Privacy Policy and Information Obligations

Titan is a brand of J. Wagner GmbH, which operates this website. The website is hereinafter referred to as the ‘Titan website’. The data controller responsible for data processing under data protection law in relation to this website remains J. Wagner GmbH (hereinafter ‘WAGNER’). We appreciate your interest in our websites and would like you to feel secure and comfortable when visiting them. Therefore, WAGNER takes the protection of your personal data very seriously and treats your personal data confidentially and in accordance with the applicable statutory data protection provisions as well as this Privacy Policy.

The following information provides a simple overview of what happens to your personal data when you visit our website. We provide detailed information regarding which personal data we collect from you when you use our website and the purposes for which we process and use such data.

Please note that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

WAGNER reserves the right to amend this Privacy Policy at any time in order to adapt it to changes in legal provisions and regulations or to implement other updates. Please keep yourself informed of any changes to the Privacy Policy by accessing it via the corresponding link on our website.

If you have any general questions regarding our website, please contact us directly:

Department: Digital Marketing
Telephone: +49 7544 505-0
Email: info@wagner-group.com

On the one hand, your data is collected when you provide it to us. This may, for example, include data that you enter into a contact form. Other data is collected automatically by our IT systems when you visit the website. This mainly concerns technical data (e.g. Internet browser, operating system, or time of page access). Such data is collected automatically as soon as you access our website.

We use the data provided by you in order to carry out the processing purposes requested by you (processing your inquiries, ordering newsletters, etc.). Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour.

Your personal data will only be passed on or transmitted to third parties or processors where this is necessary for the purpose of carrying out the relevant processing purpose and where a corresponding legal basis exists.

When visiting our website, your surfing behaviour may be statistically evaluated. This is done primarily through cookies and so-called analysis programs. When you first access our website, a banner is displayed informing you of our use of cookies. If you click the “Accept all cookies” button, you consent to our use of cookies. As a rule, the analysis of your surfing behaviour is anonymous; the surfing behaviour cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. Detailed information in this regard can be found in the following Privacy Policy.

The controller responsible for data processing on this website is:

J. Wagner GmbH
Otto-Lilienthal-Str. 18
88677 Markdorf
Telephone: +49 7544 505-0
Fax: +49 7544 505-200
Email: info@wagner-group.com

Data Protection Officer
We have appointed a Data Protection Officer for our company. You are welcome to contact him or her with any questions regarding the use of your personal data or the enforcement of your rights as a data subject.
Email: Datenschutz.Deutschland@wagner-group.com

First of all, we would like to inform you here about your rights as a data subject. These rights are set out in Articles 15 to 22 GDPR. They include in particular:

• Right of access (Art. 15 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to object to processing (Art. 21 GDPR)

To exercise these rights, please contact: Datenschutz.Deutschland@wagner-group.com
The same applies if you have questions regarding data processing in our company or if you wish to withdraw consent you have given. You also have the right to lodge a complaint with a data protection supervisory authority.

Please note the following with regard to rights of objection:

If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time without stating reasons. This also applies to profiling insofar as it is related to direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and may be made informally, preferably to: Datenschutz.Deutschland@wagner-group.com

In the event that we process your data in order to safeguard legitimate interests, you may object to this processing at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions.

In such case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defence of legal claims.

For security reasons and in order to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the change in the browser address line from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address
  
  These data will not be merged with other data sources. The basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the performance of a contract or for pre-contractual measures.
  

When processing your personal data, the provisions of the GDPR and all other applicable data protection regulations are complied with. Legal bases for data processing arise in particular from Art. 6 GDPR.

We use your data for the initiation of business relationships, for the fulfilment of contractual and legal obligations, for the performance of contractual relationships, for offering products and services, and for strengthening the customer relationship, which may also include analyses for marketing purposes and direct advertising.

Your consent to data processing may also constitute a legal basis under data protection law. Before granting consent, we inform you about the purpose of the data processing and your right to withdraw consent.

If the consent also relates to the processing of special categories of personal data, we will expressly inform you of this within the consent declaration. Processing of special categories of personal data pursuant to Art. 9 GDPR shall otherwise only take place if this is required by legal provisions.

From time to time, we also base data processing on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, for example when using fraud management tools.

We will only disclose your data to third parties within the framework of statutory provisions or on the basis of corresponding consent. Otherwise, no disclosure to third parties shall take place unless we are obliged to do so by mandatory legal requirements (disclosure to external bodies such as supervisory authorities or law enforcement authorities).

Within our company, we ensure that only those persons receive your data who require it in order to fulfil contractual and legal obligations. In certain cases, service providers support our specialist departments in the fulfilment of their tasks. The necessary data protection agreements have been concluded with all service providers.

A transfer of data to third countries (outside the European Union or the European Economic Area) only takes place insofar as this is necessary for the performance of the contractual relationship, is required by law, or you have given us your consent to do so.

We further inform you that your data may be processed outside the European Union. Through appropriate contractual arrangements and safeguards, compliance with the European level of data protection for data transfer and processing in third countries is ensured. Data processing and/or storage in third countries may also take place on the basis of your consent (Art. 49 para. 1 sentence 1 lit. a GDPR); in this case, you will be separately informed thereof, as well as of the possibility of withdrawal.

We store your data for as long as it is required for the respective processing purpose. Please note that numerous retention periods require that data continue to be stored (must be stored). This particularly concerns retention obligations under commercial or tax law (e.g. German Commercial Code, Fiscal Code, etc.). Unless further retention obligations apply, the data will be routinely deleted once the purpose has been achieved.

In addition, we may retain data if you have granted us permission to do so or if legal disputes arise and we use evidence within the framework of statutory limitation periods, which may be up to thirty years; the regular limitation period is three years.

