Privacy Policy of Pfannenberg Group Holding GmbH

Welcome to our website and thank you for your interest. Protecting your personal data and your privacy during your visit to our website is very important to us. For this reason, we would like to inform you below about how we handle your data. We reserve the right to adapt the content of this privacy policy from time to time. We therefore recommend that you review our privacy policy at regular intervals.

1. Controller

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Pfannenberg Group Holding GmbH
Werner-Witt-Straße 1
D-21035 Hamburg
Telephone: +49 40 / 7 34 12 - 0
Fax: +49 40 / 7 34 12 - 101
Email: info@pfannenberg.com
 

2. Data Protection Officer

The Data Protection Officer of the controller can be contacted at:

Pfannenberg Group Holding GmbH
Data Protection Officer
Werner-Witt-Str. 1
21035 Hamburg
Email: dataprotection@pfannenberg.com
 

3. Purposes and Legal Bases for Processing Personal Data

a. When accessing our website

When the website is accessed, the following data is automatically transmitted to us by your browser and temporarily stored by us in a log file; the data is collected without your intervention and deleted after no more than 26 months, but is anonymised after one day by deleting the last three digits of the IP address:

• the IP address of the requesting computer;
• the date and time of access;
• the name and URL of the retrieved file;
• the website from which access is made;
• the operating system of your computer and the browser you use;
• the name of your internet access provider.

This data is collected and processed on the basis of Art. 6(1) sentence 1 lit. b and lit. f GDPR. Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. Anonymised storage in log files is carried out to ensure the functionality of the website. In addition, the data helps us to optimise the website and to ensure the security of our information technology systems (e.g. defence against cyberattacks). These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1) sentence 1 lit. f GDPR. This data is not merged with other data sources.
The temporary collection of data for the provision of the website is strictly necessary for operating the website. Consequently, there is no possibility to object. You may object at any time to storage beyond this in our log files.

b. Contact forms

We process the personal data you transmit to us (e.g. via contact form, telephone or email) for the purpose of responding to your enquiries and, if you so wish, to conduct individual communication. Disclosure of this data by the user is expressly voluntary. The data collected in the case of a contact form can be seen from the contact form itself. We therefore use the information we store on the basis of Art. 6(1) sentence 1 lit. b GDPR to perform the services you request and, on the basis of Art. 6(1) sentence 1 lit. f GDPR, for customer care and market research purposes (anonymised, internal evaluation of the customer structure); our legitimate interest lies in the needs-based design of our services and in promoting user and customer satisfaction.

c. Newsletter

The following information explains the content of our newsletter, the registration and dispatch process, and your right of withdrawal. By subscribing to our newsletter, you agree to receive it and to the procedures described.

• Content of the newsletter: The possible content of our newsletter is specified in the registration form; as a rule, we will send you information and offers relating to products and trade fair dates.
• Double opt-in and logging: Registration for our newsletter takes place using a double opt-in procedure. After registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register using someone else’s email address. Registration for the newsletter is logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the mailing service provider are also logged.
• Registration data: To register for the newsletter, it is sufficient to provide your contact details.
• Use of your data: If you have consented to receiving the newsletter, we will use your personal data (e.g. name and email address) exclusively to send you our newsletter on a regular basis.
• Legal basis:
  • Where you have given us your consent, pursuant to Art. 6(1) sentence 1 lit. a GDPR; and for the performance of the newsletter subscription pursuant to Art. 6(1) sentence 1 lit. b GDPR.
  • Where you have provided us with your email address in connection with the purchase of goods or services or we send you personalised advertising, for the protection of our legitimate interests pursuant to Art. 6(1) sentence 1 lit. f GDPR in conjunction with Section 7(3) UWG (German Unfair Competition Act); our legitimate interest is based on our economic interest in carrying out advertising measures and target-group-oriented advertising.
• Termination/withdrawal: You can cancel the receipt of our newsletter at any time, i.e. withdraw your consent. A link to cancel the newsletter can be found at the end of each newsletter. We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them for the purpose of sending the newsletter, in order to be able to prove that consent had previously been given.
• Logging: Logging of the registration process takes place on the basis of our legitimate interests pursuant to Art. 6(1) sentence 1 lit. f GDPR. Our interest is in using a user-friendly and secure newsletter system that serves our business interests, meets users’ expectations, and enables us to prove that valid consent was granted.

d. When applying for a job

You can apply via our website for open positions within the Pfannenberg Group. We process the personal data you transmit to us in the context of your application solely for the purpose of processing your application on the basis of Art. 6(1) lit. b and lit. c GDPR. We will treat your data as strictly confidential in accordance with statutory provisions.
In particular, your application data will be forwarded to the group company with which you are applying for a position via our website.

