Data Privacy Statement
The website owner takes the protection of your personal data very seriously. When you use this website, various personal data are collected. Personal data are data which enable you personally to be identified. This Data Privacy Statement explains which data we collect and what we use them for. It also explains how this is done and for what purpose.
We would like to point out that the transfer of data via the Internet (e.g. when communicating by e-mail) may have security vulnerabilities. It is not possible to protect data completely from access by third parties.
We treat your personal data confidentially and in accordance with the legal data protection legislation and this Data Privacy Statement. This means the personal data of users are processed as follows when they visit this website (without additional contact by e-mail):
Types of personal data processed:
- User-related data (e.g. name, address - only if contact is initiated electronically)
- Contact data (e.g. e-mail address, telephone number - only if contact is initiated electronically)
- Contents data (e.g. text input, image files, video files - only if contact is initiated electronically)
- Meta/communications data (e.g. equipment information, IP addresses)
Categories of data subjects:
- Visitors and users of the website (hereinafter all referred to as “Users”).
Purpose of processing:
- Provision of the website offer, its functions and contents
- Replying to enquiries and communication with users
- Security measures
As a responsible provider we dispense with automatic decision-making and profiling.
This Data Privacy Statement uses, among others, the following legal terms which are used by the European body issuing directives and regulations in the General Data Protection Regulation (GDPR) and which are defined therein in Art. 4 (Definitions) as follows:
“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Restriction of processing" means the making of stored personal data with the aim of limiting their processing in the future.
"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
"Recipient" means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
"Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Vogel & Plötscher GmbH & Co. KG
Geldermannstrasse 4
79206 Breisach
Germany
Tel.: 07667946100
E-mail: info@voploe.de
In case of questions or suggestions regarding data protection and to enforce your rights as data subject please contact our data protection officer at any time:
Vogel & Plötscher GmbH & Co. KG
- Datenschutzbeauftragter – (Data Protection Officer)
Geldermannstrasse 4
79206 Breisach
Germany
E-mail: datenschutz@voploe.de
You have the right to complain to a supervisory data protection authority, in particular in the member state of your place of residence, your workplace or the place of the probable infringement if you are of the opinion that the processing of your personal data is unlawful.
The applicable data protection law grants you, as the data subject, extensive rights vis-a-vis the controller with regard to the processing of your personal data (right of access and intervention) about which we inform you below:
Right of access as per Art. 15 GDPR: In accordance with Art. 15 GDPR, you have the right to obtain from us information about your personal data processed by us. You should provide precise information on your request in the application so that it makes it easier to compile the data required. Please note that your right of access may be restricted under certain circumstances in accordance with legal regulations (in particular Article 34 of the German Data Protection Law).
Right to rectification as per Art. 16 GDPR: You have the right to rectification of inaccurate personal data concerning you and/or completion of incomplete data stored by us without undue delay.
Right to erasure as per Art. 17 GDPR: You have the right to request erasure of personal data concerning you if the conditions listed in Art. 17 Para. 1 GDPR apply. However, this right is not applicable in particular where the processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
Right to restriction of processing as per Art. 18 GDPR: You have the right to request restriction of processing of your personal data for a period enabling the verification of the accuracy of the personal data, if you oppose the erasure of your personal data due to improper data processing and request the restriction of their use instead; if you require your personal data for the establishment, exercise or defense of legal claims where we no longer need the personal data for the purposes of the processing; or if you have objected due to your particular situation pending the verification whether our legitimate grounds override your reasons.
Right to notification as per Art. 19 GDPR: If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.
Right to data portability as per Art. 20 GDPR: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to request transmission of those data to another controller provided this is technically feasible.
Right to withdraw consent as per Art. 7 Para. 3 GDPR: You have the right to withdraw your consent to processing of your data at any time with future effect. In case of withdrawal of consent, we shall delete the data concerned without delay, provided further processing cannot be supported by a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to object as per Art. 21 GDPR: You have the right to object to future processing of your personal data at any time in accordance with the provisions of Art. 21 GDPR. The objection may be in particular to processing of the personal data for direct marketing purposes.
We try to meet all inquiries within 30 days. This period may be extended for reasons related to the specific rights of the data subject or the complexity of your request
Storage Duration
Unless a more specific storage period has been specified within this data privacy statement, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons cease to apply.
Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Cookies
This website uses „cookies“. Cookies are small text files which do not damage your end device. They are stored during (session cookies) and maybe even after the visit on the website (permanent cookies) auf. Session cookies are deleted automatically after the visit. Permanent cookies are stored until the visitor deletes them himself or there is an automatic deletion by the browser.
