Privacy information

Our privacy information is structured as follows:

Contents

A. General information

  1. Controller
  2. Data protection Officer
  3. Disclosure of data to third parties
  4. Third Country transfer
  5. Storage period
  6. Your rights
     

B. Data processing strictly necessary for the provision of the website

  1. Log file
  2. Consent Management Tool
  3. Cookies for the provision of the website

 

C. Additional data processing on the website after consent

  1. Cloudflare
  2. Facebook tracking and ads
  3. Google services
  4. LeadLab
  5. MINQ
  6. Polyfill

 

D. Data processing when contacting us or placing an order

  1. Contact
  2. Orders via the online store
  3. Advertising measures

 

E. Supplementary information for business partners and interested parties

  1. Purpose and legal basis of the processing of personal data of our business partners and interested parties
  2. Disclosure of personal data of our business partners and interested parties to third parties

 

F. Supplementary information for applicants

  1. Purpose and legal basis of the processing of personal data of our applicants
  2. Deletion of applicant data

 

The simultaneous use of masculine and feminine forms of speech is waived for reasons of better readability. All personal designations nevertheless apply to all genders.

A. General information

The general information applies equally to data processing on our websites www.index-werke.de and www.ixshop.index-traub.com (please read under B, C and D) as well as to the processing of personal data of our business partners and interested parties (please read under E) and our applicants (please read under F).

1. Controller

Responsible for the processing of personal data is:

INDEX-Werke GmbH & Co. KG Hahn & Tessky     
Plochinger Straße 92 
73730 Esslingen        
Tel.: +49 711 3191-0
E-Mail: info@index-werke.de

2. Data Protection Officer

You can reach our data protection officer at:

INDEX-Werke GmbH & Co. KG Hahn & Tessky     
z.H. Datenschutzbeauftragter INDEX-Werke        
Plochinger Straße 92 
73730 Esslingen        
Tel.: +49 711 3191-0
E-Mail: dsb@index-werke.de

3. Disclosure of data to third parties

Your personal data will only be passed on to third parties if this is permitted by data protection law, in particular if you have consented to the transfer (Art. 6 para. 1 p. 1 lit. a GDPR) or if the transfer is necessary for the purpose of processing the contract (Art. 6 para. 1 p. 1 lit. b GDPR).

Categories of recipients of personal data not bound by instructions are: Transport and logistics companies as well as providers of map, video and analysis tools.

Categories of service providers bound by instructions and obligated in accordance with data protection law requirements, who may not use the data for any other purpose, are: Service providers for newsletter dispatch and for website support and hosting.

4. Third country transfer

On our website, services of providers based in the USA or relations to the USA are integrated. If you consent to data processing by one of these providers, it cannot be ruled out that US authorities will have unrestricted access to the data processed about you. You also have no legal recourse against this. Specifically, these providers are:

Third Country Transfers at www.index-werke.de:

1.         Service: Google Tag Manager, Google Analytics, Google Ads, Google Maps, YouTube.        
Provider: Google Ireland Limited, Dublin/Ireland   
Parent company: Google LLC, Mountain View/USA

2.         Service: Facebook Tracking and Ads       
Provider: Facebook Ireland Limited, Dublin/Ireland         
Parent company: Facebook Inc., CA/USA

3.         Service: Cloudflare  
Provider: Cloudflare Germany GmbH, Munich       
Parent company: Cloudflare Inc., CA/USA

Third Country Transfers at www.ixshop.index-traub.com:

1.         Service: Google Tag Manager, Google Analytics  
Provider: Google Ireland Limited, Dublin/Ireland   
Parent company: Google LLC, Mountain View/USA

It cannot be ruled out that the Companies or the respective parent companies and/or U.S. authorities may access personal data processed to provide the Services.

The legal basis for the transfer of personal data to the USA was the certification of the providers or the providers' parent companies in accordance with the EU-US Privacy Shield. However, this agreement was declared invalid by the European Court of Justice in July 2020. Negotiations are being conducted between the USA and the EU on a successor agreement to the Privacy Shield. However, it is not foreseeable when these will be concluded.

For this reason, standard data protection clauses pursuant to Article 46 para. 2 lit. c of the GDPR (SCCs) are currently regularly agreed as the legal basis for the transfer of personal data to the USA. However, a third-country transfer on the basis of SCCs is only permissible if the agreements can actually be complied with by the providers in the third country. In particular, this would require that unrestricted access to the data by U.S. authorities can be ruled out, which is not the case according to current knowledge.

