Privacy Policy

Privacy Policy pfreundt.de

and at the same time information of the data subjects acc. to Article 13 and Article 14 GDPR

General, controller, data protection officer

Preamble

PFREUNDT GmbH (hereinafter »PFREUNDT«, »we«, »us«, »our«) provides services in which data and in particular personal data are processed. This concerns in particular the areas of communication and marketing activities, the provision of this website and all related actions.

Note to the controller

The controller acc. to Article 4 (7) of the General Data Protection Regulation (hereinafter »GDPR«) and other national data protection laws of the member states as well as other data protection provisions is:

PFREUNDT GmbH
Robert-Bosch-Str. 5
46354 Südlohn | Germany

Telefon: +49 (0) 2862 98 07 0
E-Mail: info(at)pfreundt.de

Data protection officer

We have appointed a data protection officer for our company:

Thorsten Schröers | SAFE-PORT Consulting GmbH
c/o Data Protection Officer
Hülshoff-Str. 7
59469 Ense | Germany

Telefon: +49 (0) 2938 977 978
E-Mail: datenschutz(at)pfreundt.de

Scope of the processing of personal data

We process personal data of our users only insofar as this is necessary for the provision of a functional website and our content and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.

Legal basis for processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) lit. a GDPR serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Article 6 (1) lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 (1) lit. d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Article 6 (1) lit. f GDPR serves as the legal basis for the processing.

Data deletion and storage duration

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may take place in addition if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

Note on data transfer to the USA and other third countries

Among other things, tools from companies based in the USA or other third countries that are not secure from a data protection perspective may be integrated on our website. If these tools are active, your personal data may be transferred to the respective companies in the third countries. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e. g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. We have concluded valid appropriate guarantees with the service providers for the transfer to these third countries in accordance with Article 46 (2) GDPR. If you have any further questions, please feel free to contact our data protection officer.

A data transfer to the USA takes place exclusively on the basis of consent by the data subject (Article 6 (1) lit. a GDPR). You can revoke an already granted consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Use of our services and offers

Provision of the website and creation of log files

Informational use / description and scope of data processing

For the use of our website for information purposes only, it is generally not necessary for you to provide personal data. Rather, we collect and use in this case only those of your data that your Internet browser automatically transmits to us, such as:

• Date and time of the call of one of our Internet pages
• your browser type
• the browser settings
• the operating system used
• the last page you visited
• the amount of data transferred and the access status (file transferred, file not found, etc.)
• your IP address.

Purpose

We collect and use this data during an informational visit exclusively in non-personal form. This is done to enable the use of the Internet pages you have accessed, for statistical purposes and to improve our Internet offering. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Article 6 (1) lit. f GDPR.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after fourteen days at the latest; storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling user is no longer possible. Access to the log data is only possible directly and exclusively for administrators.

Possibility of objection and removal

The collection of data for the provision of the services and the storage of the data in log files is mandatory for the operation of the services offered. Consequently, there is no possibility of objection on the part of the user.

Website hosting

This website is hosted by an external service provider (Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany, hereinafter »Hoster«). The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

Our hoster will only process your data to the extent that this is necessary for the fulfillment of its service obligations and follow our instructions regarding this data.

If we commission service providers with the processing of data, this is always done acc. to Article 28 GDPR on the basis of a so-called contract for commissioned processing. To ensure data protection-compliant processing, we have concluded a contract for commissioned processing with our hoster.

Cloudflare

Our »PFREUNDT E-Shop« uses the service "Cloudflare". The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter »Cloudflare«).

Cloudflare offers a globally distributed content delivery network with DNS. This technically routes the transfer of information between your browser and our website through Cloudflare's network. This enables Cloudflare to analyze traffic between your browser and our website and serve as a filter between our servers and potentially malicious traffic from the Internet. In doing so, Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Article 6 (1) lit. f GDPR).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

You can find more information about security and privacy at Cloudflare here:  https://www.cloudflare.com/privacypolicy/.

To ensure data protection-compliant processing, we have concluded an order processing contract with Cloudflare.

Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

When calling up our website, the user is informed about the use of cookies by a Consent banner and his consent to the processing of personal data used in this context is obtained and documented in accordance with data protection law. In this context, a reference to this data protection notice is also made. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings.

