Privacy Policy

I. Controller for the Processing of Personal Data
II. Our Data Protection Principles III. Our Online Contact Points IV. Communication V. Analytics, Marketing and TrackingVI. Events and Competitions, Trade FairsVII. Customer ServiceVIII. Security MeasuresIX. Business PartnersX. ApplicantsXI. Data Protection Authority XII. List of Third-Party Providers and their Use XIII. Date of Issue

I. Controller for the Processing of Personal Data

We, Secure 2 Fiber GmbH, are the provider of the services described below (hereinafter "we" or "Provider"), including the respective processing of personal data. This Privacy Policy provides you, the user of the services (hereinafter "you"), with information about the relevant processing of personal data at all contact points through which you interact with us.

II. Our Data Protection Principles 

In the course of providing the services described here and operating websites and other contact points, we process your personal data in various ways. We inform you comprehensively about the processing of personal data and the principles according to which such processing takes place.

We take the protection of your personal data very seriously. We therefore process your data with the utmost care and in strict compliance with applicable data protection laws and any individual consents you may have granted us. We have implemented organisational and technical security measures to protect all our websites, apps and other (digital) contact points against the potential risks associated with the processing of personal data. Our partners who support us in providing services are also required to comply with these provisions.

Please use the contact details provided in this Privacy Policy to contact us generally or with specific questions and/or requests regarding data protection.

Depending on the country in which you are located, different data protection laws apply. Based on the principles of the European General Data Protection Regulation ("GDPR"), we have established the following fundamental guidelines for the processing and protection of your personal data when providing our website and services:

1. Lawfulness

 
We use personal data only where this is lawful, which is the case only if at least one of the following conditions is met:• Sie haben Ihre Einwilligung gegeben.

• You have given your consent.

• The use of personal data is necessary for the performance of a contract to which you are a party.

• The use of personal data is necessary for compliance with a legal obligation, e.g. in the case of product safety measures where we are required to inform all our customers.

• The use of personal data is necessary to protect the vital interests of the individual, e.g. in cases where we notify individual customers about product safety issues.

•  The use of personal data is based on a legitimate interest in using personal data, and our use does not unduly prejudice your data protection rights. 

For all processing of personal data described herein, we also specify the legal basis for processing at the end of each main section, as well as in the description of the specific third-party service providers we use in Section XII of this Privacy Policy. 

2. Fairness and Transparency 


We inform you in this Privacy Policy in a fair and transparent manner about which personal data we collect and why we collect it. You can access the Privacy Policy directly or via a link during your registration and/or at any contact point at which you interact with us.
 
Users under the age of 16 should only transmit personal data to us with the consent of their parents or guardians. The data protection law applicable in your country may result in different age thresholds.

3. Purpose Limitation and Data Minimisation

We collect and use only the personal data that we genuinely need and for the purpose for which you have provided it to us. Where we can achieve the purpose with less personal data, we use only the minimum data required. Nevertheless, you are always free to provide additional personal data if this would improve your experience with the services offered.

4. Types of Processing including Third Parties 


In cases where we do not process your personal data directly as the controller (e.g. website hosting, technical services, etc.), we engage third parties who provide these services on our behalf as processors. These contracts oblige them to process your personal data in a lawful and secure manner. This is referred to as a controller-processor relationship and is defined in Art. 28 GDPR, with us as the controller and the respective third party as the processor. A list of the third-party providers we engage can be found in Section XII.

Joint controllership describes the situation in which multiple parties, including ourselves, jointly determine the purposes and means of data processing (joint controllers, see Art. 26 GDPR). Joint controllers must clearly inform data subjects about who processes which personal data and what obligations each party has assumed with regard to applicable data protection regulations. The joint controllers agree on their respective roles and ensure that the data subjects (persons to whom the data relates) are informed about these roles. Where we engage a third-party provider or partner that processes personal data as a joint controller, we will inform you of the relevant rights and roles in the list of third-party providers in Section XII at the end of this document.

In some cases, it is necessary to transfer personal data to a third party acting as an independent controller in its own name and on its own account, e.g. when we engage a shipping company to deliver products to you. In such cases, we have agreed minimum data protection standards with these independent controllers to protect your personal data.

Our website may also contain links to third-party websites whose content is not provided or controlled by us. In these cases, we have no control over the processing of your data on their websites or their compliance with data protection regulations, but we will inform you when you leave our website, for example. Please refer to the privacy notices that these third parties may provide. 

5. Cross-border processing within and Outside the EU


Since some of the third parties providing services to us (as described in this document) are not located in your country, the processing of your personal data may also involve a cross-border transfer of your personal data. Our aim is to process personal data exclusively within the European Union; therefore, most third-party providers process personal data in European data centres.

Where this is technically not possible, or where there is another reason why processing of personal data may also take place outside the European Union, we follow the principles set out in Art. 44 et seq. GDPR. We secure such transfers by means of contracts (based on specific legal transfer mechanisms) that we conclude with such providers, or on the basis of an adequacy decision by the European Union Commission, including the EU-US Data Privacy Framework ("DPF"). Information on whether a provider participates in the DPF and actively meets its requirements can also be found at:

https://www.dataprivacyframework.gov/s/participant-search 

6. Security

We process your data in a manner that ensures an appropriate level of security for personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Where we engage a third party to process personal data, we also agree on an appropriate level of technical or organisational measures that these providers must comply with.

7. Rights of Users 


You have the following rights against us, which we will fulfil promptly and appropriately upon receipt of your corresponding request as described below:

• Your right of access to your personal data pursuant to Art. 15 GDPR: We will inform you whether we have stored personal data about you and, if so, provide you with information about that data.

• Your right to rectification of your data pursuant to Art. 16 GDPR: We will correct inaccurate information or complete incomplete personal data, provided that such data is required for the intended purpose of processing your data.