Therefore, although we enter into the standard data protection clauses with the companies, we only use the aforementioned services with your prior express consent and expressly point out the following regarding the risks of transferring data to one of the aforementioned service providers:

Due to the powers of the U.S. intelligence agencies and the legal situation in the U.S., U.S. government surveillance measures are disproportionate and, from the EU's perspective, there is no adequate level of government data protection for personal data. In particular, Sec. 702 of the U.S. Foreign Intelligence Surveillance Act (FISA) provides no limits on the surveillance activities of the intelligence agencies and no safeguards for non-U.S. citizens. Moreover, Presidential Policy Directive 28 (PPD-28) does not provide data subjects with effective remedies against measures taken by U.S. authorities and does not provide for barriers to ensure proportionate measures. In addition, U.S. authorities can demand that a U.S. company hand over all stored data on the basis of the U.S. Cloud Act, even if this data is located on servers within the EU.

5. Storage period

The personal data processed by us will be stored by us for as long as is necessary for the respective purpose - in particular the processing of your request or your order - in compliance with the statutory retention periods (e.g. in accordance with the German Commercial Code and the German Fiscal Code, ten years for tax-relevant documents and six years for other business letters) (Art. 6 para. 1 p. 1 lit. c GDPR). Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 para. 1 p. 1 lit. a GDPR or the purpose of the data processing has not yet ceased.

6. Your rights

6.1 Disable and delete cookies

When visiting our website, cookies may be stored on your end device. You can disable the storage of cookies on your end device in your browser settings. In addition, you can delete cookies stored in your browser settings at any time. However, in this case you may not be able to use all functions of our website to their full extent.

6.2 Right of withdrawal

Some of the processing operations described in this privacy information are based on your consent. You may withdraw your consent to the performance of these processing operations at any time with effect for the future. You can exercise your consent to data processing through services on our website via the Consent Management Tool (CMT). In this way, you can also consent again to individual data processing operations. You can open the CMT at any time via the "Cookie Settings" link in the footer of the website. In all other cases, you can exercise your right of withdrawal by sending a message to the contact details listed above.

6.3 Right of objection

You may object to the use of personal data for direct marketing purposes at any time; you may also object to the use of personal data on the basis of Art. 6 para. 1 p. 1 lit. e or f GDPR for reasons arising from your particular situation at any time with effect for the future. For the objection, only the transmission costs according to the prime rates are incurred.

6.4 Right of access, rectification, erasure or restriction and portability

Under the conditions of Art. 15 to 20 GDPR, you have the right to receive information free of charge about the data we have stored about you, to have incorrect data corrected and to request the deletion or restriction of processing as well as the transferability of your personal data. In some cases, however, we are not allowed to delete user data completely due to legal retention obligations.

6.5 Right of appeal

You have a right of appeal to a supervisory authority.

B. Data processing strictly necessary for the provision of the website

In some cases, the processing of data is absolutely necessary in order to be able to provide our service without technical or functional restrictions and in accordance with legal requirements. In these cases, data processing also takes place if you have refused any additional data processing via the Consent Management Tool (CMT).

1. Log file

When a website is accessed, the server automatically creates a so-called "log file". This contains certain access data, e.g. the date and time of access, browser type and version, operating system and version, IP address, accessed domain and the previously visited website.

The data processing is absolutely necessary to ensure the retrievability and correct display of our websites on your end device. In addition, the log files can be used to identify cyber attacks and thus ensure the accessibility of our websites. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. b GDPR.

2. Consent Management Tool

We have included a Consent Management Tool ("CMT") to obtain and document your consent to data processing through various services.

When you open our website, you can provide consent for individual data processing via the CMT, which will be stored by the CMT.

For this purpose, the CMT stores cookies on your end device. These are the following cookies:

  - cookieconset_status: stores that the visitor has accepted the cookie notice; the storage period is one year; there is no access by third parties to the processed data.

  - avsite_optin_functional: cookie banner settings; the storage period is two years; there is no access by third parties to the processed data.

  - avsite_optin_statistic: cookie banner settings; the storage period is two years; there is no access by third parties to the processed data.

