Jump to the content of the page

Information on data protection

In this data privacy policy, we inform you about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). ZwickRoell GmbH & Co. KG (hereinafter referred to as “we” or “us”) is responsible for data processing.

I. General information

1. Contact

If you have questions or suggestions in relation to this information or if you want to contact us regarding the assertion of your rights, please send your inquiry to

ZwickRoell GmbH & Co. KG
August-Nagel-Strasse 11
89079 Ulm
Germany
Tel.: +49 7305 10 -0
Email: info@zwickroell.com

2. Legal bases

The term “personal data” in data protection law designates all information in relation to an identified or identifiable natural person. We process personal data in compliance with the relevant data protection regulations, especially GDPR and BDSG. Data processing by us takes place only on the basis of a legal permission. We process personal data only with your consent (Section 25 (1) of the German Telemedia Act (TDDDG) or Article 6 (1) (a) GDPR) to perform a contract in which you are the contracting party, or on your request for the implementation of precontractual measures (Article 6 (1) (b) GDPR), for compliance with a legal obligation (Article 6 (1) (c) GDPR), or if the processing is necessary for the purposes of protecting our legitimate interests or the legitimate interests of a third party, provided that your interests or fundamental rights and freedoms that require the protection of personal data are not overriding (Article 6 (1) (f) GDPR).

3. Duration of storage

Unless stated otherwise below, we store the data only for so long as this is necessary to achieve the processing purpose or for the fulfillment of our contractual or statutory obligations. Such statutory retention obligations may arise in particular from regulations under commercial or tax law. As of the end of the calendar year in which the data was collected, we will retain such personal data that is contained in our accounting data for ten years and will retain personal data contained in commercial correspondence and contracts for six years. Otherwise, we will retain data in connection with consents for which proof must be provided and in connection with complaints and receivables claims for the duration of the statutory limitation periods. We will erase data stored for advertising purposes if you object to processing for this purpose.

4. Categories of data recipients

In principle, we will not pass your personal data on to third parties, unless you have consented to the forwarding of the data or we are entitled or obliged to pass on the data based on statutory provisions or administrative or judicial orders. This can refer here, in particular, to issuing information for the purpose of criminal prosecution, for averting of a danger or for the enforcement of intellectual property rights.

We engage processors for processing your data. The processing processes executed by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, purchase order processing, accounting and payroll, marketing measures or the destruction of records and durable media. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller responsible for data processing. Processors do not use the data for their own purposes but, instead, carry out the data processing exclusively for the processor and are contractually obliged to ensure suitable technical and organizational measures for data protection. Otherwise, we may, if necessary, transmit your personal data to bodies such as postal and delivery services, our company’s main bank, tax consultants/auditors or fiscal authorities. Further recipients may, if applicable, arise from the information below.

5. Data transfer to third countries

Visiting our website may be connected with the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate data protection level is in place in such a third country. In the absence of an adequacy decision by the European Commission, a transfer of personal data to a third country shall only take place if suitable guarantees in accordance with Article 46 GDPR are provided or if one of the conditions of Article 49 GDPR is met.

Unless otherwise stated below, we use EU standard data protection clauses as appropriate safeguards for transfers of personal data to third countries. You have the option to receive a copy of these EU standard data protection clauses or to view them. Please contact us at the address provided under Contact.

If we obtain your consent for the transfer of personal data to third countries, the transfer takes place on the legal basis of Article 49 (1) (a) GDPR.

6. Processing when you exercise your rights

If you exercise your rights pursuant to Articles 15 to 22 GDPR, we process the transferred personal data for the purpose of implementing these rights and in order to be able to provide proof of this. With regard to data stored for the provision of information and preparation for this, we shall only process this data for this purpose as well as for the purposes of data protection monitoring and shall otherwise restrict the processing in accordance with Article 18 GDPR.

This processing relies on the legal basis of Article 6 (1) (c) GDPR in conjunction with Articles 15 to 22 GDPR and Section 34 (2) BDSG.

7. Your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights in this regard:

  • In accordance with Article 15 GDPR and Section 34 BDSG, you have the right to request information on whether or not we are processing your personal data and, if yes, to what extent.
  • In accordance with Article 16 GDPR, you have the right to demand that we rectify your data.
  • In accordance with Article 17 GDPR and Section 35 BDSG, you have the right to demand that we erase your personal data.
  • In accordance with Article 18 GDPR, you have the right to have the processing of your personal data restricted.
  • In accordance with Article 20 GDPR, you have the right to receive the personal data concerning you, which you provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit this data to another controller.
  • If you have given us specific consent for data processing, you can withdraw this consent at any time in accordance with Article 7 (3) GDPR. The legality of the processing that took place up to the time of the revocation on the basis of the consent shall remain unaffected by such revocation.
  • If you are of the view that a processing of personal data concerning you breaches the provisions of the GDPR, you have the right in accordance with Article 77 GDPR to complain to a supervisory authority.

