Data protection information according to EU General Data Protection Regulation (GDPR) and EU Directive on Privacy and Electronic Communications

I. Terms used

This privacy information includes, but is not limited to, the following terms.

Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Cookies

Cookies are small text files or similar technologies that are stored in your browser by the websites you have visited and can be read by these and other websites. They are used to make websites optimally usable or to provide the operator with certain information about the website, e.g. to design advertising according to interests. Cookies may contain personal data, such as a personal ID.

Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Legal basis

A permission to process personal data for specific purposes (e.g. consent or law).

Recipient

Recipient means a natural or legal person, public authority, agency or other body to whom personal data is disclosed.

Controller

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

Hosting

Web hosting is the provision of servers and the hosting of websites and other software on the servers of an Internet service provider.

Consent

Consent shall mean any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

Third country

All countries outside the European Union (EU) or the European Economic Area (EEA).

Profiling

Any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

Device

Computer, smartphone, tablet, or other device that can access and display websites. 

II. Mandatory information according to Art. 12-14, 21 GDPR

In the following, we would like to inform you in accordance with the EU General Data Protection Regulation (GDPR) and other data protection regulations. In particular, we hereby inform you about which personal data we collect and for which purposes when using our websites as well as when cooperating with you, how we use it, to whom we disclose it on and which rights you have with regard to your personal data.

Controller, data protection officer 

The controller in the sense of Art. 4 para. 7 GDPR is:

Xometry Europe GmbH
Ada-Lovelace-Str. 9
85521 Ottobrunn/Germany

Managing directors: Albert Belousov, Dmitry Kafidov

Email: info@xometry.eu
Phone: +49 89 3803 4818

You can reach our data protection officer at privacy@xometry.eu.

Your rights

You have the following rights with respect to any of the above designated data controllers with respect to personal data concerning you:

• Right to confirmation and information (Art. 15 GDPR),
• Right to rectification (Art. 16 GDPR) or deletion (Art. 17 GDPR),
• Right to restrict processing in certain cases (Art. 18 GDPR),
• Right to receive the data in a structured, common, machine-readable format (“data portability”) as well as the right to have the data transferred to another data controller if the requirements of Art. 20 (1) lit. a, b GDPR are met

Information about your right of objection and revocation is provided in the following section.

You can inform us about the exercise of your rights at: info@xometry.eu.

You have, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a data protection supervisory authority. An overview of all German supervisory authorities for data protection can be found here. For us, the supervisory authority of the Free State of Bavaria is primarily responsible.

Right of objection and revocation

• You have a right to object to processing (Art. 21 GDPR) if it is based on our legitimate interests (Art. 6 (1) p. 1 lit. f GDPR), e.g. in the case of direct mail or e-mail advertising. Your right to object exists for reasons arising from your particular situation. You have no right to object if we or our service providers can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. You also do not have the right to object if the processing serves the assertion and exercise of or defense against legal claims (Article 21 (1) GDPR). In the event of your objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
• You have a right to revoke your consent (Art. 7 (3) GDPR). The consent can be revoked at any time with effect for the future. The lawfulness of the processing that took place before the revocation remains unaffected by it. 

Additional information on the existence of a right to object to the integration of respective third-party services is provided below and in the privacy settings in the footer of our websites.

You can inform us about the exercise of your rights at: info@xometry.eu. You can additionally revoke your consent in the privacy settings in the footer of our web pages.

Data processing in detail

In the following, you will find the legal information about data categories, purposes, legal bases, retention periods, recipients, third country transfer, profiling or automatic decision-making as well as revocation and objection rights per processing activity.

Website visit, hosting, fonts, consent management.

Data categories and cookies

The following data is automatically sent to us by your device or stored on your device when you visit our websites.

• IP address, browser type and version, operating system
• Language
• Date / time of the server request, time zone difference to GMT
• Status Code
• referrer URL (previously visited website), if applicable
• Opt-in and opt-out data, user agent, user settings
• Consent ID, time of consent, consent type
• Template version, banner language

The following cookies or other files are stored on your terminal device.

Name	Purpose	Storage duration	Provider
uc_settings	Includes your privacy settings to consent to different data processing operations and the time of your consent/refusal.	until the browser memory is cleared	usercentrics
uc_user_interaction	Stores whether you have already selected a setting for your data processing preferences (that is, whether you have already interacted with the “cookie banner”).	until the browser memory is cleared	usercentrics
uc_ui_version	Saves the version of the displayed “cookie banner” you have interacted with	until the browser memory is cleared	usercentrics
uc_cross_domain_data	Saves your cookie banner settings across domains to keep them when you visit another website of ours	until the browser memory is cleared	usercentrics

Purposes of processing and obligation to provide data

This data is technically necessary for us to host and display our website to you including fonts and other content and to ensure the stability and security of the website (e.g. tracking of attacks on the website, load distribution and optimization of loading times). Furthermore, the data is necessary to display the “cookie banner” to you, to obtain, store and prove your consent, and to control the activation/deactivation of the services to which you have consented. Without this data, you will not be able to use the website properly, so there is theoretically an obligation to provide the data.

Retention period

This data is stored for a period of seven days. The cookies are deleted when you clear the memory of your browser. Longer processing is possible in individual cases, e.g. as long as and insofar as this is necessary for the prevention or tracking of abusive use of the website. The storage can be up to five years.