In this way, when you open the website again, you can see which data processing by which services you have or have not consented to. This means that you do not have to make your settings for consenting to individual data processing operations again each time you visit the site. For this purpose, the storage of the listed cookies on your end device is absolutely necessary (§ 25 para. 2 no. 2 TTDSG; German Act Governing Data Protection and Privacy in Telecommunications and Telemedia).

Of course, you can open the CMT at any time via the link "Cookie settings" in the footer of the website. In this way, you can easily withdraw consent you have given once.

3. Cookies for the provision of the website

When you open our website, cookies may be stored on your end device:

  - PREF: Stores a visitor's preferred page configurations and playback settings such as autoplay, random mix, and player size; the storage period is 8 months; there is no third-party access to the processed data.

  - fe_typo_user: Standard session cookie of TYPO3 for the FE login; will be deleted after the session expires; there is no access by third parties to the processed data.

The storage of cookies on your end device is absolutely necessary for the provision of our website (§ 25 para. 2 no. 2 TTDSG).

C. Additional data processing on the website after consent

We have integrated the services listed below into our website for various purposes. Data is only processed by these services if you have given your consent via the Consent Management Tool (CMT). You can use the CMT to withdraw your consent at any time; please also read section A.6.2.

1. Cloudflare

On our websites the service Cloudflare is integrated. The provider of the service is Cloudflare Germany GmbH, Rosental 7, 80331 Munich ("Cloudflare"). Data processing by the service only takes place after you have consented to this via the CMT.

The service accesses this information from your end device: browser type and version, operating system and version, IP address, accessed domain and the previously visited website. In addition, the service collects the date and time of the page view. The legal basis for the access to stored information as well as the storage of information on your end device by the service is your consent (§ 25 para. 1 p. 1 TTDSG).

Based on the collected data, Cloudflare creates logs about the use of our websites. This enables Cloudflare to protect our websites from attacks through intermediate security services and firewalls. The legal basis for the further processing of the collected data is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).

In addition, Cloudflare is a content delivery network that makes our website faster and more secure. With the help of the service, our web pages are made available for retrieval on different servers around the world, which improves performance.

It cannot be ruled out that data collected by the service may also be transmitted to a server of the provider in a third country - in particular in the USA - and stored there. To safeguard the third-country transfer, we have agreed on EU standard data protection clauses with the provider. According to its own information, the provider ensures compliance with the data protection agreements. Nevertheless, a transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by the service therefore only takes place with your express consent. You can find more detailed information on third country transfers in section A.4.

For more information on data processing by the Service, please visit:

  - https://www.cloudflare.com/de-de/application/privacypolicy/?utm_referrer=https://www.cloudflare.com/de-de/gdpr/introduction

  - https://www.cloudflare.com/de-de/gdpr/introduction

  - https://support.cloudflare.com/hc/de/articles/205177068-Wie-funktioniert-Cloudflare-

2. Facebook tracking and ads

Tracking and advertising services are integrated on our websites. The provider of the service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). Data processing by the service only takes place after you have consented to this via the CMT.

The service accesses this information of your end device: device information and location. The legal basis for the access to stored information as well as the storage of information on your end device by the service is your consent (Section 25 para. 1 p. 1 TTDSG).

We can place ads on Facebook to draw attention to our offers. In doing so, we only want to place ads that are attractive to you. For this purpose, Facebook analyzes your surfing behavior on our website based on the information collected. The legal basis for the further processing of the collected data is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).

If an ad is placed for you by us on Facebook and you click on it, you may be redirected to our website. In this case, Facebook may store so-called tracking pixels on your end device. The legal basis for storing information on your end device is your consent (§ 25 para. 1 p. 1 TTDSG).

Using the tracking pixel, Facebook can track that you clicked on our ad and were redirected to our website. In this way, Facebook can provide us with a statistical evaluation of the effectiveness of our advertising measures (so-called "conversion tracking"). The legal basis for conversion tracking is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).

If you are logged into Facebook with your profile, Facebook may add the collected data to your user profile. In addition, Facebook may use the collected data for its own advertising purposes in accordance with the Facebook Data Usage Policy. The legal basis for this data processing is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).

