Data protection regulations

Privacy Statement

1. Introduction

The following information is designed to provide you, as the “data subject”, with an overview of the processing of your personal data by us and your rights in accordance with data protection laws. The use of our websites is generally possible without having to enter any personal data. If, however, you would like to use certain services provided by our company via our website, processing of personal data may be required. If processing of personal data is required and there is no legal basis for such processing, we will always ask for your consent.

Processing of personal data, e.g. your name, your address or email address, always complies with the General Data Protection Regulation (GDPR) and with country-specific data protection regulations applicable to “Hermann Sewerin GmbH”. This Privacy Statement has been designed to provide you with information about the extent and purpose of the personal data collected, used and processed by us.

As the data controller, we have implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as seamlessly as possible. However, online data transmission may have security gaps, meaning absolute protection cannot be guaranteed. You are therefore welcome to submit personal data using alternative methods, such as by phone or post.

You, too, can take measures that are easy to implement in order to protect yourself from unauthorised third parties accessing your data. We would therefore like to give you some suggestions on how you can handle your data securely:

l Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.

l Do not share your passwords with anyone.

l Make sure you use each password for one account only (login, user or customer account).

l Do not use the same password for different websites, applications or online services.

l The following applies in particular to the use of publicly accessible IT systems or those used together with other people: Make sure you log off again after logging in to any website, application or online service.

Passwords should consist of at least 12 characters and should not be easy to guess. You should therefore not use common everyday words, your own name or the names of relatives. Instead, a password should contain upper-case and lower-case letters, numbers and special characters.

2. Controller

In accordance with GDPR, the Controller is:

Hermann Sewerin GmbH

Robert-Bosch-Straße 3, 33334 Gütersloh, Germany

Telephone: + 49 (0) 52 41/ 9 34- 0

Fax: + 49 (0) 52 41/ 9 34- 444

Email: info@sewerin.com

Representatives of the Controller: Dr. Dipl.-Phys. Swen Sewerin, Dipl.-Wirt.-Inf. Benjamin Sewerin

3. Data Protection Officer

You can contact the Data Protection Officer as follows:

Thomas Otten

Telephone: 05221 87292-08

Fax: 05221 87292-49

Email: datenschutz-sewerin@audatis.de

Please feel free to contact our Data Protection Officer at any time if you have any questions or suggestions relating to data protection.

4. Definitions

This Privacy Statement is based on the definitions used by the European body for issuing directives and regulations when the General Data Protection Regulation (GDPR) was issued. Our Privacy Statement has been designed to be easy to read and understand by the public as well as our customers and business partners. To ensure this, we would initially like to explain the terms used.

In our Privacy Statement, we are using the following terms, for example:

1. Personal data

Personal data includes all information referring to an identified or identifiable individual person. An individual person is regarded as identifiable who can, directly or indirectly, be identified, in particular using association with an identifier such as a name, with an identification number, with location information, with an online code or with one or several special features that are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this individual person.

2. Data subject

The data subject is any identified or identifiable individual person whose personal data is processed by the controller (our company).

3. Processing

Processing includes any operation carried out with or without the help of automated procedures or any set of operations associated with personal data, such as the collection, recording, organisation, structuring, storage, adjustment or change, reading, querying, use, disclosure by transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

4. Limiting processing

Limiting processing means highlighting stored personal data with the goal of limiting future processing.

5. Profiling

Profiling is any kind of automated processing of personal data which uses this personal data to evaluate personal aspects associated with an individual person, in particular to analyse or predict aspects relating to work performance, economic status, health, personal preferences, interests, reliability, behaviour, location or change of location of this individual person.

6. Pseudonymisation

Pseudonymisation refers to processing of personal data in a way in which the personal data cannot be associated with a specific data subject without using additional data as long as this data is stored separately and is subject to technical and organisational measures which guarantee that the personal data cannot be associated with an identified or identifiable individual person.

7. Processor

The processor is an individual person or legal entity, authority, institution or other body that processes data on behalf of the controller.

8. Recipient

The recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether this is a third party or not. However, authorities receiving personal data as part of a specific investigation order in accordance with European Union law or the law of the Member States are not regarded as recipients.

9. Third parties

A third party is a natural or legal person, authority, institution or other body, not including the data subject, the controller, the processor and people that are authorised to process personal data under the direct responsibility of the controller or processor.

10. Consent

Consent is any indication of wishes voluntarily and unequivocally provided by the data subject, based on sufficient information, for a specific case in the form of a statement or any other clear confirming action by which the data subject expresses that he or she agrees to the processing of personal data.

5. Legal basis for processing

Art. 6 (1)(a) GDPR (in connection with § 25 (1) TDDDG (formerly TTDSG)) is our company’s legal basis for processing operations where we request consent for a certain processing purpose.

If processing of personal data is required to fulfil a contract to which you are a contractual party, which is the case for processing operations required for the delivery of goods or the provision of other services or return services, processing will be based on Art. 6 (1)(b) GDPR. The same applies to processing operations required to carry out pre-contractual measures, such as in the case of enquiries relating to our products or services.

If our company is subject to a legal obligation making processing of personal data necessary, such as the fulfilment of tax responsibilities, processing will be based on Art. 6 (1)(c) GDPR.

In rare cases, processing of personal data may be required to protect the vital interests of the data subject or another individual person. This would be the case, for example, if a visitor is injured at our premises and therefore his or her name, age, health insurance data or other vital information has to be disclosed to a doctor, hospital or any other third party. In this case, processing will be based on Art. 6 (1)(d) GDPR.