In order to protect the data stored by us as effectively as possible against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons, we use appropriate technical and organisational security measures. Security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

Data exchange to and from our website is encrypted in each case. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols. In addition, it is possible to use alternative means of communication (e.g. postal mail).

Various personal data are necessary for the establishment, performance and termination of the contractual relationship and for the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.

We have summarised details for you in the above section. In certain cases, data must also be collected or made available due to statutory provisions. Please note that processing your request or performing the underlying contractual relationship is not possible without providing these data.

Which data we process depends on the respective context: this depends, for example, on whether you place an order online or submit an inquiry via our contact form, whether you send us an application or submit a complaint.

Please note that for special processing situations, we may also provide information separately at an appropriate place, for example when uploading application documents or making a contact inquiry.

• Name of the internet service provider
• Information on the website from which you visit us
• Web browser used and operating system used
• The IP address assigned by your internet service provider
• Requested files, amount of data transferred, downloads/file exports
• Information on the webpages you access on our site, including date and time
  

Our website uses so-called cookies. They serve to make our offering more user-friendly, effective and secure. Cookies are small text files that are stored on your end device and saved (locally) by your browser. Cookies contain only pseudonymous, and in many cases even anonymous, data. Some cookies remain in place for the duration of a browser session (so-called session cookies), while others are stored for a longer period of time (so-called persistent cookies, e.g. consent settings). The latter are automatically deleted after the specified period (generally 6 months). In addition to our own cookies, cookies controlled by third-party providers are also used. These use the information contained in the cookies, for example, to display content to you or to record the pages you have visited.

On the basis of our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), we use technically necessary cookies that are strictly required for the operation of the website and to ensure its functionality. Furthermore, we use cookies without your consent where their sole purpose is to store information on, or access information already stored in, your end device for the transmission of communications, or where they are absolutely necessary in order to provide the service expressly requested by you, Section 25 para. 2 TDDDG.

The cookies used by us on our website are:

__cf_bm [12x]
Domain name: .hs-scripts.com, .hsadspixel.net, .hs-analytics.net, .hs-banner.com, .hubspot.com, .hsforms.com, .hs-sites-eu1.com, .hubspotusercontent-na1.net, .hubspotusercontent-eu1.net, .hsforms.net, .fs.hubspotusercontent00.net, .hsappstatic.net
Expiry: 30 minutes
Type: Cookie
Provider: Cloudflare
The __cf_bm cookie is a cookie required to support Cloudflare Bot Management and is currently in private beta. As part of our bot management service, this cookie helps manage incoming traffic that matches criteria associated with bots.
_cfuvid [2x]
Domain name: .hubspot.com, .hsforms.com
Expiry: Session
Type: Cookie
Provider: Cloudflare
This cookie is part of the services provided by Cloudflare, including load balancing, website content delivery and DNS connection provision for website operators.
cookiefirst-consent
Domain name: .titan-professional.com
Expiry: one year
Type: Cookie
Provider: Cookie First
This cookie stores your cookie settings for this website. You may change these settings or withdraw your consent at any time.
cookiefirst-consent
Domain name: .titan-professional.com
Expiry: Persistent
Type: Local Storage
Provider: Cookie First
This cookie stores your cookie settings for this website. You may change these settings or withdraw your consent at any time.
cookiefirst-id
Domain name: .titan-professional.com
Expiry: Persistent
Type: Local Storage
Provider: Cookie First
This cookie contains your unique ID so that CookieFirst can identify unique visitors on this website.

__hssc
Domain name: .titan-professional.com
Expiry: 30 minutes
Type: Cookie
This cookie name is associated with websites built on the HubSpot platform. It is reported by them as being used for website analytics.
__hssrc
Domain name: .titan-professional.com
Expiry: Session
Type: Cookie
Whenever HubSpot changes the session cookie, this cookie is also set to determine whether the visitor has restarted their browser. If this cookie is not present when cookies are being managed by HubSpot, it is considered a new session.
__hstc
Domain name: .titan-professional.com
Expiry: 6 months
Type: Cookie
This cookie name is associated with websites built on the HubSpot platform. It is reported by them as being used for website analytics.
_ga
Domain name: .titan-professional.com
Expiry: 2 years
Type: Cookie
Provider: Google LLC
Registers a unique ID for a website visitor in order to track how the visitor uses the website. The data is used for statistical purposes. Data transfer to third countries: USA. Google LLC is certified under the Data Privacy Framework, meaning that your rights as a data subject can be ensured.
ga********
Domain name: .titan-professional.com
Expiry: 2 years
Type: Cookie
Provider: Google LLC
This cookie stores a unique ID for a website visitor and tracks how the visitor uses the website. The data is used for statistical purposes. Data transfer to third countries: USA. Google LLC is certified under the Data Privacy Framework, meaning that your rights as a data subject can be ensured.
_gat_UA-******
Domain name: .titan-professional.com
Expiry: one minute
Type: Cookie
Provider: Google LLC
The _gat_UA cookie is a variation of the _gat cookie used by Google Analytics. It is used to limit the collection of data on high-traffic websites. The cookie is set by the Google Analytics tracking code and contains the unique ID of the tracking account or website to which it relates. The _gat_UA cookie is typically used to throttle the request rate, meaning that it limits the amount of data that Google Analytics can collect from the website.
_gid
Domain name: .titan-professional.com
Expiry: one day
Type: Cookie
Provider: Google LLC
Registers a unique ID for a website visitor in order to track how the visitor uses the website. The data is used for statistical purposes. Data transfer to third countries: USA. Google LLC is certified under the Data Privacy Framework, meaning that your rights as a data subject can be ensured.
hjSession********
Domain name: .titan-professional.com
Expiry: 30 minutes
Type: Cookie
Provider: Hotjar Ltd
A cookie that contains current session data. This results in subsequent requests within the session window being attributed to the same Hotjar session.
hjSessionUser********
Domain name: .titan-professional.com
Expiry: one year
Type: Cookie
Provider: Hotjar Ltd
Hotjar cookie that is set when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar user ID, which is unique for this site, in the browser. This ensures that behaviour in subsequent visits to the same site is attributed to the same user ID.
hjActiveViewportIds
Domain name: .titan-professional.com
Expiry: Persistent
Type: Local Storage
Provider: Hotjar
This item is set by Hotjar for performance and analytics purposes.