Your personal data is accessible to the employees responsible for the respective application process. It is necessary to provide all data requested in the mandatory fields in order to apply. If you do not provide this data, you cannot apply to us.

Unless you request deletion of your data, it will be stored for a maximum of six months after completion of the application process. If we wish to retain your application for longer because your profile may match a position that will only be advertised in the future, we will ask you in writing for your consent.

If you are accepted for a position as a result of your application, your data will generally be stored for the duration of the respective contractual relationship.

We use the softgarden online application tool from softgarden e-recruiting GmbH for our application process. Applicants who use the online application tool offered by softgarden will, at that point, leave our website and be redirected to the provider’s website.
Further information can be found in Softgarden’s privacy policy as well as in our privacy policy for the application process:
https://pfannenberg.softgarden.io/de/data-security https://www.softgarden.de/unternehmen/datenschutz/

e. Registration on this website

You can register on our website to use additional functions on the site. We use the data entered for this purpose, on the basis of Article 6(1) sentence 1 lit. b GDPR and Article 6(1) sentence 1 lit. f GDPR, solely to provide the functions, offers and/or services enabled by registration. For important changes—for example to the scope of offers or in the case of technically necessary changes—we use the email address provided during registration to inform you in this way. Our legitimate interest lies in providing exclusive and individual offers and functions and in optimised user and customer engagement.

f. Processing of customer and contract data

We collect, process and use personal data on the basis of Article 6(1) sentence 1 lit. b GDPR insofar as this is necessary for establishing, defining the content of or amending a contract with you (inventory data). We collect, process and use personal data relating to the use of our website (usage data) on the same legal basis insofar as this is necessary to enable the user to use the service or for billing. Details are set out in the respective offers and contracts.

4. Transfer of Data to Third Parties / Recipients of the Data

As a rule, we do not transfer your personal data to third parties. If, in individual cases—particularly on the basis of Article 6(1) sentence 1 lit. b or lit. f GDPR—data is transferred to third parties (e.g. IT service providers such as web hosts, newsletter service providers, CMS service providers), such data is of course treated as strictly confidential. Our service providers are bound by us in writing in accordance with the strict requirements of the GDPR and may use the data exclusively for the purposes agreed in the data processing agreements concluded with us. If you would like information about the specific service providers we currently use, we will gladly provide you with an up-to-date list upon request

5. Transfers to Third Countries

We may also transfer your data to a country outside the European Economic Area (EEA). Such transfer is carried out in compliance with the special requirements of Art. 44–49 GDPR, whereby an adequate level of protection is ensured in particular either by an adequacy decision of the European Commission pursuant to Art. 45 GDPR, concluded EU standard contractual clauses pursuant to Art. 46(2)(c) and (d) GDPR, or binding corporate rules pursuant to Art. 47 GDPR. You can access and view the EU standard contractual clauses on the website of the European Commission or request a copy directly from us.

6. Cookies

To make your visit to our website attractive, optimised and personalised, and to enable the use of certain functions (e.g. language selection), our website uses so-called cookies.

What are cookies and what are they used for?
These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies to recognise your browser on your next visit (persistent cookies).

You can set your browser so that you are informed about the setting of cookies and can decide on a case-by-case basis whether to accept them, or to exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be restricted.

How can you change your cookie settings?
In the options/settings of your browser, you can determine yourself to what extent cookies are stored on your end device.

Each browser differs in how it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

a. Essential cookies

Our website uses essential, i.e. technically necessary, cookies. These are set automatically when our website is accessed. Each cookie is assigned an identification number; your personal data is not assigned to this identification number. We only receive pseudonymised information, e.g. about which subpages you have clicked on. We use essential cookies to make our website more effective and more secure. This is our legitimate interest pursuant to Art. 6(1) sentence 1 lit. f GDPR.

b. Non-essential cookies (statistics)

With the exception of essential cookies, we only process personal data through cookies with your express consent: When you access our website for the first time, you can consent to the use of “statistics cookies” by ticking the box next to “Statistics” and then clicking “Save & Close”.

