We hereby inform you about the type, scope and purpose of the processing of personal data by our company according to the provisions of data protection legislation (particularly according to the Federal Data Protection Act new version (“BDSG n.F”) and the European General Data Protection Regulation, “GDPR”). This privacy policy also applies to our websites and social media profiles. We hereby refer the reader to Article 4 of the GDPR regarding the definition of terms such as “personal data” or “processing”.

Name and Contact Details of the Controller
Our controller (hereinafter referred to as “Controller”) within the meaning of Art. 4(7) of the GDPR is:

PreXion Europe GmbH
Stahlstraße 42-44
65428 Rüsselsheim
Managing Director: Satoshi Ikushima
Commercial Register/no.: HRB 98376
Registration Court: Local Court of Darmstadt
E-mail address: info@prexion-eu.de

Types of Data, Purposes of Processing and Categories of Data Subjects

We hereby inform you about the type, scope and purpose of the collection, processing and use of personal data.

1. Types of Data we Process
   Usage data (access times, websites visited, etc.), inventory data (name, address, etc.), contact details (phone number, e-mail, fax, etc.), payment details (bank details, account details, payment history, etc.), contract data (subject matter of the contract, term, etc.), content details (text entries, videos, photos, etc.), communication data (IP address, etc.);

   2. Purposes of Processing According to Point (c) of Article 13(1) of the GDPR
   Execution of contracts; evidentiary purposes / preservation of evidence; technical and economic optimisation of the website; enabling easy access to the website; fulfilment of contractual obligations; establishing contact if third parties lodge legal objections; fulfilment of statutory retention obligations; optimisation and statistical evaluation of our services; supporting the commercial use of the website; improving user experience; designing the website in a user-friendly manner; economic operation of advertising and website; marketing / sales / advertising; preparation of statistics; determining probability of copying of texts; avoiding SPAM and misuse; handling of applicant procedures; customer service and customer care; processing contact enquiries; providing websites with functions and contents; security measures; uninterrupted and secure operation of our website;

   3. Categories of Data Subjects According to Point (e) of Article 13(1) of the GDPR
   Visitors/users of the website, customers, suppliers, interested parties;

The data subjects are hereinafter jointly referred to as “users”.

Legal Bases of Personal Data Processing

We hereby inform you about the legal bases of personal data processing:

1. After we have obtained your consent for the processing of your personal data, the legal basis is point (a) of Article 6(1) 1^st sentence GDPR.
2. If processing is required to execute a contract or to implement pre-contractual measures taken on your request, point (b) of Article 6(1) 1^st sentence GDPR is the legal basis.
3. If processing is required to meet a legal obligation to which we are subject (e.g. statutory retention periods), point (c) of Article 6(1) 1^st sentence GDPR is the legal basis.
4. If processing is required to protect vital interests of the data subject or another natural person, point (d) of Article 6(1) 1^st sentence GDPR is the legal basis.
5. If processing is required to protect our legitimate interests or the legitimate interests of a third party and if such interests are not overridden by your interests or fundamental rights and freedoms, point (f) of Article 6(1) 1^st sentence GDPR is the legal basis.

Disclosure of Personal Data to Third Parties and Processors

We generally do not disclose any data to third parties without your consent. If we do disclose them nonetheless, such disclosure is made on the basis of the legal bases stated above that apply e.g. to the disclosure of data to online payment providers to fulfil the contract or due to a court order or due to a statutory obligation to surrender the data for the purpose of criminal prosecution, for hazard prevention or to enforce intellectual property rights.
In addition, we use processors (external service providers e.g. for web hosting of our websites and databases) to process your data. If data are shared with processors within the context of a data processing agreement, this is always done according to Article 28 of the GDPR. We choose our processors carefully, check them on a regular basis and have obtained a right to give instructions with regard to the data. Moreover, the processors must have taken appropriate technical and organisational measures and must comply with the data protection provisions according to the Federal Data Protection Regulation, new version, and the GDPR.

Transfer of Data to Third Countries

The adoption of the European General Data Protection Regulation (GDPR) established a uniform basis for data protection in Europe. Your data are thus mainly processed by companies who are subject to the GDPR. However, if the processing is carried out by third-party services outside the European Union or the European Economic Area, they need to meet the special requirements of Article 44 et seq. of the GDPR. This means that data are processed on the basis of special safeguards, such as official recognition by the EU Commission of a level of protection equivalent to that in the EU or adherence to officially recognised special contractual obligations, the so-called “standard contractual clauses”. For American companies, the submission to the so-called “Privacy Shield”, the data protection agreement between the EU and the USA, meets these requirements.

