Privacy in the Sumitomo Electric Group
Our parent company, the Sumitomo Electric Group, has established a Global Privacy Policy, which is supplemented by area-specific Local Privacy Policies and if applicable Website Privacy Notices. The use of these policies/notices is to explain how and for what purposes we process personal data of customers, suppliers, employees, and other third parties.
The Global Privacy Policy is available at: https://sumitomoelectric.com/global-privacy-policy
The following Local Privacy Policies apply in conjunction with the Global Privacy Policy if you reside in one of the following areas:
- Japan: Japan Privacy Policy
- European Economic Area (EEA)/UK: EEA and UK Privacy Policy
- California: Addendum for California Privacy Rights Act
The following Website Privacy Notice provides more detailed information regarding our data processing and should be read in conjunction with the above policies. In the event of any conflict between the above policies and the Website Privacy Notice, the latter shall prevail.
Website Privacy Notice
Below you will find information about which personal data we process for what purpose, on what basis and for how long when you use our website privacy notice:
Overview / Table of contents
You will find the following information in our website privacy notice:
A. Our contact details and general information on data processing by us
A.1 Name and contact details of the controller
A.2 Contact details of the data protection officer
A.3 General information on the legal basis for the processing of personal data
A.4 General information on data erasure and retention periods
A.5 General information on the sources of personal data
A.6 Recipients or categories of recipients of the personal data
A.7 Contact via e‑mail, fax, and telephone call
B. Scope of the processing of personal data via our website
B.1 Host provider, provision of the website and creation of log files
B.2 Use of cookies by us and by third-party providers
B.3 Use of the security plugin WP Cerber Security
B.4 Use of the analysis tool Matomo
B.5 Use of the WPML language plug-in
B.6 Use of YouTube videos
B.7 Encryption of the website and of the communication
B.8 Transfer of personal data to a third country
C. Your rights as a data subject
C.1 Right to information
C.2 Right of rectification
C.3 Right to erasure
C.4 Right to restriction processing
C.5 Right to notification
C.6 Right to data portability
C.7 Right to object to processing based on legitimate interest, as well as to direct mail
C.8 Right of withdrawal in the case of given consent
C.9 Automated decision-making including profiling
C.10 Voluntariness of the provision of data
C.11 Right to lodge a complaint with a supervisory authority
A. Our contact details and general information on data processing by us
A.1 Name and contact details of the controller
Responsible in terms of data protection law for the collection and use of personal data is:
Sumitomo Electric Bordnetze SE
Brandgehaege 11
D‑38444 Wolfsburg-Hattorf
Tel: 05308 400 400
Fax: 05308 400 419
info@sebn.com
Board of Directors: Soichiro Namba (CEO and Member of the Administrative Board), Sohei Kanazawa, Carsten Schulze, Henning von dem Hagen, Sven-Uwe Niemann
Chairman of the Administrative Board: Tomoyuki Miyake
Registered office: Wolfsburg
A.2 Contact details of the data protection officer of the controller
You can reach our data protection officer as follows:
Sumitomo Electric Bordnetze SE
Data Protection Officer
Brandgehaege 11
D‑38444 Wolfsburg
datenschutzbeauftragter@sebn.com
A.3 General information on the legal basis for the processing of personal data
In general, the following applies to the processing of personal data by us:
-Insofar as we obtain your consent for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
-When processing personal data that is necessary to perform a contract with you, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies if the processing is necessary for the implementation of pre-contractual measures, e.g. orders, offers, contract negotiations.
-Insofar as the processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) © GDPR serves as the legal basis.
- In case that your vital interests or those of another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
-If the processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, this is done on the legal basis of Art. 6 (1) (e) GDPR.
-If the processing is necessary to protect a legitimate interest of us or a third party and your interests, fundamental rights and freedoms do not override this interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
A.4 General information on data erasure and retention periods
We generally erase or block the personal data as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject as the controller. Data will also be blocked or erased if a retention period prescribed by the mentioned standards expires, unless there is a necessity for the continued retention of the data for the conclusion or performance of a contract.