You can also determine yourself whether cookies can be set and retrieved by means of the settings in your browser. You can, for example, completely deactivate the storage of cookies in your browser, limit it to certain websites or configure your browser so that it automatically informs you as soon as a cookie is to be set and asks you for feedback on this. For the full functionality of our website, however, it is necessary for technical reasons to allow the cookies we use.

Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) lit. f GDPR. The legal basis for the processing of personal data using cookies (and comparable recognition technologies) for analysis purposes and for ad control or evaluation is Article 6 (1) lit. a GDPR and Section 25 (1) TTDSG; consent can be revoked at any time.

Purpose of data processing

If there is a use of technically necessary cookies:

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. We require cookies for the following applications: storage of visitor settings selected in the Consent Banner.

In these purposes also lies our legitimate interest in the processing of personal data acc. to Article 6 (1) lit. f GDPR.

The user data collected through technically necessary cookies are not used to create user profiles.

Duration of storage, possibility of objection and removal.

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

Cookie consent with »CMP-Tool«

Our website uses a consent management platform (»CMP«) to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany (hereinafter »Usercentrics«).

Description and scope of data processing

When you enter our website, your consents and other declarations regarding cookie use are obtained via our Consent Tool. The Consent Tool then stores a cookie in your browser in order to be able to assign the consents granted to you or their revocation.

Legal basis for data processing

The Consent Tool is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 (1) lit. c GDPR.

Purpose of data processing

The purpose of providing the Consent Tool is to comply with overriding legislation and to inform users in what context cookies are used on this website.

Possibility of objection and elimination

The data collected by the Consent tool remains stored until you delete the Consent cookie yourself, adjust the settings again via the Consent banner, or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Further information

We have concluded an order processing contract with Usercentrics. This is a contract required by data protection law, which ensures that consentmanager only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.

Details on the data processing of Usercentrics can be found at https://usercentrics.com/privacy-policy/.

Plugins and tools

Google Analytics 4

Our website uses Google Analytics 4, provider is Google Ireland Limited, Gordon House, Barrow St, Dublin, Ireland (»Google«), with which the use of websites can be analyzed.

Cookies are used when Google Analytics 4 is used. The information collected by cookies about your use of the website (including the IP address transmitted by your terminal device, shortened by the last digits, see below) is usually transmitted to a Google server and stored and processed there. This may also result in the transmission of information to the servers of Google LLC, which is based in the USA, and further processing of the information there (see also the section »Note on data transfer to the USA«).

When using Google Analytics 4, the IP address transmitted by your terminal device when you use the website is always collected and processed anonymously by default and automatically. A personal reference or referenceability of the collected information is therefore excluded. This automatic anonymization is carried out by Google shortening the IP address transmitted by your terminal device within member states of the European Union (EU) or other contracting states of the Agreement on the European Economic Area (EEA) by the last digits.

On our behalf, Google uses this and other information to evaluate your use of the website, to compile reports about your website activities or your usage behavior and to provide us with other services related to your website and internet usage. In this context, the IP address transmitted and shortened by your terminal device within the scope of Google Analytics 4 will not be merged with other data from Google. The data collected in the context of the use of Google Analytics 4 will be retained for 2 months and then deleted.

Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of website users on the basis of an evaluation of interest-based advertising and with the involvement of third-party information via a special function known as »demographic characteristics«. This makes it possible to determine and distinguish user groups of the website for the purpose of targeting marketing measures. However, data collected via the »demographic characteristics« cannot be assigned to a specific person and thus not to you personally. This data collected via the »demographic characteristics« function is retained for two months and then deleted.

Since a corresponding consent was requested (e. g. consent to store cookies), the processing is based exclusively on Article 6 (1) lit. a GDPR and Section 25 (1) TTDSG. Without your consent, Google Analytics 4 will not be used during your use of the website. You can revoke your consent once given at any time with effect for the future. To exercise your revocation, please deactivate this service via the »Cookie Consent Tool« provided on the website.

In connection with this website, the Google Signals service is also used as an extension of Google Analytics 4. With Google Signals, we can have Google create cross-device reports (so-called »cross-device tracking«). If you have activated »personalized ads« in your Google account settings and linked your Internet-enabled end devices to your Google account, Google can analyze usage behavior across devices and create database models based on this if you have given your consent to the use of Google Analytics 4 in accordance with Article 6 (1) lit. a GDPR. The logins and device types of all website users who were logged into a Google account and executed a conversion are taken into account. The data shows, among other things, on which device you clicked on an ad for the first time and on which device the relevant conversion took place. We do not receive any personal data from Google in this regard, but only statistics compiled on the basis of Google Signals. You have the option of deactivating the »personalized ads« function in the settings of your Google account and thus turning off the cross-device analysis in connection with Google Signals. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en.