8. Right to object

In accordance with Article 21 (1) GDPR, you have the right to object, on grounds relating to your particular situation, to processing that relies on the legal basis of Article 6 (1) (e) or (f) GDPR. If we process personal data concerning you for the purpose of direct advertising, you can object to this processing pursuant to Article 21 (2) and (3) GDPR.

9. Data protection officer

You can reach our data protection officer using the following contact details:

ZwickRoell GmbH & Co. KG
Attn: Mr. Jörg Zimmerman
August-Nagel-Strasse 11
89079 Ulm
Germany
Email: datenschutz@zwickroell.com

II. Data processing on our website

When you use this website, we record information that you yourself provide. Furthermore, while you are visiting the website, we automatically record certain information on your use of the website. Under data protection law, the IP address is also deemed to be a piece of personal data. An IP address is assigned by the Internet service provider to each device connected to the Internet so that the device can send and receive data.

Processing of server log files

When our website is used for purely informational purposes, general information that your browser transmits to our servers is initially stored in an automated manner (i.e. not via a registration). This includes the following information as standard: browser type/version, operating system used, page called, the referrer URL, IP address, date and time of the server request and HTTP status code. The processing takes place to protect our legitimate interests and relies on the legal basis of Article 6 (1) (f) GDPR. This processing is carried out for the technical administration and security of the website. The stored data is erased after seven days if no justified suspicion of unlawful use exists based on specific indications and no further examination and processing of the information for this reason is required. The stored information does not enable us to identify you as a data subject. Articles 15 to 22 GDPR therefore do not apply pursuant to Article 11 (2) GDPR, unless you provide additional information for the exercise of your rights laid down in these articles, thus allowing you to be identified.

Cookies

We use cookies and similar technologies (“cookies”) on our website. Cookies are small text files that your browser stores when you visit a website. They identify the browser you are using and can be recognized by web servers. Through your browser, you have full control over the use of cookies. You can delete the cookies in your browser security settings at any given time. In your browser settings, you can reject the use of cookies altogether or block them for certain cases. Further information on this is provided by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik):
https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html

The use of cookies is, to some extent, necessary for technical reasons for the operation of our website and is therefore permissible without the user’s consent. Furthermore, we might use cookies to provide certain functions and content, as well as for analysis and marketing purposes. These may also include third-party cookies. Regarding such cookies that are not necessary for technical reasons, we only use them with your consent pursuant to Section 25 (1) TDDDG or Article 6 (1) (a) GDPR. 
Information on the storage period for single cookies is available here.

Consent Management Tool

The Consent Management Tool enables users of our website to consent to certain cookies and data processing procedures, to withdraw consent that has been given, or to object to data processing. Furthermore, the Consent Management Tool supports us in being able to provide proof of your declarations. For this purpose, log data relating to your declarations is processed. The processing of this data is necessary in order to be able to provide proof of consent given. The legal basis is Article 6 (1) (c) GDPR in conjunction with Article 7 (1) GDPR. Further information can be found in the settings for the Consent Management Tool.

Ways to contact us and inquiries

There are several places on our website where you can contact us directly. Our website contains contact forms for this purpose, and you can use these to send us messages. When you contact us in this way, your data is transferred in encrypted format (which you can tell from the “https” in your browser’s address bar). All data fields indicated as mandatory are required in order for your request to be processed. If you do not fill in these fields, we will be unable to process your request. The provision of further data is voluntary. Alternatively, you can also send us a message using the contact email address.
We process the data for the purpose of replying to your inquiry. If your inquiry is aimed at the conclusion or performance of a contract with us, Article 6 (1) (b) GDPR is the legal basis for the data processing. Otherwise, we process the data on the basis of our legitimate interest to contact persons making an inquiry. The legal basis for the data processing is then Article 6 (1) (f) GDPR.

Customer portal

The customer portal is an online platform integrated into our website that existing ZwickRoell customers can use to access special content and services.
The legal basis for the processing of personal data via the customer portal results from Art. 6 para. 1 letter b GDPR if the registered person is a ZwickRoell customer and in this case serves the execution of the contract. Otherwise, the legal basis arises from Art. 6 para. 1 letter f GDPR and is used to safeguard our legitimate interest in enabling our customers' employees to use our customer portal.

