Privacy Notice
1. Data protection at a glance
General information
The information below offers a simple overview of what happens with your personal data when you visit our website. Personal data is any data that can be used to personally identify you. You can find detailed information on the issue of data protection in the Privacy Notice below this text.
Data collection on our website
Who is responsible for data collection on this website?
The website operator carries out data processing on this website. Their contact information is available in the Legal Notice section of this website.
How do we collect your data?
Some of your data is collected by you sharing it with us. This may include information you provide in a contact form, for example.
Other data is automatically collected by our IT systems when you visit the website. This primarily involves technical data (e.g. your internet browser, operating system or the time at which you accessed the website). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Some of this data is collected to ensure we are able to make our website available to you without any errors. Other data can help us analyse your user behaviour.
What are your rights in relation to your data?
You have the right to receive information about the origin, recipient(s) and purpose of the personal data we have stored about you at any time, free of charge. You also have the right to request this data be rectified (corrected), blocked or erased. To do so and for other questions relating to personal data, you may contact us at any time at the address supplied in the Legal Notice. In addition, you have the right to lodge a complaint with the competent supervisory authority.
You also have the right to request that the processing of your personal data be restricted under certain circumstances. For more details on this, please read the "Right to restriction of processing" section of the Privacy Notice.
Analytics tools and tools from third-party providers
When you visit our website, it is possible to statistically analyse your surfing behaviour. This is primarily done using cookies and what are known as analytics programs. This analysis of your surfing behaviour is generally done anonymously, which means this surfing behaviour cannot be traced back to you.
You can object to this kind of analysis or prevent it by not using certain tools. You can find detailed information on this in the Privacy Notice below.
2. Hosting
External hosting
This website is hosted by an external service provider (host). Personal data collected on this website is stored on the host’s servers. This may include, but is not limited to, IP addresses, contact requests, metadata, communication data, contract data, contact details, names, website accesses and other data generated by a website.
We use a host to fulfil a contract with our existing and potential customers (Article 6 Paragraph 1(b) GDPR) and in the interests of the secure, fast and efficient provision of our online services by a professional provider (Article 6 Paragraph 1(f) GDPR).
Our host will only process your data to the extent necessary to meet its performance obligations and will follow our instructions with regard to this data.
3. General information and required information
Data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the General Data Protection Regulation (GDPR) and with this Privacy Notice.
When you use this website, various items of personal data are collected. Personal data is data that can be used to personally identify you. This Privacy Notice explains what data we collect and what we use it for. It also explains the purpose for which this is done.
We would point out that data transmission over the internet (e.g. communication by email) may have security vulnerabilities. Complete protection of data against unauthorised access by third parties is not possible.
Controller information
The controller responsible for data processing on this website is:
Otto Graf GmbH Kunststofferzeugnisse
Carl-Zeiss-Str. 2-6
79331 Teningen, Germany
Fax: +49 7641 589-50
Managing Directors: Otto F. Graf, Dipl.Kfm. Otto P. Graf
Trade register: HRB Freiburg 260184
VAT ID no.: DE 141989456
GLN no.: 4023122000006
Telephone: +49 7641 589-0
Email: mail@graf.info
The controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses or similar information).
Revoking your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent already given at any time. Informal notification by sending an email to us is sufficient for this purpose. Revoking your consent only applies to the future and does not affect the legitimacy of any instances of data processing that took place before consent is revoked.
Right to lodge a complaint with the responsible supervisory authority
In the event of violations of data protection, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority in data protection matters is the data protection officer of the German state in which our company is based. You can find a list of data protection officers and their contact details through the following link (German only):
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have the data that we process automatically on the basis of your consent or in the fulfilment of a contract handed over to you or a third party in a common, machine-readable format. If you request your data be directly transferred to another controller, this will only be done provided it is technically feasible.
SSL and TLS encryption
For security reasons and to protect the transmission of sensitive content such as orders or queries you send us, the website operator, we use SSL or TLS encryption. You can recognise an encrypted connection by looking at your browser’s address bar: the website address will show "https://" instead of "http://" and the browser bar will show a lock symbol.
When SSL or TSL encryption is activated, third parties are unable to read the data you send us.