Ultimately, processing operations can be based on Art. 6 (1)(f) GDPR. Processing operations will be based on this legal basis if they are not included in any of the previously mentioned legal bases, if processing is required to protect the legitimate interest of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject outweigh this. This type of processing operation has been permitted in particular because it has been specifically mentioned by the European Legislator. The European Legislator believes that legitimate interest can be assumed when you are a customer of our business (Recital 47 (2) GDPR).

Our services are exclusively aimed at adults. Individuals below the age of 16 must not transmit personal data to us without the consent of a parent or guardian. We do not request personal data from children or young people, we do not collect this data and do not disclose it to third parties.

6. Transmission of data to third parties

Your personal data will not be transmitted to third parties for any other purposes than those stated below.

We will only disclose your personal data to third parties if:

1. you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR;

2. disclosure is permitted in accordance with Art. 6 (1)(f) GDPR to protect our legitimate interest and there is no reason to assume that you have an overwhelming interest in the non-disclosure of your data that needs to be protected;

3. there is a legal obligation for disclosure in accordance with Art. 6 (1)(c) GDPR and

4. this is permitted by law and required for handling contractual relationships with you in accordance with Art. 6 (1)(b) GDPR.

In order to protect your data and to allow data transmission to third countries (outside the EU/EEA), we have signed agreements for order processing on the basis of standard contractual provisions provided by the European Commission. If these standard contractual provisions do not suffice to create an adequate level of security, your consent in accordance with Art. 49 (1)(a) GDPR can be used as the legal basis for transmission to third countries. At times, this does not apply to data transmission to third countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR.

7. Technology

7.1 SSL/TLS encryption

This page uses SSL or TLS encryption in order to guarantee the security of data processing and the protection of the transmission of confidential content, such as orders, login data or contact requests which you submit to us as the operator. You can recognise an encrypted connection because your browser’s address bar has “https://” and the lock icon in the browser line instead of “http://”.

We use this technology to protect your transmitted data.

7.2 Data collection when visiting our website

If you are using our website solely for information purposes, i.e. if you are not registered or submit information in another way or do not consent to processing requiring consent, we will only collect data that is technically essential for providing the service. This is usually data that your browser sends to our server (in server logfiles). Whenever a page is accessed by you or an automated system, our website will collect a series of general data and information. This general data and information will be stored in the server log files. The following may be recorded:

1. browser types and versions used;

2. the operating system used by the accessing system;

3. the website from which an accessing system is directed to our website (known as referrer);

4. the sub-pages an accessing system is heading for on our website;

5. the date and time the website is accessed;

6. a shortened Internet Protocol address (anonymised IP address) and

7. the internet service provider of the accessing system.

When using this general data and information, we will not draw any conclusions relating to you as an individual. Instead, the information is required to

1. display the content of our website correctly;

2. optimise the content of our website and its advertising;

3. guarantee the permanent functionality of our IT systems and the technology of our website and

4. provide law enforcement authorities with the information required for prosecution in the event of a cyber attack.

The data and information collected are assessed by us statistically on the one hand, and, on the other hand, with the goal of increasing privacy and data security in our company to ensure an ideal level of security for the personal data processed by us. The anonymous data within the server log files is stored separately from any personal data provided by a data subject.

The legal basis for data processing is Art. 6 (1)(f) GDPR. Our legitimate interest is based on the purposes listed above for data collection.

7.3 Encrypted payment transactions

If, following the completion of a fee-based contract, you have to submit your payment data (e.g. disclosing your account number when providing a direct debit authorisation), this data will be required for processing the payment.

Payment transactions via the usual payment methods (Visa/MasterCard or direct debit) will always be encrypted via SSL or TLS. You can recognise an encrypted connection because your browser’s address bar changes from “http://” to “https://” and shows the lock icon in the browser line.

We use this technology to protect your transmitted data.

7.4 Hosting by Mittwald

Our website is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter referred to as Mittwald).

When you visit our website, your personal data (e.g. IP addresses in log files) is processed on Mittwald’s servers.

The assignment of Mittwald is based on Art. 6 (1)(f) GDPR. We have a legitimate interest in our website being displayed, provided and secured as reliably as possible.

We have signed a contract for order processing (AVV) in accordance with Art. 28 GDPR with Mittwald. This is a contract specified by data protection regulations ensuring that Mittwald will process the personal data provided by our website visitors exclusively in accordance with our instructions and complying with the GDPR.

For further information about Mittwald's Privacy Policy, please see: www.mittwald.de/datenschutz

8. Cookies

8.1 General information about cookies

Cookies are small files automatically created by your browser which are stored on your IT system (laptop, tablet, smartphone or similar) when you visit our website.

Cookies store information associated with the specific end device used. However, this does not mean that we will receive information about your identity.

The use of cookies is designed to make your experience of our services better. We use what are known as session cookies to detect that you have already visited certain pages of our website. They are automatically deleted when you leave our website.

In addition, we use temporary cookies to optimise the user experience. These will be stored on your end device for a certain period. If you visit our website again to use our services, we will automatically detect that you have previously visited us and which data you have entered as well as which settings you have configured so that you do not need to carry out these tasks again.

