Privacy Policy - Leistritz

Data Privacy Declaration

General Information on Data Processing

1. Name and Address of the Controller

The controller responsible for the data processing on this website in terms of the General Data Protection Regulation is:

Leistritz AG
Margrafenstraße 36-39
90459 Nürnberg
Germany
Phone: +49 (911) 4306 101
E-Mail: info@leistritz.com

2. Scope of the processing of personal data

We shall only process our users’ personal data to the extent that is necessary to provide a functional website and our contents and services. The processing of our users’ personal data is either permitted by law or shall take place only with the user’s consent.

3. Legal basis for the pocessing of personal pata

If we obtain the data subject’s consent to the processing of their personal data, Article 6 (1) a) EU General Data Protection Regulation (GDPR) shall serve as the legal basis. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6 (1) b) GDPR shall serve as the legal basis. This shall also apply to processing operations that are necessary in order to taking steps prior to entering into a contract. If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c) shall serve as the legal basis. If vital interests of the data subject or of another natural person make it necessary to process personal data, Art. 6 (1) d) GDPR shall serve as the legal basis. If the processing is necessary to protect a legitimate interest of our company or of a third party, and the interests, basic rights and basic freedoms of the data subject do not outweigh our legitimate interest, Art. 6 (1) f) shall serve as the legal basis for the processing.

4. Data deletion and storage period

The data subject’s personal data shall be deleted or blocked as soon as the purpose of storage ceases to apply. Data may be stored beyond this period if provision is made for this by European or national legislation in EU regulations, laws or other regulations to which the controller is subject.

5. Rights of the data subjects

If your personal data are being processed, you are a data subject in terms of GDPR and you have the following rights vis-à-vis the controller:

5.1 Right of access

You can obtain confirmation from the controller as to whether personal data concerning you are being processed by us.

Where such data are being processed, you can request access to the following information from the controller:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed;
the envisaged period for which the personal data concerning you will be stored, or, if concrete information about this is not possible, the criteria used to determine the storage period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You shall have the right to request information as to whether the personal data concerning you are transmitted to a third country or an international organisation. In this context, you can request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

5.2. Right to rectification

You have a right to obtain from the controller rectification and/or completion if the processed personal data are incorrect or incomplete. The controller must perform the rectification without undue delay.

5.3. Right to restriction of processing

You can obtain a restriction of the processing of the personal data concerning you under the following conditions:

you are contesting the accuracy of the data concerning you, for a period that enables us to verify the accuracy of the personal data;
the processing is unlawful and you oppose an erasure of the personal data, requesting a restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but you still require the data for the establishment, exercise or defence of legal claims; or
you have objected to the processing pursuant to Article 21 (1) pending the verification whether the legitimate grounds of the controller override yours.

Where processing of the personal data concerning you has been restricted, such personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Where processing has been restricted under the above conditions, you shall be informed by the controller before the restriction of processing is lifted.

5.4. Right to erasure

a) Erasure obligation

You may obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase these without undue delay where one of the following grounds applies:

the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you withdraw your consent on which the processing is based according to Art. 6 (1) a) or Art. 9 (2) a) GDPR and there is no other legal ground for the processing;
you object to the processing pursuant to Art. 21 (1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2);
the personal data concerning you have been unlawfully processed.
the personal data have to be erased for compliance with a legal obligation in EU or Member State law to which the controller is subject.
the personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR;

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copies or replicas of, those personal data.

c) Exceptions

The right to erasure shall not exist to the extent that processing is necessary

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by EU or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with Art. 9 (2) h) and i) as well as Art. 9 (3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.

5.5. Right to data portability

You shall have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You shall also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

the processing is based on consent pursuant to Art. 6 (1) a) GDPR or Art. 9 (2) a) GDPR or on a contract pursuant to Art. 6 (1) b) GDPR; and
the processing is carried out by automated means.

In exercising this right, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The right to data portability should not adversely affect the rights and freedoms of others. The right to data portability shall not apply to a processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

5.6. Right of object

You shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 (1) e) or f) GDPR, including profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is used for the establishment, exercise or defence of legal claims.

Where the personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you shall have the option of exercising your right to object by automated means using technical specifications.

5.7. Right to withdraw the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. A withdrawal of consent shall not affect the lawfulness of the processing which has taken place on the basis of the consent before it was withdrawn.

5.8. Right to lodge a complaint with a supervisory authority:

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data concerning you infringes GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Specific information on data processing

1. Name and address of the data protection officer

The Data Protection Officer of the data controller is:

Inmaculada Ramos-Leis

Leistritz AG
Margrafenstraße 36-39
90459 Nürnberg
Germany

Phone: +49 911 4306 6604
E-Mail: datenschutz@leistritz.com

2. Provision of the website and creation of log files

2.1. Description and scope of data processing

Every time our website is accessed, our system shall automatically gather data and information from the computer system of the calling computer.