Activating statistics cookies is voluntary. We collect and process data for the purpose of analysing your surfing behaviour exclusively with your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.

c. Use of Google Analytics

To design our website in line with user needs, we create pseudonymous usage profiles with the help of Google Analytics. Google Analytics uses targeting cookies that are stored on your end device and can be read by us. In this way, we are able to recognise and count returning visitors and to find out how often our web pages have been accessed by different users. Data processing is based on Art. 6(1) sentence 1 lit. a GDPR (consent).

The information generated by the cookie about your use of our website is generally transmitted to a Google server in the USA and stored there. Since we have activated IP anonymisation on our website, your IP address will, however, be truncated by Google beforehand within member states of the European Union. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there (for more information on the purpose and scope of data collection, see for example https://policies.google.com/privacy?hl=de&gl=de). We have also concluded a data processing agreement with Google LLC pursuant to Art. 28 GDPR. Google will therefore use all information strictly for the purpose of evaluating the use of our websites for us and compiling reports on website activity.
Google sets the following cookies when you visit our website and consent to the use of the Google Analytics cookie:

_ga: Helps us count how many people visit our website if you have already visited it. [Expiration 730 days]

_gid: Helps us count how many people visit our website if they have already visited it. [Expiration 1 day]

_gat: Helps us manage the frequency with which requests to display a page were made. [Expiration after the session ends]
 

This website uses the “demographic characteristics” function of Google Analytics. This enables reports to be created that contain statements about the age, gender and interests of site visitors. These data come from interest-based advertising by Google as well as visitor data from third-party providers and cannot be attributed to any specific person.

You can withdraw your consent at any time. Please use one of the following options:

• Disable the use of Google Analytics by removing the tick next to “Statistics” in your cookie settings.
• You can prevent the storage of cookies by setting your browser software accordingly; however, please note that in this case you may not be able to use all functions of this website to their full extent.
• You can also prevent Google from collecting the data generated by the cookie and relating to your use of our websites (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

d. Use of Matomo

On this website, we additionally use the open-source web analytics service Matomo from InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, to analyse and review the use of our website. The statistics obtained enable us to improve our offering and make it more interesting for you as a user.

We operate Matomo in a version that does not require cookies. No Matomo cookies are therefore stored on your computer for the purpose of web analysis. To analyse website usage, your IP address and information such as timestamps, visited web pages and your language settings are collected. We store the information collected in this way on our server.
This website uses Matomo with the “AnonymizeIP” extension. As a result, IP addresses are further processed in a shortened form, which excludes direct personal reference. The IP address transmitted by your browser via Matomo is not merged with other data collected by us. The legal basis for the use of Matomo is Art. 6(1) sentence 1 lit. f GDPR.

You can prevent the use of Matomo by removing the tick next to “Statistics” and thus activating the opt-out plug-in. In this case, an opt-out cookie will be stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, the Matomo opt-out cookie will also be deleted. The opt-out must be reactivated when you visit our site again.

e. HubSpot

For the purposes of digital marketing, content management, web analytics and search engine optimisation, we use the HubSpot service of HubSpot Inc., a software company from the USA (25 First Street, 2nd Floor, Cambridge, MA 02141, United States of America) with a branch in Ireland (contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500).

As part of the optimisation of our marketing measures, the following data may be collected and processed via HubSpot:
Aggregate usage; browser type; device ID; device model; device operating system; domain name; files viewed; frequency of use of the mobile application; geographic location; internet service provider; IP address; duration of page visit; mobile application information; operating system version; performance data; referrer URL; time of access or retrieval; where the application was downloaded from; clickstream data; events occurring within the application; navigation information; pages viewed.