You can find more information about Google Signals at the following link: https://support.google.com/analytics/answer/7532985?hl=en.

We have concluded a so-called order processing agreement with Google for our use of Google Analytics 4, which obliges Google to protect the data of our website users and not to pass it on to third parties.

To ensure compliance with the European level of data protection also in the event of any transfer of data from the EU or EEA to the USA and possible further processing there, Google refers to the so-called standard contractual clauses of the European Commission, which we have contractually agreed with Google.

Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found at  https://policies.google.com/privacy?hl=de&gl=en and below https://policies.google.com/technologies/partner-sites.

Google Remarketing (only in the PFREUNDT E-Shop)

This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited (»Google«), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Remarketing analyzes your user behavior on our website (e. g. clicking on certain products) in order to classify you in certain advertising target groups and subsequently play suitable advertising messages to you when you visit other online offers (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Remarketing can be linked with Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e. g. cell phone) can also be displayed on another of your end devices (e. g. tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.

The use of Google Remarketing is based on Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in marketing its products as effectively as possible. If a corresponding consent has been requested, the processing is based exclusively on Article 6 (1) lit. a GDPR; the consent can be revoked at any time.

Further information and the privacy policy can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=en.

To create target groups, we use, among other things, Google Remarketing's customer matching. In this process, we transfer certain customer data (e. g., e-mail addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they are shown matching advertising messages within the Google network (e. g. on YouTube, Gmail or in the search engine).

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (»Google«), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google (e. g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

The use of Google Ads is based on Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in marketing its service products as effectively as possible.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google Conversion Tracking (only in the PFREUNDT E-Shop)

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (»Google«), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of Google conversion tracking is based on Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e. g. consent to store cookies), the processing is based exclusively on Article 6 (1) lit. a GDPR; the consent can be revoked at any time.

You can find more information about Google conversion tracking in Google's privacy policy: https://policies.google.com/privacy?hl=en.

Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (»Google«), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there (see also the section »Note on data transfer to the USA«). The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser may load the required web fonts into its browser cache in order to display texts and fonts correctly.

The provider of this site has no influence on this data transmission.

Google Maps is used in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Article 6 (1) lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6 (1) lit. a GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e. g. device fingerprinting) within the meaning of the TTDSG; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en.

YouTube with enhanced data privacy

Our website embeds videos from YouTube. The operator of the pages is Google Ireland Limited (»Google«), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e. g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts. If applicable, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6 (1) lit. a GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e. g. device fingerprinting) within the meaning of the TTDSG. When using this plugin, data transfer to the USA is not excluded. See also the section »Note on data transfer to the USA«.

For more information about privacy at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=en.

Hubspot CRM

We use Hubspot CRM on this website. Provider is HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany (hereinafter »Hubspot CRM«).

Use of offers

Newsletter

Description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. In order to be able to register for our e-mail newsletter service, we require, in addition to your consent under data protection law, at least your e-mail address to which the newsletter is to be sent. In addition, the date and time of registration are collected. For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy.

For the newsletter dispatch we use the so-called double opt-in procedure, i.e. we will only send you the newsletter if you first confirm your registration via a confirmation e-mail sent to you for this purpose by means of a link contained therein. In this way, we want to ensure that only you yourself, as the owner of the e-mail address provided, can register for the newsletter. Your confirmation in this regard must be made within 5 working days after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database.

Legal basis for data processing

The legal basis for data processing for newsletter marketing is Article 6 (1) lit. a GDPR.

Purpose of data processing

Any further information is voluntary and will be used to address you personally and to personalize the content of the newsletter as well as to clarify queries regarding the e-mail address. The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user's e-mail address is therefore stored as long as the subscription to the newsletter is active. The other personal data collected during the registration process is usually deleted after a period of seven days.

Possibility of objection and elimination

You can cancel a newsletter you have subscribed to with us at any time. To do so, you can either send us an informal e-mail to the above contact details or use the link at the end of the newsletter to cancel. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. This also enables the revocation of consent to the storage of personal data collected during the registration process.

