversation.

b) The legal basis for the processing of the data based on the user's consent is point (a) of Art. 6(1) GDPR.
The legal basis for the processing of the data transmitted when an e-mail is sent is point (f) of Art. 6(1) GDPR. If you contact us by e-mail in order to conclude a contract, point (b) of Art. 6(1) GDPR is an additional legal basis for processing.

c) The personal data from the input template will be processed solely so that we can respond to your contact. If you contact us by e-mail, this also gives us the necessary legitimate interest in processing the data.

Other personal data will be processed during the send process in order to prevent misuse of the contact form and to ensure the security of our information technology systems.

d) The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected. For the personal data from the input template of the contact form and the personal data that were sent by e-mail, this will be the case when the relevant conversation with the user has come to an end. The conversation is ended if the circumstances permit the conclusion that the matter at hand has definitely been resolved.

The personal data additionally collected during the send process will be erased after not more than seven days.

The user can withdraw their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case the conversation can no longer be continued and all personal data saved in the course of the contact will be erased.

XIII. User Registration

1. On our website we offer users the option of registering by entering personal data. The data are entered on an input template and sent to us and stored. The data are not forwarded to third parties. The following data are collected as part of the registration process: first name, surname, e-mail address, place of residence.

The following data will also be stored when the message is sent: IP address of the user and date and time of registration.

The consent of the user to the processing of these data will be collected as part of the registration process.

2. The legal basis for processing of the data based on the user's consent is point (a) of Art. 6(1) GDPR.

3. Registration of the user is necessary for the provision of certain content and services on our website or in order to fulfil a contract with the user or to take steps prior to entering into a contract.

The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected.

4. This is the case for the data collected during the registration process if registration on our website is cancelled or amended.

For the data collected during the registration process in order to perform a contract or to take steps prior to entering into a contract, this is the case when the data are no longer necessary for the performance of the contract. It may be necessary to store personal data of the other party to the contract even after it has been concluded in order to comply with contractual or legal obligations.

Users can cancel their registration at any time. You can have the data stored about you modified at any time.

If the data are necessary in order to perform a contract or to take steps prior to entering into a contract, it will only be possible to erase the data early if contractual or legal obligations do not prohibit erasure.

XIV. Online Applications

a) On our website we offer the option of applying online for vacancies. The data required for proceeding with an application, such as your first name, surname, place of residence, address, education, etc., will be collected as part of this process. An online application requires the user to log in by registering.

The user's express consent is obtained in the online application process.

b) We will process these data for the purpose of conducting the application process. If you have given us consent, the legal basis for the processing of the data is point (a) of Art. 6(1) GDPR. If the above data are to be processed in order to initiate a contractual relationship, the legal basis is point (b) of Art. 6(1) GDPR.

c) The purpose of the data processing is to make the application process faster and more effective.

d) The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected. For the case that the application process leads to employment, training, a placement or other service relationship, the data will continue to be stored and transferred to the personal file. The application process will otherwise end on receipt of a rejection. In this case the data will be erased when the vacancy is filled. Your personal data will not be erased if their further processing or storage is necessary in the individual case for the establishment, exercise or defence of legal claims. In this case we will have a legitimate interest in the continued processing and storage of your personal data. The legal basis is point (f) of Art. 6(1) GDPR. They will also not be erased if we are obliged by law to continue to store your personal data.

XV. Information on our presence on social media platforms

1. Information on our Facebook page

a) We also maintain a presence on Facebook. If you visit this Facebook page, your personal data will in principle be processed by Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. If you use interactive functions such as commenting, sharing or rating, the data will be processed solely by Facebook.

Please note that you yourself are responsible for your use of the Facebook page and its functions. This particularly applies for the interactive functions (e.g. commenting, sharing, rating). Facebook processes personal data relating to your account, your IP address and the devices you use; cookies are used to record data. These are small files that are stored on your devices. Which information Facebook receives and how it is used are explained in general form in its data use policies. They also contain information about how to contact Facebook, how to object and the setting options for advertisements.
The data use policies can be accessed via the following link: http://de-de.facebook.com/about/privacy .
Facebook's full data policies can be found here: https://de-de.facebook.com/full_data_use_policy.

