We, Herbert Waldmann GmbH & Co KG, process personal data on the basis of the data protection regulations of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) and, if applicable, the state data protection laws of the individual federal states.

If you have any questions or comments, you can contact us at any time using the contact details provided under Section I.

Our data protection information in accordance with Art. 13 and 14 GDPR for business partners, applicants, interested parties & customers and on our use of Microsoft 365 and Microsoft Teams can be found at the end of this information.

Table of contents

I. Name and Contact details of the Controller; Data controller and the Data Protection Officer

II. Processing of your personal data - Purposes and Legal bases

1. Allgemeine Hinweise zur Datenverarbeitung

2. Aufrufen unserer Internetseiten

3. Datenverarbeitung zu Werbezwecken und Analyse

4. Funktionalität unter Einbindung von Drittdiensten

5. Datenverarbeitung im Zusammenhang mit dem Abschluss, der Durchführung oder der Beendigung eines Vertrages

6. Kontaktformular | „Haben Sie Fragen“

7. Registrierung zur Nutzung unserer Applikationen

8. Social Media

8.1 Unternehmensprofile auf Social Media Plattformen

8.2 Verlinkung Social-Media über Grafik oder Textlink

9. Kunden-Registrierung für Rücksendungen

10.Bewerbungen

11. Bilddatenbank

III. Disclosure of your data to Third Parties

IV. Transfer to a third country

V. Data subject rights

VI. Links to Third Party Websites

VII. Adjustments to the Data protection; protection of personal data

VIII. Further information in accordance with Art. 13 and 14 GDPR

I. Name and Contact details of the Controller; Data controller and the Data Protection Officer

Controller; Data controller for the Processing of your personal data when using this website:

Herbert Waldmann GmbH & Co. KG
Peter-Henlein-Straße 5
78056 Villingen-Schwenningen
Germany
Phone: +49 7720 601 0
E-mail: info@waldmann.com

Data Protection Officer

vimopro GmbH
Benediktinerring 10
78050 Villingen-Schwenningen

You can contact our Data protection; protection of personal data at datenschutz@waldmann.com.

II. Processing of your personal data - Purposes and Legal bases

1. general information on Data processing

By using our website, information (such as your IP address) may be retrieved from your device or information (such as cookies) may be stored. The further processing of personal data is subject to the General Data Protection Regulation (GDPR). With this data protection information, we inform you about the purposes, legal basis, storage periods and your rights arising from this in accordance with the provisions of the GDPR.

If access to or storage of information is technically necessary in order to provide our services without errors, this is done on the basis of Section 25 (1) sentence 1, (2) no. 2 TTDSG.

If such a process serves other purposes, such as customising our website to your needs, this will only be done with your express consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG. You can revoke such Consent at any time for the future. In addition to the GDPR, the processing of your personal data is also carried out in accordance with the provisions of the Federal Data Protection Act (BDSG).

Further information on the Processing of your Personal data and the corresponding legal basis can be found in the following sections on the specific Processing Activities on our website.

2. calling up our Internet pages

a) Server log files

When you visit our website, the system collects and stores information in so-called server log files ("log files"), which your browser automatically transmits to us. These are

• IP address of the retrieving end device
• Date and time of access
• Name and URL of the retrieved file
• Referrer URL (website from which the access was made) and links accessed
• Information about the browser type, the version used and, if applicable, the operating system used by you as well as the name of your access provider

This data cannot be assigned to a specific person; it is not possible for us to draw conclusions about your identity. The data in the log files are always stored separately from other personal data; they are not merged with other Data sources.

This data is processed by us on the basis of Art. 6 para. 1 lit. f) GDPR to deliver the content of our website, to defend against attempted attacks, to ensure the functionality of our information technology systems, to optimise our website and to evaluate system security and stability.

The data is stored for a period of 180 days and then automatically deleted.

b) Web hosting

Our website is based on the womodo CMS, a content management system from Innovation Gate GmbH. The latter is entrusted with hosting, maintaining and supporting the website for us as a Processor, data processor. The web servers are located in Germany. When you access our pages, personal data such as your IP address, metadata etc. is processed and stored on the servers of the subcontractor of Innovation Gate GmbH. This processing is necessary to enable the technically smooth operation of the site and the associated services.