Further informationen

We use HubSot to send newsletters. The provider is HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany (»HubSpot«). HubSot is a service that can be used, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of receiving newsletters will be stored on HubSpot's servers. If you do not want HubSpot to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. The dispatch service provider may use the data of the recipients in pseudonymous form, i. e. without assignment to a user, to optimize or improve its own services, e. g. for technical optimization of the dispatch and presentation of the newsletters or for statistical purposes. Furthermore, you can also unsubscribe from the newsletter directly on the website.

With the help of HubSpot, we are able to analyze our newsletter campaigns. This allows us to see, among other things, whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often. HubSpot also allows us to subdivide newsletter recipients according to different recipient categories (e. g. place of residence). In this way, the newsletters can be better adapted to the respective target groups.

We have concluded an order processing contract with HubSpot in which we oblige HubSpot to protect our customers' data and not to pass it on to third parties. For detailed information on the functions and data protection, please refer to HubSpot's privacy policy at: https://legal.hubspot.com/privacy-policy.

Contact form and e-mail contact

Description and scope of data processing

Our website contains a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:

• Your e-mail address
• IP address of the user
• Date and time of the message
• Other information you enter in the contact form

For the processing of data, your consent is obtained during the submission process and reference is made to this privacy policy. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

Legal basis for data processing

The processing of this data is based on Article 6 (1) lit. b GDPR, if your request is related to the performance or conclusion of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Article 6 (1) lit. f GDPR) or on your consent (Article 6 (1) lit. a GDPR) if this has been requested. The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6 (1) lit. f GDPR.

Purpose of data processing

The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Possibility of objection and elimination

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. You can make use of your objection by contacting us at the above-mentioned contact details. All personal data stored in the course of contacting us will be deleted in this case.

Requests by phone or fax

Description and scope of data processing

If you contact us by telephone or fax, your inquiry including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not pass this data on to third parties without your consent.

Legal basis for data processing

The processing of this data is based on Article 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Article 6 (1) lit. f GDPR) or on your consent (Article 6 (1) lit. a GDPR) if this has been requested.

Purpose of data processing

The processing of personal data serves us solely to process your request.

Duration of storage

The data you send to us via inquiries will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e. g., after we have completed processing your request).

Possibility of objection and elimination

The user has the possibility to revoke the processing of his personal data at any time. You can make use of your objection by contacting the above mentioned contact details.

All personal data stored in the course of contacting us will be deleted in this case. Mandatory legal provisions - in particular legal retention periods - remain unaffected.

PFREUNDT E-Shop

This service (hereinafter referred to as the »Shop«) is provided by PFREUNDT GmbH (hereinafter referred to as »we« or »us«) as the responsible party within the meaning of the applicable data protection law.

Processing of data (customer and contract data)

We collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Article 6 (1) lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.

The collected customer data will be deleted after completion of the order or termination of the business relationship. If you have created a customer account, your data will generally remain stored until you delete the customer account. If no orders are placed via a customer account for more than two years, we will delete the account including the data. Legal retention periods remain unaffected.

Data transmission at the conclusion of a contract for online stores, merchants and shipment of goods

We transmit personal data to third parties only if this is necessary in the context of the contract, such as to the companies entrusted with the delivery of the goods or the credit institution entrusted with the payment processing. A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Article 6 (1) lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

We use the store system of the service provider shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany (»shopware«), for the purpose of hosting and displaying the online store on the basis of processing on our behalf. All data collected on our website is processed on the servers of shopware.

You can find more information about Shopware here: https://www.shopware.com/en/privacy/

Name, address and, if applicable, other personal data will be passed on to shopware in accordance with Article 6 (1) lit. b GDPR exclusively for the purpose of processing the online order. Your data will only be passed on to the extent that this is actually necessary for the processing of the order.

To ensure data protection-compliant processing, we have concluded an order processing contract with shopware.

Your rights as a data subject

Information about your rights as a data subject, the responsible body and contact options with our data protection officer, among others, can be found under »Rights of the data subject« in this data protection notice.

This service (hereinafter referred to as »Web Portal«) is provided by PFREUNDT GmbH (hereinafter referred to as »we« or »us«) as a processor within the meaning of the applicable data protection law.

Processing data (customer and weighing data)

We offer our customers the possibility to handle the complete management of weighing data (clients, scales, users, orders, reports, etc.) electronically via the »PFREUNDT Web Portal«.