We also use cookies to record statistics about the use of our website and to evaluate our services for the purpose of optimisation. When you return to our website, these cookies allow us to automatically detect that you have previously visited. These cookies will be deleted automatically after a defined period. Please see the Consent Tool settings for the storage duration of these cookies.

8.2 Legal basis for the use of cookies

The data processed by cookies, which is necessary for the proper functioning of our website, is required to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1)(f) GDPR.

For all other cookies, we require your consent via our opt-in cookie banner in accordance with Art. 6 (1)(a) GDPR.

9. Website content

9.1 Data processing for opening a customer account and for contract processing

Personal data is collected and processed in accordance with Art. 6 (1)(b) GDPR when you submit it to us to fulfil a contract or to open a customer account. The type of data collected will be evident from the relevant input form. You can delete your customer account at any time, for example, by sending a message to the controller’s address specified above. We will store and use the data submitted by you for contract processing. After the contract has been completed or your customer account has been deleted, your data will be locked, taking tax and commercial retention periods into consideration, and will be deleted when these periods have expired unless you have given express consent for the further use of your data or we reserve the right to further data use as permitted by law, of which we will notify you accordingly.

9.2 Data processing for order processing

As part of contract processing, personal data collected by us will be disclosed to the shipping company commissioned by us with delivery if this is required to deliver goods. As part of payment processing, we will disclose your payment data to the commissioned financial institution if this is required for payment processing. If payment service providers are used, we will notify you explicitly of this fact. The legal basis for the disclosure of your data is Art. 6 (1)(b) GDPR.

9.3 Contact/contact form

When you contact us (e.g. via our contact form or email), personal data is collected. The type of data collected when using a contact form will be evident from the relevant contact form. This data will be used exclusively to respond to your enquiry or for contacting you and the technical administration associated with this process. The legal basis for data processing is our legitimate interest in responding to your enquiry in accordance with Art. 6 (1)(f) GDPR. If your reason for contacting us is to enter into a contract, the additional legal basis for processing is Art. 6 (1)(b) GDPR. Once we have completed dealing with your enquiry, your data will be deleted. This will be the case when circumstances indicate that the subject matter has been concluded and there are no conflicting legal obligations to preserve records.

9.4 Registering as a user

You have the option of registering on our website by entering personal data.

The type of personal data transmitted to us will be evident from the respective input screen used for the registration. The personal data entered by you is collected and stored by us solely for our internal use and for our own purposes. We can share your personal data with one or more processors, for example a parcel delivery service, who will likewise only use it internally for our purposes.

When you register on our website, the IP address issued by your internet service provider (ISP), the date and the time of registration will also be saved. This data is saved because this is the only way of preventing the misuse of our services, and this data can help resolve committed offences if necessary. In this respect, this data must be stored for our protection. This data is never shared with third parties, unless we have a legal obligation to share the data or disclosure of the data serves the purpose of criminal prosecution.

Your registration, by voluntarily providing your personal data, also allows us to offer you content or services which, by their nature, can only be offered to registered users. Registered persons can have the personal data they enter at the time of registration changed or fully erased from our database at any time.

We will provide you with information about the personal data we have saved about you at any time on request. We will also correct or erase personal data at your request, unless there are legal obligations to preserve records. The Data Protection Officer named in this Privacy Statement and all other staff are available to help the data subject in this matter.

Your data is processed in the interest of convenient and straightforward use of our website. This constitutes a legitimate interest in accordance with Art. 6 (1)(f) GDPR.

9.5 Vacancy management/job portal

We will collect and process personal data provided by applicants to deal with the application process. Processing can also take place electronically. This will be the case in particular if an applicant sends us application documentation electronically, e.g. by email or via an online form on our website. If we sign an employment or service contract with an applicant, the data submitted will be stored to process the employment relationship, taking legal stipulations into consideration. If no contract is signed with the applicant, the application documentation will be deleted automatically two months after the rejection has been announced unless we have conflicting legitimate interest. Legitimate interest in this sense constitutes an obligation of proof in a procedure in accordance with the General Equal Treatment Act (AGG).

The legal basis for processing your data is Art. 6 (1)(b), 88 GDPR in connection with § 26 (1) BDSG (Federal Data Protection Act).

9.6 Facebook Connect

You can log into our website to create a customer account or to register via what is known as single-sign-on technology using the “Facebook Connect” social plugin provided by Facebook, the social network, which is operated by Meta Platforms Inc. (previously Facebook Inc.), 1 Hacker Way, Menlo Park, CA 94025, USA (“Meta”) if you have a Facebook profile. You can recognise “Facebook Connect” social plugins on our website by the blue button with the Facebook logo and the label “Mit Facebook anmelden” or “Connect with Facebook” or “Log in with Facebook” or “Sign in with Facebook”.

If you access one of our online pages that contains such a plugin, your browser will establish a direct connection to Meta’s servers. The plugin content will be submitted to your browser directly by Facebook and embedded into the page. This incorporation provides Facebook with the information that your browser has accessed the relevant online page, even if you do not have a Facebook profile or you are not logged in to Facebook at that time. This information (including your IP address) will be transmitted directly by your browser to a Meta server in the US and stored there. These processing operations will only take place if you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR.

Using this “Facebook Connect” button on our website also allows you to log into or register on our website with your Facebook user data. Only in the event that you give your express consent in accordance with Art. 6 (1)(a) GDPR before the login process based on a relevant notice about the exchange of data with Facebook, will we receive the general and publicly accessible information stored in your profile when you use the “Facebook Connect” button, depending on the privacy settings configured by you on Facebook. This information includes your user ID, name, profile picture, age and gender.