• Your right to erasure of your data pursuant to Art. 17 GDPR: We will erase the personal data stored about you, provided that such data is not subject to retention periods or rights of retention, for example because we must retain your data to fulfil our contractual obligations or on the basis of statutory requirements. 

• Your right to restriction of processing of your data pursuant to Art. 18 GDPR: In the cases referred to in Art. 18(1) GDPR, you may request that we block your data. We will only continue to process blocked data to a very limited extent and only where this is necessary for the provision of services or the fulfilment of obligations that become necessary after the blocking of your data that you have requested. 

• Your right to withdraw consent pursuant to Art. 7(3) GDPR: For data processing operations that require your consent, you may withdraw your consent at any time in order to prevent future processing of your data. Data processing operations that were based on your consent prior to your withdrawal remain valid and lawful. 

• Your right to object to the processing of your data pursuant to Art. 21 GDPR: You may object to the future processing of your data where we process your data on the basis of one of the legal grounds referred to in Art. 6(1)(e) or (f) GDPR. If you object, we will cease processing your data unless we have compelling legitimate grounds for continued processing that override your interests and rights, or unless processing is necessary for the establishment, exercise or defence of legal claims. The processing of your data for direct marketing purposes never constitutes a compelling legitimate ground for us. 

• Your right to data portability pursuant to Art. 20 GDPR: Where data processing is automated and based on consent or a contract, we can provide you with the data you have provided to us in a structured, commonly used and machine-readable format. 

• Your right to lodge a complaint with a supervisory authority: You may contact a data protection authority with a complaint regarding data protection. Please contact the data protection authority responsible for your place of residence or the data protection authority with jurisdiction over us (see Section XI – Data Protection Authority). 

If you wish to exercise your rights, please contact the following email address:

 datenschutz@secure2fiber.com 

8. Erasure Principles


We process your personal data only for specified, necessary purposes. Once the purpose of processing has been fulfilled, we erase your personal data, unless a retention obligation or a right of longer retention exists. This applies to all personal data, regardless of how and where it is stored. 

Various local laws, such as tax or commercial laws, establish the statutory requirements for data retention. In addition, we may retain personal data on the basis of legitimate interests, e.g. for compliance with product safety laws to protect our customers. We may also retain personal data for business purposes where the GDPR recognises such purposes as justification for retention, e.g. the retention of customer data to defend against legal claims. 

Access to personal data that is stored exclusively for the purpose of fulfilling statutory retention periods or rights is restricted once the original purpose of data collection no longer applies. This ensures that the personal data is no longer actively used in our business operations. 

9. Data Protection Officer 


If you have questions about data protection or wish to exercise your rights, our Data Protection Officer (DPO) is available to assist you. You can contact our DPO directly by sending a letter or email to the contact details provided below. The DPO will be happy to address your concerns and support you in exercising your rights under data protection law. Please contact:

Secure 2 Fiber GmbH
Attn: Data Protection
Am Brambusch 24
D-44536 Lünen
Germany

E-Mail: datenschutz@secure2fiber.com
Phone: +49 (0)231 / 999 85 400 

10. Amendments to this Privacy Policy 

This Privacy Policy reflects the current status of data processing on our website and other contact points (e.g. administration, ticketing system, social media accounts, etc.). In the event of changes to data processing, this Privacy Policy will be updated accordingly. We always provide the current version of this Privacy Policy on our website so that you can inform yourself about the scope of data processing via this website. 


III. Our Online Contact Points 

1. Websites 


a) Provision of the websites themselves 

In order to display the website correctly in your internet browser, we use various technical means to ensure that all content (texts, images, videos, etc.) is up to date and displayed correctly. 

b) Categories of data 

For technical reasons, your internet browser automatically sends information to our web server each time our website is accessed (so-called log data). We store some of this information in log files, such as: 

• Date and time of access
• URL and files of the accessed website, including the volume of data transferred
• Version of the HTTP protocol used, including the type of operating system
• Type and version of the internet browser
• IP address

The log data mentioned above does not contain personal data. We analyse log data only when necessary, for example to resolve disruptions to the operation of our website or to manage security incidents. In addition, it may be necessary for us to collect the full IP address of the device, in addition to the log data, in order to resolve disruptions or to preserve evidence in connection with security incidents. We delete this data after the fault has been resolved, the security incident has been fully investigated, or once the original purpose of processing is no longer required. In the event of a security incident, we transmit log data to the investigating authorities on a case-by-case basis, to the extent permissible and necessary. 

2. Our Social Media Pages 

a) General

The protection of your privacy in the processing of personal data is important to us. We treat the personal data transmitted to us that is collected during your visit to our respective social media page (e.g. LinkedIn) confidentially and only in accordance with the applicable statutory provisions. 

b) Categories of Data

The social media service processes your personal data as soon as you use our respective social media page. Processing is related, for example, to the following usage operations:

• Visiting a page, post or video from a page
• Following or unfollowing a page
• Liking or un-liking a page or post, or using similar functions
• Recommending a page in a post or comment
• Commenting on, sharing or replying to a page post (including the type of reaction)
• Hiding a page post or reporting it as spam
• Clicking on the social media provider on another website or clicking on a link on a website outside the social media provider that leads to the page
• Hovering over the name or profile picture of a page to display a preview of the page content
• Using the features of the social media provider, such as the website, the telephone number, the "Get directions" button or other buttons on a page
• Information as to whether login takes place via a computer or a mobile device

c) Recipients / categories of recipients

In addition to us, the respective operator of the social media page is responsible for the processing of your data via our social media page (see examples below). To the extent that such processing falls within our area of responsibility, we are available to you for all questions regarding data protection and the exercise of your rights in accordance with the information provided in this Privacy Policy. You can find out which personal data is collected by the social media provider, how it is processed and what data protection rights you have vis-à-vis the social media provider in the following privacy policies of the social media provider. We have no influence over data processing by the social media provider.

d) Data processing by us

On the page made available by us via the social media provider, the social media provider grants us access to the following categories of data: 

• The social media provider grants us access to statistical analyses that provide us with information about the use of our social media page. The analyses visible to us do not enable us to analyse the usage behaviour of individual persons. We can only view aggregated data (such as the number of visits, likes, followers, region of origin, age group, gender, etc.) that gives us insight into our system users and the use of our social media page. The data of the respective user on which the analyses are based is not transmitted to us.