Registation and login
Existing ZwickRoell customers or their employees can create a digital account for the ZwickRoell customer portal via our websites. A personalized e-mail address must be provided for this registration and verification as a customer. Registration is not possible without the provision of such an e-mail address. We will then send an e-mail containing a confirmation link to the e-mail address provided to us.
You can log in to the customer portal using the e-mail address provided and a password of your choice.

Live chat
In our customer portal, you have the option of contacting our customer support via a live chat service.
For this, we use the Rocket.chat service from the provider Rocket.chat Technologies Corp (USA). To integrate the service, it is technically necessary to process your IP address so that the content can be sent to your browser. In addition, the content of the chat and, if applicable, certain other information about the chat history (such as the duration of the chat and response and reaction times) are processed by the provider via the service. This data processing is carried out by Rocket.Chat Technologies Corp. as a processor. Please also refer to the information in the section entitled “Data transfer to third countries.”

Training platform
Training courses can be booked and requests for individual training can be made via the training platform. The data required for this can be found in the input form. Without the provision of this data, it is not possible to process the request and the data provided will be used to carry out the booked course or training session. This includes in particular the sending of confirmation letters and training documents/information.
The training platform is operated and supported by the provider time4you GmbH (Germany/EU). The processing of personal data is carried out by time4you GmbH as a processor.
When booking training courses, it is possible for the person making the booking to register several participants or other participants. In this case, the person making the booking must ensure that they are authorized to use the personal data of the participants to be registered. With the confirmation of participation, we will make the data protection information available to the participants via a link.

Newsletter

Subscribing and unsubscribing:
on our website we offer the option of subscribing to our newsletter. Once you subscribe, you will receive up-to-date news on our offers on a regular basis. A valid email address is required to subscribe to the newsletter. For verification of the email address, you will firstly receive a registration email that you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your email address and your name on the basis of the consent that you gave. The processing relies on the legal basis of Article 6 (1) (a) GDPR. You can withdraw consent at any time with effect for the future, for example via the “Unsubscribe” link in the newsletter or by contacting us via the aforementioned channels. The legality of the data processing processes that have already taken place shall remain unaffected by the withdrawal.

When you subscribe to the newsletter, we store your registration data and the registration date. The processing of this data is necessary so as to be able to provide proof of consent given. The legal basis is our legal obligation to document your consent (Article 6 (1) (c) GDPR in conjunction with Article 7 (1) GDPR).

Analysis
Our newsletter uses what are called web beacons or tracking pixels to analyze your reading behavior. Tracking pixels are small image files that are integrated into the newsletter email, thus allowing a log file to be recorded and analyzed.

When you open the newsletter email, the tracking pixel from the server hosting the newsletter service is loaded and some information about you is transmitted at the same time, e.g. whether the email was opened, the time it was called and the associated IP address. In addition, links in the email can provide information on which products are more interesting – that is, which ones are clicked more frequently than others.

Both the respective web beacon/tracking pixel as well as the links in the email can be uniquely assigned to the email address used to send the newsletter, which means that the respective newsletter recipient can therefore be inferred.

This analysis takes place on the basis of the consent that you have given. The processing is based on the legal basis of Section 25 (1) TDDDG or Art. 6 (1) (a) GDPR. You can withdraw consent at any time with effect for the future, for example via the “Unsubscribe” link in the newsletter or by contacting us via the aforementioned channels. The legality of the data processing processes that have already taken place shall remain unaffected by the withdrawal.

Service provider
We use an external service provider, which enables us to provide you with up-to-date information and offers and simplifies newsletter administration for us.

We work with the “Evalanche Marketing Automation” newsletter system and the company SCNetworks GmbH, Würmstraße 4, 82319 Starnberg, Germany. It is a cloud-based service for the newsletter distribution, which allows us to create, send and manage the newsletter.

Adobe Fonts

On our website, we use Adobe Fonts from Adobe Systems Software Ireland Limited (Ireland/EU) for the uniform display of fonts. When you call a page, your browser loads the required web fonts into the browser cache so as to display texts and fonts correctly. For technical reasons, it is necessary to process your IP address for such an integration so that the content can be sent to your browser. Your IP address is therefore transmitted to Adobe. For legal reasons related to licensing, it is necessary to count the page visits, which is why your browser transmits our Adobe customer ID as website operator, among other information. No cookies are set during this process. You can object to this data processing at any time via the settings in the browser that you are using or via certain browser extensions. One such extension, for example, is the matrix-based firewall uMatrix for the Firefox and Google Chrome browsers. Please note that this may lead to functional restrictions on the website. If your browser does not support web fonts, a default font from your computer will be used.