We would like to point out that, following a change in privacy conditions and user conditions by Facebook, when you have given your consent, transmission of your friends’ profile pictures as well as their user IDs and your list of friends may also be transmitted if this has been marked as “public” in your privacy settings on Facebook. The data transmitted by Facebook (title, first name, last name, address details, country, email address, date of birth) will be stored and processed by us so we can create a user account for you with the required data if you have authorised this on Facebook. In turn, based on your consent, data can also be transmitted by us to your Facebook profile (e.g. information about your browsing or purchasing behaviour).

You can revoke your consent at any time by sending a message to the controller mentioned at the beginning of this Statement.

For the purpose and extent of data collection and the further processing and use of your data by Facebook as well as your associated rights and setting options to protect your privacy, please see Facebook’s Privacy Notice: www.facebook.com/policy.php

This US company has been certified within the scope of the EU-US Data Privacy Framework. This means an adequacy decision in accordance with Art. 45 GDPR exists so that transmission of personal data is permitted without further guarantees or additional measures.

Processing of personal data via the Facebook button will only take place if you have given your express consent in accordance with Art. 6 (1)(a) GDPR.

If you do not want Facebook associating the data collected via our website with your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent loading of Facebook plugins via add-ons for your browser, e.g. using “Adblock Plus” (https://adblockplus.org/de/).

10. Sending newsletters

10.1 Sending newsletters to regular customers

If you have provided us with your email address when buying goods or services, we will reserve the right to regularly email you offers from our range relating to similar goods or service to those you have purchased. In accordance with § 7 (3) UWG (Unfair Competition Act), we do not need your consent for this. Data processing will take place exclusively based on our legitimate interest in personalised direct advertising in accordance with Art. 6 (1)(f) GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you emails. You have the right to object to the use of your email address for the specified advertising purpose at any time with future effect by sending a message to the controller mentioned above. You will merely incur communication costs at the basic rates. Once your objection has been received, the use of your email address for advertising purposes will be stopped immediately.

10.2 Advertising newsletters

Our website gives you the option to subscribe to our company’s newsletter. The type of personal data transmitted to us when subscribing to the newsletter will be evident from the input screen.

We notify our customers and business partners at regular intervals about our offers via a newsletter. You can only receive our company’s newsletter if

1. you have a valid email address and

2. you have registered to receive the newsletter.

For legal reasons, as part of the double-opt-in procedure, a confirmation email will be sent to the email address you specified when signing up to receiving newsletters. This confirmation is designed to check whether you, as the owner of the email address, have authorised the receipt of newsletters.

When you subscribe to our newsletter, we will also store the IP address issued by your Internet Service Provider (ISP) for the IT system used at the time of registration as well as the date and time of your registration. Collection of this data is required to trace any (potential) misuse of your email address at a later stage and is therefore used for our legal safeguarding.

The personal data collected when subscribing to our newsletter is exclusively used to send our newsletter. Newsletter subscribers can also be notified by email if this is required for the operation of the newsletter service or related registration, which may be the case in the event of changes to the newsletter offer or changes in technical conditions. Personal data collected for newsletter services will not be disclosed to third parties. You can cancel your newsletter subscription at any time. You can, at any time, revoke your consent for the storage of your personal data given to us for the purposes of sending you our newsletter. There is a link in every newsletter to unsubscribe from our newsletters. You also have the option to unsubscribe from our newsletters on our website or to notify us in another way.

The legal basis for data processing so newsletters can be sent is Art. 6 (1)(a) GDPR.

10.3 Newsletter tracking

Our newsletters contain what is known as tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format to allow recording and analysis of log files. This allows us to carry out statistical assessment of the success or failure of online marketing campaigns. Using the embedded tracking pixel, the company can determine whether and when an email was opened by you and which links from the email were accessed by you.

This personal data collected via tracking pixels included in newsletters is stored and evaluated by us to optimise sending of newsletters and to be able to adapt the content of future newsletters more effectively to your interests. This personal data will not be disclosed to third parties. Data subjects have the right to revoke their consent separately given via the double-opt-in procedure at any time. After revocation, this personal data will be deleted by us. Unsubscribing from our newsletters is automatically understood as a revocation.

This type of evaluation will take place in particular in accordance with Art. 6 (1)(f) GDPR based on our legitimate interests in inserting personalised advertising, market research and/or the needs-based design of our website.

10.4 MailChimp

Our email newsletters are sent by the technical service provider Intuit Inc., The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to which we will disclose your data that you have submitted when you subscribe to our newsletter. This disclosure takes place within the scope of order processing by MailChimp. Please note that your data will usually be transmitted to and stored in a MailChimp server in the US.

MailChimp uses this information to send and statistically evaluate the newsletters on our behalf. For this evaluation, the emails contain what are known as web beacons or tracking pixels that make up one-pixel image files stored on our website. We can then determine whether a newsletter message was opened and which links were clicked. Furthermore, technical information is recorded (e.g. the time of access, IP address, browser type and the operating system). This data is exclusively used for the statistical analysis of newsletter campaigns. The results of these analyses can be used to adapt future newsletters more effectively to the interests of their recipients.

The assignment of the service provider for sending newsletters is based on Art. 6 (1)(f) GDPR and an order processing contract according to Art. 28 GDPR. The legal basis for processing your personal data in connection with the newsletter is your consent given as part of the “double-opt-in” procedure in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time.