hubspotutk
Domain name: .titan-professional.com
Expiry: 6 months
Type: Cookie
This cookie name is associated with websites built on the HubSpot platform. This cookie is used to track a visitor’s identity. This cookie is passed to HubSpot upon form submission and is used when de-duplicating contacts.
li_gc
Domain name: .linkedin.com
Expiry: 6 months
Type: Cookie
Provider: LinkedIn
This is a LinkedIn cookie and is used to store visitors’ consent to the use of cookies for non-essential purposes.
VISITOR_INFO1_LIVE
Domain name: .youtube.com
Expiry: 6 months
Type: Cookie
Provider: YouTube
This cookie enables YouTube to check bandwidth usage.
YSC
Domain name: .youtube.com
Expiry: Session
Type: Cookie
Provider: YouTube
Registers unique IDs and keeps statistics of which videos users have viewed on YouTube.

_fbp
Domain name: .titan-professional.com
Expiry: 3 months
Type: Cookie
Provider: Meta Inc.
This cookie is used by Facebook for advertising purposes and conversion tracking.
_gcl_au
Domain name: .titan-professional.com
Expiry: 3 months
Type: Cookie
Provider: Google LLC
This cookie is set by Google Adsense for experimenting with cross-website advertising.
_gcl_ls
Domain name: .titan-professional.com
Expiry: Persistent
Type: Local Storage
Provider: Google LLC
The “_gcl_ls” cookie is used for conversion tracking in Google Ads and Google Tag Manager in order to measure advertising performance.
_pin_unauth
Domain name: .titan-professional.com
Expiry: one year
Type: Cookie
Provider: Pinterest
This cookie is set in connection with Pinterest marketing.
_pinterest_ct_ua
Domain name: .ct.pinterest.com
Expiry: one year
Type: Cookie
Provider: Pinterest
This cookie is set in connection with Pinterest marketing.
ar_debug
Domain name: .pinterest.com
Expiry: one year
Type: Cookie
Provider: Pinterest
This cookie stores and tracks conversions.
bcookie
Domain name: .linkedin.com
Expiry: one year
Type: Cookie
Provider: LinkedIn
LinkedIn cookies used by share buttons and advertising tags.
IDE
Domain name: .doubleclick.net
Expiry: one year
Type: Cookie
Provider: DoubleClick (Google)
Cookie from DoubleClick (Google) which allows us to analyse and optimise our advertising campaigns.
lastExternalReferrer
Domain name: .titan-professional.com
Expiry: Persistent
Type: Local Storage
This item is used to determine the origin of your visit.
lastExternalReferrerTime
Domain name: .titan-professional.com
Expiry: Persistent
Type: Local Storage
This item is used for visitor analysis.
lidc
Domain name: .linkedin.com
Expiry: one day
Type: Cookie
Provider: LinkedIn
LinkedIn cookies used by share buttons and advertising tags.
test_cookie
Domain name: .doubleclick.net
Expiry: 15 minutes
Type: Cookie
Provider: Google LLC
This cookie is set by DoubleClick.net (owned by Google) to determine whether the website visitor’s browser supports cookies. Data transfer to third countries: USA. Google LLC is certified under the Data Privacy Framework, meaning that your rights as a data subject can be ensured.
VISITOR_PRIVACY_METADATA
Domain name: .youtube.com
Expiry: 6 months
Type: Cookie
Provider: YouTube (Google LLC)
This cookie is used to track and extend the user’s privacy settings on YouTube.

Subject to your consent, additional cookies are used by means of which we and/or third parties may, for example, evaluate how our services are used. This allows us to design content in accordance with users’ needs. In addition, cookies enable us to measure the effectiveness of a certain advertisement and, for example, to place it depending on users’ thematic interests. The legal basis for this is your express consent (Art. 6 para. 1 sentence 1 lit. a GDPR, Section 25 para. 1 TDDDG).

You may withdraw your consent at any time with effect for the future via our consent banner and change the cookie settings. Please note that changes must be made separately for each end device.

If you maintain accounts with the third-party providers used by us and are logged in there, your data may be linked to the respective account. You can avoid such aggregation by not granting or by withdrawing your consent to the relevant cookies, or by logging out of the respective third-party providers beforehand.

Most browsers accept cookies automatically. You can also manually deactivate, restrict or delete cookies on your end device via your browser settings or with the aid of software. If you disable the setting of cookies, full use of our websites may not be possible or may only be possible to a limited extent.

Please also note the information in the section relating to the respective service that uses cookies.

For reasons of technical security, in particular to defend against attempted attacks on our web server, these data are stored in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. No later than after 7 days, anonymisation takes place by shortening the IP address so that it can no longer be associated with the user.

• Surname, first name
• Contact details
• Salutation
• Your interest / concern
• Information regarding wishes and interests
• Company
• Customer number

A contact form is available on our website which can be used for electronic contact. If you write to us via the contact form, we process the data you provide in the contact form for the purpose of contacting you and responding to your questions and requests, Art. 6 para. 1 sentence 1 lit. a, b GDPR.