This data processing takes place to protect our legitimate interests of having a uniform and appealing display of our website and relies on the legal basis of Article 6 (1) (f) GDPR.

Users can find further information on data protection at Adobe in Adobe’s data privacy policy available at https://www.adobe.com/de/privacy/policies/adobe-fonts.html

Google Tag Manager

We use Google Tag Manager from the provider Google Ireland Limited (Ireland/EU) on our website.

Google Tag Manager is used for the purpose of being able to manage our website tags via a single interface. Google Tag Manager is used only to trigger other tags, which in turn record data under certain circumstances. Google Tag Manager itself does not access this data. If a deactivation took place at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

Google Analytics

We use the Google Analytics service from the provider Google Ireland Limited (Ireland/EU) on our website.

Google Analytics is a web analysis service that enables us to collect and analyze data on the behavior of visitors to our website. Google Analytics uses cookies for this, enabling the usage of our website to be analyzed. In this process, personal data in the form of online IDs (including cookie IDs), IP addresses, device IDs and information on the interaction with our website is processed.

To some extent, this data comprises information that is saved in the end device that you are using. Furthermore, the cookies used also store further information on the end device that you are using. Such storage of information by Google Analytics or access to information that is already stored on your end device only takes place with your consent.

Google Ireland processes the data collected in this way on our behalf to analyze usage of our website by users, to compile reports on activities within our website and to provide us with other services related to the usage of our website and to Internet usage. Pseudonymous user profiles of users may be created from the processed data.
We only use Google Analytics when IP anonymization is activated. This means that, within member states of the European Union or in other countries that are signatories to the Agreement on the European Economic Area, Google Ireland truncates the user’s IP address on this website. The IP address transmitted by the user’s browser is not combined with other data.

The data on user actions is stored for a period of 2 months and then automatically deleted. The deletion of data whose storage period has expired takes place automatically once a month.

The setting of cookies and the further processing of personal data as described here takes place with your consent pursuant to Section 25 (1) TDDDG or Article 6 (1) (a) GDPR.

Users can find further information on data protection at Google in Google’s data privacy policy: https://www.google.com/policies/privacy.

Hubspot Analytics

We use HubSpot, a service provided by HubSpot Germany GmbH, to evaluate visits to our website. HubSpot uses cookies and similar technologies that allow us to analyze how you use our website. We process personal data in the form of online identifiers (including cookie identifiers), IP addresses, and device identifiers. HubSpot uses this information on our behalf to evaluate how visitors are using our online content, and to gather reports for us on activities within our website. The processed data can then be used to create visitor usage profiles.

Additional information on this process, the technologies used, the type and duration of data saved can be found in the settings within our Consent Management tool.
The setting of cookies and further processing of personal data as described here only takes place with your consent. Legal basis for data processing in connection with the HubSpot service is therefore Section 25 (1) TDDDG or Article 6 (1) (a) GDPR.

When using HubSpot services, transfer of data to HubSpot Inc. in the USA cannot be excluded. Please refer to the information in the section entitled “Data transfer to third countries.”

Matomo

Our accessories catalog https://parts.zwickroell.com uses Matomo.

Matomo is open-source software for website optimization that uses cookies to anonymously analyze access by website visitors. In this process, the IP address is anonymized immediately after it has been processed and before it is stored. Further processing of personal data therefore does not take place when using Matomo. The information on your usage of this offering that is generated by the cookies is not used for person-related analysis or profiling and is also not passed on to third parties. This data processing takes place to protect our legitimate interest in reach measurement and the statistical analysis of our website.

The setting of cookies and the further processing of personal data as described here takes place with your consent. The legal basis for data processing is therefore Section 25 (1) TDDDG or Art. 6 (1) (a) GDPR.

Hotjar

We use the Hotjar service from the provider Hotjar Ltd. (Malta/EU) on our website.

Using Hotjar, we can perform an analysis of your movements on our website with the aid of “heatmaps”. We can therefore see how far users scroll and which buttons the users click on most often. In addition, it is also possible to use the tool to obtain feedback directly from the website users. In this way, we obtain valuable information for making our website faster and more user-friendly.

Using Hotjar, we can now track which buttons were clicked, the mouse movements, how far the user scrolled, the screen size of the device, the device type and browser information. In addition, we receive information on your geographical location (country) and the preferred language for displaying our website. Areas of the website in which your personal data or that of third parties is displayed are automatically hidden by Hotjar and therefore cannot be traced by the tool at any time.