Recipient

This data is technically collected by our hosting service provider (Amazon Web Services, Amazon Web Services, Inc. P.O.. Box 81226 Seattle, WA 98108-1226) and processed on our behalf for the above purposes. The services are controlled with the help of Google Tag Manager. For the purpose of optimizing website loading times and security, we use the services of cloudflare (Cloudflare Inc. 101 Townsend St., San Francisco, CA 94107, United States of America). The “cookie banner” is provided by usercentrics (Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany).

Legal basis

The automatic collection of the data takes place on the basis of § 25 paragraph 2 No. 2 German Law on Data Protection for Telemedia and Telecommunications (TTDSG). The storage and further processing is done on the basis of Art. 6 para. 1 p. 1 lit. f GDPR, as the purposes of the processing reflect our legitimate interests. The consent data (consent and revocation of consent) are stored for three years. The transfer of data to the above recipients takes place on the basis of Art. 28 GDPR by way of commissioned processing. 

You can object to the storage and further processing at any time. Please note the above information on your right of objection and contact details.

Third country transfer and legal basis

The Amazon servers that we use are located in the European Union. However, it is not excluded that your data will be transferred to the USA by Amazon. The servers of Google and Cloudflare are located in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data will be processed by U.S. authorities for control and monitoring purposes, possibly also without any legal remedy.

The appropriate level of data protection for transfers to the USA is guaranteed in principle by the conclusion of so-called standard data protection clauses in accordance with Art. 46 (2) lit. c GDPR and the additional measures taken by us and the named recipients to protect the data. The standard data protection clauses are available here.

Website usage analysis, product tours and advertising effectiveness measurement

We use the services of Google Analytics, Amplitude Analytics, Segment and Newrelic.

Data categories and cookies

The following data is collected and processed:

• Browser type / browser version, operating system used, device type used, device ID, Internet service provider.
• Language, geographic location (name of city, country or region), latitude and longitude
• IP address (anonymized) , screen resolution
• personal user ID (automatically generated by the system)
• Date / time of the first and last visit, duration and number of visits
• Visited URL, referrer URL (previously visited website)
• Frequency of page views, use of website functions, click path
• Interactions (e.g. log in, search, customize profile, download, purchase activity).
• Data from online forms
• Flash version
• Payment information
• Usage data
• Widget interactions

A full list of information collected by Google can be found here and by Amplitude here.

Furthermore, the following cookies are stored on your computer:

Name	Purpose	Storage duration	Provider
ga	Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.	6 months	Google
gid	Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.	24 hours	Google
gcl_au	Contains a randomly generated user ID.	3 months	Google
gat_UA	Certain data is only sent to Google Analytics a maximum of once per minute. The cookie has a lifetime of one minute. As long as it is set, certain data transfers are prevented.	One minute	Google
IDE, ANID	Contains a randomly generated user ID. Based on this ID, Google can recognize the user across different websites and display personalized advertising.	6 months	Google
NID	This cookie contains a unique ID that stores your preferred Google Services settings and other information, including your preferred language, how many search results to display per page (e.g., 10 or 20), and whether to enable the Google SafeSearch filter.	6 months	Google
Cookies with SID extension	Such cookies are used by Google to authenticate users and help ensure that only the actual owner of an account can access that account. For example, so-called SID and HSID cookies record the Google account ID and the last login time of a user in digitally signed and encrypted form. The combination of these cookies enables Google to block many types of attacks. For example, Google stops attempts to steal information from forms submitted in Google services	6 months	Google
amplitude_id	Contains a randomly generated user ID. This ID allows Amplitude Analytics to recognize returning users on this website and merge data from previous visits.	6 months	Amplitude
amplitude_idundefined	Contains a randomly generated user ID.	Session, until the browser memory is cleared.	Amplitude
amplitude_unsent_identify	Used in connection with the pop-up questionnaires and messages on the website.	until the browser memory is cleared	Amplitude
amplitude_unsent	Used in connection with the pop-up questionnaires and messages on the website.	until the browser memory is cleared	Amplitude
JSESSIONID	Used to store a session identifier so that New Relic can monitor session counts for an application	Session, until the browser memory is cleared.	Newrelic
NREUM	is used to determine the start time of navigation on the website	Session, until the browser memory is cleared.	Newrelic
ajs_user_id	This cookie is used to analyze your website usage using a unique ID	6 months	Segment
ajs_anonymous_id	This cookie is used to determine the number of new and returning visitors to the website.	6 months	Segment

Purposes and nature of processing, profiling

The above data is processed for statistical analysis of website usage, to understand how you interact with our website, to detect and correct errors, to constantly adapt our website to the needs of visitors and potential customers, and to measure the effectiveness of our advertisements. For the same purpose, a pseudonymized usage profile about you is created and evaluated from this data with the help of a cookie in which your ID is stored. The information generated by the cookie in the user profile is used to identify visitors to the website and is merged with data in the user profile. Furthermore, the data is used to enable the display of product tours.

Profiling takes place at Google on the basis of connection data, cookies and similar technologies. Google stores your data as usage profiles and processes them across devices for the purposes of advertising, market research and/or demand-oriented design of its website, regardless of whether you have an account with Google or not. Such an evaluation is carried out in particular for the provision of needs-based advertising. In doing so, your data is used with the help of artificial intelligence to determine which content and which advertising are best suited to your interests and should therefore also be displayed to you across devices and websites. For this purpose, Google also passes on the data contained in the profiles to third parties.