Information, erasure and rectification
Under the applicable statutory provisions, you are entitled to request and receive information about your stored data, its origin and any recipients, and this right must be extended to you at any time free of charge; you are also entitled to request and receive information regarding the purpose of this data being processed, as well as the right to have this data corrected or erased. For this purpose, as well as for other questions relating to personal data, you may contact us at any time at the address supplied in the website operator’s legal notice.
Right to restriction of processing
You have the right to request that the processing of your personal data be restricted. You may contact us at any time at the address supplied in the website operator’s legal notice to make this request. The right to restriction of processing is available in the following cases:
- If you contest the accuracy of the personal data we have stored about you, we will generally need time to review this. You have the right to request that the processing of your personal data be restricted for the duration of this review.
- If your personal data is/was processed unlawfully, you can request the restriction of data processing instead of erasure.
- If we no longer need your personal data but you still need it to exercise, defend against or assert legal claims, you have the right to request the restriction to processing of your personal data instead of erasure.
- If you have lodged an objection under Article 21 Paragraph 1 GDPR, it is necessary to weigh up our legitimate interests and yours. As long as it is unclear whose interests take precedence, you have the right to request that the processing of your personal data be restricted for the duration of this review.
If you have restricted the processing of your personal data, this data may only be processed with your consent or to assert, exercise or defend against legal claims or to protect the rights of another natural or legal person, or for reasons of major public interest to the European Union or one of its Member States.
4. Data protection officer
Legally required data protection officer
We have appointed a data protection officer for our company.
Otto Graf GmbH Kunststofferzeugnisse
Kopp Andreas
Carl-Zeiss-Str. 2-6
79331 Teningen, Germany
Telephone: +49 7641 589-973
Email: Datenschutz@graf.info
5. Data collection on our website
Cookies
Some parts of our website use cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our website more user-friendly, efficient and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are what are known as session cookies. They are automatically deleted after your visit. Other cookies remain saved on your computer until such time as you delete them. These enable us to recognise your browser on your next visit.
You can adjust your browser’s settings in such a way that you are informed about the use of cookies and you only permit the acceptance of cookies on an individual basis or in certain cases; alternatively you may adjust these settings to generally block or automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.
Cookies necessary for electronic communications or to provide certain functions you have requested (e.g. shopping basket function) are stored on the basis of Article 6 Paragraph 1(f) GDPR. The website operator has a legitimate interest in storing cookies to ensure the optimal provision of its services without any technical errors. If consent is requested in this regard (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6 Paragraph 1(a) GDPR. You may revoke your consent at any time.
If other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these cookies are addressed separately in this Privacy Notice.
Consentmanager
We have embedded the "consentmanager" (www.consentmanager.net) consent management tool by Jaohawi AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) on our website to request consent for data processing or the use of cookies or similar functions. Using consentmanager, you have the option of granting or refusing your consent to certain features of our website, e.g. for the purpose of embedding external elements, integrating streaming content, statistical analysis, measuring reach and personalised advertising. You can use consentmanager to grant or refuse your consent for all functions or grant your consent for individual purposes or features. You can also change your settings later. The purpose of embedding consentmanager is to enable users of our website to make decisions regarding the things specified above and to offer them the option to change their previous settings in their future use of our website. When using consentmanager, personal data and information about the device used, such as the IP address, are processed.
The legal basis for processing is Article 6 Paragraph 1 Sentence 1(c) in conjunction with Article 6 Paragraph 3 Sentence 1(a) in conjunction with Article 7 Paragraph 1 GDPR and, alternatively, (f). By processing data, we help our customers (according to the GDPR, the data controller) to fulfil their legal obligation (e.g. the obligation to furnish evidence). Our legitimate interests in processing lie in the storage of user settings and preferences in terms of the use of cookies and other features. Consentmanager stores your data as long as your user settings are active. Two years after initially setting your user settings, you will be asked for your consent again. The user settings are then once again stored for this period.
You may object to this processing. You are entitled to object for reasons arising from your particular situation. To object, send an email to info@consentmanager.net.
Server log files
The website provider automatically collects and stores information in what are known as server log files, which are sent to us automatically by your browser. This information includes:
- browser type and version
- operating system used
- referrer URL
- host name of the accessing computer
- time of server request
- IP address
This data is not merged with any other data sources.