Legal basis of the mentioned Processing is therefore Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the error-free presentation and functionality of our website.

We have concluded a Processor, data processor agreement with Innovation Gate GmbH in accordance with Art. 28 GDPR. This obliges the provider to process collected data exclusively on our behalf, to protect it and not to pass it on to Third Parties.

c) Cookies

3. data processing for advertising purposes and analysis

3.1 Website analysis

The following web analysis services are used on our website:

a) Google Tag Manager

We use Google Tag Manager on our website, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager enables us to integrate tracking or statistical tools and other technologies into our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. Its function is limited to the management and provision of the tools integrated via it. However, by integrating the Google Tag Manager, your IP address is recorded, which may also be transmitted to Google's parent company in the United States.

We base the use of Google Tag Manager on Article 6 Paragraph 1(f) of the General Data Protection Regulation (GDPR). The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been obtained, Processing is carried out exclusively in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the German Telemedia Act (TTDSG), provided that the Consent includes the storage of cookies or access to information in the User's end device (e.g. device fingerprinting) in accordance with the TTDSG. Consent can be revoked at any time.

b) Google Analytics 4

Our website uses Google Analytics 4, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on the basis of your Consent (Art. 6 para. 1 lit. a) GDPR) for the purpose of demand-oriented design, usage evaluation and optimisation of our website. Google Ireland Limited is a subsidiary of Google LLC based in the USA.

Google Analytics uses cookies and makes it possible to analyse, among other things, the origin of visitors, the time spent on the pages and to better monitor the success of advertising campaigns. The information generated by the cookies about your use of our website (browser type and version, operating system, referrer URL, IP address and time of the server enquiry) is generally transmitted to Google servers in the USA and stored there.

The transfer of personal data to the USA is legitimised by an adequacy decision of the EU Commission. We have also concluded standard data protection clauses with Google in accordance with Art. 46 para. 2 lit. c) GDPR, which oblige the provider to process the data received in accordance with the provisions of the GDPR.

We use Google Analytics in conjunction with the provider's IP anonymisation function. Your IP address will be shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA and anonymised in such a way that it can no longer be assigned. If you have a Google account that you are logged into when you visit our website, we cannot rule out the possibility that Google can establish a direct personal reference to the data collected.

Google will use the information collected on our behalf to analyse your use of our website, to compile reports on website activity and to provide other services related to the use of our website.

Google provides its own terms of use and general data protection information for Google Analytics under the following links: https://marketingplatform.google.com/about/analytics/terms/de/
https://policies.google.com/privacy?hl=de
The specific data protection information for Google Analytics can be accessed here:
https://support.google.com/analytics/answer/6004245?hl=de

Further information on terms of use and Data protection; protection of personal data in connection with Google Analytics can be found on the Google website.

c) Google Ads

We use Google Ads to carry out advertising campaigns on the Internet. The provider and therefore also the recipient of the data is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With Google Ads, we can place adverts on third-party websites or in the Google search engine that are to be displayed when certain search terms defined by us are entered. Through so-called target group targeting, adverts can also be displayed to people whose existing user data at Google matches the defined target group. This can be done, for example, on the basis of location data or interests.

As the operator of this website, the use of Google Ads enables us to carry out quantitative analyses in order to determine which search terms were successful or how high the click rate of the ads displayed is.

The legal basis for the use of Google Ads is your Consent in accordance with Article 6 Paragraph 1 lit. a GDPR and Section 25 Paragraph 1 TTDSG. This Consent can be revoked at any time.

The transfer of data to the USA is carried out using the Standard contractual clauses of the European Commission. For the USA, there is also an adequacy decision for companies certified under the Data Privacy Framework, which includes the parent company Google LLC (see https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active). Detailed information on this can be found at: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

d) Dealfront

Our website uses the technologies of Dealfront Group GmbH, hereinafter referred to as Dealfront, to analyse visitor behaviour.

In this process, the IP address of a visitor is processed. The purpose of Processing is to help us understand which companies (B2B) visit our websites. For this purpose, the identified IP addresses are enriched with associated publicly available information such as the company name or industry code.

For this purpose, at the beginning of a website visitor's session, the IP address and the corresponding session data are compared with an extensive whitelist of known companies.

