General section
Introduction
The protection of your personal data is essential to us. It concerns an important part of our development and sales activities. With the following Privacy Policy, we would like to inform you about the types of personal data (hereinafter referred to as “data”) that we process, the underlying purposes and to what extent this is performed.
Data controller
Website operator: Jarltech Europe GmbH Jarltech-Platz 1 D-61250 Usingen Germany
Tel: +49 (0) 6081 600-100 Fax: +49 (0) 6081 600-500
Managing Director: Ulrich Spranger (authorised representative) ulrich.spranger@jarltech.de
The provider’s data protection officer is: MFM Datenschutz-Consulting GmbH, represented by the Lawyers and Managing Directors, Florian Kaiser and Marc Schönberger Mainzer Landstraße 55 60329 Frankfurt am Main Germany
Commercial Register: Bad Homburg v.d.H. HR-B 8433
VAT ID: DE 161 750 021
WEEE ID: DE 635 893 00
ADEME personalised ID: FR365870_01CEAO – Registration with CITEO for packaging
Fiscal number: 003 236 56022
Credit card payments are settled by: Unzer Luxembourg S.A. société anonyme, 1, Place du Marché, L-6755 Grevenmacher, RCS Luxembourg: B 144133, Board of Directors: Mirko Hüllemann, Jens Bader, André Munk, Commission de Surveillance du Secteur Financier (CSSF) 283 rte. d´Arlon, L-1150 Luxembourg, CSSF: Z00000009, www.unzer.com
Overview of data processing
Below, you will find an initial overview of the types of data processed along with the data subjects affected by this processing.
Types of data processed We categorise the processed data into the following types:
Categories of data subjects We divide the data subjects affected by data processing into the following categories:
Purposes for which the processing is performed In general, personal data is processed for the following purposes:
Overview and explanation of the legal basis In the following section, we would like to inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. In addition to the regulations of the GDPR, national regulations of the country of residence or domicile of the respective user may apply.
Security measures We take appropriate technical and organisational measures in accordance with prevailing legal requirements, taking into account the latest technological standards, the implementation costs and the nature, scope, circumstances and purposes of the respective processing operation, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk; Art. 32 GDPR. The security measures we have taken include the following, in particular.
Transfer and disclosure of personal data to third parties As part of our processing operations involving personal data, said data may be transferred to other bodies, companies, legally independent organisational units or persons or data may be disclosed to them. The recipients of this data may include, in particular:
Data processing in third countries If we process data in a third country, i.e. a country outside the European Union or the European Economic Area, or if the processing is performed by third parties outside this area, this processing is only carried out in accordance with the applicable legal provisions. Subject to the express consent of the data subjects or legally required transfers, we only process or have data processed in third countries with an appropriate level of protection. This includes, in particular, countries that process data on the basis of special guarantees – such as contractual obligations through so-called standard protection clauses established by the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR).
General information on the deletion of data The data processed by us shall be deleted in accordance with prevailing legal requirements as soon as the consent to its processing has been revoked or other authorisations (e.g. legitimate interests, legal obligations, etc.) no longer apply. Should the data not be deleted because it is required for other and legally permissible purposes, its processing shall be limited to these purposes. This means that the data shall be blocked and not processed for other purposes. This shall apply, for example, to data that must be stored for reasons of commercial or tax law, or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural person or legal entity. Further information on the deletion of personal data can be found under the individual points of this Privacy Policy.
Special section
Use of cookies A “cookie” is a small text file that is stored on the visitor’s computer at the request of our systems and if the visitor’s browser is set to allow this. This contains a key and a value, and is used to identify the end device beyond a request-response cycle (perpetuation of the session). The cookie’s key and value are processed by the setting system for each request. Below you will find a list of the cookies we use and the associated information.
Technically necessary cookies We transmit the request to set the following cookies to our visitors’ systems the first time they access a page.
If you do not agree to the above-mentioned cookies being set, you can configure your browser to refuse their installation. Under certain circumstances, this may result in our website no longer functioning properly.
Processed data types: usage data, meta and communication data Data subjects: users of our website. Legal basis: the use of these cookies is absolutely essential for the website’s operation, and is based on our legitimate interest in the effective delivery of our online offer, Art. 6 (1) Sentence1 lit. f GDPR and Section 25 (2) No. 2 TTDSG.
Optional cookies We only set the following cookies after the user has given us their consent to do so. The legal basis for the processing is the consent of the user (Art. 6 [1] Sentence 1 lit. a GDPR).