It cannot be ruled out that data collected by the service may also be transmitted to a server of the provider in a third country - in particular in the USA - and stored there. To safeguard the third-country transfer, we have agreed on EU standard data protection clauses with the provider. According to its own information, the provider ensures compliance with the data protection agreements. Nevertheless, a transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by the service therefore only takes place with your express consent. You can find more information on third country transfers in section A.4.

Users who are logged in to Facebook can customize their ad settings at: www.facebook.com/ads/preferences.

For more information on data processing by the Service, please visit:

  - https://www.facebook.com/policy.php

  - https://m.facebook.com/policies/cookies

3. Google services

Our website includes services provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google").

3.1 General about Google services, legal basis

To provide the services, Google accesses information that is stored on your end device. In addition, Google may store information and, in particular, cookies on your end device in order to provide the services. Details on this can be found below for the respective service. The legal basis for accessing information and storing information and cookies is your consent (Section 25 para. 1 p. 1 TTDSG).

Google processes the information on the one hand to provide the services. On the other hand, Google processes the information according to its own information in order to continuously improve and further develop its services. The legal basis for the processing of personal data for these purposes is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).

It cannot be ruled out that data collected by Google services will also be transmitted to and stored on a Google server in a third country, in particular a server of Google's parent company, Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California, USA. To safeguard the third-country transfer, we have agreed EU standard data protection clauses with Google. According to its own information, Google ensures compliance with the data protection agreements. Nevertheless, a transfer of personal data to the USA is associated with particular risks for data subjects. The integration of and data processing by Google services therefore only takes place with your express consent. For more information on third country transfers, please refer to para. A.4.

If you are logged into your Google account, Google may add processed information to your account depending on your account settings and treat it as personal data, cf. in particular www.google.de/policies/privacy/partners. We do not obtain knowledge of the data collected in this way and how it is used.

You can obtain further information on data processing by Google at:

  - https://policies.google.com/privacy ("Google Privacy Policy")

  - https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use our partners' websites or apps").

  - http://www.google.com/policies/technologies/ads ("Data use for advertising purposes")

3.2 Google Tag Manager

On our website, the service Google Tag Manager (GTM) is integrated to reload additional services. Due to this technical implementation, Google obtains knowledge that the website was called up with the IP address of your end device when you call up a website. In addition, Google can track which functions and tools are reloaded via the GTM.

For more information on data processing by GTM, please visit: https://support.google.com/tagmanager/answer/6102821?hl=de.

3.3 Google Analytics

The Google Analytics service is integrated on our website. The service evaluates your surfing behavior across our websites. For this purpose, the service stores cookies on your end device:

  - _gid: Used to distinguish visitors; the storage period is 24 hours; Google has access to the processed data.

  - NID: Used to display Google ads in Google services for logged out visitors; the storage period is six months; Google has access to the processed data.

  - _gat_UA-69558560-...: Contains campaign-related information for the visitor and can be used in combination with Google Ads; the storage period is 90 days; Google has access to the                 processed data.

  - 1P_JAR: Collects statistics on website usage and measures conversions; the storage period is one month; Google has access to the processed data.

  - _ga: Used to distinguish visitors; the storage period is two years; Google has access to the processed data.

On our behalf, Google processes the data collected to provide us with pseudonymous profiles of individual visitors and general statistics on the use of our website. We use this information to improve our offer and make it more interesting for you as a user.

We use the "Google Optimize" function of Google Analytics. Google Optimize analyzes the use of different variants of our website (so-called "A/B tests") and thus helps us to improve the user experience according to the behavior of our users on the website.

We use the "demographic characteristics" function of Google Analytics. By evaluating your surfing behavior, Google can make statistical statements about the demographic characteristics and interests (e.g. age, gender, affinity categories, segments with target groups willing to buy) of visitors to our website. However, we cannot assign this data to any specific person. We use the demographic information to improve our offer and to make it more interesting for you as a user. For more information on data processing by "demographic characteristics" of Google Analytics, please visit: https://support.google.com/analytics/answer/2799357?hl=de.

IP anonymization has been activated on this website so that your IP address is shortened by Google Analytics before it is stored. According to Google, only in exceptional cases will the full IP address be transmitted to a Google LLC server in the USA and shortened there. According to Google, the shortened IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Under the following link you can download and install a plug-in for the browser you use to deactivate Google Analytics across websites: http://tools.google.com/dlpage/gaoptout?hl=de.