• We can define the target audience for the social media page or for individual published posts. The setting is based on general parameters (e.g. age group, language, region, interests) with which we can tailor our content to specific groups. It is not possible for us to target or identify individual persons on the basis of the data made available to us by the social media provider.

• If you contact us directly via the social media provider or interact with us in any other way, deliberately transmitting personal data (e.g. directly connecting with our social media page), we store and process this personal data for the purposes for which you have transmitted it to us.

• We process this data exclusively for the purpose of making content on our social media page known to the target audience and to better understand and optimise the use of our social media page. Beyond this, we have no influence over data processing (for the provision of this data in advance) by the social media provider within its area of responsibility. Please consult the respective third-party provider to find out which personal data is collected by them in detail, how it is processed and what data protection rights you have vis-à-vis the respective social media provider (see list of third-party providers (Section XII)):  

3. Social Media Plugins as Hyperlinks 

Some content on our website can be shared on social networks such as LinkedIn via integrated social media buttons. All social media buttons that enable the sharing of content are integrated via simple hyperlinks and not via social plug-ins from social network providers. This ensures that your data is not automatically transmitted to the social network servers when you visit our website. When you share content from our website, we also only transmit to the social network the information required to share the relevant content (e.g. the link to the content you wish to share). We do not transmit any personal data in this context. 

At the same time, you will also find direct links to our pages on social networks. If you follow a link from our website to a social network or log in to your social network to share content from our website, your data will be processed by the provider of the respective social network. 

If you are registered and logged in to other networks or services that require registration while using our website or individual functions, the respective network/service may collect information about your use or apply settings, such as videos played/playback status. However, this data is collected exclusively by the respective network/service under its own data protection responsibility and processed by the respective provider.

For information about the purposes and scope of data collection, further processing and use by the respective network operator, as well as your associated rights and options for protecting your privacy, please refer to the privacy notices on the website of the respective provider. 

4. User-generated Content (UGC) from Social Media 

UGC from social media enables us to share content created by customers and published on social media or other channels – such as texts, images, videos and reviews – on our social networks. We acquire the rights to your content through a separate licence agreement. Various types of personal data may be associated with UGC when such content is used. These data may include: 

• Profile information: This may include the username, profile picture and any other details you have provided directly in your social media profile.

• Posts and comments: Content that you have posted or commented on, including text, photos, videos and links, may be processed.

• Location data: If you have activated location services on your social media account, location information may be processed when you post or interact with content.

• Friend/follower data: A user's connections or followers on social media may be processed where this is relevant to the user-generated content used.

Please note that the specific personal data processed may vary depending on the social media platform and the privacy settings you have chosen.

5. Legal Basis for Data Processing

We base the above-mentioned data processing operations on a statutory permission pursuant to Art. 6(1)(f) GDPR, with the exception of UGC, which is based on a statutory permission pursuant to Art. 6(1)(b) GDPR. 

IV. Communication 

1. Making Contact 

If you contact us outside of a specific contractual relationship (e.g. to obtain information) or a registration, we offer you various technical and other means of contact via our websites.

In order to process your specific request when you make contact in this way, we may ask you to provide personal data. This includes, for example, your name and email address, as well as further details such as the subject of your request and your message. You may optionally provide your postal address and/or telephone number. We collect the requested information in order to be able to process your request appropriately. 

The personal data transmitted to us in this way will be used exclusively for the purpose for which you have provided it to us when making contact – in particular for processing your request. The data will not be used for any other purposes or disclosed to third parties without your express consent. Excluded from this are – to the extent necessary for the fulfilment of your request – the persons and companies (e.g. local service companies) involved in carrying out the communication and responding to the request. 

Unless statutory retention obligations apply, your personal data will be erased after your request has been processed. 

2. Telephone Contact 

You may contact us by telephone. We do not operate a call centre and do not make use of external call centre services. Your call will always be handled directly by our own employees.

If you call us, we may create a ticket in our internal ticketing system to document and process your request. The process depends on the nature of the call:

Direct calls to employees (no automatic ticket creation)

If you call one of our employees directly (e.g. via their extension or direct dial number), no ticket will be automatically created in our internal ticketing system. 

• A ticket will only be created if this is necessary for the processing of your request, and then exclusively manually by the employee handling your call.

• In this case, the employee may enter your personal data into the ticketing system, such as:

o Name,
o Contact Details
o Date and time of the call
o Reason for the call
o Relevant details discussed (e.g. technical issues, agreements, notes on next steps)

This serves the purpose of documenting and efficiently processing your request.

Further Processing

• Ticket and call logging: If a ticket is created (manually or automatically), we log information such as your name (if provided), your contact details, the date and time of the call, the reason for your call and relevant details discussed. This information is stored in the internal ticketing system to process your request and ensure efficient handling of your enquiry.

• Call recording (optional): With your prior consent, we may record calls for quality assurance or training purposes. In this case, audio data will be processed that may contain personal data shared during the call. Where a recording is made, it may be linked to the corresponding ticket.

• Internal forwarding: Personal data may be processed in order to assign your ticket or request to the responsible employee or department, depending on the nature of your request or your preferences. For this purpose, we may also use technical systems, including artificial intelligence (AI), to categorise requests and assign them to the responsible team.