The following data shall be collected:

information about the browser type and the version used
user’s operating system
user’s internet service provider
user’s IP address
date and time of the access
websites from which the user’s system accessed our website
websites which the user’s system accessed via our website

The data shall be stored in our systems’ log files. This data shall not be stored with other personal data concerning the user.

2.2. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files shall be Art. 6 (1) f) GPDR. The legitimate interest in a temporary storage of the data and the log files shall arise from the purposes of the data processing (see 2.3.).

2.3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. Therefore, the user’s IP address must remain stored for the duration of the session.

Data shall be stored in log files to ensure the functionality of the website. We shall also use the data to optimise the website and to ensure the security of our IT systems. The data shall not be analysed for marketing purposes in this context.

2.4. Storage period

The data shall be deleted as soon as they are no longer necessary for achieving the purpose for which they were collected. If the data are recorded in order to provide the website, this shall be the case when the session has ended.

If the data are stored in log files, this shall be the case after seven days at the latest. Further storage shall be possible. In this case, the IP addresses of the users shall be deleted or anonymised so that it is no longer possible to identify the calling client.

2.5. Possibility of objection and erasure

The recording of the data on the provision of the website and the storage of the data in log files are absolutely necessary for the operation of the website. Therefore, there shall be no possibility of objection in accordance with Section 21 (1) Sentence 2 GDPR.

3. Use of cookies

3.1. Description and scope of the data processing

Our website uses cookies. Cookies are text files which are stored on the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that allows the browser to be clearly identified when the website is accessed again.

Furthermore, our website also uses cookies that allow us to analyse how frequently the user accesses pages.

When our website is accessed, the user shall be informed about the use of cookies for analysis purposes and asked to consent to the processing of the personal data used in this context. In this context, please refer to 3.4.

3.2. Legal basis for the data processing

The legal basis for the processing of personal data using technically necessary cookies shall be Art. 6 (1) f) GDPR. The legitimate interest shall arise from the purpose of the data processing (see 3.3. below).

The legal basis for processing personal data using cookies for analysis purposes with the user’s consent shall be Art. 6 (1) a) GDPR.

3.3. Purpose of the data processing

Analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies tell us how the website is used and enable us to constantly optimise our offering.

3.4. Storage period

Cookies shall be stored on the user’s computer and transmitted from there to our website. Therefore, you as the user have complete control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. The duration of the data storage shall differ depending on the type of cookie:

Session cookies:
These cookies are stored exclusively for the duration of the current session and are deleted automatically as soon as you close the browser.
Persistent cookies (permanent cookies):
These cookies remain stored on your device after the end of the session. The storage period varies depending on the cookie and can range from a few minutes to several years. You can find the specific storage period in your browser’s cookie settings or our cookie policy.

3.5.Possibility of objection and erasure

Cookies shall be stored on the user’s computer and transmitted from there to our website. Therefore, you as the user have complete control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Cookies which have already been stored can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, you may no longer be able to make full use of all the functions of the website.

You can withdraw your data protection consent at any time in our consent management system (cookie script), with the consequence that the stored data or cookies will be deleted. A withdrawal of consent shall not affect the lawfulness of the processing which has taken place on the basis of the consent before it was withdrawn.

4. Newsletter data and mailing via third parties (Evalanche)

4.1. Description and scope of the data processing

On our website, you have the option of subscribing to our free newsletter. When you sign up for the newsletter, the following data from the form shall be transmitted to us:

title, name and email address
The following data shall also be collected when you sign up:

the IP address of the calling computer,
the date and time of your registration

Your consent to the data processing shall also be obtained during the sign-up process, and you will be referred to this privacy policy.

In the context of the data processing for the purpose of mailing newsletters, no data shall be passed on to third parties. We use Evalanche for mailing the newsletters. The provider is SC-Networks GmbH, Würmstrasse 4, 82319 Starnberg. You can find further information here: information about data protection at SC-Networks. This service enables us to organise and analyse the mailing the newsletter. The data you enter for the purpose of receiving the newsletter, for example your email address, shall be stored on Evalanche's servers. The servers are located in Germany and Ireland. The data shall be used exclusively for mailing the newsletter.

Using Evalanche to mail the newsletter allows us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many recipients have opened their newsletter and how often any links in the newsletter has been clicked. Evalanche supports conversation tracking to analyse whether a pre-defined action, for example a product purchase, has taken place after the recipient clicked on a link. You can find detailed information about data analysis by Evalanche here: Data Protection and Data Management Documents – Evalanche Helpcenter

4.2. Legal basis for the data processing

The legal basis for processing data after the user has signed up for the newsletter and for using a third party (Evalanche) to mail the newsletter, with the user’s consent in each case, shall be Art. 6 (1) a) GDPR.

4.3. Purpose of the data processing

The collection of the user’s email address and the use of the third party (Evalanche) to mail the newsletter shall enable us to send the newsletter. The collection of other personal data during the sign-up process shall serve to prevent the services or the email address from being misused.