Facebook can use the information to provide us, as the operator of the Facebook page, with statistical data about how our Facebook page is used, such as the age and gender distribution. Facebook can also display further information or advertisements corresponding to your preferences. Facebook provides further information via the following link: de-de.facebook.com/help/pages/insights.

The data about you that are collected in this regard will be processed by Facebook Ltd. and may to that end be transferred to countries outside the European Union.
If you visit one of our pages on social media (e.g. Facebook), doing so will result in your personal data being processed. In this case we, together with the operator of the respective social network, will be responsible for the data processing operations within the meaning of Art. 26 GDPR if we actually reach a joint decision with the operator of the social network on the data processing and we can also exert an influence on the data processing. Where possible, we have reached agreements with the operators of the social network on joint control pursuant to Art. 26 GDPR.

Please note that, despite joint control with the operators of social networks pursuant to Art. 26 GDPR, we do not have complete influence over the data processing performed by the individual social networks. The business policy of the respective provider has the determining influence on our options. In the event that rights as data subjects are asserted, we can only pass these queries on to the operator of the social network.
Facebook does not clearly and finally state, and we do not know, the extent to which Facebook uses the data collected on visits to Facebook pages for its own purposes, the extent to which activities on the Facebook pages are attributed to individual users, for how long Facebook stores these data and whether data collected on a visit to the Facebook page are passed on to third parties.

b) However, we regularly put prize draws on our Facebook page in connection with our Christmas Advent Calendar, for instance. If you wish to take part in these prize draws, we need to collect and store your personal data and Facebook names. Your consent to the data processing will be expressly obtained if you participate in the prize draw. The stored data will be erased as soon as they are no longer needed in order to hold the prize draw. The legal basis for this data processing is point (a) of Art. 6(1) GDPR. The purpose of the data processing lies in the holding of the prize draw we offer.

c) We also use the Facelift tool to make it easier to manage our social media channels. Our Facebook page is also linked with this tool. As Facelift is primarily used in order to make it easier for us to manage all the social media channels we run, no personal data are collected through the mere link between Facelift and our Facebook page. If, however, a user uses the comment function on our Facebook page to ask a question defined in more detail in Facelift, particularly concerning advertising purposes, the text will be merged with the user's Facebook name in the tool and will be shown to us. The sent text and the Facebook name will be erased as soon as the query has been answered. The legal basis for the data processing is point (f) of Art. 6(1) GDPR. Facelift is used for the purpose of simplifying communication between us and the visitor to our Facebook page. This gives us a better overview of user comments, facilitating communication with visitors to our Facebook page. This also constitutes a legitimate interest of ours in processing personal data pursuant to point (f) of Art. 6(1) GDPR.

2. Information on our Instagram page

a) HORSCH Maschinen GmbH uses the technical platform and services of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, for the information service it offers.
Please note that you yourself are responsible for your use of the Instagram page and its functions. This particularly applies for your use of the interactive functions (e.g. commenting or rating).
When you visit our Instagram page, Instagram records your IP address and other information available on your PC in the form of cookies. This information is used in order to provide us, as the operator of the Instagram page, with statistical data about how our Instagram page is used.
The data about you that are collected in this regard will be processed by Instagram Inc. and may to that end be transferred to countries outside the European Union. Which information Instagram receives and how it is used are explained in general form in its data privacy policies. They also contain information about how to contact Instagram and the setting options for advertisements. The data privacy policies can be accessed via the following links: help.instagram.com/519522125107875.
Instagram does not clearly and finally state, and we do not know, the extent to which Instagram uses the data collected on visits to Instagram pages for its own purposes, the extent to which activities on the Instagram pages are attributed to individual users, for how long Instagram stores these data and whether data collected on a visit to the Instagram page are passed on to third parties.
If you access an Instagram page, the IP address assigned to your device will be sent to Instagram. According to Instagram, this IP address will be anonymised ("German" IP addresses) and erased after 90 days. Instagram also stores information about the devices of its users (such as in the "Login notification" function); this may enable Instagram to assign IP addresses to individual users.
The current version of this data privacy statement can be found under "Data policy" and on the respective Instagram page.