To increase the protection of our visitors' Personal data, the IP addresses collected are anonymised so that only shortened values are stored instead of the full IP addresses. By activating this function, we do not store the actual IP address anywhere in our systems, including the logs. This anonymisation makes it impossible to link further information to the IP address at a later date, preventing the identification of an individual person.

As part of the integration of Dealfront into our website, the following first-party cookies are used to analyse visitor behaviour:

Name	Description of the	Storage period
_lfa	Detailed description in this Article: https://help.dealfront.com/de/articles/3700007-was-ist-der-dealfront-website-tracker	1 year
_lfa_consent	When using Dealfront's Consent Manager support, this cookie can be set depending on the configuration to save the consent status.	2 years
_lfa_test_cookie_stored	Temporarily used cookie to test whether the browser used supports cookies or not.	Expires immediately
_lfa_expiry	A local storage variable to store the duration for the Dealfront ClientID, which is stored in the browser's LocalStorage.	2 years

When we process website traffic data, this is done on the basis of our legitimate interest Art. 6 para. 1 lit. f GDPR in the optimisation of our products, services, sales and marketing. We obtain your Consent before storing cookies that are not technically necessary. The legal basis is therefore Art. 6 para. 1 lit. a GDPR.

You have the option of preventing the processing of website traffic data by installing and configuring appropriate ad blockers or using no-script plug-ins in your browser. In addition, you can delete cookies already stored in your browser at any time and revoke your Consent by making the appropriate selection in our Consent Management Banner or on this page. Data processing that has taken place up to that point is not affected by this revocation.

We delete the information collected as soon as it is no longer required for the intended purposes. Legal retention periods may lead to a longer retention period for the data concerned.

We have concluded a contract with Dealfront for commissioned data processing in accordance with Art. 28 GDPR to ensure compliance with the applicable data protection standards.

You can find more information about how Dealfront works and how your data may be processed by using the service here:
https://www.dealfront.com/de/privacy-center/

3.2 Direct marketing

a) Direct marketing by post, e-mail and telephone

We use your postal address, email address and/or telephone number for advertising purposes, for example to send you information about new offers, products and service providers, if you have expressly consented to this. The legal basis for this is Art. 6 para. 1 lit. a) GDPR.

You can revoke your Consent to receive advertising mail, e-mail or telephone advertising at any time free of charge and with effect for the future by sending a message to the Contact details mentioned under Section I. or via a link provided for this purpose in the advertising mail.

Your postal address, email address and telephone number will no longer be used for advertising purposes after you withdraw your Consent and will be deleted accordingly, subject to any authorised Processing for other purposes or statutory retention obligations.

b) Newsletter

On our website, we offer you the opportunity to subscribe to our newsletter. In order for you to receive our newsletter, we require an e-mail address from you; the provision of your name is voluntary and only serves to enable us to address you personally in the newsletter. We use the so-called double opt-in procedure: Only when you click on the confirmation link that is sent to the e-mail address you have provided will this e-mail address be added to our mailing list.

The data you provide us with will be used by us on the basis of your Consent (Art. 6 para. 1 lit. a) GDPR) exclusively for sending the newsletter. In addition, we collect the IP address as well as the date and time of registration on the basis of Art. 6 para. 1 lit. c) GDPR in order to verifiably log your registration process and thus your Consent to receive the newsletter.

You can revoke your Consent to receive the newsletter at any time with effect for the future. All you need to do is send a short note to the contact address stated in Section I. or activate the "unsubscribe" link at the end of each newsletter. After you unsubscribe, your data will no longer be processed for sending the newsletter and - subject to authorised Processing for other purposes - will be deleted.

We use the services of SC-Networks GmbH to send our newsletter.

3.3 Use of the Google Consent Mode

When you use our website, pings (without cookies) are sent to Google by default.

Google uses this data to analyze the performance of our website by modeling various data and to provide us with optimization recommendations based on this analysis.

The data collected thus helps us to improve the user experience on our website. In addition, the pings also enable us to measure and optimize the effectiveness of our marketing measures.