4.4. Storage period

The data shall be deleted as soon as they are no longer necessary for achieving the purpose for which they were collected or consent is revoked. The user’s email address and the data processed by Evalanche shall therefore be stored for as long as the newsletter subscription is active or has not been cancelled. To unsubscribe, it is sufficient to send us an informal communication by email, or you can cancel your subscription by clicking on the “Unsubscribe” link in the newsletter.

The other personal data collected by us during the sign-up process shall generally be deleted after a period of seven days.

4.5. Possibility of objection and erasure

You can withdraw consent that you have previously granted at any time. To withdraw your consent, it is sufficient to send us an informal communication by email, or you can cancel your subscription by clicking on the “Unsubscribe” link in the newsletter. The user concerned can cancel their newsletter subscription at any time. To this end, there is a corresponding link in each newsletter.

This shall also enable you to withdraw your consent to the storage of personal data collected during the sign-up process.

5. Contact form

5.1. Description and scope of the data processing

A contact form is available on our website and can be used to contact us electronically. If a user takes advantage of this option, the data entered in the form shall be transmitted to and stored by us. These data shall be:

title, surname, email address, subject and message, selection of the contact method – email or telephone, selection of the business unit/topic (mandatory fields);

first name, company, position, road, post code, place and telephone number, field for free text, option of uploading a file (voluntary fields)

When you send your message, the following data shall also be stored.

the date and time of your registration
your acceptance of the privacy policy

Your consent to the data processing shall also be obtained in the course of sending the message, and you will be referred to this privacy policy. Alternatively, you can contact us via the email address provided. In this case, the user’s personal data that are communicated by email shall be stored. No data shall be passed on to third parties in this context. The data shall be used exclusively for processing the conversation.

5.2. Legal basis for the data processing

The legal basis for processing data with the user’s consent shall be Art. 6 (1) a) GDPR.

The legal basis for the processing of the data that is transmitted in the course of sending an email shall be Art. 6 (1) f) GDPR. Our legitimate interest shall be in identifying you and making contact. If the email is sent with the aim of concluding a contract, an additional legal basis for the processing shall be Art. 6 (1) b) GDPR.

5.3. Purpose of the data processing

We shall process the personal data from the form solely for the purpose of handling the enquiry. If a user contacts us by email, this shall also constitute the necessary legitimate interest in the data processing. The other personal data that are processed in the course of the message being sent shall serve to prevent the contact form from being misused and to ensure that our IT systems are secure.

5.4. Storage period

The data shall be deleted as soon as they are no longer necessary for achieving the purpose for which they were collected. For personal data from the contact form and personal data sent by email, this shall be the case when the respective conversation with the user has ended. The conversation has ended when it appears that the situation has finally been resolved.

The additional personal data collected in the course of the message being sent shall be deleted after a period of seven days at the latest.

5.5. Possibility of objection and erasure

The user shall have the option of withdrawing their consent to the processing of their personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All the personal data that have been stored in the course of establishing contact shall be deleted in this case.

6. Application form or application by email and processing of applicant data

6.1. Description and scope of the data processing

An application form is available on our website and can be used for electronic applications. If a user takes advantage of this option, the data entered in the form shall be transmitted to and stored by us. These data shall be:

your master data (such as title, surname, first name, name affixes, date of birth)
contact details (such as private address (road, post code, town/city), telephone number, email address)
your cover letter, CV, degree certificate, job references, work permit/residence permit if applicable
other data from the application documents that you have sent us in connection with your application

Your personal data shall be collected directly from you during the recruitment process, in particular from the application documents, the interview and the human resources questionnaire.

When you send your message, the following data shall also be stored:

the date and time of your registration
your acceptance of the privacy policy

Your consent to the data processing shall also be obtained in the course of submitting the application, and you will be referred to this privacy policy. Alternatively, you can contact us via the email address provided. In this case, the user’s personal data that are communicated by email shall be stored. No data shall be passed on to third parties in this context. The data shall be used exclusively for processing the conversation.

6.2. Legal basis for the data processing

We shall process your personal data in compliance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

First and foremost, data processing shall serve to establish the employment relationship. The primary legal basis for this shall be Art. 88 (1) a) GDPR in conjunction with Section 26 (1) BDSG. Furthermore, the data processing may be necessary for the performance of a contract or in order to take steps prior to entering into a contract, Art. 6 (1) b) GDPR, or for the protection of legitimate interests, Art. 6 (1) f) GDPR.

With your consent, you are declaring that you agree to your data being processed for the purpose of assessing your suitability for a position in any of the companies affiliated with Leistritz AG in Germany (Section 15 et seq. German Stock Corporation Act). The data transfer shall then be based on the legal basis of Art. 88 (1) GDPR in conjunction with Section 26 (2) BDSG. Consent that has been granted may be withdrawn at any time by making a declaration to Leistritz AG. The withdrawal of consent shall only apply to the future and shall not affect the lawfulness of the personal data processed before consent was withdrawn.