Concretely that means:
If we process the personal data on the basis of consent to data processing (Art. 6 (1) (a) GDPR), the processing ends with your withdrawal, unless there is another legal basis for processing the data, which is the case, for example, if we are still legitimated to process your data for the purpose of performing a contract at the time of withdrawal (cf. below in each case).
If we process the data on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) within the framework of a previously performed consideration, we store it until the legitimate interest no longer exists, the consideration comes to a different result or you have effectively objected in accordance with Art. 21 GDPR (Cf. the visually highlighted notification to special right of objection under C.).
If we process the data for the performance of a contract (Art. 6 (1) (b) GDPR), then we store the data until the contract has finally been performed and settled and no more claims can be made under the contract, i.e. until the statute of limitations has expired. The general limitation period according to § 195 BGB is three (3) years. However, certain claims, such as claims for damages, only become time-barred after 30 years (cf. § 197 BGB). If there is reasonable cause to assume that this is relevant in an individual case, we store the personal data for this period. The mentioned limitation periods begin at the end of the year (i.e. 31 December) in which the claim arose and the creditor becomes aware of the circumstances giving rise to the claim and the identity of the debtor or should have become aware without gross negligence.
We would like to point out that we are also subject to statutory retention obligations for commercial, tax and accounting reasons. These oblige us to retain certain data, which may also include personal data, for a period of six (6) to ten (10) years as proof of our proper business activity or accounting. These retention periods take precedence over the erasure obligations mentioned above. The retention periods also begin at the end of the respective year, i.e. on 31 December.
A.5 General information on the sources of personal data
The personal data processed by us primarily originate from the data subjects themselves, for example, when they, as users of our website, transmit information, such as the IP address, to us or our web server via the web browser and their end device (for example, a PC, a smartphone, a tablet or a notebook).
Only exceptionally may the personal data we process also originate from third parties, for example where a person is acting on behalf of a third party.
A.6 Recipients or categories of recipients of the personal data
Your personal data will only be passed on or transferred to third parties if this is absolutely necessary and permissible for the respective purpose. Whether and to whom we pass on data and for what purpose (also in the case of transfers to a third country), we explain in each case in connection with the data processing described below within the framework of this website privacy notice.
Categories of recipients can in principle be:
- - Service provider,
- - Suppliers, business partners,
- - Accounting, tax consultant.
Depending on the category of data involved, we process personal data for the following purposes and based on the legal basis of the General Data Protection Regulation (GDPR) mentioned in each case:
User data
We collect and process data from users of our website on a non-personal basis. It is not possible for us to assign data to specific persons. The IP address is only processed anonymously. If, by way of exception, personal data is nevertheless involved, we process it to safeguard our legitimate interests based on Art. 6 (1) (f) GDPR. Our legitimate interests in this sense are our interest in the security and integrity of our website and the data on our web server (particularly fault and error detection, as well as tracking unauthorised access), as well as marketing interests and interests in statistical surveys (to improve our website and our services and offers). Within the framework of a consideration, we have come to the conclusion that the data processing is necessary to safeguard the mentioned legitimate interests and that your interests or fundamental rights and freedoms, which require the protection of personal data, do not override these.
If we obtain the user’s consent for certain data processing, we do so on the legal basis of Art. 6 (1) (a) GDPR.
Data of interested parties
Insofar as we process data from those interested in our services, this only occurs if they themselves transmit this data to us for the purpose of the enquiry. We then process this data exclusively for the purpose of processing the enquiry to us. The processing of this data voluntarily transmitted to us for the purpose of providing information about our services is carried out as pre-contractual processing pursuant Art. 6 (1) (b) GDPR and/or on the basis of your consent given by transmission pursuant Art. 6 (1) (a) GDPR.
Supplier data/business partner data
We process the data of our suppliers and business partners for the purpose of contract processing pursuant Art. 6 (1) (b) GDPR and/or on the basis of consent given pursuant Art. 6 (1) (a) GDPR. This also applies to processing operations that are necessary for the implementation of pre-contractual measures (e.g. in the context of the preparation and negotiation of offers).
A.7 Contact via e‑mail
You can contact us by e‑mail if you wish. Even if you write us an e‑mail, we inevitably process personal data from you. This is because at least the personal data transmitted with the e‑mail is stored by us or our systems.