The basis for data processing is Article 6 Paragraph 1(f) GDPR, which allows for data to be processed to fulfil a contract or pre-contractual measures.
Contact form
If you send us a request using our contact form, your details as specified in the contact form, including any contact details you have entered, will be used for the purpose of processing your request. In addition, we will store this data in the event that any follow-up questions arise. We will not disclose this data without your consent.
This data is processed on the basis of Article 6 Paragraph 1(b) GDPR, provided your request is connected with the fulfilment of a contract or ins necessary to implement pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively processing the queries submitted to us (Article 6 Paragraph 1(f) GDPR) or on your consent (Article 6 Paragraph 1(a) GDPR), where this has been requested.
The data you provide in the contact form remains with us until you request it be erased, you revoke your consent to storage or the reason for storing the data no longer exists (e.g. once your query has been fully addressed). This does not affect any mandatory statutory provisions, in particular required retention periods.
Queries via email, telephone or fax
If you contact us by email, telephone or fax, we store and process your query, including any personal data contained in your query (name, query content) for the purpose of addressing your request. We will not disclose this data without your consent.
This data is processed on the basis of Article 6 Paragraph 1(b) GDPR, provided your request is connected with the fulfilment of a contract or ins necessary to implement pre-contractual measures. In all other cases, processing is based on your consent (Article 6 Paragraph 1(a) GDPR) and/or on our legitimate interests (Article 6 Paragraph 1(f) GDPR) since we have a legitimate interest in effectively processing queries submitted to us.
The data you send us in the contact form remains with us until you request it be erased, you revoke your consent to storage or the reason for storing the data no longer exists (e.g. once your request has been fully addressed). This does not affect any mandatory statutory provisions, in particular legal retention periods.
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent necessary to establish, draft or amend our legal relationship with you (inventory data). This is done on the basis of Article 6 Paragraph 1(f) GDPR, which allows for data to be processed to fulfil a contract or pre-contractual measures. We collect, process and use personal data about the use of our website (usage data) only to the extent necessary to enable or charge the user for the use of the service.
The customer data collected is erased once the order is completed or the business relationship has ended. This does not affect legal retention periods.
Data transmission when concluding a contract for services and digital content
We only send personal data to third parties if this is necessary to execute the contract, for example sending personal data to the bank commissioned to handle payments.
No other data transmission takes place or, if it does, only if you have expressly consented to its transmission. We do not disclose your data to third parties without express consent, such as for advertising purposes.
The basis for data processing is Article 6 Paragraph 1(b) GDPR, which allows for data to be processed to fulfil a contract or pre-contractual measures.
5. Social media
Embedded social media services
We currently use the social media services listed below in providing our website.
If you visit our website and click on the logo of a social media service, you will be forwarded to the specific external website of that networking service. If you click one of these buttons while you are logged in to one of these services, the information that you have visited our website may be attributed to your user account there. If you are a member of one of these services and do not wish for these social networks to collect data about you through our website and link that data to your member data, you should log out of the social media service in question before clicking a logo. The legal basis for processing your data is Article 6 Paragraph 1 Sentence 1(f) GDPR.
Please note that, as the operator of this website, we have no knowledge of the content of the data transmitted to these social media services or how these services use this data. For more information about what data is collected when accessing social media services and how this data is used, please see the data protection information for each of the services in question:
- Facebook – Facebook Inc., 1601 S. California Ave, Palo Alto
- Instagram – Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA
- Youtube – Google Ireland Limited. Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland
6. Analytics tools and advertising
Google Analytics
This website uses functions provided by the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses cookies. These are text files that are stored on your computer and help analyse how users use the website. The information generated by the cookie about your use of the website is generally transmitted to and stored by Google on servers in the United States.
Google Analytics cookies are stored on the basis of Article 6 Paragraph 1(f) GDPR. The website operator has a legitimate interest in analysing user behaviour both to optimise its online services as well as its advertising. If consent is requested in this regard (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6 Paragraph 1(a) GDPR. You may revoke your consent at any time.