Legal basis

The legal basis is § 25 para. 1 TTDSG and Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. your consent to the data processing described above. The transfer of data to the above recipients takes place on the basis of Art. 28 GDPR by way of commissioned processing.

You can revoke your consent at any time under “Privacy settings” in the footer of our websites. 

Storage duration

We delete the data as soon as it is no longer required for the above purposes.

The storage period of the respective cookies can be found above under “Data categories and cookies”. You can delete the cookies yourself at any time via the settings in your browser. 

Recipient

This data is collected by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland), Amplitude (Amplitude, Inc. 501 2nd Street, Suite 100, San Francisco, CA 94107, United States of America), Segment (Segment.io, Inc. , 100 California Street, Suite 700 San Francisco, CA 94111, United States of America), Newrelic (New Relic Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, United States of America) and Helphero (Cloudling Limited, 4 Kapanui Street, Warkworth 0910, New Zealand) collected and processed on our behalf for the above purposes.

Third country transfer and level of data protection

The servers of the recipients designated above, except Helphero, are located in the USA, so your data will be transmitted to the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data will be processed by U.S. authorities for control and monitoring purposes, possibly also without any legal remedy.

The appropriate level of data protection for transfers to the USA is guaranteed in principle by the conclusion of so-called standard data protection clauses in accordance with Art. 46 (2) lit. c GDPR and the additional measures taken by us and the named recipients to protect the data. The standard data protection clauses are available here.

Helphero’s servers are located in New Zealand. New Zealand has an adequate level of data protection according to the GDPR due to an adequacy decision of the European Commission. According to Art. 45 GDPR, the legal basis for the transfer is the decision of the European Commission of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in New Zealand Switzerland. This can be accessed here.

Display maps, videos, social media content, and product tours

We use Helphero, Google Maps and YouTube Video.

Data categories and cookies

• IP address, browser type and version, operating system used, language
• Date / time of the server request, time zone difference to GMT
• Status Code
• referrer URL (previously visited website), if applicable

If you are logged in to YouTube/Google, your personal account_ID is processed and your data (in particular the information that you have visited our website) is assigned directly to your account.

The following cookies or other files are stored on your terminal device.

ga	Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.	6 months	Google
gid	Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.	24 hours	Google
gcl_au	Contains a randomly generated user ID.	3 months	Google
gat_UA	Certain data is only sent to Google Analytics a maximum of once per minute. The cookie has a lifetime of one minute. As long as it is set, certain data transfers are prevented.	One minute	Google
IDE, ANID	Contains a randomly generated user ID. Based on this ID, Google can recognize the user across different websites and display personalized advertising.	6 months	Google
NID	This cookie contains a unique ID that stores your preferred Google Services settings and other information, including your preferred language, how many search results to display per page (e.g., 10 or 20), and whether to enable the Google SafeSearch filter.	6 months	Google
Cookies with SID extension	Such cookies are used by Google to authenticate users and help ensure that only the actual owner of an account can access that account. For example, so-called SID and HSID cookies record the Google account ID and the last login time of a user in digitally signed and encrypted form. The combination of these cookies enables Google to block many types of attacks. For example, Google stops attempts to steal information from forms submitted in Google services	6 months	Google
yt-remote-device-id	Saves the user settings when retrieving a Youtube video integrated on other web pages	Until the deletion of the browser memory	Youtube
yt-remote-connected-devices	Saves the user settings when retrieving a Youtube video integrated on other web pages	Until the deletion of the browser memory	Youtube
ytidb::LAST_RESULT_ENTRY_KEY	Saves the user settings when retrieving a Youtube video integrated on other web pages	Until the deletion of the browser memory	Youtube
yt-remote-session-app	Saves the user settings when retrieving a Youtube video integrated on other web pages	Until the deletion of the browser memory	Youtube
yt-remote-cast-installed	Saves the user settings when retrieving a Youtube video integrated on other web pages	Until the deletion of the browser memory	Youtube
yt-remote-session-name	Saves the user settings when retrieving a Youtube video integrated on other web pages	Until the deletion of the browser memory	Youtube
yt-remote-cast-available	Saves the user settings when retrieving a Youtube video integrated on other web pages	Until the deletion of the browser memory	Youtube
yt-remote-fast-check-period	Saves the user settings when retrieving a Youtube video integrated on other web pages	Until the deletion of the browser memory	Youtube
VISITOR_INFO1_LIVE	Tries to estimate user bandwidth on pages with integrated YouTube videos.	6 months	Youtube
YSC	Registers a unique ID to keep statistics of the videos from YouTube that the user has watched.	Session	Youtube

Purposes and nature of processing, profiling

We process your data to show you maps, videos and product tours. 

Profiling takes place at Google on the basis of connection data, cookies and similar technologies. Google stores your data as usage profiles and processes them across devices for the purposes of advertising, market research and/or demand-oriented design of its website, regardless of whether you have an account with Google or not. Such an evaluation is carried out in particular for the provision of needs-based advertising. In doing so, your data is used with the help of artificial intelligence to determine which content and which advertising are best suited to your interests and should therefore also be displayed to you across devices and websites. For this purpose, Google also passes on the data contained in the profiles to third parties.