If the data are required after the end of the application process, potentially for a legal prosecution, data processing can take place on the basis of the conditions specified in Art. 6 GDPR, in particular for the protection of legitimate interests in accordance with Art. 6 (1) f). Our interest shall be in the assertion of or defence against claims.

6.3. Purpose of the data processing

We shall process the personal data from the form solely for the purpose of processing the application. In the event of an application by email, this shall also constitute the necessary legitimate interest in the data processing. The other personal data that are processed in the course of the application being submitted shall serve to prevent the application form from being misused and to ensure that our IT systems are secure.

6.4. Storage period

The data shall be deleted as soon as they are no longer necessary for achieving the purpose for which they were collected, but no later than after the expiry of a six-month period (in the event of a rejection). For personal data from the contact form and personal data sent by email, this shall be the case when the respective conversation with the user has ended. The conversation has ended when it appears that the situation has finally been resolved.

The additional personal data collected in the course of the application being submitted shall be deleted after a period of seven days at the latest.

6.5. Who receives your data?

Within our company, only the people and bodies (e.g. department) that are involved in the selection process shall receive your personal data.

Within our Group, your data shall be transmitted to Leistritz AG because data are processed centrally there for application processes for Group companies. Data for the following companies in the Leistritz Group shall be collected centrally at Leistritz AG:

Leistritz Pumpen GmbH, Markgrafenstrasse 36-39, 90459 Nürnberg
Leistritz Extrusionstechnik GmbH, Markgrafenstrasse 36-39, 90459 Nürnberg
Leistritz Turbinentechnik GmbH, Markgrafenstrasse 36-39, 90459 Nürnberg
Leistritz Produktionstechnik GmbH, Leistritzstrasse 1-11, 92714 Pleystein

6.6. Possibility of objection and erasure

You have the rights specified in Art. 15-22 GDPR:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to object to the processing (Art. 21 GDPR)
Right to data portability (Art. 20 GDPR)

Please contact the data protection officer about these rights. You can find the contact details in Section 1 above. The user shall have the option of withdrawing their consent to the processing of their personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All the personal data that have been stored in the course of the application shall then be deleted after a six-month period expires.

6.7 Where can you make a complaint?

You have the option of contacting the data protection officer mentioned above or a data protection supervisory authority with a complaint. The data protection supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision, Promenade 27, 91522 Ansbach; Tel.: +49 (0)981 180093-0

You can find further information here: https://www.lda.bayern.de/de/impressum.html

7. Use of YouTube

7.1. Description, purpose and legal basis of the data processing

For the integration and presentation of video contents, our website uses YouTube plug-ins. YouTube is a platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”) if the service is accessed in the European Union or the European Economic Area. Google Ireland Limited is a company belonging to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

YouTube is used in the interests of an attractive presentation of our website. This is a legitimate interest in terms of Art. 6 (1) f GDPR.

YouTube videos are integrated to provide you with multimedia contents in an attractive way. We generally use YouTube’s enhanced data protection mode. According to YouTube, no personal information, apart from technical data, about the website’s users are stored in this mode unless you view the video.

7.2. Processed data

When you play a YouTube video, the following data shall be processed:

IP address
device information
operating system
browser type
time and date of the access
referrer URL

When you access a page with an integrated YouTube plug-in, a connection to the YouTube servers shall be established. YouTube shall thereby be informed which pages you have visited. YouTube can assign your surfing behaviour directly to your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand.

7.3. Transfer to third parties / abroad

This information is usually transferred to a Google server in the USA and stored there. The USA is deemed a third country without an appropriate level of data protection in terms of GDPR. When you grant your consent, you are also agreeing to this transfer (Art. 49 (1) a) GDPR). For the transfer, Google relies on the standard contractual clauses approved by the European Commission in accordance with Art. 46 (2) c) GDPR. You can find further information about this at: https://policies.google.com/privacy/frameworks. We have no influence over this data transfer.

You can find more information on the handling of user data in Google’s privacy policy:
https://policies.google.com/privacy
and in YouTube’s terms of use:
https://www.youtube.com/t/terms

You can find further information in Google’s privacy policy:
https://policies.google.com/technologies/retention

7.4. Storage period

The data will be stored for 6 months. Early deletion can take place by revoking your consent.

Further information can be found in Google's privacy policy:

https://policies.google.com/technologies/retention

7.5. Possibility of objection and erasure

Cookies shall be stored on the user’s computer and transmitted from there to our website. Therefore, you as the user have complete control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Cookies which have already been stored can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, you may no longer be able to make full use of all the functions of the website.

8. Use of Google Maps

8.1. Description, purpose and legal basis of the data processing

This website uses the map service Google Maps via an API to present active maps and to create journey plans. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) if the service is accessed in the European Union or the European Economic Area. Google Ireland Limited is a company belonging to Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Maps is integrated in order to present our website in an attractive way and to make it easy to find the locations indicated by us on the website.