Pings are sent to Google servers with or without cookies, depending on your consent in the consent tool:

Option A) No consent to data processing

If you do not give your consent to the collection of data, only the consent status (has processing been consented to or objected to) and user activities are sent to the Google server using tags by sending the following types of pings (without cookies):

• Pings for the consent status for Google Ads and Floodlight tags (has the processing been consented to or objected to?)
• Conversion pings (short data queries, e.g. when a purchase or registration has been made)
• Google Analytics pings (short data query, e.g. page views or clicks)

Pings can generally contain the following:

Function-related information (such as headers that were passively added by the browser)

• Timestamp (time of query)
• User agent (web only, required for communication)
• Referrer URL (indicates which website the visitor comes from)

Summarized/non-personal data

• An indication of whether the current or a previous page in the user's website navigation history contains information about the ad click in the URL (e.g. GCLID/DCLID)
• Boolean information about the consent status
• Random number generated each time a page is loaded
• Information about the consent management platform used by the website owner (e.g. developer ID)
  

Pings are used to model metrics in our analytics tools to address gaps in data collection. You can find more information here:

• Modeling for the consent mode in Google Ads
• Online conversion modeling in Google Ads
• Conversion modeling in Google Analytics
• Behavioral modeling in Google Analytics

Option B) Consent to data processing

If you give your consent to the collection of data, the complete measurement data is transmitted to Google with cookies via so-called Google tags.

If you have consented to the data processing, the processing is carried out in accordance with Art. 6 (1) point a GDPR.

You have the right to revoke your consent to data processing at any time. A revocation has no effect on the legality of the processing carried out up to the point of revocation.

If you have any questions regarding the use of Google Consent Mode v2 or the processing of your data, you can contact our data protection officer at any time.

4. functionality with integration of third-party services

a) Image database: Bynder

We have included images and videos on our website to present our products and Service providers. For this purpose, we use our image database of the Service provider and Processor, data processor Bynder b.v., Max Euweplein 46, 1017 MB Amsterdam, Netherlands.

Information on the processing of your personal data in the context of our image database can be found in the data protection information stored there at https://media.waldmann.com.

Bynder in turn uses the services of other providers to provide the desired functionalities. Embedded videos on our website, for example, are provided via Cloudfront servers.

b) Appointment booking: Calendly

You have the option of booking an information appointment directly via our appointment scheduling tool. We provide this functionality by integrating the Calendly planning tool on our website. We have linked Calendly to the calendars of our employees.

When you book an appointment, we collect data from you such as your name and e-mail address. Optionally, you can also ask us a question or leave us any other information.

Processing of this data is based on Art. 6 para. 1 lit. b GDPR if your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, Processing is based on your Consent, by implied behaviour or by explicit confirmation (Art. 6 para. 1 lit. a GDPR).

Calendly's servers are located in the USA. This means that the data collected will be transferred to a third country outside the EU that is not subject to the same data protection law. For example, your data may be disclosed to local authorities without you being informed. The legal basis for the transfer of data is the EU Commission's adequacy decision for companies certified under the Data Privacy Framework of 10 July 2023 and the EU Standard contractual clauses (SCC).

Calendly acts for us as a Processor, data processor in accordance with Art 28 GDPR and is subject to the data processing agreement that we have concluded with the provider.

You can find Calendly's privacy policy here:

https://calendly.com/privacy

c) Information about our region: Famigo

In order to increase the attractiveness of our company as a workplace for potential new employees, we use the services of Famigo GmbH, In der Spöck 10, 77656 Offenburg ("FAMIGO") on our website. The provider specialises in making the quality of life in our region visible by collecting and displaying relevant data on the infrastructure of a municipality.

For this purpose, we have integrated the services of Famigo as iFrames directly into our website. The iFrames are only used to enable the provision and display of content such as graphics from FAMIGO. FAMIGO collects the following log files for this purpose:

• Browser type and browser version
• Operating system used
• Referrer URL
• Time of the server request.

The legal basis for the processing of the personal data provided is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in making the strengths of our region visible in order to increase the interest of potential applicants in our company.