Legal basis

The legal basis is § 25 para. 1 TTDSG and Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. your consent to the data processing described above. The transfer of data to the above-mentioned recipients takes place on the basis of Art. 28 GDPR by way of commissioned processing.

You can revoke your consent at any time under “Privacy settings” in the footer of our web pages. 

Storage duration

We delete the data as soon as they are no longer required for the above purposes.

The storage period of the respective cookies can be found above under “Data categories and cookies”. You can delete the cookies yourself at any time via the settings in your browser. 

Recipient

This data is collected and processed by Google (Alphabet Inc., Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Helphero (Cloudling Limited, 4 Kapanui Street, Warkworth 0910, New Zealand) on our behalf for the purposes stated above.

Third country transfer and level of data protection

Google’s servers are located in the USA, so your data is transmitted to the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data will be processed by U.S. authorities for control and monitoring purposes, possibly also without any legal remedy.

The appropriate level of data protection for transfers to the USA is guaranteed in principle by the conclusion of so-called standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR and the additional measures taken by us and the named recipients to protect the data. The standard data protection clauses are available here.

Helphero’s servers are located in New Zealand. New Zealand has an adequate level of data protection according to the GDPR due to an adequacy decision of the European Commission. According to Art. 45 GDPR, the legal basis for the transfer is the decision of the European Commission of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in New Zealand Switzerland. This can be accessed here.

Newsletters, Personalized Advertising, Remarketing, Retargeting and Advertising Effectiveness Measurement

We use ActiveCampaign, Baidu Ads, Baidu Advertising, Bing Conversion, DoubleClick Ad, Facebook Pixel, Google AdServices, Google Ads, Google Ads Remarketing, Lead Forensics, LinkedIn Insight Tag, getsitecontrol for the purposes mentioned below. 

Data categories and cookies

The following data is collected and processed:

• E-mail address (for newsletter)
• Browser type / browser version, operating system used, device type used, device ID, internet service provider, screen color depth, screen resolution.
• Language, geographic location (name of city, country or region), latitude and longitude
• IP address (anonymized) , screen resolution
• personal user ID (automatically generated by the system), Microsoft click ID
• Date / time of the first and last visit, duration and number of visits
• Visited URL, referrer URL (previously visited website)
• Frequency of page views, use of website functions, click path
• Interactions (e.g. log in, search, customize profile, download, purchase activity).
• Data from online forms
• Payment information
• Usage data
• Widget interactions
• Advertisements called up and their content, number and frequency
• Demographic information (e.g. age, gender)
• Bounce rates, conversions, engagement metrics, click path.
• Search history
• Page response times
• Page title

Furthermore, the following cookies are stored on your computer:

Name	Purpose	Storage duration	Provider
ga	Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.	6 months	Google
gid	Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.	24 hours	Google
gcl_au	Contains a randomly generated user ID.	3 months	Google
gat_UA	Certain data is only sent to Google Analytics a maximum of once per minute. The cookie has a lifetime of one minute. As long as it is set, certain data transfers are prevented.	One minute	Google
IDE, ANID	Contains a randomly generated user ID. Based on this ID, Google can recognize the user across different websites and display personalized advertising.	6 months	Google
NID	This cookie contains a unique ID that stores your preferred Google Services settings and other information, including your preferred language, how many search results to display per page (e.g., 10 or 20), and whether to enable the Google SafeSearch filter.	6 months	Google
Cookies with SID extension	Such cookies are used by Google to authenticate users and help ensure that only the actual owner of an account can access that account. For example, so-called SID and HSID cookies record the Google account ID and the last login time of a user in digitally signed and encrypted form. The combination of these cookies enables Google to block many types of attacks. For example, Google stops attempts to steal information from forms submitted in Google services	6 months	Google
ac_enable_tracking	Used for saving cookie settings.	1 month	Active Campaign
prism_*	Used to track and store interactions	1 month	Active Campaign
HMACCOUNT_BFESS	Used to send data to Baidu about the visitor’s device and behavior. Captures the visitor across devices and marketing channels.	until the browser memory is cleared	Amplitude
Hm_lvt	Records a unique ID that is used to create statistical data about how the visitor uses the website.	6 months	Baidu
Hm_lpvt	is used to limit the frequency of requests	Session	Baidu
_uetsid	Collects data on visitor behavior across multiple websites using a unique ID to present more relevant ads – This also allows the website to limit the number of times the same ad is displayed.	1 day	Bing
_uetvid	Used to track visitors across multiple websites to present relevant advertising based on the visitor’s preferences.	6 months	Bing
_uetvid_exp	Contains the expiration date for the cookie with corresponding name.	until the browser memory is cleared	Bing
_uetsid_exp	Contains the expiration date for the cookie with corresponding name.	until the browser memory is cleared	Bing
MUID	Widely used by Microsoft as a unique user ID. The cookie enables user tracking by synchronizing the ID in many Microsoft domains.	6 months	Bing
_fbp	Used by Facebook to display a range of advertising products, for example real-time bids from third party advertisers.	3 months	Facebook
bcookie	Browser identifier cookie to uniquely identify devices accessing LinkedIn to detect misuse on the platform	6 months	LinkedIN
li_gc	Used to store the consent of the visitor:s to the use of cookies.	6 months	LinkedIN
lang	Used to save a user’s language setting so that LinkedIn.com is displayed in the language the user has selected in their settings.	Session	LinkedIN
lidc	To facilitate the selection of data centers	1 day	LinkedIN
AnalyticsSyncHistory	Used to store information about the time of a synchronization with the lms_analytics cookie.	1 day	LinkedIN
UserMatchHistory	Used for the id synchronization process. It stores the last synchronization time to avoid frequent repetition of the synchronization process	1 day	Linkein