To this end, data is collected and processed regarding the user’s end device used, the pages accessed, the time spent on the respective pages, the origin of the users (referrer) and – as far as possible – their geographical position.
If we do this exclusively by analysing HTTP requests (see above), the processing is based on our legitimate interest. If we use additional services, this will only be done with your consent. Legal basis: Legitimate interests (Art. 6 [1] Sentence 1 lit. f GDPR) Consent (if requested) (Art. 6 [1] Sentence 1 lit. a GDPR)
Processed data types: usage data, meta and communication data Data subjects: users of our website. Legal basis: consent of the user (Art. 6 [1] Sentence 1 lit. a GDPR). Revocation: you can revoke your consent for the future by using the consent tool on this website.
Data processing (internal) Evenito Event Management
ADV-contract
Information and Description
We use the Evenito service for the organisation of events. This allows us to accept event registrations, as well as to request additional information about the participants (i.e. allergies, special requests). We have an order processing agreement with the operator of Evenito AG.
Processed data: Special, person-related data, metadata, contact information
People concerned: Users, customers, contractual partners
Legal basis for processing: Legitimate interests, consent (where requested)
Legitimate interests:
Data processing by external service providers and processors Evenito AG Service provider information Evenito AG; Evenito AG, Binzstrasse 23, 8045 Zürich, Switzerland, https://cdn.prod.website-files.com/664fa7893d12f8b0a1271d1b/668f99777f44d81d8dd950e3_202309_Privacy_policy_evenito_ENG.pdf
This service provider may also process data outside the jurisdiction of the European Union. There is a decision on appropriateness by the EU Commission for data transfers to Switzerland at: https://datenschutz.hessen.de/sites/datenschutz.hessen.de/files/2022-11/schweiz_en.pdf
Google LLC Google Tag Manager
Subsequent to approval
Function Integration tools We use external services to simplify the integration and handling of other solutions on our website.They are used either as part of our legitimate interest in the secure, uncomplicated integration of external resources, or with the consent of our users.
Processed data: usage data, metadata
Data subjects: users
Legal basis for processing: legitimate interests, consent (if requested)
Domains affected: www.googletagmanager.com (incl. subdomains)
YouTube
Function Video platform We use external providers to display videos on our website. These are usually integrated into our site by means of a so-called “iframe”. The browser accesses the external page containing the video when our own page is loaded. We use these external providers on the basis of our legitimate interest in the simple integration of multimedia content into our website.
Legal basis for processing: legitimate interests
Domains affected: jnn-pa.googleapis.com, googlevideo.com (incl. subdomains), www.youtube.com (incl. subdomains), www.youtube-nocookie.com, s.ytimg.com, i.ytimg.com (incl. subdomains)
Google Analytics Subsequent to approval
Function Web analysis We use web analysis services to further improve our website, to understand the interests and expectations of our users, to recognise problems with click paths on our website and to evaluate the performance of individual pages and our website as a whole.
If we do this exclusively by analysing HTTP requests (see above), the processing is based on our legitimate interest. If we use additional services, this will only be done with your consent.
Domains affected: analytics.google.com, region1.analytics.google.com, www.google-analytics.com (incl. subdomains)
Provider information
Google LLC; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Subsidiary in the European Union: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://policies.google.com/privacy
This provider may process data outside the scope of the European Union.
So-called SCCs (standard contractual clauses) exist between the above-mentioned data controller and the operator
ISRG (Internet Security Research Group) Let´s Encrypt
Information and description
As a free certification authority, Let’s Encrypt provides SSL certificates. The validity of such a certificate is limited in time before it has to be renewed. Such a certificate can also be recalled and “de-validated”.
“r3.o.lencr.org” is one of the security servers of the Let’s Encrypt organisation, which is used to publish data on revoked certificates.
We use this certificate check for your security. Your browser checks whether our certificate is still validated at the time the connection is established.
Function Front-end security technology We use the best security solutions to protect our website (especially forms) and other parts of our infrastructure from unauthorised access, spam and automated access.