The log files are stored for a period of 90 days. Any use for other purposes is excluded. The database and the cloud solution are hosted in secure data centres in Germany. We have concluded a contract for Processor, data processor with FAMIGO.

d) Product configurator: pCon

We use product configurators from EasternGraphics GmbH, Albert-Einstein-Straße 1, 98693 Ilmenau, Germany, to visually display and configure 3D models of our products. The solutions are integrated into our websites via iFrame. This means that the configurator and its content are loaded from external sources, whereby the servers are located in German data centres. As when loading a website, your browser establishes a connection to the target server, whereby data such as your IP address is transmitted to the server. This is technically necessary to ensure functionality. EasternGraphics acts as a Processor, data processor for us and does not collect any Personal data for its own purposes.

The legal basis is our legitimate interest (Art. 6 para. 1 lit. f GDPR) in enabling the customised configuration of our lights in a user-friendly manner. The configurators allow a three-dimensional view of the products.

e) Product configurator: Diamondcode

We use product configurators from Diamondcode, Hadži Milentijeva 13, 11000 Belgrade, Serbia, for visualisation and configuration of 3D models of our products. The configurator is connected to a database, calculates shapes and enables the export of configured products. The solutions are integrated into our websites via iFrame. This means that the configurator and its content are loaded from external sources, whereby the servers are located in data centres within the EU. As when loading a website, your browser establishes a connection to the target server, whereby data such as your IP address is transmitted to the server. This is technically necessary to ensure functionality. Diamondcode acts as a Processor, data processor for us and does not collect any Personal data for its own purposes.

The legal basis is our legitimate interest (Art. 6 para. 1 lit. f GDPR) in enabling the customised configuration of our lights in a user-friendly manner. The configurators allow a three-dimensional view of the products.

f) Job advertisements and applications: P&I

We publish job vacancies on our website via a cloud-hosted service of P&I Personal & Informatik AG, Kreuzberger Ring 56, D-65205 Wiesbaden (hereinafter referred to as P&I). If you apply to us using the forms provided, the following personal data required for the application will be processed on servers of P&I or its subcontractors:

• Salutation
• Surname, first name
• E-mail address
• Desired start of employment or training
• Cover letter
• Curriculum vitae
• Certificates
• other data provided by you
• How you became aware of us (optional)

Legal basis is Art. 6 para. 1 lit. b GDPR. An application is a pre-contractual measure. If you are not hired, the data will be deleted after 6 months at the latest, unless you have agreed to be included in our talent pool for subsequent contact.

We have concluded a contract with P&I for Processor, data processor in accordance with Art. 28 GDPR.

You can find more detailed information on our handling of applicant data and your Data subject rights at here.

5. data processing in connection with the conclusion, performance or termination of a contract

a) Use of the Waldmann B2B shop

Our B2B shop is operated by constancy GmbH. Use requires prior registration with the provider. Information on the Processing of your data, Storage periods, Deletion periods and your Data protection; protection of personal data in the context of registration, use of the shop website and the fulfilment of orders can be found at https://shop.waldmann.com/datenschutz. Please note that constancy GmbH is solely responsible for the operation of the B2B shop and the Personal data processed there.

Herbert Waldmann GmbH & Co KG acts as a supplier in the drop shipment business. The legal basis for the data processing required as a result is Art. 6 para. 1 lit. b GDPR. We must process the order data in order to fulfil the contract between the buyer and seller and to be able to deliver the goods.

b) Credit assessment and transmission to credit agencies

If you wish to purchase products from us and we are to make advance payments, e.g. when purchasing on account, we reserve the right to obtain identity and creditworthiness information from specialised service providers (credit agencies) on the basis of Art. 6 para. 1 lit. f) GDPR in order to safeguard our legitimate interests, in particular to protect against payment defaults and misuse of our online shop. We only obtain identity and credit information from companies. In the case of freelancers, the required personal data (surname, first name, company name, address) is transmitted. We work together with the

Creditreform Konstanz Müller & Schott GmbH & Co. KG
Villingen branch
Marie-Curie-Str. 2
78048 Villingen-Schwenningen

Further information on Data processing by Creditreform and the calculation of probability values (score values) by Creditreform, which may be the content of a credit report, can be found at
https://www.creditreform.de/.

We process the credit information exclusively in order to make a balanced decision on the establishment, execution or termination of the contractual relationship with you and to offer you different payment options on this basis. You can object to the processing of your data for the purpose of credit checks in accordance with Art. 21 GDPR. However, please understand that in this case we will not be able to offer you all payment options, in particular none for which we would make advance payments.