In doing so, the principle of data minimisation and data avoidance is observed, in that you are only required to provide the data that we absolutely need from you in order to contact you. These are your email address, surname and first name, company, and the message field itself. In addition, your IP address is processed due to technical necessity and for legal protection. All other data are voluntary fields and may optionally be provided (e.g. for a more individualised reply to your questions).

In order to protect the security and confidentiality of your data as effectively as possible, we implement appropriate security measures. Your inquiry is transmitted to us in encrypted form.

If you contact us by email, we will process the personal data transmitted in the email solely for the purpose of handling your inquiry. If you do not use the forms provided for contacting us, no data will be collected beyond this.

If your inquiry concerns a complaint, warranty case or similar matter, we may, where appropriate, transmit these data together with your personal information to the dealer from whom you purchased the device, or to another dealer in your vicinity, so that your claims may be fulfilled.

• Surname, first name
• Email address
• Salutation

A free newsletter may be subscribed to on our website in order to receive regular information about our products, new products and special promotions. The email address provided during newsletter registration, as well as your name, will be used for sending the personalised newsletter.

In doing so, the principle of data minimisation and data avoidance is observed, as only the email address (and, where applicable, the name in the case of a personalised newsletter) is marked as a mandatory field. For reasons of technical necessity and legal protection, your IP address is also processed when ordering the newsletter.

For sending newsletters by email, we use the so-called double opt-in procedure. This means that you will only receive advertising by email if you have expressly confirmed in advance that we should activate the newsletter service. This is done by sending you a notification email and asking you to confirm, by clicking a link contained in this email, that you wish to receive our newsletter at this email address.

You may, of course, unsubscribe from the subscription at any time via the unsubscribe option provided in the newsletter and thus withdraw your consent. Furthermore, it is also possible to unsubscribe from our newsletter dispatch at any time directly via our website.

Data processing takes place on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You may withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the withdrawal.

• Salutation
• Surname, first name
• Date of birth
• Delivery address
• Billing address
• Email address
• Telephone number
• Payment information

We collect, process and use personal data only insofar as this is necessary for the establishment, substantive design or amendment of the legal relationship. This is done on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

In order to avoid bad debt losses, and depending on which payment method you choose, we may, on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR and pursuant to our legitimate interest, transmit your data to Coface Finanz GmbH, Isaac-Fulda-Allee 1, 55124 Mainz, for a creditworthiness check after you have placed an order. In the course of a creditworthiness check, a so-called score value is calculated using a mathematical procedure, which provides information about your ability to pay. This generally takes place once a credit limit of EUR 1,000 has been exceeded. Please note that Coface Finanz GmbH uses the transmitted data further for its own purposes. You may object at any time to the transmission of these data to Coface Finanz GmbH; however, in such case the purchase contract may, under certain circumstances, not be capable of being performed.

The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Our website contains links to the social media services Facebook, Instagram, Pinterest, YouTube, Xing and LinkedIn. Links to the websites of social media services can be identified by the respective company logo. If you follow these links, you will reach our company presence on the respective social media service. When clicking on a link to a social media service, a connection to the servers of the social media service is established. In this way, the servers of the social media service are informed that you have visited our website. In addition, further data is transmitted to the provider of the social media service. This includes, for example:

• Address of the website on which the activated link is located
• Date and time of access to the website or activation of the link
• Information about the browser used and the operating system used
• IP address

In addition to us, the following entities are responsible for the company presences within the meaning of the GDPR and other data protection provisions:

• Facebook: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA
• Instagram: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
• YouTube: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA

If, at the time the link is activated, you are already logged in to the respective social media network, the provider of the social media network may be able to determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media network. You can exclude this possibility of assignment to your personal user account by logging out of your user account beforehand.

The servers of the social media networks are located partly in the USA and in other countries outside the European Union. Data may therefore also be processed by the provider of the social media network in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that may not generally protect personal data to the same extent as in the Member States of the European Union.

We maintain the fan pages ourselves in order to communicate with visitors to these pages and to inform them about our offers by this means.

In addition, we collect data for statistical purposes in order to further develop and optimise content and to make our offering more attractive. The data required for this purpose (e.g. total number of page views, page activities and data provided by visitors, interactions) is prepared by the social networks and made available to us. We have no influence on the generation and presentation of such data.

In addition, your personal data is processed by the providers of the social media services, but also by us, for market research and advertising purposes. For example, usage profiles may be created on the basis of your usage behaviour and the resulting interests. As a result, advertisements corresponding to your interests may be displayed within and outside the platforms. For this purpose, cookies are generally stored on your device. Irrespective thereof, data not directly collected on your end devices may also be stored in your usage profiles. Storage and analysis also take place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.

The processing of your personal data by us is based on our legitimate interests in effective information and communication pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

If you are asked for consent to data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis for processing is Art. 6 para. 1 lit. a, Art. 7 GDPR.

Please note that we have no influence on the scope, type and purpose of data processing by the provider of the social media network. For further information on the use of your data by the social media networks integrated into our website and on the possibilities to object, please refer to the information linked below:

Facebook

• Privacy Policy: https://de-de.facebook.com/policy.php
• Opt-out: https://www.youronlinechoices.com/

Instagram

• Privacy Policy: https://instagram.com/about/legal/privacy/
• Opt-out: https://www.youronlinechoices.com/

YouTube

• Privacy Policy: https://policies.google.com/privacy
• Opt-out: https://www.youronlinechoices.com/

Overall, you have the following rights with regard to the processing of your personal data:

Right of access; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to lodge a complaint about unlawful processing of your personal data with the competent data protection supervisory authority.

However, since we do not have full access to your personal data, you should contact the providers of the social media services directly when asserting your rights, as they each have access to the personal data of their users and can take appropriate measures and provide information.