Hotjar works with cookies and other technologies to collect data about the behavior of our users and about their end devices, especially the IP address of the device (this is recorded and stored in an anonymized form only while you are using the website), screen size, device type (unique device identifiers), information on the browser used, location (country only), preferred language for viewing our website.

The setting of cookies and the further processing of personal data as described here takes place with your consent. The legal basis for data processing is therefore Section 25 (1) TDDDG or Art. 6 (1) (a) GDPR.

Further information on the Hotjar service and on Hotjar data privacy is available on Hotjar’s Help page at https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar.

Google Ads

We use the Google marketing services of Google Ireland Limited (Ireland/EU).

By using Google Ads Conversions, we can place relevant ads for users in the Google advertising network (e.g. in search results or on other websites), improve reports on campaign performance, and avoid ads being run several times for a user. Each Ads customer sets a different conversion cookie. These cookies therefore cannot be tracked across websites of different Ads customers. A cookie ID records which ads are run in which browser. This means that it is possible to prevent the same campaign from being displayed several times. In addition, cookie IDs can be used to record what are known as conversions, i.e. whether or not a user sees an ad and later visits the website of the advertiser and purchases something there.

Remarketing allows us to connect with users who have already interacted with our website. Our ads are run if this target group visits a Google website or a website in the Google advertising network. For this purpose, Google executes a code when our website is called, and what are know as (re)marketing tabs are integrated into the website. An individual cookie is saved on the user’s device with the aid of these tags. The cookies can be set by various domains, including google.com, doubleclick.net, googlesyndication.com or googleadservices.com. A note of which websites users visited, what content they are interested in and which offers were availed of is kept in this file. In addition, technical information on the browser and the operating system, referring websites, visit time, as well as other details on usage of our online offering, are saved. All user data is only processed as pseudonymized data and does not contain any information that we can use to personally identify users. The ads displayed are therefore not displayed specifically for a person, but rather for the cookie owner.

The use of Google Marketing Services takes place only with your consent pursuant to Section 25 (1) TDDDG or Article 6 (1) (a) GDPR. 
Users can find further information on data protection at Google in Google’s data privacy policy: https://www.google.com/policies/privacy.

Google Maps

On our website, we use Google Maps from Google Ireland Limited (Ireland/EU) to display country maps and for virtual tours. For technical reasons, it is necessary to process your IP address for such an integration so that the content can be sent to your browser. Your IP address is therefore transmitted to Google, and Google may possibly set its own cookies.

The use of Google Maps takes place only with your consent pursuant to Section 25 (1) TDDDG or Article 6 (1) (a) GDPR.

You can find further information on data protection at Google in Google’s data privacy policy available at https://www.google.com/policies/privacy.

YouTube

We use the YouTube service of Google Ireland Limited (Ireland/EU) to integrate videos on our website.

For technical reasons, it is necessary to process your IP address for such an integration so that the content can be sent to your browser. Your IP address is therefore transmitted to Google, and Google may possibly set its own cookies. We use YouTube in “privacy enhanced mode” so that YouTube does not use any cookies to analyze usage behavior.

The use of YouTube takes place only with your consent pursuant to Section 25 TDDDG or Article 6 (1) (a) GDPR.

Users can find further information on data protection at Google in Google’s data privacy policy available at https://www.google.com/policies/privacy.

Matterport

We use the Matterport service from Matterport, Inc. (USA) on our website to integrate virtual tours.

For technical reasons, it is necessary to process your IP address for such an integration so that the content can be sent to your browser. Your IP address is therefore transmitted to Matterport, and Matterport may possibly set its own cookies.

The use of Matterport takes place only with your consent pursuant to Section 25 (1) TDDDG or Article 6 (1) (a) GDPR.

When using Matterport, transfer of data to the USA cannot be excluded. Please refer to the information in the section entitled “Data transfer to third countries.” Users can find further information on data protection at Matterport in Matterport’s data privacy policy available at https://matterport.com/privacy-policy.

Studio 2038 - 3D / AR Services

To further improve the presentation of our products on our Website and bring our testing machines into your laboratory environments through augmented reality (AR), we use the 3D and AR services from Studio 2038 GmbH, which are made available to us through Vrxs GmbH (Germany/EU). Studio 2038 GmbH collects data from the server log files of potential customers when they look at the products on our website. The data is particularly focused on the behavior of the customer on our website. For example, the following data is collected:

  • Number and timestamp of clicks on individual products
  • Duration of the visit
  • Interaction with the product (click on animation, opening the notes/comments)
  • Click referral (last page before opening product)
  • Last device used for access (tablet/mobile phone/desktop)

The collected data is analyzed by Studio 2038 GmbH and provided to us through an account on the Studio 2038 GmbH platform. The IP address is anonymized with the initial request to the server, so that it cannot be directly assigned to a user at any time.
The use of Studio 2038 GmbH only occurs with your consent pursuant to Section 25 (1) TDDDG or Article 6 (1) (a) GDPR.