6. contact forms | "Do you have any questions"

If you send us enquiries via one of our contact forms on our website, by e-mail or via the "Do you have any questions" button, your details, including the contact details you provide (including name, e-mail address, telephone number, company and postcode to assign the Controller; Data controller) will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. The data processed corresponds to the information provided in the forms. Legal basis is Art. 6 para. 1 lit. a) (Consent by implied behaviour) or b) (pre-contractual measures) GDPR. The data will be deleted three months after the last contact with you, unless we are legally obliged to retain the data beyond this period.

The data will be forwarded within the company to the relevant department according to the reason for your enquiry. If you are not from Germany, your data will be forwarded to the subsidiary or Waldmann representative in your country. You can find an overview of the subsidiaries and representatives on our contact page. Beyond this, your data will not be transmitted to external recipients.

7. registration for the use of our applications

To commission, configure and control some of our lights and sensors, we have developed mobile applications that can be downloaded and installed from the official app stores for iOS and Android devices. Depending on the application, use requires registration via our website at https://www.waldmann.com/registration.

We will inform you separately on the registration page about how we process your personal data in connection with the registration and use of the applications.

8. Social Media

8.1 Company profiles on social media platforms

a) YouTube

We have an account on YouTube and use the platform to communicate with customers, applicants and interested parties. YouTube is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

Please note that when using YouTube, Users' data may be processed outside the European Union, in particular in the USA. In addition to the data that YouTube forwards to us as a company, YouTube is a joint controller with us. This may result in increased risks for users, for example if access to user data is made more difficult. We do not have access to this user data. Controller; Data controller lies exclusively with YouTube.

YouTube itself clarifies once again about the explicit Processing and disclosure of your information:

https://policies.google.com/privacy

b) Facebook

We have a company profile on Facebook. We are jointly responsible with Meta Platforms Ireland Limited, based in Dublin, Ireland, for the Processing of your data in relation to Facebook.

When you visit our Facebook pages, usage data is collected via Facebook Insights and made available to us in anonymised form for marketing and analysis purposes.

To ensure that we fulfil the requirements of the General Data Protection Regulation (GDPR), we have concluded an agreement with Facebook that regulates the obligations of both parties. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

The Processing of Personal data that takes place in the context of the use of our company profile on Facebook is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to analyse, advertise and sell our products and services.

Processing may also be based on the User's Consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be withdrawn at any time by contacting the Facebook operator directly. The corresponding contact form can be found at the following link: https://www.facebook.com/help/contact/540977946302970. By consenting to the Facebook user agreement, you have also consented to the transfer of various information from Facebook to us.

When you visit our company profile on Facebook, Meta Platforms Ireland Limited, as the operator of the platform in the EU, processes data about you (e.g. personal information, IP address). This data is used to obtain statistical information about the use of our Facebook page.

If you contact us via Facebook, we will use the personal data you enter to process your enquiry. As soon as your enquiry has been completed and there are no statutory retention obligations (e.g. in the case of subsequent contract processing), we will delete your data.

Meta Platforms Ireland Limited also uses cookies when Processing the data. If you do not agree to this Processing, you can prevent the installation of cookies by setting your browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. However, Flash cookies cannot be deactivated via the browser settings, but only by making the appropriate setting in the Flash player. However, if you prevent or restrict the installation of cookies, this may mean that not all Facebook functions can be fully utilised.

Further information on the Processing Activities, their prevention and the deletion of data processed by Facebook can be found in Facebook's Data Policy:

https://www.facebook.com/privacy/policy/

It cannot be ruled out that Processing by Meta Platforms Ireland Limited may also be carried out by Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025 in the USA.

As the operator of the fan page, we do not make any decisions regarding the Processing of Insights data and all other information resulting from the Data subject rights, including the Legal basis, identity of the Controller; Data controller and Storage period of cookies on user devices.

c) Instagram

Our company uses Instagram as part of our marketing strategy to promote our products and services and to communicate with prospects and customers. We are jointly responsible for our presence on this social media platform with Meta Platforms Ireland Limited. When you visit our online presence on Instagram, Users' data is processed by Facebook Ireland Ltd, the operator of the platform in the EU. This data includes personal information and the User's IP address. This data is used for statistical purposes and is also used by Facebook Ireland Ltd. for market research and advertising as well as to create user profiles.