Purposes and nature of processing, profiling

The above data, including cookies, is processed in order to send you marketing newsletters, to show you personalized advertisements for our goods and services that are tailored to your preferences across devices and websites, to track and understand your behavior in connection with the ads and newsletters across devices and websites, and to measure the effectiveness of our advertisements. For these purposes, a pseudonymized usage profile about you is created and analyzed across devices and websites from this data using a cookie that stores your unique ID. The information generated by the cookie in the pseudonymous user profile is used to identify you across devices and websites and is merged with user profile data.

In addition, the providers of the services we use use your data for their own purposes and share it with their business partners. In particular, your data may be used to present you with cross-website and cross-device ads based on your presumed interests, which the providers have determined based on your surfing behavior on the Internet using artificial intelligence and algorithms and have stored in their profile. The data may also be used to constantly adjust and update your profile. Detailed information on this can be found on the websites of the respective providers. Profiling takes place at Google, Baidu, LinkedIn and Bing on the basis of connection data, cookies and similar technologies. These providers store your data as usage profiles and process them across devices for the purposes of advertising, market research, and/or designing your online offers to meet your needs, regardless of whether you have an account with these providers or not. Such an evaluation is carried out in particular for the provision of needs-based advertising. In the process, your data is used with the help of artificial intelligence to determine which content and which advertising best match your interests and should therefore also be displayed to you across devices and websites. For this purpose, the providers also pass on the data contained in the profiles to third parties.

Legal basis

The legal basis is § 25 para. 1 TTDSG and Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. your consent to the data processing described above. The transfer of data to the above recipients takes place on the basis of Art. 28 GDPR by way of commissioned processing.

You can revoke your consent at any time under “Privacy settings” in the footer of our websites or by clicking the unsubscribe link in the newsletter. 

Storage duration

We delete the data as soon as they are no longer required for the above purposes.

The storage period of the respective cookies can be found above under “Data categories and cookies”. You can delete the cookies yourself at any time via the settings in your browser. 

Recipients

This data is collected by ActiveCampaign (ActiveCampaign, LLC, 1 N Dearborn St. 5th Floor IL 60602 Chicago, United States of America), Baidu Ads and Baidu Advertising (Baidu, Inc, No. 10, Shangdi 10th Street, Haidian District, Beijing 100085, People’s Republic of China), Bing Conversion and LinkedIn Insight Tag (Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, United States of America), DoubleClick Ad, Google AdServices, Google Ads, Google Ads Remarketing (Alphabet Inc., Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), Facebook Pixel (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland) Lead Forensics (Lead Forensics, 4 Old Park Lane, Mayfair, London W1K 1QW, United Kingdom) and getsitecontrol (Getwebcraft Limited, Klimentos 41-43, Klimentos Tower, Flat/Office 25, 1061, Nicosia, Cyprus).

Third country transfer and level of data protection

Your data will be transferred to the USA, Russia, India, China, Chile, Singapore, Taiwan and the United Kingdom, depending on the service. A transfer to other countries is not excluded if the providers use the data for their own purposes. 

The USA, Russia, India, Chile and China are assessed as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, possibly also without any legal remedy.

The appropriate level of data protection during the transfer to these countries is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 (2) lit. c GDPR as well as the additional measures taken by us and the named recipients to protect the data. The standard data protection clauses are available here.

The United Kingdom has an adequate level of data protection according to the GDPR due to an adequacy decision of the European Commission. The legal basis for the transfer, pursuant to Art. 45 GDPR, is the European Commission Decision of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in New Zealand Switzerland. This can be accessed here.

Electronic communication, contacting and making appointments through the website, customer support and management.

We use Gmail and Calendly to communicate with you and provide customer support.

Data categories and cookies

• Name, first name, function of the responsible contact person(s)
• Company name
• Address, email, phone number
• Contents of communication via e-mail, chat or telephone
• Dates and meetings
• E-mail signature, if applicable
• Status of the customer relationship
• Date of the conclusion of the contract
• Date and time of contact (collected automatically)
• Date of last contact
• date and time of the desired appointment, if applicable
• Subject if applicable
• Number of contacts, if any
• IP address, browser type and version, operating system used.
• Unique ID
• Geographical location
• Clicked items
• Visited URL, usage data
• Language
• Date / time of the server request, time zone difference to GMT
• Status Code

If you use the contact form or the online chat or the calendar, the following cookies are also stored in your browser.