b) If you as a user are currently logged in to Instagram, a cookie with your Instagram identifier will be on your device. This enables Instagram to verify that you have visited this page and how you used it. The same applies for all other Instagram pages. The Instagram buttons integrated in websites enable Instagram to record your visits to these web pages and assign them to your Instagram profile. These data allow targeted content or advertising to be offered to you.
If you want to prevent this, you should log off Instagram or disable the "Stay logged in" function, delete the cookies on your device and close your browser before reopening it. This erases Instagram information that enables you to be identified directly and means you can use our Instagram page without your Instagram identifier being revealed. If you use interactive functions of the page (liking, commenting, messages and others), an Instagram login screen appears. If you log in again, you will be identifiable to Instagram again as a particular user.
Information on how to manage or erase existing information can be found in the following Instagram help area.
As the provider of the information service, we do not collect and process any other data arising from your use of our service.

3. Information on our Twitter presence

HORSCH Maschinen GmbH uses the technical platform and services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, for the short messaging service it offers. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for the processing of data of persons living outside the United States.
Please note that you yourself are responsible for your use of the Twitter short messaging service and its functions offered here. This particularly applies for your use of the interactive functions (e.g. sharing or rating).
Information on which data are processed by Twitter and for what purposes can be found in Twitter's data privacy policy: twitter.com/de/privacy.
The information collected by the cookies of this provider is normally sent to a server in the USA and stored there. In the case that the data are transferred to the USA, this is done on the basis of the standard contractual clauses.
We do not have any influence over the nature and extent of the data processed by Twitter, the type of processing and use or the passing on of these data to third parties. To that extent we also do not have any effective control options.[JH1] If you use Twitter, your personal data will be recorded, transmitted, stored, disclosed and used by Twitter Inc. Regardless of your place of residence, they will be transferred to the United States, Ireland or any other country in which Twitter Inc. has business operations, where they will be stored and used. Twitter will, firstly, process the data you provide voluntarily when you upload or synchronize them, such as your name and handle, e-mail address, telephone number and contacts in your address book. However, Twitter will also analyse the content you have shared and the topics you are interested in, store and process confidential messages that you send directly to other users, and can determine your location using GPS data, information on wireless networks or your IP address in order to send you advertising or other content.
Under certain circumstances Twitter Inc. will use analysis tools such as Twitter or Google Analytics for this analysis. We do not have any influence over the use of such tools by Twitter Inc., nor have we been informed of any such potential use. Should Twitter Inc. use tools of this kind for the account of HORSCH Maschinen GmbH, we have neither instructed it to do so nor agreed to this nor supported this in any other form. The data obtained from the analysis will not be made available to us either. Our account only enables us to see certain non-personal information about tweeting activities, such as the number of profile or link clicks resulting from a particular tweet. In addition, we do not have any way of preventing or suspending the use of such tools on your Twitter account.
Finally, Twitter receives information when you view content, for instance, even if you have not created an account. These "log data" may be the IP address, browser type, operating system, information on the website previously accessed and the pages you access, your location, mobile phone provider, the device you are using (including the device ID and application ID), the search terms you entered and cookie information.
Twitter buttons or widgets integrated in websites and the use of cookies enable Twitter to record your visits to these websites and attribute them to your Twitter profile. These data allow targeted content or advertising to be offered to you. The fact that Twitter Inc. is a non-European provider which only has a European branch in Ireland means that it does not consider itself bound by German data protection regulations. This affects, for instance, your right to access, block or erase data or to object to the possibility of usage data being used for advertising purposes.
You have ways of restricting the processing of your data in the general settings of your Twitter account and under "Data protection and security". With mobile devices (smartphones, tablets), you can also restrict Twitter's access to contact and calendar data, photos, location data etc. using the settings available on them. However, this depends on the operating system used.
Further information about these topics can be found on the following Twitter support pages:

https://support.twitter.com/articles/105576#
https://help.twitter.com/de/search?q=datenschutz

To find out how you can see the data Twitter holds about you, click here: https://support.twitter.com/articles/20172711#.
Information on what Twitter does with the information it holds about you can be found here:
https://twitter.com/settings/your_twitter_data.