Purposes of the data processing
The processing of personal data when transmitted by e‑mail serves us to process your contacting and your request. We absolutely need your e‑mail address in order to be able to reply to you. This is also the legitimate interest in processing the data. The data is used exclusively for processing the conversation.
Legal basis for data processing
The legal basis for the processing of the data is your consent according to Art. 6 (1) (a) GDPR, which you give to us by actively contacting us.
If the contact or your enquiry is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR (implementation of pre-contractual measures).
Duration of storage
The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e‑mail, this is the case when the respective conversation with you has ended and we have then waited a grace period of up to 3 months to see whether we may need to refer to your request or the details of the communication again. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
The communication may be subject to a retention obligation under commercial or tax law, which then takes precedence (cf. the explanations above on “Data erasure and retention periods”).
Possibility of objection and removal
You have the possibility at any time to revoke a given consent to the processing of personal data or to object to further data processing due to legitimate interest (Cf. the visually highlighted notification to special right of objection under C.). In such a case, the conversation cannot be continued.
The withdrawal of consent or the objection to further data processing is made possible by informal communication to us (e.g. by e‑mail). All personal data stored in the course of contacting us will be erased in this case.
B. Scope of the processing of personal data via our website
As a matter of principle, we only collect and use personal data of users within the scope of the mere use of our website insofar as this is necessary for the provision of a functional website as well as our contents and services. The collection and use of our users’ personal data generally only takes place with the user’s consent. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and/or the processing of the data is permitted by legal regulations.
The host provider hosting the website on its server is qwertiko GmbH, Waldstraße 41–43, D‑76133 Karlsruhe, Germany.
We have concluded an order processing contract with the host provider.
B.1 Provision of the website and creation of log files
For technical reasons, our system automatically collects data and information each time the website is accessed. These are stored in the log files of the server. These are:
- Date and time of access,
- URL (address) of the referring website (referrer),
- Web pages that are called up by the user’s system via our website,
- Screen resolution of the user,
- retrieved file(s) and message about the success of the retrieval,
- Amount of data sent,
- the user’s internet service provider,
- Browser, browser type and browser version, browser engine and engine version,
- Operating system, operating system version, operating system type, and
- the anonymised IP address and the user’s internet service provider.
This data is processed separately from other data. This data is not processed together with other personal data of the user. It is not possible for us to assign this data to a specific person.
Purposes of data processing
The temporary processing of data by the system is necessary to enable the delivery of the contents of our website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Legal basis of the data processing
The temporary storage of the data and the log files is based on the legal basis of Art. 6 (1) (f) GDPR. Our overriding legitimate interest in this data processing lies in the aforementioned purposes.
Duration of storage
The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, the user does not have the option to object. However, the user can stop using the website at any time and thus prevent the further collection of the mentioned data.
B.2 Use of cookies by us and by third-party providers
So-called cookies are used when using our website. These are small text files that are stored on your end device (PC, smartphone, tablet, etc.). When you access a website, a cookie may be stored by your browser. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.
Cookies are used to make our website usable at all, to ensure the security and integrity of the website, to comply with legal requirements (cookie consent), to provide a service expressly requested by the user (essential cookies) or to make the website more user-friendly (non-essential cookies).
Our content management system WordPress uses technically necessary cookies. The content management system would not function otherwise. Only system-relevant cookies are used. WordPress uses so-called session cookies by default (with one exception, see below). These are not intended for tracking or similar purposes, but ensure the correct functionality of the system. As the name suggests, these cookies are only stored per session and expire afterwards.
WordPress session cookies are:
- wordpress_[hash]
When logging in, WordPress uses this cookie to store the authentication data of WordPress users. Its use is restricted to the administration screen area, /wp-admin/.
- wordpress_logged_in_[hash]
After login, WordPress sets the WordPress_logged_in_[hash] cookie, which indicates that the user is logged in — and who the user is. The latter information is relevant for some interface applications.
- wordpress_test_cookie
This cookie is set when navigating to the login page. This can be used to check whether the browser is set to allow cookies.
WordPress cookies with a storage period of one year:
- wp-settings-[UID] & wp-settings-{time}-[UID].