We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.

The customers are responsible for the processing of personal data in the PFREUNDT Web Portal according to Article 4 (7) GDPR.

We conclude a contract on commissioned processing with our clients. This contract ensures that we process the data exclusively on the basis of the instructions of our clients and in compliance with data protection as defined by the GDPR.

Your rights as a data subject

Information about your rights as a data subject can be found under »Data subject rights« in this privacy notice.

PFREUNDT App

This service (hereinafter »App«) is provided by PFREUNDT GmbH (hereinafter »we« or »us«) as the responsible party within the meaning of the applicable data protection law.

As part of the app, we allow you to retrieve and view the following information:

• Retrieval and storage of weighing data from and in the connected weighing system
• Retrieval and storage of master data from and in the PFREUNDT Web Portal
• Creation of signatures (consisting of photo/png file, location) as well as transfer to the web portal
• Taking and processing photos and transferring them to the web portal
• Deposit of information with location data
• Transmission and storage of error and diagnostic messages to PFREUNDT GmbH

When you use the app, we process personal data about you. Personal data means any information relating to an identified or identifiable natural person. Because protecting your privacy when using the app is important to us, we would like to inform you in the following which personal data we process when you use the app and how we handle this data. In addition, we will inform you about the legal basis for the processing of your data and, insofar as the processing is necessary to protect our legitimate interests, also about our legitimate interests.

You can access this privacy policy at any time under the menu item »Privacy Policy« within the app.

Information about the processing of your data

Certain information is already processed automatically as soon as you use the app. We have listed exactly which personal data is processed for you below:

Information collected during download

When downloading the app, certain required information is transmitted to the app store selected by you (e.g. Google Play or Apple App Store), in particular the user name, the e-mail address, the customer number of your account, the time of the download, payment information and the individual device identification number may be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our control.

Information that is collected automatically

As part of your use of the app, we automatically collect certain data that is required for the use of the app. This includes: internal device ID, version of your operating system, time of access.

This data is automatically transmitted to us, but not stored, in order to provide you with the service and the associated functions, to improve the functions and performance features of the app and to prevent and eliminate misuse and malfunctions. This data processing is justified by the fact that the processing is necessary for the performance of the contract between you as a data subject and us pursuant to Article 6 (1) lit. b GDPR for the use of the App. In addition, we have a legitimate interest in ensuring the functionality and error-free operation of the app and in being able to offer a service that is in line with the market and interests, which outweighs your rights and interests in the protection of your personal data here within the meaning of Article 6 (1) lit. f GDPR.

Registration and login

The app can be used without logging in. However, the access data of the PFREUNDT Web Portal (user name and scale ID) are required to transfer your data to the cloud. Registration takes place via the PFREUNDT GmbH web portal. Information on mandatory data within the scope of registration is also available via the PFREUNDT GmbH web portal. The conclusion of the user contract is always required. If you do not have Web Portal access, it is not possible to use the PFREUNDT App.

We will process and use the information you provide as part of the registration process or a login to verify your eligibility to manage access; enforce the App's Terms of Use and any related rights and obligations; and contact you to send you technical or legal notices, updates, security messages, or other communications, such as those related to managing access.

Use of the app

Within the app you can enter, manage and edit various information, tasks and activities. This information includes in particular data on the collection and processing of signatures and photos to weighing data from the connected weighing system. At the same time, the collected data can be merged with location information and stored in the app and transferred to the PFREUNDT Web Portal.

The app also requires the following permissions:

• Internet access: This is needed to save your entries on our servers
• Camera access: This is required so that you can take photos of your documents, orders, loaded goods, etc. and store them in the app and on our servers.
• Location access: This is required so that location information can be provided for the weighing data.
• Bluetooth access: this is required to establish a connection to the scale

The processing and use of usage data is carried out for the provision of the service. This data processing is justified by the fact that the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Article 6 (1) lit. b GDPR for the use of the app.

Data sharing and transfer

In addition to the cases explicitly mentioned in this data protection declaration, your personal data will only be passed on without your express prior consent if this is permitted or required by law. This may be the case, for example, if the processing is necessary to protect the vital interests of the user or another natural person.

The data provided by you during registration will be passed on within PFREUNDT GmbH for internal administrative purposes, including joint customer support, to the extent necessary.