Domains affected: r3.o.lencr.org, r10.o.lencr.org, r11.o.lencr.org
Provider information ISRG (Internet Security Research Group); 548 Market St PMB 77519 San Francisco CA 94104-5401 USA,https://letsencrypt.org/privacy/
This provider may process data outside the scope of the European Union. Let’s Encrypt is a free, automated and open certification authority for SSL certificates – among other things – which increase the security of the website through encryption. An SSL certificate is used to transfer the website data securely when it is called up by the browser. SSL stands for “Secure Sockets Layer”. This means that there is a protocol between the web server and the client (user) that encrypts the data
LinkedIn Corp. LinkedIn Marketing
Information and description LinkedIn Marketing is a (re)marketing network that delivers targeted advertising via the social network bearing the same name.
Function Marketing We process personal data for online marketing purposes. This includes, in particular, the presentation of advertising content that corresponds to the potential interests of the user.
We use the “Google Ads” advertising network for this purpose. To this end, so-called user profiles are created and assigned to the user’s end device by means of a cookie (see above).
These cookies can later be read and analysed on websites that use the same marketing provider.
In particular, data – such as websites visited, content viewed and online networks used – may be used for profiling purposes. However, it is also possible to record communication partners and – if the user allows this – the user’s location.
The user’s IP addresses are also stored, whereby IP masking is applied.
Processed data: usage data, metadata, geodata
Legal basis for processing: consent (where requested)
Domains affected: snap.licdn.com, www.linkedin.com, px.ads.linkedin.com
Provider information LinkedIn Corp; For the EU: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland Parent company: LinkedIn Corp. 605 W Maude Ave, Sunnyvale, CA 94085, USA, https://www.linkedin.com/legal/privacy-policy
External platforms Social media
In order to be able to communicate effectively with our (potential) customers and other interested parties, and to offer them an obvious point of contact and information, we maintain a presence on a number of social media platforms. We would like to draw your attention to the fact that when using social media, data may be processed outside the European Union, which may result in risks for the user with regard to the enforcement of their rights.
Social media platforms regularly analyse the behaviour of their users for marketing purposes. In doing so, they create extensive profiles concerning the interests and usage behaviour of their users, in order to display personalised advertising. By setting cookies and integrating them on third-party sites, information can also be collected that goes beyond the direct use of the social network. In particular, information may also be collected about the end device used, the Internet connection (IP address) and, if applicable, the user’s location.
We would like to point out that only the providers of these networks have access to the data collected about the user; a request for information should, therefore, be addressed to them to ensure maximum efficacy. Details and further data protection information on the social networks used can be found below.
Facebook We have a presence on the social network, Facebook.
We would like to point out that you use this Facebook page and its functions within the scope of your own responsibility. This shall apply, in particular, to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information provided on this page on our website.
When you visit our Facebook page, Facebook collects – among other things – your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information on this at the following URL: http://https://facebook.com/legal/terms/page_controller_addendum
The data collected about you in this context is processed by Facebook Ltd., and may be transferred to countries outside the European Union. As to what information Facebook receives and how it is used is described by Facebook in general terms in its data usage guidelines. There, you will also find information on how to contact Facebook and the settings options for adverts. The data usage guidelines are available at the following URL: http://facebook.com/about/privacy You can find Facebook’s complete data policy here: https://facebook.com/privacy/policy/
The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union.
If you visit one of our social media sites (e.g. Facebook), you trigger the processing of your personal data during such a visit.
In such a case, we shall be jointly responsible with the operator of the respective social network for the data processing operations within the meaning of Art. 26 GDPR, provided that we actually make a joint decision with the operator of the social network regarding the data processing, and we also have an influence on the data processing itself.
Wherever possible, we have concluded agreements with the operators of the social networks on joint responsibility in accordance with Art. 26 GDPR, in particular, the so-called “Page Controller Addendums” of Facebook Ireland Ltd.
You may assert your rights (right of disclosure pursuant to Art. 15 GDPR, right to rectification pursuant to Art. 16 GDPR, right to deletion pursuant to Art. 17 GDPR, right to the restriction of processing pursuant to Art. 18 GDPR, right to data portability pursuant to Art. 20 GDPR and right to lodge a complaint pursuant to Art. 77 GDPR) both against us and against the operator of the respective social network (e.g. Facebook).
Please note that, despite our joint responsibility with the operators of social networks in accordance with Art. 26 GDPR, we do not enjoy comprehensive influence on the data processing of the individual social networks. The company policy of the respective provider has a significant influence on the options at our disposal.
In the event of the assertion of data subject rights, we could only forward these requests to the operator of the social network.
Facebook does not conclusively (and clearly) state how it uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, and we are not aware of this.
When you access a Facebook page, the IP address assigned to your end device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (for example, as part of the “login notification” function); Facebook may thus be able to assign IP addresses to individual users.