As a company, we process personal data on the basis of our legitimate interest in analysing, communicating, selling and advertising our products and services (Art. 6 para. 1 lit. f GDPR). In some cases, the Users may also have given their Consent in accordance with Art. 6 para. 1 lit. a GDPR. Users can withdraw their consent to the platform operator at any time (Art. 7 para. 3 GDPR).

If you contact us via Instagram, we will use the personal data you provide to process your enquiry. As soon as we have answered your enquiry and there are no statutory retention obligations, we will delete your data.

Facebook Ireland Ltd. may set cookies when Processing your data. However, it is possible to prevent the installation of cookies by adjusting your browser settings accordingly. Cookies that have already been saved can be deleted at any time. Please note, however, that restricting or preventing the installation of cookies may mean that not all Facebook functions can be fully utilised. Further information on this can be found in Facebook's Privacy notice.

We have regulated the joint controllership with Meta Platforms Ireland Limited in an agreement that is available at https://www.facebook.com/legal/terms/page_controller_addendum. For more information on the Processing Activities, their prevention and the deletion of the data processed by Instagram, please refer to Instagram's Privacy notice: https://help.instagram.com/519522125107875.

Please note that it cannot be ruled out that your data may also be processed by Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

d) LinkedIn

Our company maintains a presence on LinkedIn as part of our business communication strategy. LinkedIn is primarily used to present the company, to make professional contacts and to be active in recruiting. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

One provides us with a functionality called "Page Insights", through which the provider processes personal data in order to compile information about visitors to our site. In particular, LinkedIn processes data transmitted by members to the portal, such as job function, country, industry, seniority, company size and employment status data from the respective profile. LinkedIn provides us with statistics with filter and setting options. In accordance with the ECJ judgement on Facebook fan pages, we assume that there is joint controllership with LinkedIn with regard to LinkedIn "Page Insights" in accordance with Art. 26 GDPR. We have therefore concluded a joint controllership agreement with the operator, which can be accessed at https://legal.linkedin.com/pages-joint-controller-addendum.

The legal basis for the Processing of Personal data by our company arises from our legitimate interest in who visits our company profile with the provider or interacts with our posts. The legal basis is Article 6 Paragraph 1(f) of the General Data Protection Regulation (GDPR). In some cases, Users may also have given their consent in accordance with Article 6(1)(a) GDPR, which can be withdrawn at any time (Article 7(3) GDPR).

If you contact us via LinkedIn, we will use the personal data you provide to process your enquiry. Your data will be deleted after your enquiry has been answered and provided there are no statutory retention obligations.

For information on the processing of personal data by LinkedIn itself and your rights resulting from the creation of a profile and use of the service, please refer to the data protection information of the provider https://www.linkedin.com/legal/privacy-policy.

e) Xing

We maintain a company profile on the XING career platform. We use XING to actively interact with our prospects and customers.

Controller; Data controller for our presence on XING is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. When you visit our XING page, your data is processed by New Work SE, the operator of the platform. This data includes personal information and the User's IP address. This information is not only used for statistical purposes, but can also be used by New Work SE (with your Consent) for market research, advertising and the creation of user profiles.

As a company, we process personal data on the basis of our legitimate interest in analysing, communicating, selling and advertising our products and services (Art. 6 para. 1 lit. f GDPR). In some cases, the Users may also have given their Consent in accordance with Art. 6 para. 1 lit. a GDPR, which can be revoked at any time (Art. 7 para. 3 GDPR).

If you contact us via XING, we will use the personal data you provide to process your enquiry. Once the enquiry has been completed and provided there are no statutory retention obligations, we will delete your data.

New Work SE may set cookies when Processing your data. However, it is possible to prevent the installation of cookies by making the appropriate browser settings. Cookies that have already been saved can be deleted at any time.

Further information on Processing Activities, their prevention and the deletion of data processed by XING can be found in XING's Privacy notice: https://privacy.xing.com/de/datenschutzerklaerung.