This is a legitimate interest in terms of Art. 6 (1) f GDPR. However, the integration shall only take place after you have granted your consent in accordance with Art. 6 (1) a) GDPR via our consent management system. Consent can be withdrawn at any time.

8.2. Processed data

When you access pages containing embedded Google Maps maps, the following data may be processed:

user’s IP address
location data (when location sharing is enabled)
date and time of the visit
URL visited
browser type and operating system
device information
language settings
usage data (e.g. magnification level, map type)
Google account information if applicable (if you are logged in at the same time)

8.3. Transfer to third parties / abroad

You can find more information on the handling of user data in Google’s privacy policy:
https://policies.google.com/privacy
and in the terms of use for Google Maps:
https://www.google.com/intl/de_de/help/terms_maps.html

8.4. Storage period

The data shall be stored for 18 months. If you withdraw your consent, the data can be deleted early.

You can find further information in Google’s privacy policy:
https://policies.google.com/technologies/retention

8.5. Possibility of objection and erasure

Cookies shall be stored on the user’s computer and transmitted from there to our website. Therefore, you as the user have complete control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Cookies which have already been stored can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, you may no longer be able to make full use of all the functions of the website.

9. Use of OpenStreetMap

9.1. Description, purpose and legal basis of the data processing

This website uses the map service OpenStreetMap Deutschland via an API to present active maps and to create journey plans. The provider is FOSSGIS e.V., Bundesallee 23, 10717 Berlin.

OpenStreetMap (OSM) is integrated in order to present our website in an attractive way and to make it easy to find the locations indicated by us on the website.

You can find further information on data protection at OpenStreetMap in OpenStreetMap’s privacy policy: https://wiki.openstreetmap.org/wiki/Privacy_Policy

9.2. Processed data

When you access pages containing embedded OpenStreetMap maps, the following data may be processed:

user’s IP address
location data (when location sharing is enabled)
date and time of the visit
URL visited
browser type and operating system
device information
language settings
usage data (e.g. magnification level, map type)

9.3. Transmission to third parties / abroad

The software runs only on our website servers. Users' personal data is only stored there. The data is not passed on to third parties.

9.4. Storage period

The data shall be stored for 180 days. If you withdraw your consent, the data can be deleted early.

9.5. Possibility of objection and erasure

Cookies shall be stored on the user’s computer and transmitted from there to our website. Therefore, you as the user have complete control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Cookies which have already been stored can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, you may no longer be able to make full use of all the functions of the website.

10. Web analysis by Matomo (formerly PIWIK)

10.1. Description, purpose and legal basis of the data processing

On our website, we use the open-source software tool Matomo (formerly PIWIK) to analyse our users’ surfing behaviour. The provider is InnoCraft Limited, 150 Willis Street, 6011 Wellington, New Zealand. The software sets a cookie on the user’s computer (see above for more information about cookies).

Processing the users’ personal data allows us to analyse our users’ surfing behaviour. An analysis of the collected data enables us to put together information about how the individual components of our website are used. This helps us to constantly improve our website and its user-friendliness.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) f) GDPR. The anonymisation of the IP address ensures that the users’ interest in the protection of their personal data is sufficiently taken into account.

10.2. Processed data

If individual pages of our website are accessed, the following data shall be stored:

two bytes of the IP address of the user’s calling system
the web page that is accessed
the website from which the user reached the accessed page (referrer)
the subpages that are accessed from the accessed page
the time spent on the page
the frequency with which the page is accessed

The software is configured in such a way that the IP addresses are not stored in full. Instead, 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). This means that it is no longer possible to assign the shortened IP address to the calling computer. You can find further information at: https://matomo.org/docs/privacy/.

10.3. Transfer to third parties / abroad

The software runs exclusively on our website’s servers. The user’s personal data shall not be stored anywhere else. The data shall not be forwarded to third parties.

10.4. Storage period

The anonymised data shall be deleted as soon as it is no longer required for our record-keeping purposes.

10.5. Possibility of objection and erasure

Cookies shall be stored on the user’s computer and transmitted from there to our website. Therefore, you as the user have complete control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Cookies which have already been stored can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, you may no longer be able to make full use of all the functions of the website.

On our website, we offer our users the option of opting out of the analysis process. To do this, you must follow this link.

This will set an additional cookie on your system that will tell our system not to store your data. If you delete the corresponding cookie from your own system, you must set the opt-out cookie again.

You can find more detailed information on the privacy settings for the Matomo software under the following link: https://matomo.org/privacy/.

11. Use of LinkedIn Insight Tag

11.1. Description, purpose and legal basis of the data processing

We use the functionalities of the marketing plug-in LinkedIn Insight Tag provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn) if the service is accessed in the European Union or the European Economic Area. It is a company belonging to the LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, CA 94085, United States. The plug-in enables us to obtain information about the users of the web page and to keep detailed campaign reports.