Name	Purpose	Storage duration	Provider
_calendly_session	Storage of the preferences of the users	3 weeks	Calendly
OptanonConsent	Storage of cookie settings	6 months	Calendly
OptanonAlertBoxClosed	Storage of cookie settings	6 months	Calendly
optimizelyEndUserId	Stores a unique ID of a visitor	6 months	Calendly
optimizely_data$$pending_events	Cache XMLHttpRequest information so that the snippet can reliably send requests (e.g. to the event API) even if the visitor navigates to a new page during an ongoing request.	until the browser memory is emptied	Calendly
optimizely_data$$ layer_states	Stores bucketing decisions (variation and holdback allocation) for each layer in Optimizely Web & Optimizely Personalization	until the browser memory is emptied	Calendly
optimizely_data$$ visitor_profile	Stores the visitor’s values for different audience conditions.  This is especially important for conditions such as ad campaign, source type, and referrer, for which we must rely on the first observed value.	until the browser memory is emptied	Calendly
optimizely_data$$ variation_map	Records the variation that the visitor saw in each experiment. This allows us to provide a consistent experience for successive page views.	until the browser memory is emptied	Calendly
optimizely_data$$ tracker_optimizely	Cache for sending bundled events to the Optimizely Event API.	until the browser memory is emptied	Calendly
optimizely_data$$ session_state	Tracks the session identifier and timestamp that help Optimizely identify sessions for analytics purposes.	until the browser memory is emptied	Calendly
optimizely_data$$ event_queue	Stores event instances waiting to be added to the previous key …$$events.	until the browser memory is emptied	Calendly

Purposes of processing and obligation to provide

We use the data to maintain existing and potential customer relationships, to keep the contact list up to date, and to efficiently design and automate business processes. We further use the data to receive and respond to your inquiry, if necessary to schedule and document an appointment with you. The processing may be necessary for the performance of pre-contractual measures or the fulfillment of a contract or for the purpose you pursue by contacting us. The purposes for the use of cookies can be found in the table above. Among other things, these can be used to analyze your behavior in connection with the use of online chats and appointments. 

Storage duration

Your data will be processed for the duration of the contractual negotiations or a contractual relationship with you, if the processing is necessary for the implementation of pre-contractual measures or for the performance of the contract with you. Thereafter, your data will be restricted and stored separately for the duration of the legally mandatory retention periods and in the event of legal disputes. The retention period is a maximum of 10 years. Otherwise, we delete your data after processing is no longer necessary to process and respond to your request, but at the latest after three months. You can see the storage period of the cookies in the table above.

Legal basis

The processing of data we receive via email is based on Art. 6 para. 1 sentence 1 lit. b GDPR. The processing of data via online chat and calendar is based on your consent according to Art. 6 para. 1 sentence. 1 lit. a GDPR. A longer processing of the data is based on Art. 6 para. 1 sentence 1 lit. c GDPR in case of legal obligation and on Art. 6 para. 1 sentence 1 lit. f in case of legal disputes, i.e. on our legitimate interests to enforce or defend legal claims in individual cases. Cookies are stored on the basis of Section 25 (2) TTDSG, because this is technically necessary or based on your consent pursuant to Section 25 (1) TTDSG. The transfer of data to the above-mentioned recipients takes place on the basis of Art. 28 GDPR by way of order processing.

You can object to the storage and further processing, which is based on our legitimate interests, at any time. Please note the above information on your right of objection and contact details.

You can revoke your consent at any time under “Privacy settings” in the footer of our websites. 

Recipient

Your data is processed by Google (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and Calendly LLC (BB&T Tower 271 17th St NW, Atlanta, GA 30363, United States of America) on our behalf. 

Third country transfer and legal basis

The servers of the above-mentioned recipients are located in the USA, so that your data is transmitted to the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data will be processed by U.S. authorities for control and monitoring purposes, possibly also without any legal remedy.

The appropriate level of data protection for transfers to the U.S. is generally guaranteed by the conclusion of so-called standard data protection clauses pursuant to Art. 46 (2) (c) GDPR as well as the additional data protection measures taken by Microsoft and Hubspot. The standard data protection clauses are available here.

Use of the customer portal, direct advertising 

We operate a portal where you can order and pay for services.

Data categories and cookies

• E-mail address, password (mandatory data for registration)
• User ID (will be assigned automatically)
• IP address, browser type and version, operating system used.
• Date / time of server request, time zone difference to GMT, Status Code, referrer URL (previously visited website), if applicable.
• Name, first name, phone number, company name, address, tax number, VAT ID, 
• Language, job title (optional)
• Content from your inquiries and orders (e.g. technical drawings, quantity, intended use)
• Payment data (bank details, credit card details, amount)

The following cookies are stored on your computer:

Name	Purpose	Storage duration	Provider
__stripe_mid	This cookie is necessary to perform credit card transactions on the website without storing credit card information and to prevent fraud.	1 year	Stripe
__stripe_sid	This cookie is necessary to perform credit card transactions on the website without storing credit card information and to prevent fraud.	30 minutes	Stripe
m	This cookie is necessary to perform credit card transactions on the website without storing credit card information and to prevent fraud.	2 years	Stripe

Processing purposes

We process the data in order to provide you with the functions of the portal as well as to receive and process your inquiries and orders and to enable online payments. Furthermore, we use your e-mail address to send you direct advertising. 

Storage duration

We store your data for the duration of the contractual relationship or until you object to direct advertising. In addition, data is stored for the purpose of fulfilling legal retention obligations, which amount to 6-10 years. You can delete your customer account at any time. 

Legal basis

The processing of the data is based on Art. 6 para. 1 sentence 1 lit. b GDPR and serves the preparation and implementation of a contractual relationship. The storage of cookies is technically necessary and is based on § 25 para. 2 TTDSG. The sending of direct advertising is based on § 7 German Law Against Unfair Competition (UWG). 