Should you nevertheless require assistance, we will of course try to support you. Please contact: Datenschutz.Deutschland@wagner-group.com.

Our website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is established. In doing so, the YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on the handling of user data can be found in YouTube’s Privacy Policy at: https://www.google.en/intl/en/policies/privacy.

On our website, we use Google Maps (API) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. Google Maps is a web service for displaying interactive maps in order to visually present geographical information.

As soon as you access those subpages into which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not wish this to be assigned to your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such evaluation is carried out on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR and enables the display of personalised advertising, market research and/or needs-based design of the website.

You may withdraw your consent at any time with effect for the future. To do so, simply call up our consent banner and amend the settings accordingly. Please note that the change in the consent banner settings must be made separately for each end device.

Google processes data in part outside the European Union and the European Economic Area for the provision of content. Through appropriate contractual arrangements and safeguards, compliance with the European level of data protection for data transfer and processing in third countries is ensured.

If you do not agree to the future transmission of your data to Google in the context of using Google Maps, it is also possible to completely deactivate the Google Maps web service by disabling JavaScript in your browser. Google Maps, and therefore the map display on this website, can then no longer be used.

More detailed information can be found at:

http://www.google.de/intl/en/policies/terms/regional.html
https://www.google.com/intl/en_US/help/terms_maps.html
http://www.google.en/intl/de/policies/privacy/

We use widgets from Elfsight on our website. The service provider is Elfsight LLC, Paronyana str. 19/3, 201, Yerevan, 0015 Armenia. Elfsight enables us to integrate and manage various widgets on our website, such as social media feeds or customer reviews. These widgets may collect and process data of website visitors.

We have a legitimate interest in designing our website and its functions in as simple and appealing a manner as possible. The legal basis for this is Art. 6 para. 1 lit. f GDPR. More detailed information on the use of Elfsight can be found at https://elfsight.com/en/.

Our website uses the visitor action pixel of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, for conversion measurement.

This enables us to measure the success of our advertising campaigns by tracking the behaviour of website visitors after they have been redirected to our website by clicking on a Facebook advertisement. The behaviour can be evaluated for statistical and market research purposes and future advertising measures can be optimised. The legal basis for this is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions as to the identity of users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook may use the data for its own advertising purposes in accordance with Facebook’s Data Usage Policy. This may enable Facebook to place advertisements on Facebook pages as well as outside Facebook. This use of data cannot be influenced by us as the website operator.

In Facebook’s privacy notices, you will find further information on the protection of your privacy at: https://www.facebook.com/about/privacy/.

You may deactivate the remarketing function “Custom Audiences” for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do so, you must be logged into Facebook. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook at https://www.youronlinechoices.com/uk/your-ad-choices.

Provided that you consent thereto pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, this website uses the so-called Conversions API of the social network “Facebook” of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta), an interface between our marketing data and Facebook’s systems. Through this use, we aim to ensure that the advertisements we place via Facebook correspond to the interests of our users. This provides us with statistical evaluations that enable us to understand user behaviour on our website and their interaction with our content. We can also determine whether a user is redirected to our website after clicking on an advertisement on Facebook (so-called “conversion”).

At present, we integrate the interface to Facebook in so-called “advanced matching”. Through this function, we may, according to our selection, access information from your Facebook account in order to optimise our advertising strategy and tailor it even more precisely to you. Your identity is not disclosed to us any more than individual details about you. For example, if we wish to display a campaign only to a certain age group, Facebook will recognise in this way whether you should receive the advertisement.

In this context, the following data in particular may be processed:

• Email address
• Telephone number
• Gender
• Date of birth
• First and last name
• Postal address
• User ID, click ID, product ID, advertising ID, Facebook login ID
• IP address
• Browser type and version

Due to the tools used (Facebook Pixel and Conversions API), your browser automatically establishes a direct connection to Facebook’s server as soon as you have consented to the use of these technologies.

With regard to the USA, the competent EU Commission has issued an adequacy decision. It has therefore been formally established that your data enjoys an adequate level of protection in the USA. Irrespective thereof, by using appropriate data protection instruments, we ensure all additional formal requirements, if any, for the transfer of data to the USA as a so-called third country.

By integrating the Facebook Pixel and using the Conversions API, Facebook receives the information that you have accessed the relevant webpage of our website or clicked on one of our advertisements. If you have an account with Facebook or are otherwise registered with the provider, Meta may also assign your interactions with our Facebook advertisements and our website to your Facebook user account.

Meta processes your data in accordance with Meta’s data processing policy. More detailed information is available at https://en-en.facebook.com/business/help/.

We are jointly responsible with Meta for the data processing described above, namely with regard to the creation and placement of individualised advertisements. We are therefore not jointly responsible for the following processing operations, which are the sole responsibility of Facebook: any processing carried out by Facebook itself which goes beyond the processing described herein in accordance with its terms of use, in particular the creation of reports and analyses relating to your user behaviour.

We have concluded a corresponding data protection agreement with Meta regarding joint controllership. If you have any questions regarding this data processing, you may contact either us or Meta. If you wish to contact Meta directly, you may do so via the contact details provided in Facebook’s Privacy Policy at https://www.facebook.com/privacy/policy/. There you can also obtain information on further aspects of data processing by Meta.

You may deactivate the Conversion API via https://www.youronlinechoices.com/uk/your-ad-choices or directly on Facebook.

We use the TikTok Pixel in combination with the Events API on our website, operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. It serves to optimise and further develop advertising campaigns so that we can display advertising in a more targeted manner.

For this purpose, data on the use of the website and the logging of clicks on individual elements are collected in order to display appropriate advertising in accordance with user behaviour. In particular, the tool collects data on devices and network connection data such as device model, operating system or IP address, cookies, location information and usage content. These data are also transferred to the USA.