We have concluded a data processing agreement with HubSpot pursuant to Art. 28 GDPR (https://legal.hubspot.com/dpa), which also contains the so-called standard contractual clauses to ensure the legality of data transfers to the USA, where, in the opinion of the Court of Justice of the European Union, there is currently no adequate level of protection. Standard contractual clauses are model contracts provided by the European Commission and are intended to ensure that the processing of personal data also complies with the European data protection standard when such data are transferred to third countries (e.g. the USA). You can find the standard contractual clauses at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Further information and the privacy policy of HubSpot Inc. can be found at: https://legal.hubspot.com/privacy-policy
 

7. Social Media and Other Integrated Third-Party Providers

All of the services listed below are integrated on the basis of Article 6(1) sentence 1 lit. f GDPR. Our legitimate interest in integration lies in optimising the usability and the range of offerings for individual users of our website and, where applicable, in linking our marketing activities with the respective services of the respective providers.

If you do not want the respective providers to be able to assign your visit to our pages to your user account with the respective provider, and if you also want to prevent or at least restrict data collection by the individual providers, please log out of your respective user account.

a. Privacy policy for the use of LinkedIn

Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn can associate your visit to our website with you and your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data nor of their use by LinkedIn.
Further information can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy

b. Privacy policy for the use of Xing

Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29–32, 20354 Hamburg, Germany. Each time one of our pages containing Xing functions is accessed, a connection to Xing servers is established. To our knowledge, no personal data is stored in this process. In particular, no IP addresses are stored nor is usage behaviour evaluated.
Further information on data protection can be found in Xing’s privacy policy at https://privacy.xing.com/de/datenschutzerklaerung.

c. Privacy policy for the use of YouTube

Our website uses plugins of the site YouTube operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Further information on the handling of user data can be found in YouTube’s privacy policy at https://www.google.de/intl/de/policies/privacy

d. Google Web Fonts

This site uses so-called web fonts to display fonts. These are provided by Google (http://www.google.com/webfonts/). When you visit our site, your browser loads the required web fonts into its cache. This is necessary to enable the browser to display our texts in an improved visual manner. If your browser does not support this function, a standard font will be displayed. We have loaded the web fonts onto our server so that we can provide this service without having to send data to Google’s servers.
Further information about Google Web Fonts: https://developers.google.com/fonts/faq?hl=de-DE&csw=1

General note on Google services
A note on the above-mentioned services of Google LLC (including YouTube): If you have a Google account, you can define the tracking data that is stored in your account. You can find this under Google → Settings → Personal data & privacy, section Transparency and choice: https://www.google.com/policies/privacy/#infochoices
 

8. Rights of the Data Subject

You have the following rights with regard to your data processed by us:

• the right of access to your personal data stored by us pursuant to Art. 15 GDPR;
• where applicable, the right to rectification of inaccurate or completion of accurate personal data stored by us pursuant to Art. 16 GDPR;
• the right to erasure of your personal data stored by us pursuant to Art. 17 GDPR;
• the right to restriction or blocking of the processing of your personal data pursuant to Art. 18 GDPR;
• where applicable, the right to data portability pursuant to Art. 20 GDPR;
• the right to object to the processing of your personal data pursuant to Art. 21 GDPR;
• the right to withdraw any consent given pursuant to Art. 7(3) GDPR;
• the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

The supervisory authority responsible for us is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg
mailbox@datenschutz.hamburg.de

If you have any further questions about the processing of your personal data or wish to exercise any of your rights, you can contact us at any time by any means.
 

9. Right to Object

You have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data that is carried out on the basis of a legitimate interest by us or a third party, insofar as there are reasons for this arising from your particular situation, or if the objection is directed against general or tailored direct marketing. In the latter case, you have a general right to object, which we will implement without you having to specify a particular situation.

If you wish to exercise your right to object, please send us an email to dataprotection@pfannenberg.com or contact the controller by other means (see section 1).

10. General Duration of Data Storage

The general duration of storage of your data depends on the purposes pursued by the storage. As a matter of principle, we delete your personal data when we no longer need it to achieve the purpose pursued by the storage, unless statutory retention periods prevent deletion.
 

11. Data Security

We have implemented technical and organisational security measures to protect your data, in particular against loss, manipulation or unauthorised access. We regularly adapt our security measures to ongoing technical developments.
 

12. Statutory or Contractual Requirement to Provide Data

You are neither legally nor contractually obliged to provide us with your data. However, please note that the provision of some data is necessary in order for us to provide you with the services offered on the website. For example, we need your IP address to display this website in your browser.
 

13. Automated Decision-Making