It is possible that cookies of other parties are stored on your end device while visiting our website (third-party cookies). Teilweise können auch Cookies von Drittunternehmen auf Ihrem Endgerät gespeichert werden, wenn Sie unsere Seite betreten (Third-Party-Cookies). These enable us or you to use certain services of the third-party company (e.g., cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is based exclusively on this consent (Art. 6 Para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your consent.
Contact Form
If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Obligatory legal provisions - in particular retention periods - remain unaffected.
Request by e-mail, phone or fax
If you are contacting us by e-mail, phone or fax, the user data are processed in accordance with Art 6, Para. 1 (b) GDPR to deal with the enquiry. The data provided by the user may be stored in a customer relationship management system (“CRM system”) or a similar enquiry system.
Processing of the data therefore takes place exclusively on the basis of your consent (Art. 6 Para. 1 (a) GDPR). You can withdraw your consent at any time. It is sufficient to inform us of this by e-mail. The lawfulness of any data processing up to withdrawal of consent shall not be affected by the withdrawal of consent.
The data provided by contact request remain with us until you request their deletion, withdraw consent for their storage or the purpose for their storage is no longer applicable (e.g. after processing of the enquiry is completed). Mandatory legal requirements - in particular retention periods - shall not be affected
Website registration
The data subject has the opportunity to register on the website of the controller by providing personal data. Which personal data is transmitted to the controller in the process results from the respective input mask used for the registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the data to be transferred to one or more processors, for example a parcel service provider, who will also use the personal data exclusively for an internal use attributable to the controller.
By registering on the website of the controller, the IP address assigned by the Internet service provider (ISP) of the data subject, the date as well as the time of registration are also stored. The storage of this data takes place against the background that only in this way can the misuse of our services be prevented and, if necessary, this data makes it possible to clarify committed crimes. In this respect, the storage of this data is necessary for the protection of the data controller. As a matter of principle, this data is not passed on to third parties, unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.
The registration of the data subject by voluntarily providing personal data serves the purpose of the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to modify the personal data provided during registration at any time or to have it completely deleted from the data stock of the controller. The controller shall provide any data subject at any time upon request with information about what personal data is stored about the data subject. Furthermore, the controller shall correct or delete personal data at the request or indication of the data subject, provided that this does not conflict with any statutory retention obligations. The entire staff of the controller shall be available to the data subject as contact persons in this context.
Server log files
The hosting services from our hosting provider are used to provide the following services for our website: Infrastructure and platform services, computer capacity, data storage and database services, security services and technical maintenance services which we use for the purpose of operating this website. We or our hosting provider process contact data (in case of e-mail contact: e-mail address), usage data, meta and communications data of users of this website on the basis of our legitimate interest in an efficient and safe provision of this website in accordance with Art. 6, Para. 1 (f) GDPR in conjunction with Art. 28 GDPR.
We or our hosting provider collect various general data and information on each access of our website by a data subject or an automated system. These general data and information are stored in the log files of the server. The following may be recorded (1) browser type and version used, (2) operating system used by the accessing system, (3) the web page from which the accessing system reaches our website (so-called referrer), (4) the sub-pages which are called up on our website by an accessing system, (5) the date and time of the access to the website, (6) the IP address, (7) the Internet service provider of the accessing system and (8) other similar data and information which are used to prevent danger in case of attacks on our IT systems.
When using these general data and information, we or our hosting provider draw no conclusions about the data subject. This information is rather required to (1) correctly display the contents of our website, (2) to ensure the continuous functionality of our IT systems and the technology of our website and (3) to be able to provide the law enforcement agencies with the information necessary for law enforcement in case of a cyber attack. The server log file data are stored separately from any personal data provided by a data subject.
In accordance with Art. 13 GDPR we have to inform you of the legal basis for collecting personal data. Where the legal basis is not expressly mentioned in this Data Privacy Statement, the following shall apply: The legal basis for obtaining consent are Art. 6, Para. 1 (a) and Art. 7 GDPR, the legal basis for data processing to provide our services and implement contractual measures as well as reply to enquiries is Art. 6, Para. 1 (b) GDPR, the legal basis for data processing to meet our legal obligations is Art. 6, Para. 1 (c) GDPR and the legal basis for data processing to protect our legitimate interest is Art. 6, Para. 1 (f) GDPR.
The disclosure of your personal data to third parties for purposes other than those listed below does not take place. We disclose your personal data to third parties only if:
- you have given your express consent to this in accordance with Art. 6, Para. 1 (a), sentence 1 GDPR;
- disclosure in accordance with Art. 6, Para. 1 (f) sentence 1 GDPR is required for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in non-disclosure of your data;
- there is a legal requirement for disclosure in accordance with Art. 6, Para. 1 (c) sentence 1 GDPR; and
- this is legally permissible and, in accordance with Art. 6, Para. 1 (b) sentence 1 GDPR, required for the implementation of the contractual relationship with you.