By granting your consent, a direct connection to the TikTok server is also established via the integrated pixel on our website in combination with the Events API. TikTok thereby receives, in particular, the following information: device information, visited websites, browser type, which TikTok processes and enriches in order to analyse and improve the effect of TikTok advertisements. We have no influence on the data collected by TikTok and on TikTok’s data processing operations, nor is the full scope of data collection, the purposes of processing or the storage periods known to us.

More detailed information on processing by TikTok and on the handling of user data can be found in TikTok’s Privacy Policy at: https://www.tiktok.com/legal/page/eea/privacy-policy/en.

We use Adobe Fonts on our website, which are provided via a service of Adobe. The service provider is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. In this way, fonts are displayed in the user’s browser via Adobe. As a result, data is transmitted to Adobe. Further information can be found in the Adobe Fonts privacy notice at https://www.adobe.com/en/privacy/policies/adobe-fonts.html.

This website uses the cross-platform cookie consent tool of CookieFirst in order to obtain your consent to the storage of certain cookies on your end device and to document this in compliance with data protection law. The provider of this technology is Digital Data Solutions B.V., Plantage Middenln 42a, 1018 DH Amsterdam. More detailed information can be found at https://cookiefirst.com.

When you visit our website, the following personal data is transmitted to CookieFirst:

• Your consent(s) or the withdrawal of your consent(s)
• Your IP address
• Information about your browser
• Information about your end device
• Time of your visit to the website

Furthermore, CookieFirst stores a cookie in your browser in order to be able to assign the granted consents or their withdrawal to you. The data collected in this way are stored until you request us to delete them, delete the CookieFirst cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected. CookieFirst is used in order to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.

This website uses functions of the web analytics service Google Analytics on the basis of your consent, Art. 6 para. 1 sentence 1 lit. a GDPR, as well as Section 25 para. 1 TDDDG. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files stored on your end device which enable an analysis of your use of the website. The information generated in this way is generally transmitted to a Google server in the USA and stored there. If IP anonymisation is activated, your IP address will be shortened prior to transmission and within the European Union or other contracting states of the European Economic Area. An unabridged transfer of the full IP address to Google only takes place in exceptional cases.

On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide further services related to website use and internet use to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

Sessions and campaigns are terminated after a defined period of time. By default, sessions end after 30 minutes of inactivity and campaigns after six months. Users’ personal data is deleted or anonymised after 14 months.

Google processes and stores your data in the USA. Through appropriate contractual arrangements and safeguards, compliance with the European level of data protection for data transfer and processing in third countries is ensured. Data processing and/or storage in third countries may also take place on the basis of your consent (Art. 49 para. 1 sentence 1 lit. a GDPR); in this case, you will be informed separately thereof, as well as of the possibility of withdrawal.

This website uses the “demographic characteristics” function of Google Analytics. This enables reports to be created containing information on age, gender and interests of site visitors. These data originate from Google’s interest-based advertising as well as from visitor data of third-party providers. These data cannot be assigned to a specific person. You may deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described under “Objection to Data Collection”.

Further information on terms of use and data protection can be found at:
https://www.google.com/analytics/terms/en.html and https://policies.google.com/?hl=en

You may prevent the storage of cookies by adjusting your browser software settings accordingly; however, please note that in this case you may not be able to use all functions of this website to their full extent. You may also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address), as well as from processing these data, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en

You may withdraw your consent at any time with effect for the future. To do so, simply open our consent banner and deselect the corresponding consent. Please note that changes in the consent banner settings must be made separately for each end device.

We have concluded the necessary data protection agreements.

Further information in this regard can be found at: https://support.google.com/analytics/answer/6004245 (general information on Google Analytics and data protection)

Our website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function enables the advertising target groups created with Google Analytics Remarketing to be linked with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and browsing behaviour on one end device (e.g. mobile phone) may also be displayed on another of your end devices (e.g. tablet or PC).

On the basis of your consent, Google links your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every end device on which you log in with your Google account.

In support of this function, Google Analytics collects Google-authenticated IDs of users, which are temporarily linked to our Google Analytics data in order to define and create target groups for cross-device advertising.

You may permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account; for this purpose, please follow this link: https://www.google.com/settings/ads/onweb/

The aggregation of the collected data in your Google account takes place exclusively on the basis of your consent, which you may grant to or withdraw from Google (Art. 6 para. 1 sentence 1 lit. a GDPR and Section 25 para. 1 TDDDG). Where data collection processes are not merged into your Google account (e.g. because you do not have a Google account or have objected to the merger), the collection of data is based on Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest arises from the interest in anonymised analysis of website visitors for advertising purposes.

Further information and the data protection provisions can be found in Google’s Privacy Policy at: https://policies.google.com/technologies/ads?hl=en.

This website uses Google AdWords. AdWords is a tool of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Within the scope of Google AdWords, we use so-called conversion tracking. If you click on an advertisement placed by Google, a cookie for conversion tracking will be set. These cookies expire after 30 days and do not serve to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the advertisement and was redirected to this page.

In this way, conversion statistics can be created for AdWords customers who have consented thereto. Individual users cannot be identified. If you do not wish to participate in tracking, you may object to this use by deactivating the cookie of Google Conversion Tracking via your internet browser under user settings. The storage of “conversion cookies” takes place on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise both its website offering and its advertising.

More information on Google AdWords and Google Conversion Tracking can be found at: https://policies.google.com/privacy?gl=en&hl=en.

You can configure your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

We use HubSpot on our website for marketing activities. HubSpot is a software company from the USA with a branch office in Ireland: HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland.

