Privacy Statement

Privacy Statement

1. Introduction

With the following information we would like to give you as “person concerned” an overview of the processing of your personal data by us and of the rights resulting from the data protection laws. In principle, it is possible to use our website without entering personal data. If you want to use particular services of our company via our Internet site a processing of personal data might become necessary. If the processing of personal data is required and if such a processing lacks a legal basis, we will generally request your approval.

The processing of personal data, e.g. your name, address or e-mail address, will always be performed in accordance with the General Data Protection Regulation (GDPR resp. DS-GVO) and in accordance with the country-specific data protection regulations applicable for “phg Peter Hengstler GmbH + Co. KG”. By means of this privacy statement we would like to inform you about the scope and purpose of the personal data collected, used and processed by us.

As the party responsible for the processing, we have implemented numerous technical and organisational measures to make the protection of the personal data processed via this website as comprehensive as possible. Nevertheless, Internet-based data transfers can always involve security gaps so that absolute protection cannot be guaranteed. For this reason, you are free to transfer personal data to us via alternative channels, e.g. by phone or mail.

You can also take up simple and easy to implement measures to protect yourself against the unauthorized access of Third Parties to your data. Thus, we would like to provide you here with some suggestions on the secure handling of your data:

l Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.

l Only you should have access to the passwords.

l Make sure that you use your passwords only for one account (login, user or customer account).

l Do not use one password for different websites, applications or online services.

l In particular when using publicly available IT systems or IT systems used jointly with other persons: You should under all circumstances log out after each registration on a website, an application or an online service.

Passwords should consist of at least 12 characters that are not easy to guess or find out. Thus, they should not contain common words from everyday life, your own name or names of relatives, but small and capital letters, numbers and special characters.

2. Person Responsible

Responsible person in the sense of the General Data Protection Regulation (GDPR)

phg Peter Hengstler GmbH + Co. KG

Dauchinger Str. 12, 78652 Deißlingen, Germany

Phone: 07420/89-0

E-Mail: phg@phg.de

Representative of the person responsible: Joachim Hengstler

3. Data Protection Officer

You can contact our data protection officer under datenschutzbeauftragter@phg.de or our postal address with the addition “Datenschutzbeauftragter”.

4. Definition of Terms

The privacy statement is based on terms that were used by the European issuer of directives and regulations when the General Data Protection Regulation was issued. Our privacy statement is formulated to be well readable and comprehensible for both our customers and business partners. To ensure this we would like to discuss the terms in advance.

Among other things, we use the following terms in this privacy statement:

1. Personal Data

Personal Data are all pieces of information that refer to an identified or identifiable natural person. A person is considered identifiable that can be identified directly or indirectly, in particular by means of allocation to an identification such as a name, an identification number, location data, an online identification or one or more special features which express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

2. Person Concerned

A person concerned is every identified or identifiable natural person whose data are processed by the party responsible for the processing (our company).

3. Processing

Processing is every process performed with or without the assistance of automated procedures or every such process sequence related to personal data such as the inquiry, collection, organisation, ordering, saving, adaptation or modification, reading, retrieval, usage by transfer, distribution or any form of provision, comparison or connection, limitation, deletion or destruction.

4. Restriction of Processing

Restriction of processing is the marking of stored personal data with the goal to limit their further processing.

5. Profiling

Profiling is every kind of automated processing of personal data that consists in using these personal data in order to analyze or predict certain personal aspects related to a natural person, in particular aspects with respect to performance, economic situation, health, personal preferences, interests, reliability, behavior, residence or change of location.

6. Pseudonymization

Pseudonymization is the processing of personal data in a way that the personal data can no longer be allocated to a specific person concerned without using additional information, if this additional information is stored separately and is subject to technical and organisational measures which ensure that the personal data are not allocated to an identified or identifiable natural person.

7. Processor

Processor is a natural or legal person, authority, institution or other place that processes personal data on behalf of the person responsible.

8. Recipient

The recipient is a natural or legal person, authority, institution or other place that personal data are revealed to, no matter if this is a third party or not. Authorities that possibly obtain personal data within the framework of a particular investigation based on the law of the European Union or a member state are not considered as recipients.

9. Third Party

Third party is a natural or legal person, authority, institution or other place except the person concerned, the person responsible, the processor and the persons authorized to process the personal data under the immediate responsibility of the person responsible or the processor.