Any disclosure of personal data is justified by the fact that we have a legitimate interest in disclosing the data for administrative purposes within our group of companies and that your rights and interests in the protection of your personal data within the meaning of Article 6 (1) lit. f GDPR are not overridden.

If it is necessary to clarify illegal or abusive use of the app or for legal prosecution, personal data will be forwarded to law enforcement agencies or other authorities and, if necessary, to injured third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of terms of use or other legal claims. We are also legally obligated to provide information to certain public authorities upon request. These are law enforcement agencies, authorities that prosecute administrative offenses subject to fines, and the tax authorities.

Any disclosure of the personal data is justified by the fact that the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Article 6 (1) lit. f GDPR in conjunction with. national legal requirements to disclose data to law enforcement authorities, or we have a legitimate interest in disclosing the data to the aforementioned third parties if there are indications of abusive behavior or to enforce our terms of use, other conditions or legal claims, and your rights and interests in the protection of your personal data within the meaning of Article 6 (1) f GDPR do not override.

We rely on third-party companies and external service providers to provide our service, including software developers and cloud service providers.

Any disclosure of personal data is justified by the fact that we have carefully selected our third-party companies and external service providers as order processors within the scope of Article 28 (1) GDPR, regularly reviewed them and contractually obligated them to process all personal data exclusively in accordance with our instructions.

As our business evolves, we may change the structure of our business by changing its legal form, establishing, buying or selling subsidiaries, divisions or components. In such transactions, customer information may be transferred along with the part of the company being transferred. In any transfer of personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and applicable data protection law.

Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data within the meaning of Article 6 (1) lit. f GDPR are not overridden.

Google Play Console

We use the Google Play Console in our app. The Play Console is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The privacy policy can be found at https://policies.google.com/privacy?hl=en.

The Play Console collects data about the state of the end device, such as information about the end device used, how the app works, and the location of the device at the time of a system crash. The data collected by the Play Console cannot be used to draw conclusions about specific individual users.

The use is based on our legitimate interests in classifying a crash of our app, quick troubleshooting to prevent and resolve app crashes, and the fact that your interests, fundamental rights and freedoms requiring the protection of personal data do not override, Article 6 (1) lit. f GDPR.

»Enable or disable« Usage & Diagnostics

Important: If you disable »Usage and Diagnostics«, your device will still have access to important services, such as new Android versions. Also, data that may be collected by apps on your device is not affected by the deactivation.

To specify whether to send usage and diagnostic data to Google:

1. Open the settings on the device.
2. Tap Google Three-Point Menu Usage and Diagnostics.
3. Enable or disable usage and diagnostics.

Changes of purpose

Processing of your personal data for purposes other than those described will only take place if permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you about these other purposes prior to further processing and provide you with all other relevant information.

Data storage period

We delete or anonymize your personal data as soon as they are no longer required for the purposes for which we collected or used them in accordance with the above paragraphs. As a rule, we store your personal data for the duration of the usage or contractual relationship via the app plus a period of 90 days (retention of data in the weighing system) for compliance with the requirement arising from the Measurement and Verification Act, unless this data is required for longer for criminal prosecution or to secure, assert or enforce legal claims.

You also have the option to delete the data manually at any time. To do this, delete your data from the app's memory by selecting your app at the operating system level under Settings, Apps and selecting »Delete data«.

Specific statements in this data protection declaration or legal requirements for the retention and deletion of personal data, in particular data that we must retain for tax law reasons, remain unaffected.

Your rights as a data subject

Information about your rights as a data subject, the responsible body and contact options with our data protection officer, among others, can be found under »Rights of the data subject« in this data protection notice.

Own services

Handling of applicant data

We offer you the opportunity to apply to us (e. g., via the application platform, e-mail, postal mail or online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

Scope and purpose of data collection

If you send us an application, we process your associated personal data (e. g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship.

Legal basis for data processing

The legal basis for data processing in the context of the application process is Article 6 (1) lit. b GDPR (general contract initiation) and - if you have given your consent - Article 6 (1) lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Article 6 (1) lit. b GDPR for the purpose of implementing the employment relationship.

Data retention period

If we are unable to make you a job offer, if you reject a job offer, or if you withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Article 6 (1) lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). Subsequently, the data will be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e. g. due to an impending or pending legal dispute), it will not be deleted until the purpose for continued storage no longer applies.

A longer storage can also take place if you have given a corresponding consent (Article 6 (1) lit. a GDPR) or if legal storage obligations oppose the deletion.