We use this integrated software solution for our own marketing and for customer service purposes. This includes, among other things, email marketing, social media publishing and reporting, reporting (e.g. traffic sources, access data, etc.), contact management (e.g. user segmentation and CRM), landing pages and contact forms.

You may withdraw your consent at any time with effect for the future; for this purpose, simply send an email to Datenschutz.Deutschland@wagner-group.com. If the processing is carried out on the basis of an existing contract, you may object to conversion tracking by sending an email to Datenschutz.Deutschland@wagner-group.com. Please note that in the event of an objection, the main service may then no longer be available. You may unsubscribe from mailings as described above, for example at the end of each mailing.

The data will be deleted as soon as they are no longer required for achieving the purpose for which they were collected. The EU has been designated as the place of storage of the data.

Since HubSpot may transfer personal data to affiliated companies and sub-processors in countries outside the EU and the EEA, additional protection mechanisms are required in order to ensure the level of data protection required by the GDPR. For the USA, an adequacy decision of the EU Commission exists pursuant to Art. 45 para. 1 GDPR in relation to companies certified under the EU-U.S. Data Privacy Framework. HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework and therefore undertakes to comply with appropriate data protection standards. For potential transfers to other third countries outside the EU and the EEA for which no adequacy decision by the EU Commission exists, standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR are additionally agreed. These require the recipient of the data in the third country to process the data in accordance with the level of protection in Europe. Data processing and/or storage in third countries may also take place on the basis of your consent (Art. 49 para. 1 sentence 1 lit. a GDPR); in this case, you will be separately informed thereof and of any possible risks associated therewith.

With this data protection notice, we inform you how your personal data is processed by us and which rights data protection law grants you in this context. The specific personal data processed concerning you and the extent of the processing depend on the statutory provisions and the content of the contractual business relationship agreed with you. It is therefore possible that not all parts of this data protection notice apply to you.

I. Controller for Data Processing
The controller is:
J. Wagner GmbH
Otto-Lilienthal-Str. 18
88677 Markdorf
Telephone: +49 (0) 75 44 / 5 05-0
Fax: +49 (0) 75 44 / 5 05-2 00
Email: info@wagner-group.com

You can contact our company Data Protection Officer at:
Email: Datenschutz.Deutschland@wagner-group.com
Telephone: +49 (0) 75 44 / 5 05-0
Fax: +49 (0) 75 44 / 5 05-2 00

II. Processed Data and Their Origin
Primarily, we process the personal data that we have received or collected from the data subjects within the framework of the business or customer relationship. We also process data provided in connection with inquiries / visits / registrations (e.g. online shop), consents (e.g. newsletter dispatch), etc., to the extent permitted by law.

In addition, we also process personal data that are made available to us within the scope of commissioned processing, as well as data from publicly accessible sources (e.g. press, internet), insofar as this is necessary and permissible for the respective purposes. We also process personal data lawfully transmitted to us by other companies of the Wagner Group or by third parties (e.g. credit insurers, receivables management, notices of criminal acts).

The personal data processed by us in this context consist of personal / identification data (name, address, contact data, user ID, etc.), data arising from the fulfilment of our contractual obligations (bank details, history, authorisations, etc.), data made available to us within the framework of consents, and other data comparable with the aforementioned categories.

III. Purposes of Processing and Legal Bases
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) on the basis of the following legal grounds:

1. a) For the Performance of a Contract (Article 6 para. 1 lit. b GDPR)

The processing of personal data is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.

If you make use of additional services, your data will be processed insofar as this is necessary for the provision of such additional services.

1. b) Within the Framework of Commissioned Processing (Article 28 GDPR)

The processing of personal data on behalf of others takes place exclusively in accordance with instructions and within the scope of statutory provisions.

2. Within the Framework of the Balancing of Interests (Article 6 para. 1 lit. f GDPR)

• Internal and external communication
• Documentation
• Internal and external monitoring (ICS controls or key figures)
• Internal and external investigations, security checks
• Creditworthiness checks to avoid bad debt losses
• Measures for business management and the further development of services and products
• Advertising
• Authorisation management
• IT security measures
• Event management
• Assertion / defence of legal claims, including in legal disputes
• Prevention and detection of criminal offences
• Measures relating to building and facility security (e.g. access controls)
• Measures to ensure domiciliary rights
• Risk management across the Wagner Group of companies

3. On the Basis of Your Consent (Article 6 para. 1 lit. a GDPR)

Insofar as you have consented to certain processing operations relating to your personal data (e.g. newsletter dispatch, participation in promotional campaigns), the lawful processing of your personal data is based on such consent. You may withdraw any consent given at any time with effect for the future. This also applies to declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. Since the withdrawal of consent only applies for the future, it does not affect the lawfulness of the processing carried out until the withdrawal.

4. Statutory or Legal Requirements (Article 6 para. 1 lit. c GDPR or in the public interest, Article 6 para. 1 lit. e GDPR)

Furthermore, as a company we are subject to various statutory obligations (e.g. tax laws, anti-money laundering legislation). These include, among other things, identity verification, fraud and money laundering prevention, compliance with tax-related monitoring and reporting obligations, and the assessment and management of risks within the company and the Wagner Group.

IV. Principles of Processing
The company ensures the implementation of appropriate technical and organisational measures for data security through internal regulations and - where data is processed by an external service provider - through corresponding contractual arrangements, such as the use of EU standard contractual clauses where data is processed outside the European Union.

Please arrange for any necessary changes to your data in good time. You may contact the relevant departments or the Data Protection Officer in order to clarify questions regarding your data and request both access to and correction / deletion of incorrect or no longer required data

V. Recipients of the Data
Subject to compliance with statutory provisions and existing internal regulations, those entities that require your data in order to fulfil our contractual and legal obligations are granted access to it. Service providers and agents engaged by us (e.g. IT service providers, logistics, telecommunications, debt collection, consulting, financial services, marketing agencies, insurers, etc.) may also access your data for these purposes, provided that in particular they maintain the confidentiality and integrity of the data.