WordPress also sets several wp-settings-{time}-[UID] cookies. The number at the end is the individual user ID from the database table “users”. This is used to customise the view of the admin interface and possibly also the main page interface.
All these cookies thus do not affect the users of the website, but only those who maintain our website in the backend (i.e. the administration interface of WordPress) according to the order.
Essential cookies that affect users of the website are set by our consent tool Cookie-Navigator for the purpose of remembering whether or not you have consented to the setting of non-essential cookies.
In addition, cookies from third-party providers may be used. These cookies could also enable an analysis of the user’s surfing behaviour. If this is the case, we will inform you about this separately in this or specific privacy notices directly at the information about the respective third-party tools (such as analysis tools, plugins or similar). For example, analysis tools set their own cookies for analysis purposes.
When you access our website, you will be informed about the use of cookies that are not strictly necessary and your consent to the processing of personal data used in this context will be obtained.
Purpose of data processing
The purpose of using strictly necessary cookies is to enable the use of desired or explicitly requested functions of the website for users. Some functions cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a change of site. User data collected through strictly necessary cookies is not used to create user profiles.
The use of non-essential cookies is generally for the purpose of improving the quality of our website and its content. Through analysis cookies, we learn, for example, how the website is used and can thus constantly optimise our offer.
Legal basis for data processing
In the case of absolutely necessary cookies, the following applies: The legal basis for storing absolutely necessary cookies in your end device and accessing them is § 25 (2) (2) TTDSG. The legal basis for the further processing of personal data using the information stored in the cookie is Art. 6 (1) (f) GDPR, i.e. an overriding legitimate interest on our part. Our legitimate interest lies in the above-mentioned purposes.
In the case of cookies that are not absolutely necessary, the following applies: The legal basis for storing cookies that are not absolutely necessary in your end device and accessing them is your consent pursuant § 25 (1) TTDSG. The legal basis for the further processing of personal data using non-essential cookies is the consent given at the same time in accordance with Art. 6 (1) (a) GDPR.
Duration of storage
Some of the cookies we use are deleted again after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or the third-party providers to recognise your browser on your next visit (permanent or static cookies). If we have stored the cookies on the basis of your consent, we will end further data processing with your withdrawal. Otherwise, we store the data collected on the basis of an overriding legitimate interest until the legitimate interest no longer exists, the consideration of interests comes to a different result or you have effectively objected in accordance with Art. 21 GDPR (Cf. the visually highlighted notification to special right of objection under C.). It is regularly checked whether the legitimate interest still exists.
Possibility of objection and removal
Cookies are stored on your computer and transmitted from it to our site. Therefore, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time.
Note: If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.
If you do not give your consent or withdraw the consent you have given, you can also prevent the use of cookies that are not absolutely necessary.
B.3 Use of the security plugin WP Cerber Security
On our website we use the plugin WP Cerber Security, which is offered by Cerber Tech Inc. New York, NY, 1732 1st Ave, 10128, USA.
WP Cerber Security is a popular security plugin for WordPress websites. The plugin sets a number of cookies in the visitor’s browser that are used to detect and prevent various types of malicious behaviour.
The plugin sets several absolutely necessary cookies. According to the provider, no data is collected or processed in this context — neither by the services nor by the software offered.
The collected IP addresses are immediately anonymised by the plugin WP H‑Data Protection — unless they document intrusion attempts.
For more information on the collection and use of data by WP Cerber Security, please refer to the privacy policy of the provider Cerber at https://wpcerber.com/privacy-policy/
Purpose of the data processing
The use of this security plugin is solely for the security and integrity of our website and our information technology systems. It is also used for fraud prevention (anti-spam). The plugin blocks unwanted intruder via IP or subnet and protects against further attempts of intrusion when a set limit of retries is reached. This makes brute force attacks or distributed brute force attacks by botnets impossible. In addition, by creating an IP blacklist or whitelist, it is possible to block or allow logins from certain IP addresses. (More information about the functions at: https://wpcerber.com/).
Legal basis of the data processing
We have an overriding legitimate interest in the security and integrity of our website and our information technology systems, so that the legal basis here is Art. 6 (1) (f) GDPR. The setting and reading of cookies is also carried out on the basis of § 25 (2) (2) TTDSG.