IP anonymisation
We have activated the IP anonymisation function on this website, meaning your IP address will be truncated by Google in advance of being transmitted to the US within the Member States of the European Union, or other States party to the agreement in the European economic area. In exceptional cases only, the full IP address will be transmitted to a Google server in the United States and then truncated. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, for compiling reports on website activity, and for providing other services relating to website activity and Internet usage to the website operator. Google will not associate the IP address transferred by your browser as part of Google Analytics with any other data held by Google.
Browser plugins
You can prevent cookies being stored by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to take advantage of the full functionality of this website. You can also prevent the data generated by the cookie about your use of the website (including your IP address) from being sent to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.
Objection to data collection
You can prevent Google Analytics from collecting your data by clicking the following link. This sets an opt-out cookie that prevents the collection of your data when visiting this website in future: Disable Google Analytics.
For more information about Google Analytics’ handling of user data, see Google’s Privacy Policy: https://support.google.com/analytics/answer/6004245.
Demographic features of Google Analytics
This website uses the "Demographics" feature offered by Google Analytics. This facilitates the creation of reports that contain information about the age, gender and interests of visitors to our website. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be attributed to a specific person. You can disable this feature at any time by adjusting the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the "Objection to data collection" section.
Storage period
User and event-level data stored at Google that is linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android Advertising ID) is anonymised or erased after 26 months. You can find the details about this here: https://support.google.com/analytics/answer/7667196
Google Analytics remarketing
This website uses Google Analytics remarketing features in connection with the cross-device features offered by Google Ads and Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
This feature facilitates the linking of target advertising groups generated with Google Analytics remarketing with the cross-device features offered by Google Ads and Google DoubleClick. This allows interest-related, personalised advertising messages modified specifically for you based on your previous usage and surfing behaviour on one device (e.g. mobile phone) to be displayed on another of your devices (e.g. tablet or computer).
If you have given your consent, Google links your web and app browser history to your Google account for this purpose. This allows the same personalised advertising to be displayed on any device on which you log in with your Google account.
To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising.
You can permanently object to cross-device remarketing/targeting by disabling personalised advertising by following this link: https://www.google.com/settings/ads/onweb/.
The data collected in your Google account is aggregated solely on the basis of your consent, which you may grant to or revoke from Google (Article 6 Paragraph 1(a) GDPR). In the case of data collection operations that are not merged with your Google account (e.g. because you do not have a Google account or have objected to this information being merged with your account), data is collected on the basis of Article 6 Paragraph 1(f) GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymised analysis of website visitors for advertising purposes.
For more information and for data protection provisions, please see Google’s privacy notice at: https://policies.google.com/technologies/ads.
Google Ads and Google conversion tracking
This website uses Google Ads. Google Ads is the online advertising program provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
As part of Google Ads, we use what is known as conversion tracking. If you click an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files stored by the user’s internet browser on their computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, we and Google are able to recognise that the user clicked the ad and was redirected to this page.
Every Google Ads customer receives a different cookie. These cookies cannot be tracked via Google Ads customers’ websites. This information obtained using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. These customers are told the total number of users who clicked on their ad and were redirected to a website with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object by simply disabling the Google conversion tracking cookie through your browser’s user settings. You will then not be included in conversion tracking statistics.
Conversion cookies are stored and this tracking tool is used on the basis of Article 6 Paragraph 1(f) GDPR. The website operator has a legitimate interest in analysing user behaviour both to optimise its online services as well as its advertising. If consent is requested in this regard (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6 Paragraph 1(a) GDPR. You may revoke your consent at any time.
You can find more information about Google Ads and Google conversion tracking in Google’s data protection information: https://www.google.de/policies/privacy/.
You can adjust your browser’s settings in such a way that you are informed about the use of cookies and you only permit the acceptance of cookies on an individual basis or in certain cases; alternatively you may adjust these settings to generally block or automatically delete cookies when you close your browser. Disabling cookies may limit the functionality of this website.
Google Data Studio
We use the Google Data Studio data management tool to visually create custom reports and dynamic dashboards.
Here we use the data from Google Analytics and interfaces to data sources (such as Google Ads, Google Spreadsheets, YouTube Analytics etc.). The web tool does not require a local application and can be started via the web. It is accessed via a browser and the data sources are connected directly via Google Data Studio.
The purpose of Google Data Studio is the analysis of visitor flows on our website. Google uses the data and information obtained to evaluate the use of our website, among other things, to compile online reports for us which show the activities on our website and to provide further services in connection with the use of our website.