Information on the available personalisation and data privacy setting options can be found here (with further cross-references): twitter.com/personalization.
You also have the option of requesting information using the Twitter data privacy form or archive request:
https://support.twitter.com/forms/privacy
https://support.twitter.com/articles/20170320#

HORSCH Maschinen GmbH also processes your data. Although we do not ourselves collect any data via our Twitter account, we will process the data you enter on Twitter, in particular your handle and the content published under your account, to the extent that we retweet or answer your tweets or send tweets that refer to your account. The data you voluntarily publish and disseminate on Twitter will thus be included in our offer and made accessible to our followers.

4. Information on our Xing presence

XING is a social network operated by XING SE, registered in Hamburg. It enables members to manage mainly business but also private contacts and link to new contacts. Organisations can set up a page on this platform with a logo and brief profile, post news items and initiate discussion groups.
A personal profile with administrator rights must be assigned to the company profile. Conversations in groups can only be conducted using the personal profile of a natural person.
Users must register in order to use the network function. There is a free basic version and a chargeable version with additional functions. In contrast to other social networks, XING is based more strongly on the combination of personal and electronic contact, is less commercial and is less visually oriented. It is focused on professional networking on specialist issues with people who have the same professional interests. XING is also frequently used by companies and other organisations to recruit staff and present themselves as an attractive employer. To that end XING is linked with the employer rating platform kununu.
XING provides further information: https://corporate.xing.com/de/unternehmen/.
HORSCH Maschinen GmbH currently makes only very limited use of XING through a brief profile and occasional posting of news items that relate primarily to current job opportunities. No topic-related discussion group is offered at present, but is conceivable in the future.
Current information about data privacy can be found at https://privacy.xing.com/de/datenschutzerklaerung.
We do not collect or process any personal data via XING.

XVI. Newsletter

a) We offer a newsletter to which you can subscribe on our website. Details about the newsletter, particularly its possible content, will be given in the declaration of consent. If you subscribe to our newsletter, the data you provide on the input template when registering for the newsletter will be sent to us. To register for the newsletter, you must provide us with your e-mail address. This is mandatory information.

If you provide other personal information when registering, this is done on a voluntary basis.

We use what is known as the double opt-in procedure for registering for our newsletter. Once you have registered, we will send an e-mail to the email address you gave asking you to confirm that you want us to send you the newsletter in future. If you do not confirm your registration within the period stated in the e-mail, the data you provided will be blocked and then erased after five weeks. We also store your IP address, the time and date you registered for the newsletter and the time and date of confirmation. These data will be used solely in order to send the newsletter.

We use rapidmail to send our newsletter. Your data will therefore be sent to rapidmail GmbH. rapidmail GmbH is prohibited from using your data for any purposes other than sending the newsletter. rapidmail GmbH is not permitted to sell or communicate your data to third parties. rapidmail is a German certified newsletter software provider that was selected carefully in accordance with the requirements of the GDPR and the Federal Data Protection Act BDSG.

If you have given us consent, the legal basis for the processing is point (a) of Art. 6(1) GDPR. If the processing is founded on our legitimate interests in other respects, the legal basis is point (f) of Art. 6(1) GDPR.

c) The data you entered on the input template when registering will be processed for the purpose of addressing you personally. Following your confirmation, we will store your e-mail address for the purpose of sending the newsletter. We will store the respective IP address and the dates and times of registration and confirmation so that we can prove your registration and investigate any possible misuse of your personal data. This is a legitimate interest of ours.

d) These data will be erased as soon as they are no longer necessary for achievement of these purposes. We will therefore only store the above data for as long as you subscribe to the newsletter. Once you unsubscribe from the newsletter, we will store these data anonymously and for statistical purposes only.

You can at any time withdraw the consent you gave to dispatch of the newsletter by unsubscribing from the newsletter. You can do so by clicking on the link contained in every newsletter e-mail we send you.