• Identity verification: Our employees may need to process personal data (e.g. name, customer number, contact details) in order to verify your identity before providing account-specific information or making changes to your data or contracts.

• Problem resolution and support: In order to help you resolve issues or answer your questions, our employees may access customer data or internal databases. In this context, your personal data will be processed to the extent necessary for processing your request and documenting the outcome in the ticket.

For the technical provision and maintenance of our telephony and internal ticketing systems, we may engage IT service providers who act as processors on our behalf. However, these service providers do not operate a call centre and do not conduct their own customer communication; communication with you takes place exclusively via our own employees. 

3. Chat Bot

The chat function (where available) enables us to respond to your questions about our products and services in a timely manner. When you ask a question in the chat, an application will attempt to answer your questions. Through the use of potential artificial intelligence (AI), the system may send you relevant links or forward your concern to a customer service representative in the live chat. We use the chat bot to process your request and to improve our business and services. We engage the services of a technical service provider to enable the chat bot function on our websites and via other contact points. 

Within the framework of the chat functionality, the following personal data may be processed: 

• Mandatory details for initiating a chat

• Chat history as a transcript ("Transcript")

• IP address, approximate location, browser type and version, device type, visitor path

• Usage data (e.g. time of chat start, chat end, chat duration, chat performance data)

• Other content processed in the chat (e.g. telephone number, email address)

4. Surveys

We conduct surveys on your satisfaction with our products and services. We may ask you for feedback, for example via a form on our websites, or send you an email. If we ask you to rate our products and services by email, you may rate them on a scale of up to ten points. In addition, you may leave comments in a free-text field or, where applicable, provide your telephone number in order to receive a callback regarding your rating and comments. Participation in these surveys is entirely voluntary. We store the data you provide to us in such a survey together with your contact details and transaction data relating to the product or service we have provided to you. We use this data to improve our products and services. Your personal data will be anonymised after 12 months. 

Where we conduct surveys on our website, these are generally anonymous. Should we exceptionally collect data from you in the context of a survey, the preceding paragraph applies. 

5. Newsletter

It is possible to subscribe to our newsletter on our website. We use a double opt-in procedure to verify that the owner of an email address has actually registered to receive the newsletter. The newsletter will only be successfully subscribed to once the owner of the email address has expressly confirmed the activation of the newsletter by clicking on the link in the confirmation email. We log the execution of the individual steps of the double opt-in procedure for evidence purposes. 

For this purpose, we collect and process data about your use of our email newsletter. When you open an email newsletter from us, a file contained in the email (known as a web beacon) establishes a connection to our servers. This enables us to determine whether an email newsletter has been opened and, if so, which content was clicked on. In addition, we collect technical information about the end device with which the contents of the email newsletter are retrieved (e.g. time of retrieval, browser type and operating system). We use this data exclusively for the statistical evaluation of our newsletter campaigns. If you subscribe to our newsletter and thereby consent to its delivery, your data will be used for sending the newsletter and for analysing your use of the email newsletter. You may withdraw this consent at any time. The corresponding link is included in each edition of our newsletter. We will note in our database that you have unsubscribed from the newsletter.

6. Legal Basis for Data Processing

Depending on the nature of your contact with us, we base the above-mentioned data processing operations on a statutory permission pursuant to:

• Art. 6(1)(a) GDPR, based on your consent, e.g. for telephone recordings, newsletters and surveys unrelated to a contractual relationship, as well as surveys for which you have actively registered to participate;

• Art. 6(1)(b) GDPR for (pre-)contractual communication, e.g. via our telephone contact or chat bots, questions concerning the delivery or return of products;

• Art. 6(1)(f) GDPR in the case of contact with us, e.g. for the conduct of surveys.

V. Analytics, Marketing and Tracking

1. Analytics

Analytics refers to the process of collecting, processing and analysing data in order to gain insights and make decisions. For us, this is comparable to examining trends to better understand how you use our products and services. These insights enable us to make our products and services more user-friendly. In addition, we can identify areas in which our products and services can be improved and developed further through innovation. Our websites are integrated with analytics platforms. These platforms provide JavaScript code that is added to the website. This code interacts with cookies or similar technologies to collect data when users interact with our website. As users navigate the website, the analytics code collects data from the cookies/pixels. The data we collect includes information about page views, clicks, time spent on pages and other relevant metrics. 

Analytics platforms aggregate the data collected and provide us with insights into user behaviour and website performance. This aggregated data is used to understand audience demographics, popular content and areas that may need improvement.

2. Marketing and Tracking (including Re-Marketing)

We may collect and use your personal data to send you relevant marketing communications. These communications may include product updates, promotional offers and newsletters. You can easily manage your communication preferences and opt out at any time. 

We also conduct digital marketing activities, including retargeting. Retargeting, also known as remarketing, means displaying targeted advertising to users who have previously interacted with our website or digital content but have not completed an action. 

When a user visits our website and performs certain actions, a tracking pixel or cookie is placed on their device.

For further information about the providers, including information about specific use and additional information on provider-specific data protection aspects, please refer to Section XII. 

3. Cookies and Similar Technologies

Cookies​

4. Legal Basis for Data Processing

All processing described above, in particular the placing of pixels and cookies to read information on the end device used, is only carried out if you have given us your consent to do so. You may withdraw your consent at any time with effect for the future, as described above under "Cookie processing". Alternatively, you may use the opt-out page for EU customers at http://www.aboutads.info/choices or http://www.youronlinechoices.eu/. 