Further information on the use of Google Data Studio can be found at: support.google.com/datastudio/answer/6283323
Facebook pixel
This website uses Facebook’s pixel visitor action to measure conversion. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, however, the data collected is also sent to the US and other third countries.
This allows the behaviour of website visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be analyses for statistical and market research purposes and to optimise future advertising measures.
As the operator of this website, the data collected is anonymous to us and we are unable to draw any conclusions about the identity of users. However, this data is stored and processed by Facebook in a way that makes it possible to connect it to a specific user profile and so that Facebook can use the data for its own advertising purposes in accordance with Facebook’s data usage guidelines. This helps Facebook enable the placement of ads on pages within Facebook and outside of Facebook. As the website operator, we have no control over this use of data.
Facebook pixel is used on the basis of Article 6 Paragraph 1(f) GDPR. The website operator has a legitimate interest in effective advertising that includes social media. If consent is requested in this regard (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6 Paragraph 1(a) GDPR. You may revoke your consent at any time.
If you do not have a Facebook account, you can disable Facebook’s usage-based advertising on the European Interactive Digital Advertising Alliance’s website:
https://www.youronlinechoices.com/uk/your-ad-choices.
Please click here if you would like to revoke your consent: https://www.facebook.com/settings?tab=ads. To do so, you must be logged in to Facebook.
You can find more information about protecting your privacy by reading Facebook’s data protection information: https://www.facebook.com/about/privacy/.
You can also disable the "Custom Audiences" remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do so, you must be logged in to Facebook.
LinkedIn Insight Tag/ conversion tracking
This website uses the LinkedIn Insight Tag with LinkedIn conversion tracking, which is run by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
LinkedIn conversion tracking is a retargeting and analytics tool supported by the LinkedIn Insight Tag. The Insight Tag triggers a cookie, a tiny text file, to be placed on your browser when you visit the website. The Insight Tag is integrated on this website and allows data like your IP address, URL, referrer URL, device and browser properties, time stamp and page views to be collected. In addition, you may be shown interest-specific and relevant offers and recommendations depending on the services, information and offers you have obtained on our website. Furthermore, LinkedIn may use this to compile statistics with aggregated data on the use of and visits to our website. If you are a LinkedIn member, demographic information, e.g. information about your approximate location, may also be collected. The data collected is encrypted.
Generally speaking, you can prevent the storage of cookies by adjusting your browser’s settings. Alternatively, you can specifically object to LinkedIn conversion tracking by setting an opt-out cookie that remains on your device until you erase cookies. You can disable the LinkedIn cookie using this link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
In addition, you can use this link to make other adjustments relating to data protection:
https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences.
More information and LinkedIn’s data protection information is available in LinkedIn’s privacy notice at:
https://www.linkedin.com/legal/cookie_policy.
Microsoft Advertising Universal Event Tracking (UET)
This website uses the Microsoft Advertising Universal Event Tracking tag for conversion and analysis measurement. The tag is operated by the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft places a cookie on your device if you have reached our website via Microsoft Ads. This allows us and Microsoft to see that someone clicked on an ad, was redirected to our website and reached a predetermined landing page. We are only told the total number of users who clicked on a Microsoft Ad and were then redirected to the landing page. Microsoft uses the cookie to collect, process and use information from which usage profiles are created using pseudonyms. These usage profiles help analyse user behaviour and are used to display ads. No personal information about the identity of the user is processed. The legal basis for the use of this service is Article 6 Paragraph 1 Sentence 1(f) GDPR; this processing serves are legitimate economic interests.
You can prevent the data generated by the cookie about your use of the website from being collected and processed by disabling cookies. In addition, you can prevent the collection of data generated by the cookie relating to your use of this website as well as the processing of this data by Microsoft by stating your objection using the following link:
https://choice.microsoft.com/opt-out.
More information about privacy protection at Microsoft and Bing is available in Microsoft’s privacy protection information:
https://privacy.microsoft.com/privacystatement.
Hotjar
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar.
7. Chat Tool Userlike
This website uses Userlike, live chat software produced by the company Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany. You can use Userlike to chat with our employees in real-time. At the start of the chat, the following personal data is collected:
- Date and time of the chat,
- Browser type/version,
- IP address,
- Operating system used,
- URL of the previously visited website,
- Amount of data sent.