If we enter into a “data processing agreement” with a third party for the processing of personal data, this is done on the basis of Art. 28 GDPR.
If we enter into a “data processing agreement” with a third party for the processing of personal data, this is done on the basis of Art. 28 GDPR.
If we process data in a third country (i.e. outside the European Union (EU) or outside the European Economic Area (EEA)) or if this takes place within the scope of utilising the services of third parties by disclosure or transmission of data to third parties, this shall be done only if it is done to meet our (pre)-contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal and contractual permissions, we process the data or the data are processed in a third country only if the special conditions of Art. 44 ff GDPR are met. This means, processing takes place, for example, on the basis of special guarantees such as the officially accepted decision that the level of data protection is equivalent to that of the EU or observance of officially accepted special contractual provisions (“Standard Contract Clauses”).
The personal data processed by us are erased or their processing is restricted in accordance with Art. 17 and Art. 18 GDPR. Unless expressly stated in this Data Privacy Statement, the data stored by us are erased as soon as they are no longer required for their intended purpose and the erasure does not conflict with the legal obligation to retain such data. This applies, for example, to data which must be stored for reasons of commercial or tax law (e.g. Art. 257 German Commercial Code, Art. 147, Para. 1 German Tax Code - retention for up to 10 years). If the data are not erased because they are required for other legally permissible purposes, their processing will be restricted. This means the data will be restricted and not processed for any other purpose.
The controller for processing has integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the gathering, collection, and evaluation of data about the behavior of visitors to web pages. Amongst other things, a web analysis service records data concerning from which website a data subject has arrived at a website (known as the referrer), which subsites of the website are accessed, or how often and for what dwell period a subsite was viewed. A web analysis is mainly used to optimize a website and for cost-benefit analysis of internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller for processing uses the suffix “_gat._anonymizeIp” for the web analysis via Google Analytics. Using this suffix, the IP address of the internet connection of the data subject is shortened and anonymized by Google of the access to our web pages is made from a Member State of the European Union or from another signatory state to the EEA Agreement.
The purpose of the Google Analytics component is to analyze visitor traffic on our website. Google uses the data and information obtained, inter alia, to evaluate the use of our website, in order to prepare online reports for us showing activities on our web pages, and in order to provide further services connected with the use of our website.
Google Analytics places a cookie on the IT system of the data subject. The explanation of cookies was given above. By setting the cookie, Google is enabled to analyze use of our website. With each call-up of one of the individual pages of this website operated by the controller for processing and on which a Google Analytics component was integrated, the web browser on the IT system of the data subject is automatically triggered by the respective Google Analytics component to transfer data to Google for the purposes of online analysis. As part of this technical procedure, Google obtains knowledge of personal data, such as the IP address of the data subject, that assists Google amongst other things to understand the origin of the visitors and clicks and subsequently to enable commission settlements.
The cookie stores personal data such as the time of access, the location from which an access was initiated and the frequency of visits to our website by the data subject. With each visit to our web pages, these personal data – including the IP address of the internet connection used by the data subject – are transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may forward these personal data gathered using the technical procedure to third parties under certain circumstances.
The data subject may prevent the setting of cookies by our website, as outlined above, at any time by making the corresponding setting in the web browser used, thereby permanently refusing the setting of cookies. Such a setting on the web browser used would also prevent Google from setting a cookie on the IT system of the data subject. In addition, a cookie already set by Google Analytics can be erased at any time via the web browser or other software programs.
Moreover, the data subject has the opportunity to object to recording of the data produced by Google Analytics relating to use of this website and the processing of these data by Google and to prevent same. To that end, the data subject must download a browser add-on from the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on informs Google Analytics via JavaScript that no data and information on the visits to web pages are permitted to be transferred to Google Analytics. Installation of the browser add-on is evaluated by Google as an objection. If the IT system of the data subject is deleted, formatted, or reinstalled later, a fresh installation of the browser add-on must be performed by the data subject in order to disable Google Analytics. Where the browser add-on is uninstalled or disabled by the data subject or another person attributable to their sphere of influence, the possibility exists of re-installing or else enabling the browser add-on again. As an alternative to the browser add-on, the data subject can prevent recording by Google Analytics by clicking on the following link: Disable Google Analytics. Doing so sets an opt-out cookie that prevents the future recording of data from the data subject when visiting this website. The opt-out cookie is stored on the device of the data subject and applies only for this browser and this website. When deleting the cookies in this browser, the opt-out cookie must be set again.