XVII. Google Tag Manager

On our website we use "Google Tag Manager", a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter "Google"). Google Tag Manager enables us as marketers to manage website tags using an interface. The Google Tag Manager tool which implements the tags is a cookieless domain and does not record any personal data itself. Google Tag Manager triggers other tags which could record data under certain circumstances. Google Tag Manager does not access these data. If disabling has been set at domain or cookie level, this continues to apply for all tracking tags that are implemented with Google Tag Manager.

Information on the third-party provider: Google Ireland Limited, Google Building, Gordon House, Barrow St, Dublin 4, Ireland

Further information about data protection can be found on the following Google web pages:

Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
Google Tag Manager FAQs: https://www.google.com/intl/de/tagmanager/faq.html
Google Tag Manager terms of use: https://www.google.com/intl/de/tagmanager/use-policy.ht

XVIII. Google Fonts

On our website we use "Google Web Fonts", a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter "Google"). Google Web Fonts enables us to use external fonts, known as Google Fonts. When you access our website, your web browser loads the required Google Font into the browser cache. This is required so that your browser can display an optically improved view of our texts. If your browser does not support this function, your computer will use a standard font for display. These web fonts are integrated by means of a server request, usually through a Google server in the USA. In the process, the server will be told which of our web pages you have visited. Google will store the IP address of the browser of your device. We do not have any influence on the extent and the further use of the data that are collected and processed by Google through the use of Google Web Fonts.

Information on the third-party provider: Google Ireland Limited, Google Building, Gordon House, Barrow St, Dublin 4, Ireland

Further information about data protection can be found in the Google privacy policy: https://policies.google.com/privacy?hl=de&gl=de.

Further information about Google Web Fonts can be found at https://fonts.google.com/, https://developers.google.com/fonts/faq?hl=de-DE&csw=1 and https://www.google.com/fonts#AboutPlace:about.

b) The legal basis is your consent pursuant to point (a) of Art. 6(1) GDPR.

c) We use Google Web Fonts for optimisation purposes, in particular to improve your use of our website and make its design more user-friendly.

XIX. Fast.Fonts

a) To ensure consistency in the presentation of fonts, this site uses web fonts provided by Monotype GmbH (fonts.com or fast.fonts.net). When a page is accessed, your browser loads the necessary web fonts in your browser cache so that text and fonts can be displayed correctly.

This requires the browser you are using to establish a connection to fonts.com’s servers. fonts.com therefore learns that our website was accessed from your IP address. fonts.com web fonts are used in order to present our online products in a consistent and appealing way.

If your browser does not support web fonts, your computer will use a standard font.

Further information about these web fonts can be found at www.fonts.com/info/legal and in the privacy policy of Fonts.com: https://www.fonts.com/info/legal/privacy and the privacy policy of Monotype GmbH: https://www.monotype.com/legal/privacy-policy.

b) The legal basis is your consent pursuant to point (a) of Art. 6(1) GDPR.

c) We use Fast.Fonts for optimisation purposes, in particular to improve your use of our website and make its design more user-friendly.

XX. Hotjar

a) On our website we use "Hotjar", a web analysis service of Hotjar Ltd., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta (hereinafter "Hotjar").
We use Hotjar in order to better understand the needs of our users and optimise our offer on this website. The technology of Hotjar enables us to get a better understanding of the experience of our users (e.g. how much time users spend on which pages, what links they click on, what they like and what they do not like, etc.), which helps us to customise what we offer to the feedback from our users. Hotjar works with cookies and other technologies in order to collect information about the behaviour of our users and about their devices (particularly the IP address of the device (this is only collected and stored in anonymised form), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), and preferred language in which our website is displayed). Hotjar stores this information in a pseudonymised user profile. Neither we nor Hotjar use the information in order to identify individual users or combine it with other data about individual users.
Hotjar uses cookies, among other things, which are small text files that are stored locally in the clipboard of your device's web browser and enable your use of our website to be analysed, as well as what is known as a tracking code. The cookies used by Hotjar are stored on your device for different periods of time, some only for the duration of your visit and others for 365 days. The information collected in this way is sent to a Hotjar server in Ireland and stored there. The information that the tracking code allows to be collected is device-dependent data which are recorded by your device and web browser:

IP address of your device (collected and stored in anonymised format)
e-mail address, including your first name and surname, if you have provided this through our website
screen size of your device
device type and browser information
geographical data (country only)
language for viewing our website
user interactions
mouse commands (movement, position and clicks)
keyboard inputs

Log data which are automatically used by our server if Hotjar is used:

referring domain
websites visited
geographical data (country only)
language for viewing our website
date and time of access

Hotjar uses this information in order to analyse your use of our website, prepare reports on usage and provide other services associated with the analysis of our website. Hotjar also makes use of services of third parties (e.g. Google Analytics and Optimizely) in order to provide the services. These third parties may store or otherwise process information which your browser sends when you visit our website (including the IP address in certain circumstances).

Information on the third-party provider: Hotjar Ltd., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta. Further information on the use of data by Hotjar, setting options, ways to object and data privacy can be found on the following Hotjar page: https://www.hotjar.com/legal/policies/privacy.

b) The legal basis is your consent pursuant to point (a) of Art. 6(1) GDPR.

c) We use Hotjar in order to analyse the use of our website and continually improve individual functions and offers as well as the user experience as a whole. The statistical analysis of user behaviour enables us to improve what we offer and make it more interesting for users.

d) You can consent to the storage by Hotjar of a user profile and of information about your visit to our website and the setting of Hotjar tracking cookies in our cookie notice and also withdraw your consent there at any time.

XXI. Matomo

This website uses the open source web analytics service Matomo. Matomo uses technologies that enable the recognition of the user across pages for the analysis of user behaviour (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage.

With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This enables us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

XXII. Google Maps

We use the Google Maps API in order to display geographical information. When Google Maps is used, Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) also collects, processes and uses data about the use of the maps function by visitors to the website. Your data will only be forwarded if you have given us your consent to do so pursuant to point (a) of Art. 6(1) GDPR.

When our website is accessed, we display what is known as a "cookie notice". This gives you the option of consenting to data processing by clicking on "Accept". If you click on "Reject", Google Maps will only be shown if you consent to data processing by clicking on the information text in the map window. You can withdraw your consent at any time with effect for the future by clicking on the "Withdraw consent / Reject web analysis" button shown at the bottom of the "Your rights" section. Further information about data processing by Google can be found in Google's data privacy statements: https://policies.google.com/privacy?hl=de.

Google also processes your personal data in the USA (see "Transfer of data to a third country" below).

XXIV. Learning Management System

1. The Horsch Group operates a Learning Management System in order to offer training content digitally, maintain a history of training participants and manage results and requirements for further training. The data also serve as evidence of the requirements for further training.

On our Learning Management page we offer users the option of registering by entering personal data. The data are entered on an input template and sent to us and stored. The only third party to whom the data will be forwarded is your registered business. The following data are collected as part of the registration process: first name, surname, e-mail address, main address, town, postcode.

The following data will also be stored when the message is sent: IP address of the user and date and time of registration.

The consent of the user to the processing of these data will be collected as part of the registration process.

Data such as completed courses and the associated results will be processed in the course of the further use of the portal.

2. The legal basis for the processing of the data is the user's consent pursuant to point (a) of Art. 6(1) GDPR.

3. The data on registration and the use of digital training on our website are required in order to prove and keep a record of training based on your consent.

The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected.

4. This is the case for the data collected during the registration process if registration on our website is cancelled or amended.

Users can cancel their registration or withdraw their consent at any time. You can have the data stored about you modified at any time. If the data are necessary in order to perform a contract or to take steps prior to entering into a contract, it will only be possible to erase the data early if contractual or legal obligations do not prohibit erasure.

XXIII. Instruction on the rights of data subjects

If your personal data are processed, you are a data subject as defined by the GDPR and you have the following rights vis-à-vis the controller:

1. Right of access

You can demand confirmation from the controller of whether we process personal data concerning you.