We base the above-mentioned data processing operations on:

a)  Your consent pursuant to Art. 6(1)(a) GDPR: 
 - Web analytics and marketing via cookies and/or similar technologies

b) A statutory permission pursuant to Art. 6(1)(b) GDPR: 
 - Registration on our website 
 - Convenience registration (social sign-on option)

c) A statutory permission pursuant to Art. 6(1)(f) GDPR: 
 - Technical cookies necessary for the provision of the website
 - Interactive digital assistants
 - Technical cookies for the display of the website (e.g. security functions)
 - Additional website functions (e.g. product videos)
 - Log data
 - Session cookies and persistent cookies for convenience functions

VI. Events and Competitions, Trade Fairs

1. Participation in Events

When you register for an event, we store and use the information you have provided in order to conduct the event, including follow-up activities. The data we collect for this purpose depends on the registration form on the respective websites on which you register. Your data will be erased as soon as it is no longer required for the conduct of the event or the follow-up activities. Such a registration process typically includes a confirmation email regarding your participation, additional emails about the organisation/changes and a follow-up email which may also include the opportunity to provide us with feedback. 

For some events, the participation fee is to be paid directly, or they are managed and conducted in whole or in part by our partners. In this case, you may be redirected to the website of the respective partner. In such cases, the relevant payment data (surname, first name, postal address, number of participants and payment method) will be transmitted to our partner in order to process payment for the event, provided you have already provided this information. 

2. Participation in Prize Draws / Competitions 

If you register for a prize draw or competition, we store and use the information you have provided exclusively for the purpose of organising and conducting the prize draw or competition, as well as for any necessary follow-up activities. The specific data we collect depends on the registration form you complete on the prize draw or competition page. 

We will promptly erase your data upon conclusion of the prize draw or competition and after all required follow-up activities have been completed. We retain your data only for as long as is necessary for the conduct of the prize draw or competition and all related activities.

3. Trade Fairs and Similar Events 

We participate in both in-person and digital trade fairs. In this context, data processing – in particular of your contact details – takes place in the following cases: 

• If you express a wish to receive further information from us by email or post

• Building a business relationship

• Your participation in prize draws

• Your request for newsletters and promotional materials

• Answering questions about our products

• Your order

Further information can be found in the "Communication", "Business Partners" and "Customer Service" sections of this Policy. The level of detail to which we process your personal data depends on the context in which you provide your data. 

4. Legal Basis for Data Processing 

We base the above-mentioned data processing operations on a statutory permission pursuant to Art. 6(1)(b) GDPR.

VII. Customer Service

We provide you with contact points through which you can purchase products or services directly, e.g. via our websites, technicians and telephone contact. With regard to the processing of personal data, the following interactions may take place when using these contact points. 

1. Typical Interactions 

• Browsing and product selection: Customers browse various products or services, comparing features, prices and reviews before making a decision.

• Payment and order confirmation: Customers complete the payment process and receive confirmation of their order, including an order number and estimated delivery date.

•Enquiries and support: Customers may have questions or require assistance regarding products, orders, shipping, returns or other matters. They can reach support via various channels such as telephone, email or chat.

• Problem resolution: Support staff assist in resolving customer issues or concerns, such as product defects, delivery delays or billing discrepancies.

• Returns and exchanges: Customers can request returns or exchanges for products that arrived damaged. Support assists them in initiating the returns process and provides them with the necessary instructions.

2. Contract 

In order to fulfil your orders and enter into a contract with you, we process the following personal data: 

• Company Name
• Form of Address
• First and last name, department, full postal address
• Telephone Number
• Email address
• Billing Data 

3. Payment and Creditworthiness Checks 

Your payment data will be transmitted to the respective payment service provider for the purpose of processing the payment. Where you use paid services, billing data will be processed. Your personal data may also be processed to investigate and prevent fraud, misuse, security-related incidents and other harmful activities, e.g. to combat money laundering and for criminal prosecution. This is based on compliance with applicable laws (e.g. for the prevention of money laundering) as well as our legitimate interest in limiting the risk of payment defaults. 

We engage external service providers for tasks related to payment processing, programming and data hosting. We have carefully selected these service providers and monitor them regularly, in particular with regard to their careful handling and protection of the data they store. All service providers are contractually obliged to maintain confidentiality and to comply with the applicable statutory provisions. Service providers may also be other companies within the Trianis Holding GmbH group. 

During the ordering process, we may conduct creditworthiness checks depending on the payment method you have chosen. We work with providers/agencies for creditworthiness checks and transmit your order data in order to obtain information in connection with such checks. Before conducting creditworthiness checks, we will inform you specifically at the relevant contact point about how we handle your data. 

4. Delivery, Cancellation of an Order and Returns 

As part of the delivery process, we work with logistics service providers, and your contact details will be passed on to our logistics service providers so that they can carry out the delivery and contact you to arrange deliveries and inform you of any delivery issues. We may also use your order information for delivery route planning. 

You may also be offered the option to select a convenient day and time frame for the delivery of your orders. In this case, our logistics service providers and suppliers will receive your order information in order to offer you the available time slot. In some cases, you may also track the status of your products via the tracking link we have sent you. 

The information required for returns may be a combination of your order number/order information and company information (e.g. company name/department/ address or email address). After you have dropped off your return parcel with our logistics service provider, you will receive emails on the status of your return and your refund. 

5. Insurance / Warranty Extension

We collect your company data and optional personal data in order to enable the insurance service you have chosen and to improve your overall customer experience. This includes information required for the creation of policies, the processing of claims and communication regarding your insurance cover.

We may collect details such as your name, contact details, address and specific information about the product you have purchased. We pass this data on to our partners who offer the insurance or warranty extension. This ensures that our partners can tailor insurance solutions to your individual needs.

6. Debt Collection Agencies

Under certain circumstances, it may be necessary to pass on relevant information to a debt collection agency in order to facilitate the settlement of outstanding payments. 