Furthermore, MailChimp itself can use the data in accordance with Art. 6 (1)(f) GDPR based on its own legitimate interest in needs-based development and optimisation of its services as well as for market research, for example, to determine which countries recipients are from. However, MailChimp does not use the data provided by our newsletter recipients to contact them or to disclose them to third parties.

If you would like to object to the data processing specified, you must unsubscribe from the newsletter.

Please see the following link for MailChimp’s Privacy Policy: mailchimp.com/legal/privacy/

11. Our activities in social networks

We are represented in social media networks so we can communicate with you there, too, and provide information about our services. When you visit one of our social media pages, we are jointly responsible for data processing along with the provider of the relevant social media platform in accordance with Art. 26 GDPR based on the processing operations this triggers.

We are not the original provider of these pages but we merely use them as part of the options provided to us by the relevant provider.

As a precaution, we would therefore like to point out that your data may be processed outside the European Union or the European Economic Area. Use of these pages may therefore be associated with privacy risks because the protection of your rights, e.g. to information, erasure, objection etc., may be more difficult, and data processing in social networks often takes place for advertising purposes or for the analysis of user behaviour by the provider without us being able to influence this. If the provider creates user profiles, cookies are often used or user behaviour is associated with the member profile created by you in the social network.

The processing operations relating to personal data take place in accordance with Art. 6 (1)(f) GDPR based on our legitimate interest and the legitimate interest of the relevant provider in being able to communicate with you promptly and provide information about our services. If you have to provide consent to the relevant provider for the processing of your user data, the legal basis will be Art. 6 (1)(a) GDPR in connection with Art. 7 GDPR.

We do not have access to the providers’ databases. We would therefore like to point out that you should ideally enforce your rights (e.g. to information, rectification, erasure etc.) with the relevant provider. We have listed further information about the processing of your data in social networks with the relevant providers of social networks used by us:

11.1 LinkedIn

(Co-) Controller for data processing in Europe:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy Statement:

www.linkedin.com/legal/privacy-policy

11.2 XING (New Work SE)

(Co-) Controller for data processing in Germany:

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Privacy Statement:

privacy.xing.com/de/datenschutzerklaerung

Requests for information by XING members:

www.xing.com/settings/privacy/data/disclosure

12. Web analysis

12.1 Google Analytics 4 (GA4)

We use Google Analytics 4 (GA4) on our website, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

In this context, pseudonymised user profiles are created and cookies used (see Item “Cookies”). The information created by the cookie relating to your use of this website might include:

-short-term collection of your IP address; it will not be permanently saved

-location data

-browser type/version

-operating system used

-referrer URL (page visited before)

-time of server request

The pseudonymised data can be transmitted by Google to a server in the USA and stored there.

The information is used to evaluate website use, to create reports about website activities and to provide additional services related to website use and internet use for the purposes of market research and the needs-based design of these webpages. This information may also be disclosed to third parties if this is legally stipulated or if third parties process this data on our behalf.

These processing operations will only take place if you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR.

Google's default storage duration for data is 14 months. In addition, personal data will be stored for as long as it is required to fulfil the processing purpose. Data is deleted as soon as it is no longer required for the purpose.

As a US business, the parent company Google LLC has been certified within the scope of the EU-US Data Privacy Framework. This means an adequacy decision in accordance with Art. 45 GDPR exists so that transmission of personal data is permitted without further guarantees or additional measures.

Further information about data protection when using GA4 can be found at: https://support.google.com/analytics/answer/12017362?hl=en.

13. Advertising

13.1 Google Ads (AdWords) Remarketing/Retargeting

We have integrated Google Ads in this website. The operating company of Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

We use it to advertise this website in Google search results, and on third-party websites. To this end, Google places a cookie in the browser of your end device, which automatically enables interest-based advertising by means of a pseudonym cookie ID and on the basis of pages you have visited.

More extensive data processing only occurs if you have given Google your consent to link your Google internet and app browsing history to your Google account and use information from your Google account to personalise ads that you view on the web. If you are logged into Google in this case while visiting a page on our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. To this end, Google will temporarily link your personal data to Google Analytics data to form target groups.

These processing operations will only take place if you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR.

You can view the privacy policy and other information for Google Ads at: www.google.com/policies/technologies/ads/

14. Plugins and other services

14.1 Google Photos

We use the service Google Photos provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to store pictures that are embedded in our homepage.

Embedding means the integration of certain external content (text, video or image data) provided by another website (Google Photos) which then appears on our own website. An embedding code is used for this process. If an embedding code is used by us, the external content provided by Google Photos is displayed by default as soon as you visit one of our pages.

Your IP address is transmitted to Google Photos via the technical implementation of the embedding code which allows the display of Google Photos images. Google Photos also records our website, the browser type used, the browser language as well as the time and length of the visit. Furthermore, Google Photos can record information about which of our sub-pages you have visited and which links you have clicked as well as other interactions by you when visiting our website. This data may be stored and evaluated by Google Photos.

These processing operations will only take place if you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR.

For Google’s Privacy Policy, please see: www.google.com/policies/privacy/

14.2 Google Tag Manager

We use the Google Tag Manager service on this website. Google Tag Manager’s operating company is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google Group of Companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

With the help of this tool, “website tags” (i.e. keywords embedded in HTML elements) can be implemented and managed using an interface. By using Google Tag Manager, we can automatically trace which button, link or personalised image you have actively clicked on, so we can then record which of our online content is of particular interest to you.