For more information on data processing by Google Analytics, please visit: https://support.google.com/analytics/answer/6004245?hl=de%20.

3.4 Google Ads and Google Ads Remarketing

The Google Ads and Google Ads Remarketing services are integrated on our websites in order to draw attention to our offers in Google search results and on third-party websites.

We only want to place ads that are attractive to you. For this purpose, Google analyzes in particular device information, your location and your surfing behavior on our website. For this purpose, the service stores cookies on your end device:

  - IDE: Used to display Google ads in Google services on websites that do not belong to Google; the storage period is one year; Google has access to the processed data.

When you click on an ad placed for us by Google in the Google search results or on a third party website, cookies are stored on your end device for so-called conversion tracking (visit action evaluation). These cookies have a limited validity period. If you subsequently visit certain pages of our website and the cookies have not yet expired, Google can recognize that you clicked on our ad and were redirected to our website. In this way, Google can provide us with a statistical evaluation of the effectiveness of our advertising measures. For this purpose, the service stores cookies on your end device:

  - 1P_JAR: Collects statistics on website usage and measures conversions; the storage period is one month; access to the processed data by Google cannot be excluded.

Google assumes joint responsibility for the data processing outlined and has therefore provided us with a corresponding contract in accordance with Art. 26 GDPR as part of the ordering process, which we have agreed with Google.

You can activate or deactivate personalized advertising from Google via the advertising settings under this link: https://adssettings.google.com/anonymous?sig=ACi0TCjoT_RnPbIUe8IGa85dyA_5J4bol6TV5SM7jVOJycoeZaGP6BA8RWwSWmRUP0XRoURUu0XBV15kNZzQKE4cntIuJx15vg&hl=de. These settings are stored (if you are logged in) in your Google account or (if you are not logged in) in the browser. Alternatively, you have the option of installing a plug-in for your browser under this link to deactivate personalized advertising: https://support.google.com/ads/answer/7395996?hl=de.

For more information on how Google Ads works and how it processes data, see:

  - https://ads.google.com

  - https://ads.google.com/intl/de_de/home/faq/gdpr

  - https://policies.google.com/technologies/ads

3.5 Google Maps

The Google Maps service is integrated on our websites. The service visually displays geographical information and creates directions.

The embedding of the service is linked to your settings in our Consent Management Tool (CMT). Thus, you will initially only be shown a preview image on our website. In this case, you cannot use the service and data processing by the provider does not take place. Only after you have activated the service via the settings in the CMT, a connection to the provider is established and you can use the service. As a result, your IP address is forwarded to the provider's servers and the provider is thus informed that our website was visited with your IP address.

You also have the option of deactivating the service and thus preventing the transfer of data to the provider by deactivating JavaScript via your browser settings. However, we would like to point out that in this case you will not be able to use all functions of the website.

For more information about Google Maps, please visit: https://www.google.com/intl/de_de/help/terms_maps.html (Google Maps Terms of Use).

3.6 YouTube

On our websites videos are embedded via YouTube.

The embedding of the service is linked to your settings in our Consent Management Tool (CMT). Thus, you will initially only be shown a preview image on our website. In this case, you cannot use the service and data processing by the provider does not take place. Only after you have activated the service via the settings in the CMT, a connection to the provider is established and you can use the service. As a result, your IP address is forwarded to the provider's servers and the provider is thus informed that our website was visited with your IP address.

  - YSC: Stores user input and associates it with the user's actions; the cookie remains stored as long as the visitor has his browser open; Google has access to the processed data.

  - VISITOR_INFO1_LIVE: Used to display Google ads in Google services on websites that do not belong to Google; the storage period is six months; Google has access to the processed data.

You also have the option to prevent the integration of YouTube videos and thus the data transfer to the provider by deactivating JavaScript in your browser settings. However, we would like to point out that in this case you will not be able to use the video function.

For more information about YouTube, please visit: https://www.youtube.com/t/terms (YouTube Terms of Use).

4. LeadLab

The LeadLab service is integrated on our websites. The provider of the service is WiredMinds GmbH, Lindenspürstraße 32, 70176 Stuttgart ("WiredMinds"). Data processing by the service only takes place after you have consented to this via the CMT.

The service accesses this information of your end device: IP address. For this purpose, the service stores tracking pixels or web beacons on your end device: The legal basis for the access to stored information as well as the storage of information on your end device by the service is your consent (Section 25 para. 1 p. 1 TTDSG).