Erasure of Data and Storage Periods

Unless expressly stated in this privacy statement, your personal data are erased or blocked as soon as the purpose for their storage no longer applies, unless their further retention is required for evidentiary purposes or this is opposed by statutory retention obligations. These include e.g. commercial retention periods for business correspondence according to Section 257 (1) HGB [German Commercial Code] (6 years) and fiscal retention obligations according to Section 147 (1) AO [Fiscal Code of Germany] of records (10 years). After the stipulated retention period expires, your data will be blocked or erased, unless their storage is still required for concluding or fulfilling a contract.

Existence of Automated Decision-Making

We do not use any automated decision-making or profiling.

Provision of our Website and Creation of Log Files

1. If you use our website for information purposes only (meaning no registration and no other transmission of information), we only collect such personal data as are transmitted to our server by your browser. If you wish to view our website, we collect the following data:

• IP address;
  • Internet service provider of the user;
  • date and time of access;
  • browser type;
  • language and browser version;
  • content of access;
  • time zone;
  • access status / HTTP status code;
  • data volume;
  • websites where the request comes from;
  • operating system.
  These data will not be stored together with your other personal data.

2. These data serve the purpose of user-friendly, functional and secure delivery of our website to you, including functions and contents, as well as its optimisation and statistical evaluation.
3. The legal basis is our legitimate interest in the data processing according to point (f) of Article 6(1) 1^st sentence GDPR, which is included in the aforementioned purposes.
4. We store these data for security reasons in server log files for a period of 30 days. After this period has expired, they are automatically erased, unless we require their retention for evidentiary purposes in case the server infrastructure is attacked or other legal infringements occur.

Cookies

1. We use so-called cookies when you visit our website. Cookies are small text files which your Internet browser files and stores on your computer. When you visit our website again, these cookies provide information to automatically recognise you. The information thus obtained is used to technically and economically optimise our web offerings and to make it easier and safer for you to access our website. We inform you in this regard when you access our website by referring to our privacy policy regarding the use of cookies for the aforementioned purposes and how you can object to and/or prevent them from being saved (“opt-out”). Our website uses session cookies, persistent cookies and third-party cookies: Session cookies:We use so-called cookies to identify several uses of an offer by the same user (e.g. after you have logged out to determine your log-in status). When you visit our website again, these cookies provide information to automatically recognise you. The information thus obtained is used to optimise our offerings and to make it easier for you to access our website. If you close the browser or log out, the session cookies are erased.

   • Persistent cookies: These are automatically erased after a set period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

   • Third-party cookies: You can configure your browser settings according to your preferences and e.g. decline the acceptance of third-party cookies or all cookies. However, we would like to draw your attention at this point to the fact that you might not be able to use all functions of this website in this case. You can find more details on these cookies in the relevant privacy policies of the third-party providers.

2. The legal basis of this processing is point (b) of Article 6(1) 1^st sentence GDPR if the cookies are placed to initiate a contract (e.g. with purchase orders), and otherwise we have a legitimate interest in the effective functionality of the website, so that the legal basis is point (f) of Article 6(1) 1^st sentence GDPR in this case.
3. Objection and Opt-out:You can generally prevent the saving of cookies on your hard drive by selecting “Do not accept cookies” in your browser settings. However, this may limit the functionality of our offers. You can object to the use of cookies of third-party providers for advertising purposes through an “opt-out” via this American website (https://optout.aboutads.info) or this European website (http://www.youronlinechoices.com/de/praferenzmanagement/).

Google Analytics

1. We have integrated in our website the website analysis tool “Google Analytics” (Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA, EU branch office: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland).
2. When you visit our website, Google places a cookie on your computer to analyse your use of our website. The obtained data are transferred to the USA and stored there. Should personal data be transferred to the USA, the Google certification according to the EU–US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) guarantees that the European data protection law is complied with.
3. We have activated the IP anonymisation “anonymizeIP”, which means that the IP addresses are shortened before they are processed further. On this website, your IP address will thus first be shortened by Google within EU Member States or other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. On behalf of the provider of this website, Google uses this information to analyse your usage of the website, to compile reports about the website activity and to provide further services which are connected to the use of this website and of the Internet for its controller. We have also activated the cross-device analysis of website visitors, which is carried out via a so-called user ID. The IP address transferred by your browser in the context of Google Analytics is not combined with any other data from Google. The use of Google Analytics serves the analysis, optimisation and improvement of our website.
4. The legal basis is our legitimate interest in the data processing according to point (f) of Article 6(1) 1^st sentence GDPR, which is included in the aforementioned purposes.
5. Data sent by us and linked to cookies, user IDs or advertising IDs will be automatically erased after 12 months. Data that have reached their retention period will be automatically erased once a month.
6. You can find more information on the use of data at Google Analytics here: https://www.google.com/analytics/terms/de.html (Analytics Terms of Use), https://support.google.com/analytics/answer/6004245?hl=de (notes on data protection at Analytics) and Google’s Privacy Policy https://policies.google.com/privacy.
7. Objection and Opt-out: You can generally prevent the saving of cookies on your hard drive by selecting “Do not accept cookies” in your browser settings. However, this may limit the functionality of our offers. You can also prevent any data created by the cookie and relating to your use of the website from being recorded and processed by Google by downloading and installing the browser plug-in available here: http://tools.google.com/dlpage/gaoptout?hl=de
8. As an alternative to the aforementioned browser plug-in, you can stop the data collection by Google Analytics by clicking on https://tools.google.com/dlpage/gaoptout?hl=de. By clicking on this link, an “opt-out” cookie is placed on your computer which prevents the future collection of your data when visiting this website. This cookie only applies to our website and your current browser and only exists until you delete your cookies. In this case, you would need to place the cookie again.
9. You can disable the cross-device user analysis in your Google account under “My data > personal data”.