Metadata.io

With your consent, our website uses the Metadata.io service provided by Metadata Inc. (USA – “Metadata”) to show advertising that is more targeted toward our customers. This involves transmitting your data (name and email address) and IP address to Metadata. Metadata then aligns this information and combines it with relevant work-related personal data (e.g., employer, work telephone number, work email address). This combined information is given to us so we can determine target groups for our advertising. The input fields are appropriately marked. The data are encrypted to protect them against unauthorized access during transfer and storage. 

The legal basis for the processing of your data as described above is Article 6 (1) (a) GDPR. The processing is also subject to your consent. 

We cannot rule out the possibility that your data will be transferred to the USA as a result of using Metadata. Please see the “Data transfer to third countries” section for more information in this regard. You can find further details about Metadata’s privacy policy at https://metadata.io/gdpr-policy/

Meta-Pixel

We use the Meta Pixel, a meta business tool of Meta Platforms Ireland Limited (Meta Platforms Ireland Ltd./EU) on our website. For information on the contact details of Meta Platforms Ireland Ltd. and the contact details of the data protection officer of Meta Platforms Ireland Ltd. please refer to the privacy policy of Meta Platforms Ireland Ltd. at https://www.facebook.com/about/privacy

The meta pixel is a JavaScript code snippet that allows us to track the activity of visitors to our website. This tracking is called conversion tracking. The meta pixel collects and processes the following information (so-called event data):

  • Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;
  • Specific pixel information such as the pixel ID and the Facebook cookie;
  • Information about buttons clicked by visitors to the website;
  • Information present in HTTP headers, such as IP addresses, web browser information, page location, and referrer;
  • Information about the status of disabling/restricting ad tracking.

Some of this event data is information that is stored in the device you are using. In addition, cookies are also used via the meta pixel, via which information is stored on your end device used. Such storage of information by the Facebook pixel or access to information that is already stored in your end device only takes place with your consent in accordance with Section 25 (1) TDDDG.

The event data collected via the meta pixel is used for targeting our ads and improving ad delivery on meta products such as the social media platforms Facebook and Instagram, for personalizing features and content, and for improving and securing the meta products. For this purpose, the event data collected on our website by the meta pixel is transmitted to Meta Platforms Ireland Ltd. This collection and transmission of event data is carried out by us and Meta Platforms Ireland Ltd. as joint controller. We have concluded a joint controller agreement with Meta Platforms Ireland Ltd. that sets forth the distribution of data protection responsibilities between us and Meta Platforms Ireland Ltd. In this agreement, we and Meta Platforms Ireland Ltd. have agreed, among other things,

  • that we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR regarding the joint processing of personal data;
  • that Meta Platforms Ireland Ltd. is responsible for enabling the rights of data subjects under Art. 15 to 20 GDPR with respect to personal data stored by Meta Platforms Ireland Ltd. after the joint processing.

You can access the agreement concluded between us and Meta Platforms Ireland Ltd. at https://www.facebook.com/legal/controller_addendum.

Meta Platforms Ireland Ltd. is the sole controller for the subsequent processing of the submitted event data. For more information about how Meta Platforms Ireland Ltd. processes personal data, including the legal basis on which Meta Platforms Ireland Ltd. relies and how you can exercise your rights against Meta Platforms Ireland Ltd. please see Meta Platforms Ireland Ltd.'s privacy policy at https://www.facebook.com/about/privacy

We have also instructed Meta Platforms Ireland Ltd. to prepare reports on the impact of our advertising campaigns and other online content based on the Event Data collected through the Meta Pixel (Campaign Reports) and to provide analytics and insights about users and their use of our website, products and services (Analytics). We transfer personal data contained in the Event Data to Meta Platforms Ireland Ltd. The transferred personal data is processed by Meta Platforms Ireland Ltd. as our processor to provide us with the Campaign Reports and Analytics.

The collection and transmission of personal data by us to Meta Platforms Ireland Ltd. and the commissioned processing of personal data by Meta Platforms Ireland Ltd. for the creation of analyses and campaign reports will only take place if you have given your prior consent to this. The legal basis for the processing of personal data is therefore Article 6 (1) (a) GDPR.