You will not be informed separately about the deletion of your data.

Inclusion in the applicant pool

If we do not make you a job offer, it may be possible to include you in our applicant pool. In the event of inclusion, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

Inclusion in the applicant pool takes place exclusively on the basis of your express consent (Article 6 (1) lit. a GDPR). The provision of consent is voluntary and is not related to the current application process. The data subject may revoke his or her consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, unless there are legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than one year after consent has been given. You will not be informed separately about the deletion of your data.

Possibility of objection and elimination

If personal data is processed by us as the controller, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and purpose of the processing. These can be found in the chapter »Rights of the data subject« of this privacy policy.

If the processing of personal data is based on your consent, you have the right to revoke this consent under data protection law in accordance with Art. 7 (3) GDPR. To assert your data subject rights with regard to the data processed in this application procedure, please contact our data protection officer at the above contact details.

Your rights as a data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right to information

You may request confirmation from the controller as to whether personal data concerning you are being processed by us.

If there is such processing, you can request information from the controller about the following:

• the purposes for which the personal data are processed;
• the categories of personal data which are processed;
• the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
• he planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;
• the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
• the existence of a right of appeal to a supervisory authority;
• any available information about the origin of the data, if the personal data are not collected from the data subject;
• The existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller, insofar as the processed personal data concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

• if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
• the controller no longer needs the personal data for the purposes of processing, but you need them for the establishment, exercise or defense of legal claims; or
• if you have objected to the processing pursuant to Article 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh your grounds.

Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to deletion

Obligation to delete

You may request the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete such data without undue delay, if one of the following reasons applies:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You revoke your consent on which the processing was based pursuant to Article 6 (1) lit. a or Article 9 (2) lit. a GDPR and there is no other legal basis for the processing.
• You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.
• The personal data concerning you has been processed unlawfully.
• The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8 (1) GDPR.

Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17 (1) GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

Exceptions

The right to erasure does not exist insofar as the processing is necessary to

• for the exercise of the right to freedom of expression and information;
• for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health pursuant to Article 9 (2) lit. h and lit. i and Article 9 (3) GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
• for the assertion, exercise or defense of legal claims.

Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data relating to you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right against the controller to be informed about these recipients.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

• the processing is based on consent acc. to Article 6 (1) lit. a GDPR or Article 9 (2) lit. a GDPR or on a contract acc. to Article 6 (1) lit. b GDPR and
  the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) lit. e or lit. f GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

• is necessary for the conclusion or performance of a contract between you and the controller,
• is permitted by legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or
• is carried out with your express consent.

However, these decisions may not be based on special categories of personal data acc. to Article 9 (1) GDPR, unless Article 9 (2) lit. a or lit. g GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to contract performance and consent, the controller shall take reasonable steps to safeguard the rights and freedoms of, and your legitimate interests, including at least the right to obtain the intervention of a person from the controller, to express your point of view and contest the decision.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

Data security, third party websites, changes

Data security

Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of data transmitted to our Services via the Internet. However, we secure our services and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. In particular, we transmit your personal data in encrypted form. We use the SSL (Secure Socket Layer) [or TLS (Transport Layer Security)] coding system for this purpose.

We also use technical and organizational security measures to protect personal data that is generated or collected, in particular against accidental or intentional manipulation, loss, destruction or against attack by unauthorized persons. Our security measures are continuously improved in line with technological developments.

Privacy and third party websites

The website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or warranty for third-party content or data protection conditions. Please make sure you are aware of the applicable data protection conditions before submitting personal data to these websites.

Changes to this privacy policy

We reserve the right to change this privacy policy at any time with effect for the future. A current version is available on the website. Please visit the website regularly and inform yourself about the applicable data protection provisions.

Actuality of this privacy policy

To ensure up-to-date data protection notices in connection with the services of our website, we use the »SAFE policy« service of SAFE-PORT Consulting GmbH, Hülshoff-Straße 7, 59469 Ense, Germany (»SAFE-PORT«). The contents of this privacy notice are centrally managed on the servers of SAFE-PORT and directly embedded on this page.

We have a legitimate interest in always providing our website visitors with up-to-date information on data processing. For the use of the »SAFE policy«, we have concluded an order processing contract with the provider in accordance with Art. 28 GDPR.

Status: v1.1.2-230523-2114