Google Maps

1. We have integrated in our website maps of “Google Maps” (Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA, EU branch office: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland). With Google Maps, we can show the location of addresses and directions directly on our website in interactive maps and enable you to use this tool.
2. When the website integrating Google Maps is accessed, a connection to the Google servers in the USA is established. During this process, your IP address and location may be transferred to Google. In addition, Google is informed that you have accessed the relevant site. This also happens if you do not have a Google user account. If you are logged into your Google account, Google can allocate the aforementioned data to your account. If you do not want this to happen, you need to log off from your Google account. Google creates user profiles from such data and uses such data for advertising, market research or optimisation of its websites.
3. The legal basis is our legitimate interest in the data processing according to point (f) of Article 6(1) 1^st sentence GDPR, which is included in the aforementioned purposes.
4. You have the right to object to Google’s creation of user profiles. Please contact Google directly via the privacy policy below to object. You can opt out with regard to the advertising cookies here in your Google account:
   https://adssettings.google.com/authenticated.
5. In the terms of use of Google Maps at https://www.google.com/intl/de_de/help/terms_maps.html and in the privacy policy for advertising of Google at https://policies.google.com/technologies/ads, you can find further information on the use of Google cookies and their advertising technologies, period of storage, anonymisation, location data, functionality and your rights. General Privacy Policy of Google: https://policies.google.com/privacy.
6. Google is certified according to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and therefore obliged to comply with the European data protection law

Rights of Data Subjects

1. Objection to or withdrawal of your consent to the processing of your dataInsofar as the processing is based on your consent according to point (a) of Article 6(1) 1^st sentence, Art. 7 of the GDPR, you can withdraw your consent at any time. In doing so, the lawfulness of the processing which was carried out based on consent until the time of its withdrawal will not be affected.

   Insofar as we base the processing of your personal data on a balancing of interests according to point (f) of Article 6(1) 1^st sentence GDPR, you can submit an objection to its processing. This is particularly relevant to cases in which the processing is not necessary for fulfilling a contract with you, which we will clarify in each case in the following description of the functions. When exerting such right to object, we ask you to explain the reasons why we should not process your personal data as we do. In the case of your justified objection, we check the facts and either discontinue the data processing, and/or adjust it, or give you our compelling legitimate grounds, on the basis of which we shall continue the processing.

   You can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You may exercise your right to object free of charge. You can inform us of your objection to processing for advertising purposes via the following contact details:

   PreXion Europe GmbH
   Stahlstraße 42-44
   65428 Rüsselsheim
   Managing Director: Satoshi Ikushima
   Commercial Register/no.: HRB 98376
   Registration Court: Local Court of Darmstadt
   E-mail address: info@prexion-eu.de

2. Right of Access
   You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. Where that is the case, you are entitled to access your personal data stored by us according to Art. 15 of the GDPR. In particular, you have the right to obtain information about the purposes of the processing, the category of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged period of storage, and the source of your data, if data has not been collected directly from you.
3. Right to Rectification
   You have a right to rectification of inaccurate data or to have incomplete data completed according to Article 16 of the GDPR.
4. Right to Erasure
   You have the right to erasure of your data stored by us according to Article 17 of the GDPR, unless this is opposed by statutory or contractual periods of retention or other statutory duties and/or rights to further storage.
5. Right to Restriction of Processing
   You have the right to request the restriction of processing of your personal data where one of the following points (a) to (d) of Article 18(1) of the GDPR is met:
   you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

   • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

   • the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or

   • you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.

6. Right to Data Portability
   You have the right to data portability according to Article 20 of the GDPR, which means that you can receive the personal data stored by us concerning you in a structured, commonly used and machine-readable format, or to demand the transmission of those data to another controller.
7. Right to Lodge a Complaint
   You have the right to lodge a complaint with a supervisory authority. You can usually lodge this complaint with the supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Data Security

To protect all personal data submitted to us and to ensure that the data protection provisions are not only complied with by us, but also by our external service providers, we have taken appropriate technical and organisational security measures. Therefore, amongst other things, all data transferred between your browser and our server are transmitted in encrypted form via a secure SSL connection.

Last update: 25 January 2019