The data processed on our behalf is transmitted by Meta Platforms Ireland Ltd. to Meta Platforms, Inc. in the USA. Meta Platforms Ireland Ltd. transfers the data to Meta Platforms, Inc. on the basis of processor-to-processor standard contractual clauses, but reserves the right to use an alternative transfer method recognized by the GDPR and other applicable data protection laws in the European Economic Area, the United Kingdom and Switzerland.

LinkedIn Insight-Tag

We use the LinkedIn Insight tag on our website, a marketing product of LinkedIn Ireland Unlimited Company (LinkedIn Ireland/EU). For information on the contact details of LinkedIn Ireland and the contact details of the data protection officer of LinkedIn Ireland, please refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy.

The LinkedIn Insight tag is a JavaScript code snippet that is triggered by LinkedIn when you call up our website and stores a cookie on the device you are using. Such storage of information by the LinkedIn Insight tag or access to information already stored in your terminal device and also further processing of personal data in connection with the LinkedIn Insight tag will only take place with your consent. The legal basis for the collection and transmission of personal data by us to LinkedIn Ireland is therefore Article 6 (1) (a) GDPR.

Via the LinkedIn Insight tag, we can perform various functions, which we describe to you in detail below. 
LinkedIn conversion tracking is an analytics function supported by the LinkedIn Insight tag. The LinkedIn Insight tag allows us to collect data about visits to our website, including URL, referrer URL, IP address, device, and browser properties (user agent), and timestamp. IP addresses are shortened or (if used to reach members across devices) hashed. LinkedIn does not provide us with personally identifiable information, but only provides reports (in which you are not identified) on site audience and ad performance. This allows us to track the effectiveness of LinkedIn ads for statistical and market research purposes.
The members' direct identifiers are removed by LinkedIn within seven days in order to pseudonymize the data. LinkedIn then deletes this remaining pseudonymized data within 180 days.

This processing is done for the purpose of obtaining information about our website target group and a report on the effectiveness of LinkedIn campaigns. 
We also use the Matched Audiences service to target our advertising campaigns to specific audiences. Through LinkedIn Matched Audiences and related data integrations, we can target advertising to specific audiences based on data we provide to LinkedIn (e.g., company lists, hashed contact information, device identifiers, or event data such as websites visited).

This processing is done for the purpose of marketing our offerings via the targeting of advertisements.
We have concluded a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. You can view this here: https://legal.linkedin.com/pages-joint-controller-addendum

Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the U.S. or other third countries. LinkedIn transfers personal data only to countries for which an adequacy decision of the European Commission according to Article 45 GDPR exists or on the basis of appropriate guarantees according to Article 46 GDPR.

III. Data processing on our social media pages

We are represented on several social media platforms with our company page. By doing this, we want to provide additional ways for people to find out about our company and to exchange information.

When you visit a social media platform or interact with it, this can lead to processing of your personal data. The information associated with a social media profile that is used also regularly constitutes personal data. This also includes messages and statements that are made while using the profile. Furthermore, while you are visiting a social media profile, oftentimes automatically determined information on this is recorded, which may also constitute personal data.

1. Visiting a social media page

a. Instagram

When you visit our Instagram page, via which we present our company or individual products from our range, certain information about you is processed.

For our Instagram page, Meta provides us with statistics and insights in anonymized form. We can use these to draw findings on the type of actions carried out by people on our page (known as “Page Insights”). These Page Insights are created based on specific information about people who visited our page. This processing of personal data is carried out by Meta and by us as joint controllers. This processing serves our legitimate interest of analyzing the types of actions carried out on our page and improving our page based on these findings. The legal basis for this processing is Article 6 (1) (f) GDPR. We cannot assign the information obtained through Page Insights to individual user profiles that interact with our Instagram page. We entered into an agreement with Meta on processing as joint controllers. The distribution of legal data protection obligations between us and Meta is set out in this agreement. Details on the processing of personal data for creating Page Insights and the agreement concluded between us and Meta is available at https://www.facebook.com/legal/terms/information_about_page_insights_data. In relation to this data processing, you can also assert your data subject rights (see the “Your rights” section) against Meta. Further information in this regard can be found in Meta’s data privacy statement, which is available at https://www.facebook.com/privacy/explanation.