We only disclose personal data to recipients outside our company if and insofar as this is necessary in compliance with the applicable data protection regulations. In principle, we may only disclose information concerning you if this is required by statutory provisions, you have consented, or we are authorised to provide such information. Recipients of personal data may, for example, include:

• For operational purposes
• Other companies of the Wagner Group
• Service providers / processors
• Customers, suppliers, partners
• For reporting and information obligations
• Authorities and other bodies (e.g. tax authorities, auditors)
• For the clarification of claims and allegations
• Lawyers, law enforcement authorities, creditors or insolvency administrators
• Recipients explicitly designated by you
• Credit and financial services institutions

In addition, your personal data may be transferred to recipients for whom you have granted us your consent. The same applies to entities to which we may transfer personal data on the basis of a balancing of interests.

VI. Transfer of Data to Third Countries or International Organisations
We transfer personal data to entities in countries outside the European Union (so-called third countries) insofar as:

• this is required by law (e.g. tax-related reporting obligations),
• you have consented, or
• the transfer is necessary for safeguarding our legitimate interests and your interests or fundamental rights and freedoms requiring the protection of your personal data do not override those interests.

In addition, personal data is transferred to entities in third countries in the following cases:

• In individual cases, personal data is transferred in compliance with the level of data protection of the European Union on the basis of the consent of the data subject or statutory provisions for combating money laundering, terrorism financing or other criminal acts, as well as on the basis of a balancing of interests.

VII. Duration of the Storage of Personal Data
We store or otherwise process your personal data only for as long as this is necessary to achieve the respective purpose. If the purpose of the processing no longer applies (e.g. legal transaction completed), the relevant personal data will be deleted. In the following cases, deletion may be delayed:

• Compliance with statutory retention periods (e.g. German Commercial Code (HGB), German Banking Act (KWG), German Money Laundering Act (GwG)). The retention periods specified there are generally 6 to 10 years.
• Compliance with justified retention periods (e.g. for customer service, inquiries, log files).
• Preservation of evidence within the statutory limitation periods. Pursuant to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods may amount to up to 30 years.The regular limitation period is 3 years.

If we or a third party process your data on the basis of the above-mentioned balancing of interests, we will delete your personal data as soon as our legitimate interest no longer exists. The above-mentioned exceptions also apply here.

Data deletion is carried out within the framework of the deletion routines implemented by the process owners.

In the event of consent, the data will be deleted as soon as the consent is withdrawn for the future, unless one of the above-mentioned exceptions applies.

VIII. Internal Monitoring and Investigation
In order to protect against the various threats to our IT systems - such as malware, hacker attacks and spam - and to protect intellectual property, various procedures are used in which, for example, exchanged information is examined for viruses and connection data is examined for anomalies. If anomalies are detected, the relevant documents and connection data may be analysed.

For the purpose of complying with existing delivery and payment restrictions - such as those applying to companies and individuals listed on various governmental sanctions lists - a comparison against such lists may be carried out.

Furthermore, in cases of suspicion, in the course of official investigations, and for the defence against claims asserted against our company, an investigation and, where appropriate, the disclosure of data and documents relating to the persons concerned may be necessary. In all cases, our internal regulations, the statutory requirements and the personal rights of the data subjects are observed.

IX. Rights of the Data Subject
Pursuant to Article 15 GDPR, every data subject has a right of access. Pursuant to Article 16 GDPR, the data subject may request the rectification of inaccurate personal data. Pursuant to Article 17 GDPR, the data subject has a right to erasure, or pursuant to Article 18 GDPR a right to restriction of processing. Likewise, under the conditions of Article 21 GDPR, the data subject may object to the processing of personal data concerning him or her. Pursuant to Article 20 GDPR, the data subject has a right to data portability.

To exercise these rights, you may contact the Data Protection Officer or the respective department. Furthermore, pursuant to Article 77 GDPR in conjunction with Section 19 BDSG, you have the right to lodge a complaint with the competent data protection supervisory authority. Any consent given may be withdrawn from us at any time.

X. Obligation to Provide Personal Data
Within the framework of the legal transaction to be carried out with you, you are obliged to provide the personal data that are necessary for the performance of the legal transaction and for the fulfilment of the associated contractual obligations, or that we are legally obliged to collect.

If you do not provide certain personal data, disadvantages may arise for you and/or, under certain circumstances, the legal transaction may not be concluded.

XI. Automated Decision-Making
Automated decisions may only be taken in accordance with Article 22 GDPR if they are necessary for the conclusion or performance of a contract, are permissible by virtue of legal provisions, or are legitimised by the express consent of the data subject.

Insofar as we use such procedures in individual cases, you will be informed thereof and of your related rights within the framework of the statutory requirements.

XII. Profiling
Your data is processed partly in an automated manner in order to evaluate certain personal aspects (profiling). For example, due to statutory and regulatory requirements relating to the prevention of money laundering, terrorism financing and offences endangering assets, we are obliged to carry out such data evaluations.

XIII. Information on Your Right to Object under Article 21 GDPR

1. Right to Object on Grounds Relating to Your Particular Situation
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is carried out on the basis of Article 6 para. 1 lit. e GDPR (data processing in the public interest) or lit. f GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on those provisions.

If you object, we will no longer process your personal data. This shall not apply where we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves the establishment, exercise or defence of legal claims.

2. Recipient of an Objection
The objection may be made informally with the subject line “Objection”, stating your name, address and, where applicable, your contact details, and should be addressed to the Data Protection Officer.