The disclosure of data to a debt collection agency serves exclusively the purpose of collecting outstanding payments in connection with our products or services. This ensures fair and lawful processing of financial transactions. 

The information passed on to the debt collection agency may include details such as your company name, contact details, billing data and details of the outstanding payment. The processing of information takes place exclusively to the extent necessary for the proper and effective provision of the debt collection agency's services. 

7. Registration on our Website / Customer Platform

You can register on our website in order to use our helpdesk services. As part of the registration process, we collect and process the following details:

Required details: company name, company address, VAT identification number, company telephone number, company email address, title, first and last name, business telephone number (mobile or landline), business email address, password.

We store the data of registered users until the user requests the deletion of the account or the account is no longer required for collaboration.

8. Legal Basis for Data Processing

We base the above-mentioned data processing operations on: 

a) A statutory permission (performance of a contract) pursuant to Art. 6(1)(b) GDPR:
 - Registration on our website
 - Insurance/warranty extension
 - Delivery (including delivery arrangements, order tracking and returns)
 - Customer service - Product/service information by email
 - Data processing for address verification - Debt collection agencies

b) A statutory permission (legitimate interest) pursuant to Art. 6(1)(f) GDPR:
 - Creditworthiness checks

VIII. Security Measures

1. Product Recall

In the event of a product recall, we take proactive measures to ensure the safety of our customers. If you are affected by a product recall, we will notify you using the contact details you have provided, e.g. by email, to provide you with important information. To facilitate this communication, we use the contact details and associated product information stored in our customer database.

Please note that such a recall constitutes a one-off data processing measure serving exclusively the purpose of informing you about the product recall. Throughout the entire process, we place the greatest importance on the security and confidentiality of your data. Your data will be used exclusively for the purpose of handling the product recall and will not be disclosed or used for any other purposes. 

By promptly notifying you of product recalls, we aim to ensure your safety and ensure that you have the necessary information to take appropriate measures.

2. Security Updates

We place great importance on data protection and security and strive to continuously improve the security features of our products. In order to address potential vulnerabilities that may arise over time, we regularly provide security updates. These updates are essential for maintaining the integrity and security of your products. 

We strongly recommend that you regularly commission us to install these security updates. By doing so, you can ensure that your devices remain protected against potential security threats. If you do not have these updates installed, your personal data and connected devices may be exposed to unauthorised access or compromise. 

3. Specific Erasure Period

Personal data relevant to product safety measures is subject to a centrally determined specific erasure period of 30 years. Upon expiry of the regular erasure period, this data will be transferred to a separate, access-restricted archive for further storage. If you submit an erasure request via our website (see Section I above), your data will also be erased from this security archive on a regular and timely basis. 

4. Legal Basis for Data Processing 

We base the above-mentioned data processing operations on: 

a) Your consent pursuant to Art. 6(1)(b) GDPR:
 - Security updates.

b)  A statutory permission pursuant to Art. 6(1)(c) GDPR: 
 - Mandatory product recall.

c) A statutory permission pursuant to Art. 6(1)(d) GDPR:
 - Voluntary product recall.

IX. Business Partners

1. General

a) Contractual relationship with business partners

The following data protection information applies to you if you are our business partner or a legal representative, employee, partner or beneficial owner of a business partner. Business partners are legal or natural persons who are in negotiations with us concerning the commencement of a business relationship or who already maintain a corresponding business relationship with us. Contracts in connection with employment or training relationships are expressly excluded. 

b) Categories of Data

The specific data processed depends largely on the agreed services and the subject matter of our business relationship. Therefore, not all parts of this information are relevant to you. 

As a rule, we collect your data directly from you. However, in certain constellations it may also be necessary, on the basis of statutory provisions or legitimate interests (e.g. as part of compliance checks on business partners), to process personal data that we receive from other companies, tax authorities, authorities, credit reporting agencies, insolvency registers, publicly accessible sources (internet research) or other third parties. The relevant personal data may include: 

• Personal data (e.g. first and last name, address and other contact details, date and place of birth, and nationality)

• Identification and authentication data (e.g. extracts from the commercial register, identification data, specimen signature)

• Company, position, function and department within the company, line manager

• Data in the context of our business relationship (e.g. payment data, order data)

• Data on company structures and ownership relationships

• Log Data

• Username and identification, user ID

• Compliance-relevant data (e.g. information on references, information on insolvencies)

• Adverse reports, screening against sanctions lists

• Information on criminal investigations in connection with the subject matter of the service

• Other data comparable to the aforementioned categories

Upon conclusion of a contract, we may obtain creditworthiness data about you from credit reporting agencies in order to fulfil the aforementioned legitimate interests. We use the data from credit reporting agencies for creditworthiness checks in order to verify your creditworthiness. Credit reporting agencies store data that they receive from banks or companies, for example. You can obtain information about the data stored about you directly from the credit reporting agencies. 

Where you enter into a contract with us by means of a digital signature, we process your associated data (in particular email address, IP address, times at which you edited the respective contractual document). In addition, it is possible to sign certain contracts with a so-called qualified electronic signature. In this case, we also process the certificate data of your signature in addition to the categories mentioned. This data is accessible to all persons involved in the approval and signing of the contract. 

c) Recipients / categories of recipients

Within our company, those departments receive access to the data you have provided that require it for the fulfilment of contractual or statutory obligations or for the safeguarding of legitimate interests, or that you have approved in the separate declaration of consent.

Within the scope of the contractual relationship, for the fulfilment of statutory obligations and for the protection of legitimate interests, authorities or service providers will also receive access to your personal data. 

Compliance with data protection regulations is ensured contractually. Data may also be passed on to companies within the Trianis Holding GmbH group in order to fulfil contractual obligations. 