Please note that in accordance with the Meta data policy, user data may also be processed in the USA or in other third countries. Meta only transfers user data to countries for which an adequacy decision by the European Commission in accordance with Article 45 GDPR exists, or on the basis of suitable guarantees in accordance with Article 46 GDPR.

b. LinkedIn

LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is, in principle, the sole controller for the processing of personal data for visits to our LinkedIn page. Further information on the processing of personal data by LinkedIn is available at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit our LinkedIn company page, follow this page or engage with the page, LinkedIn processes personal data so as to provide us with statistics and insights in anonymized form. We thus obtain knowledge about the types of actions carried out by users on our page (known as Page Insights). For this, LinkedIn processes, in particular, data that you have already provided to LinkedIn via the information in your profile, such as data on your role, country, sector, length of service, company size and employment status. Furthermore, LinkedIn processes information about how you interact with our LinkedIn company page, e.g. whether or not you are a follower of our LinkedIn company page. When providing Page Insights, LinkedIn does not make any of your personal data available to us. We only have access to the summarized Page Insights. The information in the Page Insights also does not enable us to draw conclusions regarding individual members. This processing of personal data within the framework of Page Insights is carried out by LinkedIn and by us as joint controllers. This processing serves our legitimate interest of analyzing the types of actions carried out on our LinkedIn company page and improving our company page based on these findings. The legal basis for this processing is Article 6 (1) (f) GDPR. We entered into an agreement with LinkedIn on processing as joint controllers. The distribution of legal data protection obligations between us and LinkedIn is set out in this agreement. The agreement can be called at: legal.linkedin.com/pages-joint-controller-addendum. The following applies according to the agreement:

  • We and LinkedIn have agreed that LinkedIn is responsible for enabling you to exercise the rights that you are entitled to under the GDPR. You can contact LinkedIn online in this regard using the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=en) or get in touch with LinkedIn via the contact details in the data privacy policy. You can contact the data protection officer at LinkedIn Ireland using the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us, using the contact details provided, with regard to the exercising of your rights in connection with the processing of personal data within the framework of Page Insights. In such cases, we will forward your inquiry to LinkedIn.
  • We and LinkedIn have agreed that the Irish Data Protection Commission is the supervisory authority in charge of monitoring processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with any other supervisory authority.

Please note that in accordance with the LinkedIn data privacy policy, personal data may also be processed by LinkedIn in the USA or in other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision by the European Commission in accordance with Article 45 GDPR exists, or on the basis of suitable guarantees in accordance with Article 46 GDPR.

2. Comments and direct messages

We also process information that you have provided to us via our company page on the various social media platforms. Such information may be the user name used, contact details or a message to us. We are the sole controller for this processing. We process this data on the basis of our legitimate interest of contacting persons who are making inquiries. The legal basis for the data processing is Article 6 (1) (f) GDPR. Further data processing may take place if you have given consent (Article 6 (1) (a) GDPR) or if this is necessary to fulfill a legal obligation (Article 6 (1) (c) GDPR).

IV. Further data processing

1. Customer and prospective customer data

If you, as a customer or prospective customer, contact our company, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of personal master data, contractual data and payment data provided to us, as well as contact and communication data of our contact persons in the case of commercial customers and business partners. The legal basis for this processing is Article 6 (1) (b) GDPR. In addition, we process customer and prospective customer data for analysis and marketing purposes. This processing takes place on the legal basis of Article 6 (1) (f) GDPR and serves our interest in further developing our offering and informing you about our offers in a targeted manner. Further data processing may take place if you have given consent (Article 6 (1) (a) GDPR) or if this is necessary to fulfill a legal obligation (Article 6 (1) (c) GDPR).

2. Use of email address for marketing purposes

We can use the email address that you provided during registration or when ordering to inform you about similar company products and services that we offer. The legal basis is Article 6 (1) (f) GDPR in conjunction with Section 7 (3) of the Law against Unfair Competition (UWG). You can object to this at any time without incurring any costs other than the transmission costs at the basic rates. To do so, unsubscribe by clicking on the unsubscribe link contained in each mailing or send an email with this request to info@zwickroell.com.

3. Job applications

If you apply for a job at our company, we process your job application data solely for purposes connected with your interest in current or future employment at our company and for processing your job application. Your job application is processed and taken note of only by the relevant contact persons in our company. All employees entrusted with data processing are obliged to keep your data confidential. If we are unable to offer you employment, we will retain the data that you transmitted to us for up to six months after any rejection for the purpose of answering any questions in connection with your application and rejection. This does not apply insofar as statutory provisions prevent erasure, further storage is necessary for the purposes of providing proof, or you have expressly agreed to a longer storage period. The legal basis for the data processing is Article 26 (1), sentence 1, BDSG. If we retain your job application data for a period greater than six months and have expressly obtained your consent to this, we point out to you that this consent is freely revocable at any time in accordance with Article 7 (3) GDPR. The legality of the processing that took place up to the time of the revocation on the basis of the consent shall remain unaffected by such revocation.

As of March 2024

Top