Further information and Google’s applicable privacy arrangements can be downloaded from https://www.google.de/intl/de/policies/privacy/ and from http://www.google.com/analytics/terms/de.html. Google Analytics is explained in greater detail at this link https://www.google.com/intl/de_de/analytics/.
YouTube with enhanced data privacy
This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.
As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25Ppara. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
For more information about data protection at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.
Vimeo withoutTracking (Do-Not-Track)
This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. In the process, the Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. However, we have set Vimeo so that Vimeo will not track your user activity and will not set any cookies.
The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. Insofar as a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests". Details can be found here: https://vimeo.com/privacy.
Weitere Informationen zum Umgang mit Nutzerdaten finden Sie in der Datenschutzerklärung von Vimeo unter: https://vimeo.com/privacy.
Google Web Fonts (local hosting)
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.
Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Die Nutzung von Google Maps erfolgt im Interesse einer ansprechenden Darstellung unserer Online-Angebote und an einer leichten Auffindbarkeit der von uns auf der Website angegebenen Orte. Dies stellt ein berechtigtes Interesse im Sinne von Art. 6 Abs. 1 lit. f DSGVO dar. Sofern eine entsprechende Einwilligung abgefragt wurde, erfolgt die Verarbeitung ausschließlich auf Grundlage von Art. 6 Abs. 1 lit. a DSGVO und § 25 Abs. 1 TTDSG, soweit die Einwilligung die Speicherung von Cookies oder den Zugriff auf Informationen im Endgerät des Nutzers (z. B. Device-Fingerprinting) im Sinne des TTDSG umfasst. Die Einwilligung ist jederzeit widerrufbar.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
More information on the handling of user data can be found in Google's privacy policy:
https://policies.google.com/privacy?hl=de.
Google reCAPTCHA
What is Google reCAPTCHA?
reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. A captcha service is a tool that is designed to ensure that an action on the Internet is performed by a human being and not a bot. At reCAPTCHA, a JavaScript element is integrated into the source text and analyzes your user behavior. The software calculates a so-called captcha score from these user actions. reCAPTCHA or Captchas in general are always used when bots could manipulate or misuse certain actions (e.g. registrations, surveys, etc.).
Why do we use reCAPTCHA on our website?
We do everything we can to protect ourselves from bots or spam software of all kinds and to offer you the best possible user friendliness. For this reason, we use Google reCAPTCHA to remain a "bot-free" website. By using reCAPTCHA, data is transmitted to Google to determine whether you really are human. reCAPTCHA thus serves the security of our website and subsequently also your security. For example, without reCAPTCHA it would be possible for a bot to register many e-mail addresses when registering in order to "spam" on forums or blogs with unwanted advertising content. With reCAPTCHA such bot attacks can be avoided.
What data does reCAPTCHA store?
reCAPTCHA collects personal data from users to determine whether the actions on our website really come from people. So the IP address and other data that Google needs for the reCAPTCHA service can be sent to Google. Within the member states of the EU or other contracting states of the Agreement on the European Economic Area, IP addresses are almost always shortened before the data ends up on a server in the USA. The IP address will not be combined with other Google data unless you are logged in with your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed on your browser. Then reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window.
The following list of collected browser and user data is not exhaustive.
Rather, they are examples of data that can be processed by Google:
- Referrer URL (the address of the page the visitor comes from)
- IP address (e.g. 256.123.123.1)
- Information about the operating system
- Cookies (small text files that save data in your browser)
- Mouse and keyboard behavior
- Date and language settings
- All javascript objects
- Screen resolution (shows how many pixels the image display consists of)
The fact is that Google uses and analyzes such data even before you click “Submit”. We have therefore integrated a consent box on our website that notifies you of this special marketing cookie and that only allows you to fill out the contact or product request using the form if you agree to reCAPTCHA being set.
Further information can be found in the data protection guidelines and the terms and conditions of Google reCAPTCHA.
The data controller collects and processes the personal data of applicants for the purpose of carrying out the application process. Processing may also take place electronically. This is the case in particular if an applicant has submitted the application documents to the controller electronically, for example by e-mail or via a web form on a web page. If the controller enters into an employment contract with an applicant, the data transmitted are stored for the purpose of processing the employment relationship taking account of the legal provisions. If the controller does not enter into an employment contract with the applicant, the application documents shall be automatically deleted six months after notification of the negative reply provided no other legitimate interests of the controller conflict with this. Other legitimate interests in this context are, for example, an obligation to provide proof in proceedings under the German Equality Act (AGG).