If you have concluded a framework contract with the entire Trianis Holding GmbH as an authorised service provider, the respective procurement and purchasing departments of Trianis Holding GmbH will receive access to the business partner data relevant to contacting you, and the national compliance departments of the companies of Trianis Holding GmbH will each have access to the data for the compliance review of business partners. Outside our corporate group, data will only be passed on if we are legally required to do so (e.g. in the case of regulatory investigations). 

2. Legal Basis for Data Processing

We base the above-mentioned data processing operations on: 

a) A statutory permission pursuant to Art. 6(1)(b) GDPR: 
 - Use of our website as a business partner (pre-contractual and contractual use)

b) A legal basis pursuant to Art. 6(1)(f) GDPR:
 - Use of our website as a business partner (surveys, invitations to events, greetings and Christmas cards)
 - Selection of a suitable business partner (e.g. intermediary review)

X. Applicants

As an applicant for a job posting, you may use one of our contact points to submit your data to us. In addition to the information provided directly at the respective contact point (e.g. job page), we provide you below with information about our general handling of such personal data. 

1. General

We use your applicant data: 

- to identify you as an applicant
- to contact you
- to conduct the application process

Your personal data will be transmitted to: 

- our employees responsible for your application
- where applicable, our service providers for technical support of the application/applicant portal/job platform
- where applicable, our postal and logistics service providers

Your personal data will be erased as specified on the respective applicant website, unless we have obtained your consent to store your data for a longer period, e.g. for processing in an applicant pool. Where statutory or contractual obligations apply with regard to the retention of such data, your data will be stored for as long as is necessary to fulfil these statutory/contractual obligations; however, access to your data will be restricted. For statistical purposes, certain data originating, for example, from the application process will be anonymised and further processed after the erasure of your personal data. 

2. Legal Basis for Data Processing

We base the above-mentioned data processing operations on your consent pursuant to Art. 6(1)(a) GDPR for the retention of applicant data beyond the regular erasure period, or on a statutory permission pursuant to Art. 6(1)(b) GDPR for regular processing. 

XI. Data Protection Authority 

Germany: State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit NRW)
Website: https://www.ldi.nrw.de/

XII. List of Third-Party Providers and their Use 

Statistical Analysis of Visits to this Website – Web Trackers 

When this website or individual files of the website are accessed, we collect, process and store the following data: IP address, the website from which the file was retrieved, name of the file, date and time of retrieval, volume of data transferred and notification of the success of the retrieval (so-called web log). We use this access data exclusively in non-personalised form for the continuous improvement of our online offering and for statistical purposes. We also use the following web trackers to evaluate visits to this website: 

Google

We use on our website the service Google provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The transmission of personal data also takes place to the USA. With regard to the transmission of personal data to the USA, an adequacy decision exists with respect to the EU-US Data Privacy Framework issued by the EU Commission within the meaning of Art. 45 GDPR (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The operator of the service is certified under the DPF, so that the usual standard of protection under the GDPR applies to the transmission. 

The legal basis for the processing of personal data is your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, which you have given on our website. 

We use Google in order to be able to load additional Google services on the website. The service is used to enable the provision of further Google services, such as the data processing required for the provision of streams and fonts, and relevant content from Google Search. It is technically necessary in order to exchange information already available to Google about the website visitor between the various Google services and to provide the website visitor with personalised content adapted to their Google account. 

For the processing itself, the service and/or we collect the following data: background data stored in the Google user account or with other Google services about the website visitor; background data for the provision of Google services such as streaming data or advertising data; data on the website user's interactions with Google Search; details about the end device, IP address and browser of the user; and further data from Google services for the provision of Google services in relation to our website. 

Where the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the required data. In the context of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When the Google service is used on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. Where applicable, this may also involve data transmission to the Google services Google APIs, Doubleclick, Google Cloud, Google Ads and Google Fonts in accordance with the Google Privacy Policy. The certification under the EU-US Data Privacy Framework can be retrieved at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active 

You may withdraw your consent at any time. Further information on how to withdraw your consent can be found either at the point of consent or at the end of this Privacy Policy. 

Further information on the handling of the transmitted data can be found in the provider's Privacy Policy at: https://policies.google.com/privacy 

The provider additionally offers an opt-out option at: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=en

Google Maps

We use on our website the service Google Maps provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The transmission of personal data also takes place to the USA. With regard to the transmission of personal data to the USA, an adequacy decision exists with respect to the EU-US Data Privacy Framework issued by the EU Commission within the meaning of Art. 45 GDPR (hereinafter: DPF). The operator of the service is certified under the DPF, so that the usual standard of protection under the GDPR applies to the transmission. 

The legal basis for the processing of personal data is your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, which you have given on our website. 

On our behalf, Google will use the information obtained via Google Maps to display the map to you. Using Google Maps, you can find us more quickly and accurately than with a mere non-interactive route sketch. The corresponding data is also used to associate website visitors who view our Google Maps map – potentially with the assistance of the Google advertising ID – with physical visits and accesses to further contact information listed with Google. In this way, Google can provide an estimate of expected visitor flows. 

For the processing itself, the service and/or we collect the following data: data required for the visualisation and display of location data in the form of a map, in particular the IP address; information from Google background services such as Google APIs; search terms; IP address; coordinates; for use of the route planner, the starting point and destination; location data; Google advertising ID; Android advertising ID. 

We have concluded a joint processing agreement with Google with regard to Google Maps. The content can be found at: https://privacy.google.com/intl/en/businesses/mapscontrollerterms/ 

Where the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the required data. In the context of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When the Google service is used on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. Where applicable, this may also involve data processing by the Google services Google APIs, Google Cloud and Google Fonts in accordance with the Google Privacy Policy, under the data protection responsibility of Google. The certification under the EU-US Data Privacy Framework can be retrieved at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active 

You may withdraw your consent at any time. Further information on how to withdraw your consent can be found either at the point of consent or at the end of this Privacy Policy. 