8.2 Linking social media via graphic or text link

On our website, we refer to our company presence on various social networks and platforms. To prevent an automatic connection to the server of the respective social network from being established, we use linked graphics. You will only be redirected to the service of the respective third-party provider after clicking on the graphic. After forwarding, the target platform may collect information about the Users such as IP address, time and the page accessed.
Please note that for some platforms, processing of the data collected in the USA cannot be ruled out.
If you have an account with the respective provider and are logged into the respective network at the time of your visit, the network operator may be able to assign the collected information to this personal account. Any further interaction with the network, e.g. clicking on a "Share" or "Like" button, may result in this information being stored in your user account and possibly also published. To prevent the information collected from being directly assigned to your user account, you can log out of your account before clicking on the graphic. You may also be able to make advanced configurations in the network settings to restrict this.

The following platforms and services are integrated into our website through links:

Facebook

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.

Data protection information: https://www.facebook.com/policy.php

LinkedIn

LinkedIn Ireland Unlimited Company, Ireland, (subsidiary of LinkedIn Corporation based in the USA)

Data protection information: https://www.linkedin.com/legal/privacy-policy

Twitter

Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

Data protection information: https://twitter.com/de/privacy.

Data processing conditions including the Standard contractual clauses (SCC): https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

Data protection information: https://policies.google.com/privacy

Instagram

Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, a subsidiary of Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA.

Data protection information: https://help.instagram.com/155833707900388

Xing

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Data protection information: https://privacy.xing.com/de

9. Kunden-Registrierung für Rücksendungen

You have the option of registering as a user on our website. We collect the following mandatory information:

• Company
• Location
• POSTCODE
• Street
• Country
• Salutation
• Surname
• Telephone no.
• User name (e-mail)
• Password

You can register voluntarily if you wish to make use of our returns service. The purpose is to process returns of goods. The legal basis is Art. 6 para. 1 lit. b) GDPR: The return constitutes a contractual measure for the processing of which we require the above-mentioned information. If there is no statutory retention obligation, the data will be deleted after the process has been completed. Returns can also be made without user registration by providing the above information.

10. applications

Information on the Processing of your personal data in the context of applications can be found here.

11. image database

Information about the Processing of your personal data in the context of our image database can be found here.

III. Disclosure of your data to Third Parties

Your data will not be passed on to Third Parties - unless expressly explained in Section II.

In some cases, we use external service providers for the Processing of personal data as part of a Processor, data processor in accordance with Art. 28 GDPR (e.g. in the area of IT services). These service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

Your data will only be passed on to Supervisory authorities and law enforcement agencies, for example, within the framework of legal regulations if it is necessary for the prevention and detection of fraud and other criminal offences or to ensure the security of our data processing systems. The legal basis for this is Art. 6 para. 1 lit. c) [fulfilment of legal obligations] and lit. f) GDPR ["protection of legitimate interests"].

IV. Transfer to a third country

Due to the integration of services and functions from providers based outside the European Union, the use of our website sometimes results in the transfer of personal data to third countries. If this is the case, we draw attention to this fact in the respective information on the corresponding service in this data protection information and provide information on the legal basis, guarantees and any residual risks that may exist.

V. Data subject rights

If we process your personal data, you have the following Data subject rights:

• Right of access to the processed data and to a copy,
• a right to rectification if we are processing incorrect data about you,
• a right to erasure, unless there are exceptions as to why we still store the data, e.g. retention obligations or limitation periods
• a right to restriction of Processing,
• the right to withdraw Consent to Data processing at any time,
• a right to object to Processing for reasons of public or legitimate interest,
• a right to data portability,
• Right to lodge a complaint with a supervisory authority if you believe that we are not processing your data properly. The State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg is responsible for our company. However, if you are in another federal state or not in Germany, you can also contact the Data protection authority there.

You can contact the following office to exercise your right to lodge a complaint:

The State Commissioner for Data Protection; protection of personal data and freedom of information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Tel.: 0711/615541-0
E-Mail: poststelle@lfdi.bwl.de

VI. Links to Third Party Websites

Our website may contain links to websites of other providers to which this data protection notice does not apply. We refer to the respective information provided by the providers regarding the Processing of Personal data that takes place there.

VII. Adjustments to the Data protection; protection of personal data

We will revise our information on the Processing and protection of your personal data from time to time in order to adapt it to the state of the art or to changing conditions. The data protection information published when you visit our website applies.