- And if provided by you: first name, surname, and e-mail address.
Depending on the course of the conversation with our employees, further personal data may be provided by you in the chat. The nature of this information depends heavily on your request or the problem you are describing.
All our employees have been trained in data protection and in the handling of customer data. All our employees are obliged to maintain confidentiality and have accordingly signed an addendum to their employment contracts which obliges them to maintain confidentiality and observe data protection.
By accessing the https://www.graf-online.de/ website, the chat widget is loaded as a JavaScript file from AWS Cloudfront. The chat widget technically represents the source code executed on your computer that enables the chat.
In addition, Otto Graf GmbH stores the history of live chats for 12 months. The purpose of this is to save our customers from having to go through a long history of requests, and for us to constantly monitor the quality of our live chat service. Processing is permitted pursuant to Art. 6 Para. 1 Book f, GDPR. If you do not wish your live chat history to be stored, please do not hesitate to contact us using the contact details listed below. Stored live chats and any other of your data will then be deleted by us immediately.
The storage of chat data also serves the purpose of ensuring the security of our information technology systems. This is also our legitimate interest, which is why processing is permitted under Art. 6 Para. 1 Book f, GDPR. The legal basis for the processing of the data provided in the chat is also Art. 6 Para. 1 Books b and f, GDPR.
8. Newsletters
Newsletter data
If you would like to receive the newsletter offered on the website, we need you to provide an email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No other data is collected or, if it is, is only collected on a voluntary basis.
By consenting to receive the newsletter (opt in), you are also consenting to individual user tracking. The newsletter contains what are called tracking bugs. A tracking bug is a thumbnail graphic that is embedded in newsletters sent in HTML format to allow log file recording and analysis. This allows us to statistically analyse the success or failure of online marketing campaigns. The embedded tracking bug can be used to identify whether and when an email was opened by a data subject and which links in the email the data subject accessed.
Otto Graf GmbH stores and analysis this kind of personal data collected in newsletters for processing purposes to optimise the sending of newsletters and better adapt the content of future newsletters to the data subject’s interests. This personal data is not disclosed to third parties.
The data provided in the newsletter subscription form will be processed on the basis of your consent (Article 6 Paragraph 1(a) GDPR). You can revoke your consent to the storage of data, your email address and the use of this data to send the newsletter at any time, for example by clicking the unsubscribe link in the newsletter. Revoking your consent only applies to the future and does not affect the legitimacy of any instances of data processing that took place before unsubscribing.
The data you provide us for the purpose of subscribing to the newsletter will be stored by us and/or the newsletter service provider until you unsubscribe from the newsletter, and will then be erased from the newsletter distribution list once you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.
After unsubscribing from the newsletter distribution list, we and/or the newsletter service provider will store your email address on a blacklist to prevent you from receiving future newsletters. The blacklist data is only used for this purpose and is not merged with other data. This serves both your interest as well as our interest in complying with the statutory requirements when sending newsletters (legitimate interest as defined by Article 6 Paragraph 1(f) GDPR). Information is stored on the blacklist indefinitely. You may object to this storage if your interests outweigh our legitimate interest.
CleverReach
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that allows the sending of newsletters to be organised and analysed. The data you enter for a newsletter subscription (e.g. your email address) will be stored on CleverReach's servers in Germany and/or Ireland.
Our newsletters sent out via CleverReach enable us to analyse the behaviour of newsletter recipients. Among other things, it allows us to analyse how many recipients have opened the newsletter as well as how often and which link was clicked in the newsletter. Using conversion tracking, we can also analyse whether a pre-defined action (e.g. purchase of a product through our website) has taken place after clicking the link in the newsletter. For further information on the analysis of data by the CleverReach newsletter, please visit: https://www.cleverreach.com/en/features/reporting-tracking/.
Data will be processed on the basis of your consent (Article 6 Paragraph 1(a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. Revoking your consent only applies to the future and does not affect the legitimacy of any instances of data processing that took place before unsubscribing.
If you do not want CleverReach to analyse your data, you must unsubscribe from the newsletter. To do this, you can use the corresponding link provided in each newsletter. You can also unsubscribe from the newsletter directly from the website.