On our behalf, WiredMinds matches the IP address through which you opened our website with a company database. If the IP address can be assigned to a company, WiredMinds also evaluates the visit behavior on our website. IP addresses of natural persons are excluded from further use according to WiredMinds (so-called "whitelist procedure"). According to WiredMinds, the IP address is not stored in LeadLab. The legal basis for the further processing of the collected data is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).

For more information on data processing by the Service, please visit:

  - https://wiredminds.de/datenschutz-leadlab

  - https://wiredminds.de/datenschutz

5. MINQ

On our websites the service MINQ is integrated. The provider of the service is ADDVALUE GmbH, Ernst-Barlach-Straße 20, 36041 Fulda ("Addvalue"). Data processing by the service only takes place after you have consented to this via the CMT.

The service accesses this information from your end device: IP address, web pages accessed. A so-called "tracking script" is used for this purpose. The legal basis for the access to stored information as well as the storage of information on your end device by the service is your consent (§ 25 para. 1 p. 1 TTDSG).

On our behalf, the service transfers the collected information to Addvalue, where it is collected, stored and made available for the purpose of recognizing website visitors. Addvalue uses the information to determine whether a visitor is active in a particular company. This allows us to track which companies are interested in our offerings. According to Addvalue, the visit data of individuals is not processed. The legal basis for the further processing of the collected data is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).

You have the option of deactivating the service and thus preventing the transfer of data to the provider by deactivating JavaScript via your browser settings. However, we would like to point out that in this case you will not be able to use all functions of the website.

For more information on data processing by the Service, please visit:

  - https://www.addvalue.de/datenschutz

  - https://www.minq.de

6. Polyfill

The Polyfill service is integrated on our website. The provider of the service is the Financial Times, Limited, 1 Southwark Bridge, London, SE1 9HL, United Kingdom ("FTL"). Data processing by the service only takes place after you have consented to this via the CMT.

The service accesses this information of your end device: IP address, information about browser (name, version) and operating system as well as the device location. The legal basis for the access to stored information as well as the storage of information on your end device by the service is your consent (Section 25 para. 1 p. 1 TTDSG).

Polyfill is a content delivery network that makes our website faster and more secure. By integrating content via Polyfill, we can display it consistently and without errors on different devices, browsers and operating systems. For this purpose, the information collected is transmitted to FTL servers and stored there. The legal basis for the further processing of the collected data is your consent (Art. 6 para. 1 p. 1 lit. a GDPR).

It cannot be ruled out that data collected by the service will also be transmitted to a server of the provider in the United Kingdom and stored there. The EU Commission has issued an adequacy decision for the United Kingdom. A possible third country transfer is therefore secured according to Art. 45 para. 1 p. 1 GDPR.

You have the option of deactivating the service and thus preventing the transfer of data to the provider by deactivating JavaScript via your browser settings. However, we would like to point out that in this case you will not be able to use all functions of the website.

For more information on data processing by the Service, please visit: https://polyfill.io/v3/privacy-policy.

Please ensure that you have agreed on a corresponding contract with Google in accordance with Art. 26 GDPR. The name of this contract on the part of Google was, according to our last knowledge: "Google Ads Controller-Controller Data Protection Terms".

D. Data processing when contacting us or placing an order

Read here what data is processed when you contact us or use functions of the website.

1. Contact

We collect personal data when you provide it to us. This can be, for example, data that you enter in a contact form or transmit to us in the course of contacting us. Insofar as certain input fields are marked as "mandatory data", we use these fields to collect the data that is required to carry out the desired action. Of course, you can provide us with further data if you wish.

The processing of this data is based on Art. 6 para. 1 p. 1 lit. b GDPR, insofar as this is necessary for the implementation of a measure requested by you. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 p. 1 lit. f GDPR).

2. Orders via the online store

Customers already created in our ERP system can register for a password-protected, free account in our online store www.ixshop.index-traub.com. Once you have registered a user account, you can place orders via the online store and view them as well as your returns and watch lists. In addition, you can manage the personal information about yourself.