Duration of storage
The IP addresses are anonymised immediately. Only those that are immediately recognised as intrusion or attack attempts are not anonymised in order to be able to block them in the future.
Possibility of objection and removal
There is no possibility for the user to object to or remove this, other than to refrain from using our website altogether or to terminate it.
B.4 Use of the analysis tool Matomo
This website uses Matomo, an open-source web analysis tool from InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand (https://matomo.org), to collect and store data for marketing and optimisation purposes. The data collected with Matomo is not used by us to personally identify the visitor to the website and is also not merged with personal data.
Standard: Use of Matomo without cookies
If you do not give us consent to analysis measures during your website visit, we use the Matomo
tool without cookies. This means the following:
We have made all data protection settings to achieve the widest possible pseudonymisation and anonymisation of data. This is because we are not interested in who is behind a website visit, but only in how the website is used. Therefore, all IP addresses are only stored in such a way that the last 6 digits are replaced by an “X” (e.g. 192.168.xxx.xxx) and a user ID is automatically replaced by the system with a pseudonym. Only the data alienated / pseudonymised / anonymised in this way is stored and used for statistics. Furthermore, we have set Matomo in such a way that any cookies are prevented. This means that no data is stored on your end device. And: We have set up Matomo in such a way that a “do-not-track” message from your browser is automatically respected.
All Matomo data is processed by us exclusively on our own web server. No third party receives this data. This is therefore data that is evaluated exclusively by us.
By all these measures, we are convinced that consent is not required here and that we can base this data processing on a legitimate interest.
Purpose of the data processing
The analysis tool is used to improve the quality of our website and its content by determining how the website is used through user behaviour. In this way, we can constantly optimise our internet offer, which is also in the interest of the users.
Legal basis of the data processing
The legal basis for the processing of personal data is Art. 6 (1) (f) GDPR, i.e. a legitimate interest on our part. Our legitimate interest lies in the above-mentioned purposes. Our consideration has shown that we are pursuing legitimate purposes in analysing user behaviour in order to improve and optimise our websites and that the reasonable expectations of website visitors today are also directed towards analysing user behaviour. We also assume that the information provided here will guide the expectations of users of our website that an analysis will be carried out.
Duration of storage
The IP address is anonymised before it is stored (see above). Cookies are not set. We only store data that no longer has any personal reference. In addition, we store data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the consideration comes to a different result or you have effectively objected in accordance with Art. 21 GDPR (Cf. the visually highlighted notification to special right of objection under C.). It will be reviewed regularly, at least annually, whether the legitimate interest still exists. In particular, our interest no longer exists if the data is no longer sufficiently relevant for us in terms of evaluation and statistics of website use due to the passage of time, which we assume to be the case after three years at the latest and the data is then irretrievably erased.
Possibility of objection and removal
We do not set cookies and do not process any personal data when using Matomo.
The following generally applies to cookies: You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. Such a “Do-Not-Track” setting of your browser is understood by us as an objection to the further collection and use of your personal data and will of course be observed.
With consent: Use of Matomo with cookies
If you have given us your consent for the use of analysis tools, we use Matomo with cookies. This means the following:
From the data collected with the help of the tool, user profiles can be created under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of the site visitor’s internet browser. The cookies enable the recognition of the internet browser. The data collected with Matomo will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned, nor will it be merged with personal data about the bearer of the pseudonym.
We would like to point out that we process all Matomo data exclusively on our own web server and that no third party receives this data. As a result, we are convinced that no consent is required here and that we can base this data processing on a legitimate interest, since a third-party reference is excluded. These are so-called first-party cookies that are only set and evaluated by us.
Purpose of the data processing
The analysis tool and the analysis cookies are used for the purpose of improving the quality of our website and its content. In this way, we learn how the website is used and can thus continuously optimise our offer.
Legal basis for data processing
The legal basis for the setting of cookies and the processing of personal data is your consent according to § 25 (1) TTDSG, Art. 6 (1) (a) GDPR.
Duration of storage
We store the collected data until the purpose of its collection has ceased to exist, at the longest, however, until you withdraw the consent you have given us.