The LinkedIn Insight Tag shall only be used subject to your express consent in accordance with Art. 6 (1) a) GDPR. Your consent shall be obtained via our cookie consent tool and can be withdrawn at any time.

11.2. Processed data

The following personal data shall be processed by LinkedIn:

URL
referrer URL
hashed or shortened IP address,
device and browser properties (user agent) and the time stamp

LinkedIn shall store cookies on your device for these analyses. You can find further information about the cookies used here: https://www.linkedin.com/legal/cookie-policy

LinkedIn shall not share any personal data with us, but shall only provide aggregated reports about the target group and advertisements. LinkedIn also offers a remarketing function that we can use to show you targeted personalised advertising outside our website, without learning your identity.

You can find further information about the processing of data by LinkedIn here: https://www.linkedin.com/legal/cookie-policy

11.3. Transfer to third parties / abroad

This information is usually transferred to a LinkedIn server in the USA and stored there. The USA is deemed a third country without an appropriate level of data protection in terms of GDPR. When you grant your consent, you are also agreeing to this transfer (Art. 49 (1) a) GDPR). For the transfer, LinkedIn relies on the standard contractual clauses approved by the European Commission in accordance with Art. 46 (2) c) GDPR. The EU standard data protection clauses (Art. 46 (2) Sentence 1 c) GDPR), which can be classified as an appropriate guarantee for the protection of the transfer and the processing of data outside the EU, shall be part of LinkedIn’s terms of use. You can find further information about this at: https://de.linkedin.com/legal/l/dpa. We have no influence over this data transfer.

11.4. Storage period

The members’ direct identifiers shall be removed within seven days to pseudonymise the data. This remaining pseudonymised data shall then be deleted within 180 days.

11.5. Possibility of cancellation and erasure

You can prevent LinkedIn from recording and processing your personal data by preventing the storage of third-party cookies on your computer, using the “Do Not Track” function of a supporting browser, disabling the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can find further information on options for opting out of and removing cookies set by LinkedIn at:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out and
https://www.linkedin.com/legal/privacy-policy?_l=de_DE

12. Meta pixel (Facebook pixel)

12.1. Description, purpose and legal basis of the data processing

If the service is accessed in the European Union or the European Economic Area, we use the Meta pixel provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”), to track the behaviour of website visitors after they have been redirected to our website because of clicking on an advertisement on Facebook or Instagram. It is a company belonging to Meta Platforms Incorporated, 1601 Willow Road, Menlo Park, CA 94025, United States. This allows us to capture the effectiveness of the advertisements for statistical and market research purposes.

The Meta pixel shall only be used subject to your express consent in accordance with Art. 6 (1) a) GDPR, which shall be obtained via a consent banner You can withdraw this consent at any time with effect for the future.

12.2. Processed data

When you visit our website, the Meta pixel shall transmit the following data to Meta:

IP address
device information (e.g. browser type)
user behaviour on our website (e.g. pages visited, purchases made)
referrer URL
Facebook/Instagram user ID (if you are logged in there)

Meta shall connect these data to your Facebook/Instagram account and use them for its own purposes in accordance with the Mata data policy (e.g. https://de-de.facebook.com/privacy/policy/)

12.3. Transfer to third parties / abroad

This information is usually transferred to a Meta server in the USA and stored there. The USA is deemed a third country without an appropriate level of data protection in terms of GDPR. When you grant your consent, you are also agreeing to this transfer (Art. 49 (1) a) GDPR). For the transfer, Mega relies on the standard contractual clauses approved by the European Commission in accordance with Art. 46 (2) c) GDPR. The EU standard data protection clauses (Art. 46 (2) Sentence 1 c) GDPR), which can be classified as an appropriate guarantee for the protection of the transfer and the processing of data outside the EU, shall be part of LinkedIn’s terms of use. You can find further information about this at: https://www.facebook.com/privacy/center/. We have no influence over this data transfer.

12.4. Storage period

The collected data shall be stored for up to 180 days.

12.5. Possibility of cancellation and erasure

Cookies shall be stored on the user’s computer and transmitted from there to our website. Therefore, you as the user have complete control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Cookies which have already been stored can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, you may no longer be able to make full use of all the functions of the website.

You can withdraw your data protection consent at any time in our consent management system, with the consequence that the stored data or cookies will be deleted. A withdrawal of consent shall not affect the lawfulness of the processing which has taken place on the basis of the consent before it was withdrawn. You can find further information at: https://www.facebook.com/about/privacy.

13. Google Ads conversion tracking, remarketing and conversion linker

13.1. Description, purpose and legal basis of the data processing

Our website uses the services of the Google Ads platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) if the service is accessed in the European Union or the European Economic Area. Google Ireland Limited is a company belonging to Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

These services help us to measure conversions (e.g. contact forms) and to display personalised advertising through remarketing. In addition, enhanced conversions improve conversion tracking thanks to encrypted first-party data.