The tool also triggers other tags which, in turn, may also collect data. Google Tag Manager does not access this data. If you have enforced deactivation at domain or cookie level, it will remain for all tracking tags implemented via Google Tag Manager.

These processing operations will only take place if you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR.

For further information about Google Tag Manager or Google’s Privacy Statement, please see: www.google.com/intl/de/policies/privacy/

14.3 Google WebFonts

For the uniform display of typefaces, our website uses what are known as WebFonts. Google WebFonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google Group of Companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

These processing operations will only take place if you have provided us with express consent in accordance with Art. 6 (1)(a) GDPR.

For further information about Google WebFonts and Google’s Privacy Statement, please see: developers.google.com/fonts/faq ; www.google.com/policies/privacy/

14.4 YouTube videos with advanced privacy mode (YouTube-NoCookies)

Some of the sub-pages on our website contain links to YouTube services. As a basic rule, we are not responsible for web content we are linking to. If you are following a link to YouTube, we would like to point out that YouTube stores and uses user data in accordance with its own Privacy Policy (e.g. personal information, IP address).

YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

We directly embed videos stored on YouTube in some of our sub-pages. With this integration, YouTube website content is displayed in some sections of a browser window. If you access a (sub-) page of our online services where YouTube videos are embedded, a connection to the YouTube servers is established, thus displaying the content on the website by transmitting it to your browser.

The integration of YouTube content can only take place in “advanced privacy mode”. YouTube itself provides this and ensures that YouTube does not initially store any cookies on your device. When accessing the relevant pages, however, the IP address and potentially other data are transmitted which provides information about which of our pages you have visited. But this information cannot be associated with you unless, before accessing the page, you have logged in to YouTube or another Google service or you are permanently logged in. As soon as you start to play an embedded video by clicking on it, YouTube will store only those cookies on your device that do not contain personally identifiable data because of the advanced privacy mode, unless you are logged in to a Google service at the time. These cookies can be prevented by using the relevant browser setting and extensions.

Requesting the video is regarded as your consent for the relevant cookie being stored (Art. 6 (1)(1)(a) GDPR).

For YouTube’s Privacy Policy, please see: www.google.de/intl/de/policies/privacy/

14.5 YouTube Images (ytimg.com)

YouTube Images (ytimg.com) is a service by YouTube which allows thumbnails of videos to be accessed and displayed on YouTube. This service is used to provide visual previews of YouTube videos on our website or app.

- Scope of data processing

The following data is processed in the scope of YouTube Images (ytimg.com):

• IP address: When thumbnails are displayed, the user's IP address is sent to the YouTube server (ytimg.com). This processing is necessary to be able display thumbnails correctly at your end.

• Log data: YouTube (ytimg.com) may collect additional log data containing information such as the browser type, the URL of the page opened and the time of access.

- Legal basis for processing

The above data is processed on the basis of your consent in accordance with Art. 6 (1)(a) GDPR.

- Data transfer and recipient

The use of YouTube Images (ytimg.com) involves data being transmitted to YouTube's servers in the USA. YouTube is a subsidiary of Google LLC. Google is certified under the EU-U.S. Data Privacy Framework, which guarantees an appropriate level of data protection.

- Storage of data

We do not store any data collected in connection with the use of YouTube Images (ytimg.com) ourselves. The data is processed by YouTube only (ytimg.com).

14.6 Klaro (klaro.js)

Klaro is an open-source service for managing and obtaining user consents for cookies and other trackers on websites. Klaro allows you to manage and record the consent of users for various services on your website to meet the requirements of the General Data Protection Regulation (GDPR) and other data protection laws.

- Scope of data processing

The following data is processed when Klaro is used (klaro.js):

Consent data: Klaro records which services the user has accepted or rejected. This data is saved in a cookie or local memory in the user's browser.

Cookie data: Klaro uses cookies to store and automatically apply the users' consent in future visits. These cookies do not contain any personal data apart from the ID of the consent status.

IP address: Depending on the configuration, Klaro can process the user's IP address to determine the geographical location or to log requests.

- Legal basis for processing

The above data is processed on the basis of Art. 6 (1)(c) GDPR to fulfil a legal obligation and on the basis of Art. 6 (1)(f) GDPR for the purpose of protecting our legitimate interests in the legal collection and management of consents.

- Storage of data

The data saved in Klaro is saved in the user's browser (local memory or cookies). This data is stored for the duration of the consent or until the consent is withdrawn by the user.

- Data transfer and recipient

The data is not shared with third parties unless this is necessary to meet legal obligations.

14.7 Privacy statement for UT 9200 Com app

We, Hermann Sewerin GmbH, Robert-Bosch-Straße 3, D-33334 Gütersloh, Germany, as operator of the app, are the data controller for processing the personal data of users of the app.

In this Privacy Statement, we provide you with information about the extent to which and why personal data is processed in connection with use of the app.

Personal data

Personal data includes information about an identified or identifiable individual person. This includes all information about your identity, such as your name, your email address or your postal address. Information that cannot be connected to your identity (such as statistical information, for example about the number of users of the app), is not however considered personal data.

You can use our app without disclosing your identity and without providing personal data. In this case, we only collect general information about the visit to our app. However, personal data is collected from you for some of the services offered. This data is only ever processed by us for the purposes of using this app, in particular to provide the desired information. When personal data is collected, only essential data has to be provided. In addition, other data can be provided, but this is voluntary data. We will inform you as to whether each field involves mandatory or voluntary information. We provide specific details in the relevant section of this Privacy Statement.