In the course of registration, the data marked as mandatory (in particular your INDEX customer number, first and last name, and e-mail address) are collected. You can change this data at any time. With the "mandatory data", we collect the data that is required for the purpose of implementing the user relationship established by the registration - in particular for processing your orders (Art. 6 para. 1 p. 1 lit. b GDPR). Of course, you can provide us with further data if you wish. You can delete your personal user account at any time.

3. Advertising measures

We have a legitimate interest in the use of your data for direct marketing purposes within the meaning of Art. 6 para. 1 p. 1 lit. f GDPR.

Insofar as you have consented to this (Art. 6 para. 1 p. 1 lit. a GDPR), we also use your data to send you e-mail newsletters. The newsletters are technically designed so that we can track whether you have opened it. In particular, information on delivery success, opening rates, click behavior and cancellations is stored and processed. The information obtained is used to make the newsletters even more attractive to you in the future. Your consent also refers to this tracking.

You can withdraw your consent to the sending of the newsletter as well as to the newsletter tracking at any time via the link provided for this purpose in every e-mail newsletter or by sending a message to the contact details given above. In addition, you can object to the processing of your personal data for advertising purposes with effect for the future in writing, by fax, by e-mail or by telephone. For the objection, only the transmission costs according to the prime rates are incurred. The lawfulness of the data processing operations already carried out remains unaffected by this.

The newsletter is sent by a service provider bound by instructions, who is obligated in accordance with the data protection regulations and may not use the data for any other purpose.

E. Supplementary information for business partners and interested parties

In addition to our General Information (please read under 0), we provide information here on how personal data of our business partners and interested parties is collected and for what purposes it is processed and on what legal basis. We also inform about to whom the data of our business partners and interested parties are passed on and for what purpose.

1. Purpose and legal basis of the processing of personal data of our business partners and interested parties

We process personal data pursuant to Art. 6 para. 1 p. 1 lit. b GDPR, which are necessary for the fulfillment of obligations in the context of a possible contract initiation and from the contractual relationships with our business partners. This includes, in particular, first name, last name, a valid e-mail address, address, telephone number (landline and/or mobile) and account details.

We may process personal data of our existing customers for the purpose of sending information about our services (e.g. product information, special offers or event invitations). We have a legitimate interest in this within the meaning of Art. 6 para. 1 p. 1 lit. f GDPR. You can object to this processing at any time. For the objection, only the transmission costs according to the prime rates are incurred (read more under D. 3).

2. Disclosure of personal data of our business partners and interested parties to third parties

Your personal data will only be disclosed to third parties if this is permitted by data protection law, in particular if you have consented to the disclosure (Art. 6 para. 1 sentence 1 lit. a GDPR) or if this is necessary for the purpose of processing the contract (Art. 6 para. 1 p. 1 lit. b GDPR). Categories of recipients of personal data are in particular transport companies.

F. Supplementary information for applicants

In addition to our General Information (please read under 0), we provide information here on how personal data of our applicants is collected and for what purposes it is processed and on what legal basis. We also provide information on when applicant data is deleted again.

1. Purpose and legal basis of the processing of personal data of our applicants

The personal data that you voluntarily provide to us as part of the application process - such as, in particular, your first and last name, address, e-mail address, date of birth, place of birth, occupation, curriculum vitae, certificates and special categories of personal data (e.g. information on your religious beliefs or health data) - will be stored and processed by us. During the application process, additional data relevant to the application may arise, which will also be stored and processed. Your personal data will only be processed for the purpose of carrying out the application procedure. The legal basis for data processing in this respect is Section 26 para. 1 p. 1 BDSG (German Federal Data Protection Act). In the event of a successful application, the data will be transferred to your personnel file for the purpose of implementing the employment relationship, Section 26 para. 1 p. 1 BDSG.

2. Deletion of applicant data

If your application is unsuccessful, your personal data will be deleted no later than six months after the end of the application process, unless the processing of your data is necessary for the assertion, exercise or defense of legal claims (Art. 17 para. 3 lit. e GDPR).

Your data will only be processed beyond the specific application procedure if you have expressly consented to your data remaining stored in our database even after the end of the respective application procedure, so that you can be contacted by us at a later date for vacancies if necessary. If you no longer want us to contact you, you can withdraw your consent at any time with effect for the future in writing, by e-mail or by telephone. Otherwise, we will delete your data after two years. If we contact you within this period regarding new vacancies, this period will start anew each time.

 

Status: March 2022