Possibility of objection and removal
You may refuse the use of cookies by selecting the appropriate settings on your browser. We would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can prevent further data processing by us with effect for the future by withdrawing the consent you have given.
You can also prevent the collection of data relating to your use of the website (including your IP address) and the processing of this data by us by using the opt-out option:
B.5 Use of the WPML language plug-in
In order to be able to offer you different language versions of our site, we use the language plugin WPML from the provider OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong.
Purpose of the data processing
We use the language plugin to offer you different language versions of the website.
Legal basis of the data processing
We have an overriding legitimate interest in providing different language versions, so that the legal basis here is Art. 6 (1) (f) GDPR. The setting and reading of cookies is also based on § 25 (2) (2) TTDSG. This is because the plugin only sets a so-called first-party cookie for the purpose of remembering your language preference, which is only stored by us on our web server and is not received by any third party, including the provider of the plugin.
Duration of storage
The cookies are stored on the user’s computer and transmitted from it to our site. Therefore, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
In addition, we store the data collected on the basis of a legitimate interest until the legitimate interest no longer exists, the consideration comes to a different result or you have effectively objected in accordance with Art. 21 GDPR (Cf. the visually highlighted notification to special right of objection under C.).
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
If your personal data is processed on the basis of legitimate interests according to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data according to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation.
B.6 Use of YouTube Videos
Our website offers the possibility to watch YouTube videos (provider: YouTube LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter “YouTube”)).
Use of YouTube videos through specific click on the video
If you have not given us consent to use YouTube and to set YouTube cookies as part of our consent request, the following applies:
We have embedded YouTube videos in such a way that the setting of YouTube cookies is blocked until there is an active click on the playback. Therefore, you will not be able to immediately see and click on the YouTube video on the website. Rather, you will first see a placeholder that allows you to either view the video directly on the YouTube website (“Open video on YouTube”). In this case, your browser switches to YouTube and the data processing found in YouTube’s data protection information takes place directly on the YouTube site. Or you can watch the video directly on our site (“Show video”), which then triggers the setting of cookies by YouTube so that the video can be played directly on our website.
The videos are therefore reloaded and YouTube cookies are set for you only if you give your consent to the setting of YouTube cookies by clicking on “Watch video”. We have provided you with a corresponding information text for each video.
With consent: Setting YouTube cookies from the beginning
If you have already given us general consent to use YouTube and set YouTube cookies as part of the consent request, the following applies:
With the granting of consent, cookies are set by YouTube in your browser. YouTube thereby obtains knowledge of this page visit, at least in relation to the IP address used by you at this time. This also applies if you have not clicked on or watched a video.
Incidentally, the following applies to both options
YouTube is a subsidiary of Alpahabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043–1351, USA (hereinafter “Google”). YouTube and Google are always aware of which video is being accessed. If you are logged into YouTube at the same time, YouTube recognises this link. Such information is collected by YouTube and assigned to your YouTube account.
YouTube’s privacy policy provides information on the collection, processing and use of personal data by YouTube and Google and can be accessed here: http://www.google.de/intl/de/policies/privacy.
Note: Please note that your data is usually transferred to a server in the USA and stored there. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and monitoring purposes, possibly also without any legal remedy.
Purpose of data processing:
YouTube videos are embedded for the purpose of presenting you with multimedia content on the website and thereby enhancing and improving the user experience on the website. As this makes our website more attractive, the use of YouTube also serves our marketing and advertising purposes.
Legal basis of data processing:
The legal basis for the processing of personal data through the embedding of YouTube videos is your expressly given consent (Art. 6 (1) (a) GDPR), the setting and reading of cookies is additionally based on your consent in accordance with § 25 (1) TTDSG.
Consent can be given by you, as shown above, either generally directly in our consent query or for the video in question by clicking on “Show video”.
Duration of storage:
We do not store any personal data concerning the use of YouTube videos. The accesses and retrievals of the individual videos are evaluated by us, but without reference to a specific person.
We have no influence on the storage by YouTube. The exact circumstances of the data processing there can be found in the data protection information at YouTube/Google http://www.google.de/intl/de/policies/privacy.