Automated decision-making based on your personal data associated with use of our app does not occur.

Processing of personal data

We store your data on specially protected servers within the European Union. These are protected against loss, destruction, access, adjustment or distribution of your data by unauthorised persons using technical and organisational measures. Only a few authorised persons can access your data. They are responsible for the technical, commercial or editorial maintenance of the servers. In spite of regular checks, however, full protection against all risks is not possible.

Sharing personal data with third parties

We only use your personal data to provide the services you want. Insofar as external service providers are deployed by us to provide a service, they too only access the data for the purposes of providing the service. We take technical and organisational measures to ensure compliance with the data protection regulations and obligate our external service providers to do likewise.

Furthermore, we do not share your data with third parties without your express consent, especially not for advertising purposes. We only share your personal data with third parties if you yourself have consented to the data being shared or insofar as we are entitled or obligated to do so on the basis of legal provisions and/or official or court orders. In particular this might be providing information for the purposes of prosecution, averting danger or for enforcing intellectual property rights.

Insofar as we send your personal data ourselves or through service providers to states outside of the European Union, we comply with the special stipulations of Art. 44 ff. GDPR and also obligate our service providers to comply with these regulations. Therefore, we will only send your data to states outside of the European Union subject to the level of security assured by the GDPR. This level of security is assured in particular by an adequacy decision of the EU Commission or by suitable guarantees in accordance with Art. 46 GDPR.

Legal bases for data processing

Insofar as we obtain consent for the processing of your personal data, Art. 6 (1)(a) GDPR is the legal basis for the data processing.

Insofar as we process your personal data because it is necessary for fulfilment of a contract or within the scope of a quais-contractual relationship with you, Art. 6 (1)(b) GDPR is the legal basis for the data processing.

Insofar as we process your personal data to fulfil a legal obligation, Art. 6 (1)(c) GDPR is the legal basis for the data processing.

Further, Art. 6 (1)(f) GDPR may apply as the legal basis for the data processing, if your personal data is processed to protect a legitimate interest of our company or that of a third party and as long as your interests, fundamental rights and fundamental freedoms do not require the protection of personal data.

Data erasure and storage duration

We always erase or block your personal data when there is no longer a reason to store it. It can, however, be stored for longer if stipulated by legal provisions to which we are subject, for example with regard to legal obligations to preserve records and to document. In such cases, we erase or block your personal data at the end of the relevant provisions.

Use of our app

Certain information is processed automatically as soon as you use the app. We have listed the specific personal data that is processed for you below:

Information collected during download

When you download our app, certain required information is sent to the respective app store, in particular Google or Apple. The username, email address, client number of your account, the time of the download, payment information as well as the individual device code may be processed. This data is processed by the respective app store only and the processing is beyond our control.

Information that is collected automatically

When you use our app, we automatically collect certain data required for use of the app. This includes: internal device ID, version of your operating system, time of access, location data and information about what apps are installed on the device.

This data is sent to us automatically, but is not permanently stored (1) to provide you with the service and the associated functions; (2) to improve the functions and performance features of the app; (3) to check whether an email program or messenger service and Google Maps are installed; and (4) to prevent and correct misuse and malfunctions.

This data processing is justified by the fact that (a) the processing is required to fulfil the contract between you, the data subject, and us in accordance with Art. 6 (1)(b) GDPR for use of the app or (b) we have a legitimate interest in ensuring the functionality and smooth operation of the app and being able to offer a service in line with the market and in the interest of the parties, which outweighs your rights and interests in protecting your personal data in accordance with Art. 6 (1)(f) GDPR.

Use of the app

The app also requires the following permissions:

Bluetooth: this is required to allow the app to connect to the detector.

Photos and media: this permission is required to be able to save and send measurements.

Access to the email program or a messenger service to be able to export and send reports created using the app.

Access to Google Maps to be able to display on the app the measuring points saved on the device.

Usage data is processed and used to provide the service. This data processing is justified by the fact that the processing is required to fulfil the contract between you (the data subject) and us in accordance with Art. 6 (1)(b) GDPR for use of the app, and you consent to use of the function and enabling of the camera within it in accordance with Art. 6 (1)(a) GDPR.

Further information and changes

Links to other websites

Our app may contain links to other websites. These links are generally indicated as such. We have no control over the extent to which the applicable data protection regulations are observed on the linked websites. We therefore recommend that you seek information about the respective privacy statements on other websites too.

14.8 Privacy statement for the Sewerin PM 580 app

§ 1 Information about the collection of personal data and service provider identification

Collection of personal data when you use the PM 580 app

(1) Data usage in the app stores

When you download the PM 580 app, the necessary information is transmitted to the Google Play Store or the Apple Appstore, in particular your username, email address and client number of your account, time of download, payment information and the individual device code. We have no influence on the collection of this data and are not responsible for it. We process this data only to the extent necessary for you to download the PM 580 app onto your mobile terminal equipment; (legal bases: Art.6(1) p. 1 (b, f) GDPR).

Apple's data protection regulations can be found under the following link:

www.apple.com/de/legal/privacy/de-ww/

Google's data protection regulations can be found under the following link:

policies.google.com/privacy

(2) Data usage by third-party software

The app uses the Unity Game Engine and the EasyAR SDK Basic as the app basis for individual functions.