Google Ads shall only be used subject to your express consent in accordance with Art. 6 (1) a) GDPR. Your consent shall be obtained via our cookie consent tool and can be withdrawn at any time.

a) With the help of conversion tracking, we can track what happens after a user has clicked on one of our advertisements – for example whether they have visited a specific page or sent an enquiry.

If you access our website via a Google advertisement, a cookie shall be stored on your device. This cookie shall lose its validity after 30 days and shall not be used for personal identification. Within this period, Google and we can see that someone has clicked on an advertisement and visited our page.

b) The Google Ads remarketing function enables us to display interest-based advertising to website visitors on other websites in the Google partner network.

To this end, a cookie shall be stored that identifies whether and how the user has interacted with our website. Google shall assign this information to a Google account if applicable, thus making cross-device remarketing possible.

c) To better measure our success, we link data from Google Ads to other Google services: Google Analytics and Google Tag Manager. This enables us to analyse the user behaviour more comprehensively and to optimise our advertising campaigns.

13.2. Processed data

IP address
device information
browser data
pages visited
user interactions
hashed user data if applicable (e.g. email address in the case of enhanced conversions)
Google ID

The conversion linker can also amalgamate user data across devices and sessions.

13.3. Transfer to third parties / abroad

You can find further information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy

13.4. Storage period

Cookies shall remain enabled for up to 90 days.

13.5. Possibility of cancellation and erasure

Cookies shall be stored on the user’s computer and transmitted from there to our website. Therefore, you as the user have complete control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Cookies which have already been stored can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, you may no longer be able to make full use of all the functions of the website.

In addition, Google provides the following opt-out options:

You can find further information at: https://policies.google.com/privacy.

14. Hotjar

14.1. Description, purpose and legal basis of the data processing

On our website, we use the web analysis service Hotjar, provided by Hotjar Limited, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta. Hotjar is used to analyse user behaviour (e.g. mouse movements, clicks, scrolling behaviour) to optimise our website’s user-friendliness. To this end, Hotjar creates heatmaps, conversion funnels and records of user interactions.

The processing shall take place on the basis of your express consent in accordance with Art. 6 (1) a) GDPR, which shall be requested via our cookie consent banner. Consent shall be voluntary and may be withdrawn at any time with effect for the future.

14.2. Processed data

anonymised IP address
device type, operating system
browser information, language setting
date and time of the access, length of the visit
clicking behaviour, mouse movements, scroll depth (heatmaps)
referrer URL

No keystrokes or personal data (such as names, passwords) shall be stored.

14.3. Transfer to third parties / abroad

Hotjar shall store the data exclusively on servers within the EU (as at: 2024). A data transfer to third countries shall not take place, unless an additional Hotjar functionality has been enabled that requires this (e.g. through integrations with third-party services – we are not currently using these). We have enabled functions such as “input masking” and suppressing of personal data.

14.4. Storage period

The data shall be deleted after 365 days.

14.5. Possibility of cancellation and erasure

Cookies shall be stored on the user’s computer and transmitted from there to our website. Therefore, you as the user have complete control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Cookies which have already been stored can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, you may no longer be able to make full use of all the functions of the website.

In addition, Hotjar provides the following opt-out option via:
https://www.hotjar.com/legal/compliance/opt-out

You can find further information at: https://www.hotjar.com/legal/policies/privacy/

15. Leadfeeder

15.1. Description, purpose and legal basis of the data processing

On our website, we use the service Leadfeeder, provided by Dealfront Group GmbH (formerly Liidio Oy/Leadfeeder), Lüdinghauser Strasse 27, 59387 Ascheberg, Germany. Leadfeeder analyses the behaviour of visitors to our website to identify potential business customers (leads). Leadfeeder helps us to identify which customers have visited our website. No personal data are processed, but only company data that can be assigned with the help of publicly available information (e.g. company IP addresses and databases).

The processing shall take place on the basis of Art. 6 (1) f) GDPR – our legitimate interest in analysing website visits for business purposes and in improving our B2B acquisition process.

If personal tracking takes place via additional Leadfeeder functions (e.g. contact forms, CRM migration), we shall obtain your consent to this separately in accordance with Art. 6 (1) a) GDPR.

15.2. Processed data

shortened IP address
pages visited
date and time of the visit, length of the visit
referrer URL
assignment to a company on the basis of publicly accessible databases

Leadfeeder does not use any cookies, but exclusively accesses serve log data that is generated by the website infrastructure.

15.3. Transfer to third parties / abroad

Among other things, Leadfeeder uses the infrastructure of the Dealfront Group (https://help.dealfront.com/de/) with server locations in the EU. A data transfer to third countries (e.g. the USA) shall not take place unless you are using additional functions or integrations that require this. In this case, the transfer shall take place only with suitable guarantees or consent in accordance with Art. 49 (1) a) GDPR.

15.4. Storage period

IP addresses shall be anonymised immediately. Further data shall be stored for up to 2 years unless it is deleted or anonymised before then.