If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your end device. This may enable Facebook to understand that you have visited this page and how you have used it (e.g. through a referrer header).
If you want to prevent Facebook from drawing these conclusions or wish to prevent Facebook from assigning the visit to our Facebook presence to your profile, you can use a private window of your browser, for example, as no cookies are set in this window.
As the provider of the information service, we do not collect or process any other data from your use of our service. You can find the current version of this Privacy Policy under “Data Policy” on our Facebook page.
Provider information Meta Platforms Ireland Limited, Meta Platforms Ireland Limited 4 Grand Canal Square Dublin 2 Ireland Company registration number: 462932, http://facebook.com/about/privacy
Subsidiary of:
Meta Platforms, Inc. One Hacker Way Menlo Park, CA 94025 USA
Use We use this platform to fulfil the following functions.
Social media In order to be able to communicate effectively with our (potential) customers and other interested parties, and to offer them an obvious point of contact and information, we maintain a presence on a number of social media platforms.
Our website may display elements which, when clicked, lead users to the respective presence on social media (icon links etc.).
Processed data: usage data, metadata, content data, contact data, inventory data, geodata
Data subjects: users, communication partners
LinkedIn We have a presence on the social network LinkedIn, which is used, in particular, for professional networking.
We would like to point out that you use this LinkedIn page and its functions within the scope of your own responsibility. This shall apply, in particular, to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information provided on this page on our website.
When you visit our LinkedIn page, LinkedIn collects – among other things – your IP address and other information that is stored on your PC in the form of cookies. LinkedIn provides more information on this point at the following URL: https://linkedin.com/legal/privacy-policy?
Provider information LinkedIn Corp., Für die EU: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland Mutterunternehmen: LinkedIn Corp. 605 W Maude Ave, Sunnyvale, CA 94085, USA, https://www.linkedin.com/legal/privacy-policy
Instagram We operate a page on the social network, Instagram. We would like to point out that you use this Instagram page and its functions within the scope of your own responsibility. This applies, in particular, to the use of interactive functions (e.g. commenting or rating). When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. The data collected about you in this context will be processed by Instagram Inc., and may be transferred to countries outside the European Union. As to what information Instagram receives and how it is used is described in general terms in Instagram’s privacy policy. There, you will also find information about contact options for Instagram and other options for making settings regarding the display of targeted advertising. https://help.instagram.com/519522125107875
Instagram does not conclusively (and clearly) state how Instagram uses the data from visits to Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Instagram stores this data and whether data from a visit to the Instagram page is passed on to third parties, and we are not aware of this. When you access an Instagram page, the IP address assigned to your device is transmitted to Instagram. According to Instagram, this IP address is anonymised – after processing – (for “German” IP addresses) and deleted after 90 days. Instagram also stores information about the end devices of its users (for example, as part of the “login notification” function); Instagram may thus be able to assign IP addresses to individual users. If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is stored on your end device. This enables Instagram to understand that you have visited this page and how you have used it. This also applies to all other Instagram pages. Instagram may also be able to assign the visit to our website to your profile, for example, by reading the so-called “referrer header”. If you wish to avoid this, you must adjust the cookie settings of your browser or delete the corresponding cookies of the provider. Alternatively, you can increase protection against tracking by using a private window in your browser. As the provider of the information service, we do not collect or process any other data from your use of our service.You can find the current version of this privacy policy under “Data policy” on the respective Instagram page.
Rights of the data subjects The data subjects are entitled to rights, about which we would like to inform you below.
Glossary Below you will find a list with explanations of the most frequently used terms in this context.
Personal data “Personal data” denotes any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 No. 1 GDPR)
Processing “Processing” denotes any operation (or set of operations) performed on personal data (or on sets of personal data) – whether or not by automated means – such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise rendering available, alignment or combination, restriction, erasure or destruction (cf. Art. 4 No. 2 GDPR).
Data controller “Data controller” refers to the natural person or legal entity, public authority, agency or other body which – either alone or jointly with others – determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by Union or Member State law (cf. Art. 4 No. 7 GDPR).
Processor “Processor” is a natural person or legal entity, public authority, agency or other body which processes personal data on behalf of the data controller (cf. Art. 4 No. 8 GDPR).
Click tracking “Click tracking” allows us to track whether (and on which button) a user has clicked, where this click has led the user and, if applicable, from which page of the online offer the click originated.