Where such processing takes place, you can demand details from the controller concerning the following information:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipient to whom the personal data concerning you were or will be disclosed;

(4) the planned period for which the personal data concerning you will be stored or, if it is not possible to provide specific information on this, the criteria used to determine that period;

(5) the existence of a right to rectification or erasure of the personal data concerning you, of a right to restriction of processing by the controller or of a right of objection to this processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information about the origins of the data, if the personal data were not collected from the data subject;

(8) the existence of automated decision-making including profiling pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You also have the right to demand information on whether the personal data concerning you are transferred to a third country or an international organisation. In this regard you can demand to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in relation to the transfer.

2. Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are incorrect or incomplete. The controller must bring about the rectification without undue delay.

3. Right to restriction of processing

Under the conditions set out below, you can demand that the processing of the personal data concerning you be restricted:

(1) if you dispute the accuracy of the personal data concerning you, for a period of time that enables the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3) if the controller no longer needs the personal data for the purposes of the processing, but you require this for the establishment, exercise or defence of legal claims; or

(4) if you have lodged an objection to the processing pursuant to Art. 21 (1) GDPR pending verification of whether the legitimate grounds for the controller override your grounds.

If the processing of the personal data concerning you were restricted, these data may – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing was restricted in accordance with the above requirements, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to erase

You can demand that the controller erase any personal data concerning you without undue delay and the controller will be obliged to erase such data without undue delay if one of the following grounds exists:

(1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(2) you withdraw consent on which the processing is based according to point (a) of Art. 6(1) or point (a) of Art. 9(2) GDPR, and where there is no other legal ground for the processing;

(3) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;

(4) the personal data concerning you have been unlawfully processed.

(5) the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; or

(6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and if he is obliged pursuant to Art. 17(1) GDPR to erase them, then he, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not exist to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9(2) as well as Art. 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise or defence of legal claims.

5. Right to be informed

If you have exercised your right to have the controller rectify or erase the personal data concerning you or restrict their processing, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have a right vis-à-vis the controller to be informed of these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit these data to another controller without hindrance from the controller to which the personal data were given, provided that

(1) the processing is based on consent pursuant to point (a) of Art. 6(1) or point (a) of Art. 9(2) GDPR or on a contract pursuant to point (b) of Art. 6(1) GDPR; and

(2) the processing is carried out by automated means.

In exercising this right to data portability, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must be without prejudice to the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on points (e) or (f) of Art. 6(1) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw consent under data protection regulations

You have the right at any time to withdraw consent given under data protection regulations. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to the withdrawal.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning yourself or similarly significantly affects you. This does not apply if the decision:

(1) is necessary for entering into, or the performance of, a contract between you and the controller;

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests; or

(3) is based on your explicit consent.

Nevertheless, these decisions may not be based on special categories of personal data referred to in Art. 9(1) GDPR unless point (a) or point (g) of Art. 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and your legitimate interests are in place.

In the cases referred to in (1) and (3) above, the controller will implement suitable measures to safeguard your rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint was lodged will inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Name	Purpose	Lifetime	Type	Provider
CookieConsent	Saves your consent to using cookies.	1 year	HTML	Website
PHPSessID	Retains the user's states for all page requests.	3 months	HTTP	php
fe_typo_user	This cookie is set by TYPO3 for the unmistakable identification of a user. It offers the user better user guidance	1 session	HTTP	TYPO3
be_typo_user	Used to identify a backend session when a backend user logs into the TYPO3 backend or frontend.	1 session	HTTP	TYPO3
mtm_cookie_consent	Saves your consent to use matomo tracking.	1 session	HTTP	TYPO3