You can object to direct marketing at any time by clicking on the unsubscribe link in the respective email or editing your subscription setting in your customer account. 

Recipient

The data is technically processed by our hosting service provider (Amazon Web Services, Amazon Web Services, Inc. P.O.. Box 81226 Seattle, WA 98108-1226) and our payment service provider (Stripe Inc., 3180 18th Street, San Francisco, CA 94110, United States of America).

Third country transfer and legal basis

The servers of Amazon and Stripe are located in the USA, so your data will be transmitted to the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data will be processed by U.S. authorities for control and monitoring purposes, possibly also without any legal remedy.

The appropriate level of data protection for transfers to the U.S. is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Article 46 (2) (c) of the GDPR and the additional measures taken by Microsoft to protect the data. The standard data protection clauses are available here.

Use of the portal for partners and suppliers, direct advertising

We operate a portal where you can register as a manufacturer and take orders.

Data categories and cookies

• Name, first name, telephone number, company name, country, address, e-mail address, password, consent to the NDA (mandatory data for registration).
• User ID (will be assigned automatically)
• Competencies (industry, materials, certification, quality control, language, production methods, CNC, production method characteristics, best practices).
• Information about your orders
• Payment data (bank details, amount, invoices)
• IP address, browser type and version, operating system used.
• Date / time of server request, time zone difference to GMT, Status Code, referrer URL (previously visited website), if applicable.

Processing purposes

We process the data in order to provide you with the functions of the portal as well as to place orders with you and to monitor their execution. Furthermore, we use your e-mail address to send you direct advertising. 

Storage duration

We store your data for the duration of the contractual relationship or until you object to direct advertising. In addition, storage takes place for the purpose of fulfilling legal retention obligations, which amount to 6-10 years. You can delete your profile at any time. 

Legal basis

The processing of the data is based on Art. 6 para. 1 sentence 1 lit. b GDPR and serves the preparation and implementation of a contractual relationship. The storage of cookies is technically necessary and is based on § 25 para. 2 TTDSG. The sending of direct advertising is based on § 7 German Law Against Unfair Competition (UWG).

You can object to direct marketing at any time by clicking on the unsubscribe link in the relevant email or editing your subscription setting in your customer account. 

Recipient

The data is technically processed by our hosting service provider (Amazon Web Services, Amazon Web Services, Inc. P.O.. Box 81226 Seattle, WA 98108-1226).

Third country transfer and legal basis

Amazon’s servers are located in the USA, so your data will be transferred to the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data will be processed by U.S. authorities for control and monitoring purposes, possibly also without any legal remedy.

The appropriate level of data protection for transfers to the U.S. is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Article 46 (2) (c) of the GDPR and the additional measures taken by Microsoft to protect the data. The standard data protection clauses are available here.

Video calls 

Data categories and cookies

Last name, first name, employer if applicable, professional function, e-mail address, phone number (depending on participation type), audio, video and textual content of communications incl. files, time, duration and location of participation, IP address and hardware information, password hash, profile picture if applicable.

The following cookies may also be stored on your device:

Name	Purpose	Storage duration	Provider
ga	Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.	6 months	Google
gid	Contains a randomly generated user ID. This ID allows Google Analytics to recognize returning users on this website and merge data from previous visits.	24 hours	Google
gcl_au	Contains a randomly generated user ID.	3 months	Google
gat_UA	Certain data is only sent to Google Analytics a maximum of once per minute. The cookie has a lifetime of one minute. As long as it is set, certain data transfers are prevented.	One minute	Google
IDE, ANID	Contains a randomly generated user ID. Based on this ID, Google can recognize the user across different websites and display personalized advertising.	6 months	Google
NID	This cookie contains a unique ID that stores your preferred Google Services settings and other information, including your preferred language, how many search results to display per page (e.g., 10 or 20), and whether to enable the Google SafeSearch filter.	6 months	Google
Cookies with SID extension	Such cookies are used by Google to authenticate users and help ensure that only the actual owner of an account can access that account. For example, so-called SID and HSID cookies record the Google account ID and the last login time of a user in digitally signed and encrypted form. The combination of these cookies enables Google to block many types of attacks. For example, Google stops attempts to steal information from forms submitted in Google services	6 months	Google

Processing purposes 

The processing is necessary to make a video call with you. 

Storage duration

The data will only be processed for the duration of your participation.

Legal basis

The processing of the data is based on Art. 6 (1) sentence 1 lit. b GDPR or on Art. 6 (1) sentence 1 lit. f GDPR, whereby the use of a state-of-the-art tool represents our legitimate interests. The storage of cookies is based on § 25 TTDSG.

You can object to the storage and further processing, which is based on our legitimate interests, at any time. Please note the above information on your right of objection and contact details.

Recipient

Your data is processed by Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) on our behalf. 

Third country transfer and legal basis

The Google servers that we use are located in the European Union. However, it is not excluded that your data may be transferred to the USA by Microsoft. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, possibly without any legal recourse.

The appropriate level of data protection for transfers to the U.S. is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Article 46 (2) (c) of the GDPR and the additional measures taken by Microsoft to protect the data. The standard data protection clauses are available here.

Job application

Receipt of your application

We offer you the opportunity to apply to us by e-mail, via the website or by post.