Possibility of objection and removal:
YouTube always receives information that the respective user has visited our website if consent has been given. If the user is also logged into YouTube at the same time as visiting our website, YouTube also knows which specific user this is. This takes place regardless of whether the data subject clicks on a YouTube video or not. If you do not want this link between our website visit and your YouTube user account to be transmitted, you can prevent this by logging out of your YouTube account before accessing the website. You will also find options for minimising data processing by YouTube in the YouTube account settings. Since the video portal belongs to Google, the settings can be found in the general configuration of the Google account. There, under the “Activity settings” (https://myactivity.google.com/activitycontrols), you will find not only options for web and location history, but also special functions for data protection on YouTube. On the one hand, you can pause the video search history so that your searches are no longer saved. On the other hand, you can also turn off the video playback history so that all your viewed videos are not saved.
Otherwise, you can avoid (further) data processing by not giving consent or by withdrawing it.
B.7 Encryption of the website and communication
All protected areas and forms on the website and thus the data transmissions via them are encrypted according to SSL, HTTPS.
B.8 Transfer of personal data to a third country
We do not intend for personal data to be processed outside the EU or EEA (European Economic Area).
C. Data subject rights
If personal data relating to you is processed, you are a “data subject” and you have the following rights against us as the controller:
C.1 Right to information
You have the right to obtain confirmation from us free of charge as to whether we are processing personal data relating to you. If this is the case, you have the right to information about this personal data and to further information, which you can obtain from Art. 15 of the GDPR. You can contact us for this purpose by post or by e‑mail.
C.2 Right of rectification
You have the right to request that we correct any inaccurate personal data relating to you without undue delay. You also have the right — taking into account the above-mentioned purposes of the processing — to request the completion of incomplete personal data — also by means of a supplementary declaration. You can contact us for this purpose by post or by e‑mail.
C.3 Right to erasure
You have the right to demand the immediate deletion of personal data concerning you if one of the conditions of Art. 17 GDPR applies. You can contact us for this purpose by post or by e‑mail.
C.4 Right to restriction processing
You have the right to demand that we restrict processing if one of the conditions of Art. 18 GDPR applies. You can contact us for this purpose by post or by e‑mail.
C.5 Right to notification
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.
C.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and you have the right to transfer this data to another controller without hindrance from us if the requirements of Art. 20 GDPR are met. You can contact us for this purpose by post or by e‑mail.
C.7 Right to object to processing based on legitimate interest, as well as to direct mail
Insofar as we exceptionally process personal data on the basis of Art. 6 (1) (f) GDPR (i.e. because of legitimate interests), you have the right to object to the processing of personal data concerning you by us at any time for reasons arising from your particular situation. If we cannot demonstrate compelling legitimate grounds for further processing that override your interests, rights and freedoms, or if we process the data concerned from you for the purpose of direct mail, we will then no longer process your data (cf. Art. 21 GDPR). You can contact us for this purpose by post or by e‑mail.
If personal data are processed for the purpose of direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct mail.
C.8 Right of withdrawal in the case of given consent
You have the right to withdraw your consent to the collection and use of personal data at any time with effect for the future. You can contact us for this purpose by post or by e‑mail. This does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
C.9 Automated decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Unless the decision is necessary for the conclusion or performance of a contract between you and us, it is permissible under Union or Member State law to which we are subject and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or the decision is taken with your explicit consent.
Such automated decision-making does not take place through us.
C.10 Voluntariness of the provision of data
If the provision of personal data is required by law or contract, we will always point this out when collecting the data. In some cases, the data we collect is necessary for the conclusion of a contract, namely if we would otherwise not be able to fulfil our contractual obligation to you or would not be able to fulfil it sufficiently. You are under no obligation to provide the personal data. However, failure to provide the data may mean that we are unable to perform or offer a service, action, measure or similar requested by you or that it is not possible to conclude a contract with you.
C.11 Right to lodge a complaint with a supervisory authority
Without prejudice to any other rights, you have the right to lodge a complaint with a data protection supervisory authority at any time, in particular in the member state of your place of residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes data protection law.
Status of this website privacy notice: 14.06.2023