Name	Purpose	Lifetime	Type	Provider
personalization_id	Marketing Used to determine the number of visitors accessing the website via Twitter advertising content and can be used for targeted advertising.	2 years	HTTP	Google Tag Manager / Twitter
ANID	Marketing Used to play out advertisements.	10 years		Google
_fbc	Marketing / Tracking Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	3 months		Google Tag Manager / Facebook
datr	Marketing / Tracking Identify the web browser used to connect to Facebook, regardless of the logged-in user. This cookie plays a key role in Facebook's security and integrity features.	2 years		Google Tag Manager / Facebook
fr	Marketing / Tracking Provides information to Facebook to associate functionality of Social Plugin. Send information to Facebook regardless if you are a member or you have logged on the social network.	3 months	HTML	Google Tag Manager / Facebook
sb	Marketing / Tracking Provides information to Facebook to associate functionality of Social Plugin. Send information to Facebook regardless if you are a member or you have logged on the social network.	3 months	HTML	Google Tag Manager / Facebook
_fbp	Marketing / Tracking Used by Facebook to display a range of advertising products, for example real-time bids from third party advertisers.	7 days	Pixel	Google Tag Manager / Facebook
_gcl_au	Marketing / Tracking Used by Google AdSense to experience the efficiency of advertising on websites that use their services.	1 day	HTML	Google Tag Manager / Google Ad
RUL	Marketing / Tracking Used by DoubleClick to determine whether website advertisement has been properly displayed	1 year		Google DoubleClick
IDE	Marketing / Tracking Contains a randomly generated user ID. Using this ID, Google can recognise the user across different websites and display personalised advertising.	1 year		Google DoubleClick
__adroll_fpc	Marketing / Tracking Used to identify the visitor across visits and devices. This allows the website to present the visitor with relevant advertisement	1 session	HTTP	Adroll
NID	Marketing / Tracking Google cookies store information about user settings and information for Google Services.	6 months		Google Ads Optimazation
__Secure-3PAPISID	Marketing / Functional Used by for targeting purposes to profile the interests of the website visitor and display relevant and personalised Google advertising.	2 years		Google
__Secure-3PSID	Marketing / Functional Used by Google for targeting purposes to profile the interests of the website visitor and display relevant and personalised Google advertising.	2 years		Google
__Secure-3PSIDCC	Marketing / Functional Used by YouTube / Google for targeting purposes to profile the interests of the website visitor and display relevant and personalised Google advertising.	1 year		YouTube / Google
CONSENT	Functional Store cookie settings.	10 years		Google / YouTube
_ar_v4	Optimises ad display based on the user's movement combined and various advertiser bids for displaying user ads.	1 year	HTTP	Google DoubleClick
MYSAPSSO2	Used by for targeting purposes to profile the interests of the website visitor and display relevant and personalised Google advertising.	1 session		SAP

Name	Purpose	Lifetime	Type	Provider
_ga	Statistics This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier.	2 years	HTML	Google Analytics
_ga_XXXXXXXXXX	Statistics Contains a unique identifier used by Google Analytics 4 to determine that two distinct hits belong to the same user across browsing sessions.	2 years	HTML	Google Analytics
_gid	Statistics Functionality to count and track pageviews.	1 day	HTML	Google Analytics
1P_JAR	Statistics Used by Google to display personalised advertising on Google websites based on current search queries and previous interactions.	1 month		Google
_hjAbsoluteSessionInProgress	Statistics This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.	30 minutes		Hotjar
_hjFirstSeen	Statistics This is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.	1 session		Hotjar
_hjTLDTest	Statistics When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.	1 session		Hotjar
_hjid	Statistics Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.	365 days		Hotjar
_hjIncludedInPageviewSample	Statistics This cookie is set to let Hotjar know whether that user is included in the data sampling defined by your site's pageview limit.	30 minutes		Hotjar
_hjIncludedInSessionSample	Statistics This cookie is set to let Hotjar know whether that user is included in the data sampling defined by your site's daily session limit.	30 minutes		Hotjar
_pk_id	Statistics Used to store a few details about the user such as the unique visitor ID.	13 months		Matomo
_pk_ses	Statistics Short lived cookie used to temporarily store data for the visit.	90 minutes		Matomo

Name	Purpose	Lifetime	Type	Provider
_dc_gtm_UA-44853388-1	Used by Google Analytics to throttle request rate	1 minute	HTML	Google Tag Manager
Captcha	Used to distinguish between humans and bots. This is beneficial for the website to generate valid reports about the usage of their website	180 days		Google