For more information about the data protection guidelines of Unity Game Engine, please see:

unity3d.com/legal/privacy-policy

and for EasyAR SDK Basic: www.easyar.com/view/protocol.html.

The tools provided in the Unity Game Engine to collect user behaviour are disabled in the app.

EasyAR SDK is used for scanning and detecting the images/markers. This function is required to position the augmented reality objects (3D models, images, video and audio contents) on the device screen.

(3) Data usage in case of requests for information material, offers and enquiries.

The device's own e-mail program can be accessed through this app and a preformulated e-mail will be created. You can use this to provide us with the data that is relevant to the request. The data will only be sent to us when the email is sent.

If you do not want this data to be passed on to us, do not send the mail.

We will keep the data collected by us confidential and delete it if you revoke the rights of use or if it is no longer required for the provision of services and there are no legal obligations to preserve records.

(4) Use of the camera

Before using the PM 580 app for the first time, you will be asked to grant the app access to the camera.

When the camera is used, we do not collect or store any data. Access only takes place to integrate the 3D models and other content such as videos or images in the environment in the context of augmented reality.

(5) Use of the file system:

Before first use, you may be asked to grant the app access to the file system of your device. Access is provided to the application folder and is limited. Access takes the form of reading and is used to display 3D models, videos, images and similar contents that were previously loaded onto the device as part of the installation.

(6) External websites

The device's own browser is opened in certain parts of the app. The website of Hermann Sewerin GmbH is opened when the browser is opened. This privacy policy applies to the website.

Collecting your location data

A postcode is requested as part of the search for sales engineers within Germany. This is only required for searching for the closest sales engineer and is not saved or otherwise used. It is only used locally in the app on the terminal device.

Data backup

We implement the latest technical measures to ensure data security, in particular to protect your personal data against risks during data transmission and from being shared with third parties. These are updated to conform to the state of the art.

The PM 580 app does not use cookies.

15. Your rights as the data subject

15.1 Right to confirmation

You have the right to request confirmation from us whether personal data relating to you is being processed.

15.2 Right to information Art. 15 GDPR

You have the right to obtain, at any time, information free of charge about the personal data stored about you as well as a copy of this data in accordance with legal stipulations.

15.3 Right to rectification Art. 16 GDPR

You have the right to request the rectification of incorrect personal data relating to you. You also have the right to request the completion of incomplete personal data, taking the reasons for processing into consideration.

15.4 Erasure Art. 17 GDPR

You have the right to request that personal data relating to you be erased immediately if one of the legally stipulated reasons exists and if processing or storage is not required.

15.5 Restriction of processing Art. 18 GDPR

You have the right to request the restriction of processing if one of the legal stipulations exists.

15.6 Data portability Art. 20 GDPR

You have the right to receive the personal data relating to you, which was provided to us by you, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to which this personal data was provided, if processing is based on the consent in accordance with Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR or on a contract in accordance with Art. 6 (1)(b) GDPR and processing takes place using automated procedures, if processing is not required to carry out a task within the public interest or takes place to exercise official authority vested in us.

Additionally, when exercising your right to data portability in accordance with Art. 20 (1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and this does not adversely affect the rights and freedoms of others.

15.7 Objection Art. 21 GDPR

You have the right to object at any time to the processing of personal data related to you on grounds relating to your particular situation which takes place in accordance with Art. 6 (1)(e) (data processing based on public interest) or (f) GDPR (data processing based on balancing of interest).

This also applies to profiling based on these stipulations in accordance with Art. 4 (4) GDPR.

If you object, we will no longer process your personal data, unless we can prove expressly justifiable reasons for processing which outweigh your interests, rights and freedoms or if processing is designed to assert, exercise or defend legal claims.

In individual cases, we will process personal data for direct advertising. You can object at any time to the processing of personal data for the purposes of this type of advertising. This also applies to profiling if it is associated with this type of direct advertising. If you object to processing for the purposes of direct advertising, we will no longer use your personal data for this purpose.

You also have the right, on grounds relating to your particular situation, to object to the processing of personal data related to you which we carry out for scientific or historical research purposes or for statistical purposes in accordance with Art 89 (1) GDPR, unless this type of processing is required to carry out a task in the public interest.

You are free to exercise your right to object using automated procedures where technical specifications are used in connection with the use of services provided by the information society, notwithstanding Directive 2002/58/EC.

15.8 Revocation of privacy consent

You have the right to revoke consent for processing personal data at any time with future effect.

15.9 Complaining to a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

16. Routine storage, deletion and locking of personal data

We will only ever process and store your personal data for the period required to fulfil the storage purpose or if this is specified by legal stipulations to which our company is subject.

If the storage purpose is no longer applicable or a specified storage period has elapsed, personal data is routinely locked or deleted in accordance with legal stipulations.

17. Storage duration of personal data

The criterion for the storage duration of personal data is the relevant legal retention period. After this period has elapsed, the relevant data is deleted routinely unless it is required for the fulfilment or initiation of a contract.

18. Validity of and changes to the Privacy Statement

This Privacy Statement is currently valid and was last updated in December 2024.

When we further develop our website and our services, or based on changed legal or official stipulations, we may have to modify this Privacy Statement. You can access and print out the latest Privacy Statement at any time via our website at “https://www.sewerin.com/datenschutzbestimmungen”.

This Privacy Statement was created using the following privacy software: audatis MANAGER.