We would like to point out that data transmission on the Internet can have security gaps when communicating by e-mail. Therefore, we generally recommend not to send sensitive data, such as certificates, resumes, cvs etc., unencrypted over the Internet.

If you would like to send your application by e-mail, please encrypt the attachments according to the current technical status and send us the password separately, e.g. by telephone.

Data categories

• Personal data and contact and communication data (e.g. name and address, telephone number and e-mail address)
• Birthday, place of birth
• Nationality
• Curriculum vitae, references and recommendations (e.g. information on qualifications, training, work experience, language skills, further training and voluntary work)
• Photographs
• Marital status
• Interests and hobbies
• Information in the context of job interviews and, if necessary, aptitude tests
• Usage and content data for video calls (IP address and hardware information, e-mail address, image and sound, content of messages, date, time, place of participation)

Purpose of processing

The purpose of processing your personal data is to carry out the application process, which includes providing the technology (e.g. for receiving the documents or for conducting the interview or aptitude test online).

Legal basis

The legal basis is § 26 German Data Protection Law – BDSG-neu (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future and does not affect the validity of the processing that took place before the revocation.

If the application is successful, the data submitted by you will be further processed in our data processing systems, including the personnel file, on the basis of Section 26 BDSG-neu and Art. 6 (1) lit. b GDPR for the purpose of implementing the employment relationship.

Storage duration

If no employment relationship is established after completion of the application process, we reserve the right to store the data you have provided for up to 6 months from the end of the application process on the basis of our predominantly legitimate interests (Art. 6 para. 1 lit. f GDPR). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until the purpose for continued storage no longer applies. The processing of data by the video conferencing tool only takes place for the time of the video call. Any processing beyond this time does not take place.

Right of objectionYou can object to the storage of your personal data, which is based on our predominantly legitimate interests, at any time. Please refer to the detailed information on your right of objection in this data protection declaration.

Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations prevent deletion. In the case of consent, the data will be retained for 12 months.

Obligation to provide personal data

There is no legal or contractual obligation to provide personal data in the application process. However, we would like to point out that we may not be able to consider you if you do not provide any or sufficient personal data and we are therefore unable to assess your suitability for the advertised position.

Recipient

Your personal data will be passed on within our company to persons who are involved in processing your application.

Furthermore, the data is processed via the servers of our e-mail provider and provider of the video conferencing tool by Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) as well as by our recruiting software (Lever, Inc., 1125 Mission Street, San Francisco, CA 94103, USA). and by the provider of our personnel management software.

Transfer of data to a third country

The servers of the providers we use are located in the European Union. However, it cannot be ruled out that your data will be transferred to the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, possibly also without any legal remedy.

The appropriate level of data protection for transfers to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Article 46 (2) c of the GDPR and the additional measures taken to protect the data. The standard data protection clauses are available here.

Inclusion in the pool of applicants

If we do not make you a job offer, it may be possible to include you in our pool of applicants. If you are accepted, all documents and information from your application will be transferred to the applicant pool so that we can contact you in the event of suitable vacancies.

Inclusion in the pool of applicants is based exclusively on your express consent (Art. 6 Para. 1 lit. a GDPR). The provision of consent is voluntary and is not related to the current application process. You can revoke your consent at any time with effect for the future. The lawfulness of the processing carried out before the revocation remains unaffected by the revocation. In this case, the data will be irrevocably deleted from the applicant pool, unless there are legal reasons for retention.

Otherwise, the data will be irrevocably deleted from the pool of applicants at the latest at the end of the second year after consent has been given.

Presence in social networks

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for the users because, for example, it may be more difficult to enforce the rights of the users.

Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Data categories

Contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Purposes

We use social networks for contact requests and communication, collecting feedback as well as marketing and measuring campaigns in social networks, e.g. the reaction of users to our posts. 

Legal basis

Your data is processed on the basis of Art. 6 para. 1 p. 1 lit. f. GDPR, whereby the accessibility via social networks reflects our legitimate interests.

Recipients

• Instagram: Social network; Service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy policy: https://instagram.com/about/legal/privacy
• Facebook pages: Profiles within the Facebook social network – We are jointly responsible with Meta Platforms Ireland Limited for collecting (but not further processing) data from visitors to our Facebook page (known as a “Fan Page”). This data includes information about the types of content users view or interact with, or the actions they take (see under “Things You and Others Do and Provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, called “Page Insights,” to Page operators to provide them with insights into how people interact with their Pages and with content associated with them. We have concluded a special agreement with Facebook (“Information on Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum ), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data ); service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy ; Standard contractual clauses (ensuring level of data protection for processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum ; Further information: Shared Responsibility Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data .
• LinkedIn: social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com; privacy policy: https://www.linkedin.com/legal/privacy-policy; standard contractual clauses (ensuring level of data protection for processing in third countries): https://legal.linkedin.com/dpa; opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out; order processing contract: https://legal.linkedin.com/dpa.
• Twitter: social network; service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization).

Transfer of data to a third country

Your data will be processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, possibly also without any legal remedy.

The appropriate level of data protection for transfers to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 (2) lit. c GDPR and the additional measures taken to protect the data. The standard data protection clauses are available here.

Updating the privacy information

This data protection information was last updated on 24.06.2022. We reserve the right to adapt the data protection information with effect for the future, in particular in the event of further development of our hardware and software, the use of new technologies or changes to the legal basis or the corresponding jurisdiction.