15.5. Possibility of cancellation and erasure

Cookies shall be stored on the user’s computer and transmitted from there to our website. Therefore, you as the user have complete control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transfer of cookies. Cookies which have already been stored can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, you may no longer be able to make full use of all the functions of the website.

You can withdraw your data protection consent at any time in our consent management system, with the consequence that the stored data or cookies will be deleted. A withdrawal of consent shall not affect the lawfulness of the processing which has taken place on the basis of the consent granted before it was withdrawn. You can find further information at: https://www.leadfeeder.com/privacy/ and
https://help.dealfront.com/de/collections/3898022-leadfeeder

16. Social media

16.1. Description, purpose and legal basis of the data processing

Our websites contain links to the social networks on which we, the Leistritz Group and its affiliated companies, have a presence. These can take you directly to the account/profile of the various companies in the Leistritz Group.

We use our social media accounts to get in contact with you as a user, a customer or a prospective customer, to provide information and to present our company publicly. This may lead to the processing of personal data.

The processing shall take place on the basis of our legitimate interests in accordance with Art. 6 (1) f) GDPR. These are our external image and communication with users, customers and perspective customers as well as the analysis, optimisation and cost-effective operation of our online and media offerings. In the event of enquiries by the aforementioned groups of people, Art. 6 (1) b) GDPR (contract or steps prior to entering into a contract) may also be relevant.

If you click on one of the aforementioned link buttons, you will be redirected directly to the web pages of the respective social network or media platform. When you click on the respective link button, the information that you have accessed specific web pages on our website shall be forwarded to the servers of the respective social network. For users who are logged into the social network at the time, this shall have the effect of assigning the user data to their own personal account.

We shall share responsibility for operating the accounts with the operator of the social network/media platform as joint controllers in accordance with Art. 26 GDPR. Please note that when you are using social networks, the privacy policies of the respective providers, over which we have no influence, shall also apply. The content of the transmitted data lies outside our sphere of influence. You can find further information on the respective network below.

16.1. LinkedIn

“LinkedIn” is operated by LinkedIn Corp., 1000 W. Maude Ave, Sunnyvale, California, USA, or if the service is provided in the European Union (EU), by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The LinkedIn links used are generally identified by blue logo with the white letters “in”.

16.2. YouTube

“YouTube” is a service offered by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if the service is provided in the European Union (EU), by Google Ireland Ltd. based in Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). The links to our embedded videos on the “YouTube” platform are generally identified by the designation “YouTube” or by a white triangle on a red background.

16.3. XING

“XING” is operated by New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany. The XING links used are generally identified by the white letter “X”.

16.4. Facebook

“Facebook” is operated by Meta Platforms Inc., 1601 Willow Rd, Menlo Park, CA 94025, USA, or if the service is provided in the European Union (EU), by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. You can generally identify these links by their design with Facebook logos or familiar colours (i.e. a white “f” on a blue tile or by terms such as “Like” or a “thumbs up” symbol).

16.5. Instagram

“Instagram” is operated by Meta Platforms Inc., 1601 Willow Rd, Menlo Park, CA 94025, USA, or if the service is provided in the European Union (EU), by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The links used are generally identified by an Instagram logo, for example in the form of an “Instagram camera”.

16.6. TikTok

If you live in the European Union (EU), the European Economic Area (EEA), the United Kingdom (UK) or Switzerland, TikTok is operated by TikTok Technology Limited, 10, Earlsfort Terrace, Dublin, D02 T380, Ireland, an Irish company (“TikTok Ireland”), and TikTok Information Technologies UK Limited, 4 Lindsey Street, Kaleidoscope, London EC1A 9HP, United Kingdom (“TikTok UK”), a British company. The TikTok logo is generally a “musical note”.

16.7. Transfer to third countries

For the event that personal data are transmitted to Meta Platforms Inc., X Corp. and/or LinkedIn Corp., each based in the USA, these operators have taken appropriate measures (e.g. agreed EU standard contractual clauses) to guarantee compliance with the data protection level applicable in the EU. These companies are participants in the EU-US Data Privacy Framework.

Please note that we have no knowledge of the scope and content of the data transmitted to the respective social networks and their use by the respective social networks.

You can find further information on data protection at “Facebook” in Facebook’s privacy policy at http://de-de.facebook.com/policy.php
You can find further information on data protection at “Instagram” in Instagram’s privacy policy, which you can access at https://privacycenter.instagram.com/policy/.
You can find further information on data protection at “X”/”Twitter” in Twitter’s privacy policy at http://x.com/de/privacy
You can find further information on data protection at X/Twitter in the account settings at http://x.com/de/privacy
You can find further information on data protection at “TikTok” in TikTok’s privacy policy at http://de-de.facebook.com/policy.php
You can find further information on data protection at “LinkedIn” in LinkedIn’s privacy policy at http://de-de.facebook.com/policy.php