The data you provide us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter, and will then be erased from both our servers and CleverReach’s servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remains unaffected by this.
After unsubscribing from the newsletter distribution list, we and/or the newsletter service provider will store your email address on a blacklist, where applicable, to prevent you from receiving future newsletters. The blacklist data is only used for this purpose and is not merged with other data. This serves both your interest as well as our interest in complying with the statutory requirements when sending newsletters (legitimate interest as defined by Article 6 Paragraph 1(f) GDPR). Information is stored on the blacklist indefinitely. You may object to this storage if your interests outweigh our legitimate interest.
For further information, please refer to CleverReach’s privacy policy at: https://www.cleverreach.com/en/privacy-policy/.
9. Plugins and tools
Use of YouTube with enhanced data protection mode
This website embeds YouTube videos. The website operator is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in enhanced data protection mode. According to YouTube, this mode means that YouTube does not save any information about visitors to this website because they watch the video. However, enhanced data protection mode does not necessarily preclude the transfer of data to YouTube partners. For example, regardless of whether you are watching a video, YouTube connects to the Google DoubleClick network.
Once you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server will then know which of our pages you have visited. If you are logged in to your YouTube account, you are allowing YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
In addition, YouTube can store various cookies on your device once you start a video. These cookies enable YouTube to receive information about visitors to this website. This information is used to collect video statistics, improve usability and prevent fraud The cookies remain saved on your device until you delete them.
After starting a YouTube video, other data processing may be triggered that we have no control over.
YouTube is used in the interest of attractively presenting our online services. This represents a legitimate interest as defined by Article 6 Paragraph 1(f) GDPR. If consent is requested in this regard (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6 Paragraph 1(a) GDPR. You may revoke your consent at any time.
For further information on how user data is handled, please refer to YouTube’s privacy policy: https://www.google.com/policies/privacy.
Google Web Fonts
This website uses web fonts provided by Google to ensure uniform font display. Google fonts are installed locally. This means that no connection to Google’s servers is established.
Google Maps
This website uses the map services of Google Maps through an API. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To use Google Maps’ features, it is necessary to store your IP address. This information is usually transmitted to a Google server in the US and stored there. The provider of this website has no control over this.
Google Maps is used in the interest of attractively presenting our online services and to make it easy to find the locations listed on our website. This represents a legitimate interest as defined by Article 6 Paragraph 1(f) GDPR.
For more information about how user data is handled, see Google’s Privacy Policy: https://google.com/policies/privacy.
10. Proprietary services
Handling of applicant data
We offer you the option to apply to work with us (e.g. by email, by post or using the online application form). Below we’ll provide you with information about the scope, purpose and use of your personal data collected during the application process. Wee assure you that your data is collected, processed and used in compliance with the applicable data protection laws and all other legal provisions and that we will handle your data in strict confidence.
Process and purpose of data collection
If you send us an application, we process the personal data you provide in connection with this (e.g. contact and communication details, application documents, notes taken during job interviews, etc.) to the extent necessary to decide whether to enter into an employment relationship. The legal basis for this is Section 26 of the new German Federal Data Protection Act (Bundesdatenschutzgesetz [BDSG]) under German law (initiation of an employment relationship), Article 6 Paragraph 1(b) GDPR (general contract initiation) and, provided you have granted your consent, Article 6 Paragraph 1(a) GDPR. You may revoke your consent at any time. Your personal data will only be disclosed within our company to people who are involved in processing your application.
If your application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 of the new BDSG and Article 6 Paragraph 1(b) GDPR for the purpose of executing the employment relationship.
Data retention period
If we are unable to offer you a job, you reject a job offer or withdraw your application, we reserve the right to retain the data you sent us on the basis of our legitimate interests (Article 6 Paragraph 1(f) GDPR) for up to six months after the end of the application process (rejection or withdrawal of the application). The data is then erased and the physical application documents destroyed. In particular, retaining this data is for evidentiary purposes in the event of a legal dispute. If it is evident that the data will be required after this six-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be erased when the purpose for further retention no longer applies.
Extended retention may also take place if you have given your consent to this (Article 6 Paragraph 1(a) GDPR) or if legal retention obligations prevent erasure.