Further information on the handling of the transmitted data can be found in the provider's Privacy Policy at: https://policies.google.com/privacy 

The provider additionally offers an opt-out option at: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=en 

Gstatic

We use on our website the service Gstatic provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The transmission of personal data also takes place to the USA. An adequacy decision exists with respect to the EU-US Data Privacy Framework issued by the EU Commission within the meaning of Art. 45 GDPR. The operator of the service is certified under the DPF, so that the usual standard of protection under the GDPR applies to the transmission. 

The legal basis for the processing of personal data is your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, which you have given on our website. 

Gstatic is a background service used by Google to retrieve static content in order to reduce bandwidth usage and pre-load required catalogue files. The service loads in particular background data for Google Fonts and Google Maps.

In the context of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. The certification under the EU-US Data Privacy Framework can be retrieved at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active 

You may withdraw your consent at any time. Further information on how to withdraw your consent can be found either at the point of consent or at the end of this Privacy Policy. 

Further information on the handling of the transmitted data can be found in the provider's Privacy Policy at: https://policies.google.com/privacy

The provider additionally offers an opt-out option at: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=en

Integration of External Web Services and Processing of Data Outside the EU 

Our website uses active content from external providers, so-called web services. By accessing our website, these external providers may receive personal information about your visit to our website. In this context, data may also be processed outside the EU. You can prevent this by installing a suitable browser plug-in or by disabling the execution of scripts in your browser. This may result in functional limitations on websites you visit. 

We use the following external web services: 

CookieBot

We use on our website the service Cookiebot provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, Email: privacy@cookiebot.com, Website: https://www.cookiebot.com/en/. The transmission of personal data takes place exclusively to servers within the European Union. 

The legal basis for the processing is Art. 6(1)(c) GDPR. The use of the service supports us in fulfilling our legal obligations.

Through the integration of Cookiebot, we fulfil our legal obligation with regard to the consent management required for cookies. 

Your rights in relation to the processing can be found at the end of this Privacy Policy. 

Further information on the handling of the transmitted data can be found in the provider's Privacy Policy at: https://www.cookiebot.com/en/privacy-policy/

Google Cloud APIs

We use on our website the service Google Cloud APIs provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The transmission of personal data also takes place to the USA. An adequacy decision exists with respect to the EU-US Data Privacy Framework. The operator is certified under the DPF, so that the usual standard of protection under the GDPR applies to the transmission. 

The legal basis for the processing of personal data is your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, which you have given on our website. 

We use Google APIs to load additional Google services on the website. Google APIs are a collection of interfaces for communication between the various Google services used on your website. The service is used in particular for the display of Google Fonts typefaces and the provision of the Google Maps map. 

For the processing itself, the service and/or we collect the following data: IP address.

Where the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the required data. In the context of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When the Google service is used on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. Where applicable, this may also involve data transmission to the Google services Google Cloud, Google Maps, Google Ads and Google Fonts in accordance with the Google Privacy Policy, under the data protection responsibility of Google. The certification under the EU-US Data Privacy Framework can be retrieved at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active 

You may withdraw your consent at any time. Further information on how to withdraw your consent can be found either at the point of consent or at the end of this Privacy Policy. 

Further information on the handling of the transmitted data can be found in the provider's Privacy Policy at: https://policies.google.com/privacy

The provider additionally offers an opt-out option at: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=en 

Google Fonts

We use on our website the service Google Fonts provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The transmission of personal data also takes place to the USA. An adequacy decision exists with respect to the EU-US Data Privacy Framework. The operator is certified under the DPF, so that the usual standard of protection under the GDPR applies to the transmission. 

The legal basis for the processing of personal data is your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, which you have given on our website. 

We use the Google Fonts service to integrate attractive typefaces on our website in order to display our website to you in a visually improved version. The service may also be used on our website when other Google services that require Google Fonts typefaces to run are loaded. This is the case, for example, where our website uses Google services that absolutely require Google Fonts in order to function. 

For the processing itself, the service and/or we collect the following data: data on typefaces; IP address of the website visitor; statistics on the use of typefaces; and further data from Google services in relation to our website.

Where the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the required data. In the context of order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When the Google service is used on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. Where applicable, this may also involve data transmission to the Google services Google APIs, Google Cloud and Google Ads in accordance with the Google Privacy Policy. The certification under the EU-US Data Privacy Framework can be retrieved at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active 

You may withdraw your consent at any time. Further information on how to withdraw your consent can be found either at the point of consent or at the end of this Privacy Policy. 

Further information on the handling of the transmitted data can be found in the provider's Privacy Policy at: https://policies.google.com/privacy 

The provider additionally offers an opt-out option at: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=en

Gravatar

We use on our website the service Gravatar provided by Aut O'Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, D02 AY86 Dublin, Ireland, Email: privacypolicyupdates@automattic.com, Website: https://en.gravatar.com/. The transmission of personal data also takes place to the USA. An adequacy decision exists with respect to the EU-US Data Privacy Framework issued by the EU Commission within the meaning of Art. 45 GDPR. The operator is certified under the DPF, so that the usual standard of protection under the GDPR applies to the transmission. 

The legal basis for the processing of personal data is your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, which you have given on our website. 

Gravatar is a service for providing avatars across websites. 

The certification of the parent company Automattic Inc. under the EU-US Data Privacy Framework can be retrieved at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000CbqcAAC

You may withdraw your consent at any time. Further information on how to withdraw your consent can be found either at the point of consent or at the end of this Privacy Policy. 

Further information on the handling of the transmitted data can be found in the provider's Privacy Policy at: https://automattic.com/privacy/ 

The provider additionally offers an opt-out option at: https://automattic.com/privacy/

XIII. Date of Issue

As of: 10 February 2026