10. Consent

Consent is any expression of will in form of a declaration given by the person concerned voluntarily, in an informed and unequivocal manner or any other unequivocal confirming action with which the person concerned makes it clear that he/she agrees with the processing of the personal data related to him/her.

5. Legal Basis of Processing

For our company art. 6 para. 1 lit. a) GDPR (in connection with § 25 para. 1 TDDDG (formerly TTDSG)) serves as the legal basis for processing procedures in case of which we request consent for a particular purpose of processing.

If the processing of personal data is required to fulfil a contract of which you are a contract partner, as it is the case in processing operations which are necessary for a delivery of goods or the provision of a further service or consideration the processing is based on art. 6 para. 1 lit. b) GDPR. The same applies to processing operations that are required for the execution of precontractual measures, e.g. in cases of enquiries about our products or services.

If our company is subject to a legal obligation by which a processing of personal data becomes necessary, e.g. to fulfil tax obligations, the processing is based on art. 6 para. 1 lit. c) GDPR.

In rare cases the processing of personal data might become necessary to protect vital interests of the person concerned or another natural person. For example, this would be the case if a visitor was injured in our company and his/her name, health insurance data or other vital information would have to be transferred to a doctor, a hospital or other third parties. In this case the processing would be based on art. 6 para. 1 lit. d) GDPR.

In the end, processing operations might be based on art. 6 para 1 lit. f) GDPR. Processing operations that are not covered by any of the above mentioned legal bases rest on this legal basis if the processing is required for the protection of a justified interest of our company or a third party insofar as the interests, basic rights and liberties of the person concerned do not prevail. We are allowed to perform such processing operations, in particular as they are explicitly mentioned by the European legislator. The latter has insofar taken the view that a justified interest could be assumed if you are a customer of our company (recital 47 sentence 2 GDPR).

In principle, our service is oriented towards adults. Without their parents’ or legal guardians’ consent, persons under 16 years are not allowed to transmit any personal data to us. We do not request or collect any personal data from children and youth and do not pass them on to Third Parties.

6. Transfer of Data to Third Parties

There is no transmission of your personal data to third parties for other purposes than those mentioned below.

We only pass on your personal data to third parties if:

1. You have given us your explicit consent to do so acc. art. 6 para. 1 lit. a) GDPR,

2. the transfer acc. art. 6 para. 1 lit. f) GDPR is permitted to safeguard our justified interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,

3. in case there is a legal obligation for the disclosure acc. art. 6 para. 1 lit. c) GDPR and

4. this is permitted by law and required for the processing of contractual relationships with you acc. art. 6 para. 1 lit. b) GDPR.

In order to protect your data and, if necessary, allow us to transfer data to third countries (outside the EU/EEA) we have concluded agreements on order processing on the basis of standard contractual clauses of the European Commission). If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent acc. art. 49 para 1 lit. a) GDPR can serve as the legal basis for the transfer to third countries. Sometimes this does not apply for data transfers to third parties for which the European Commission has issued an adequacy decision acc. art. 45 GDPR.

7. Technology

7.1 SSL/TLS Encryption

To guarantee the security of data processing and to protect the transfer of confidential contents such as orders, login data or contact enquiries that you send us as operators, this site uses SSL resp. TLS encryption. You can recognize an encrypted connection from the fact that the address line of the browser shows “https://” rather than “http://" and from the lock symbol in your browser line.

We use this technology to protect your transmitted data.

7.2 Data Collection during the Visit of the Website

If you just use our website for information purposes, i.e. if you do not register or transfer information to us in any other way or do not consent to processings that require consent we only gather such data that are absolutely indispensable for technical reasons to provide the service. These are data that your browser regularly transfers to our server (“in so-called server logfiles”). With each viewing of a page by you or an automated system our website gathers a series of general data and information. These general data and pieces of information are saved in the logfiles of the server. It is possible to gather

1. the browser types and versions used,

2. the operating system used by the accessing system,

3. the website from which an accessing system reaches our website (a so-called referrer)

4. the subsites which are accessed on our website by an accessing system,

5. the date and time of an access to the website,

6. a shortened Internet protocol address (anonymized IP-address), as well as

7. the Internet service provider of the accessing system.

When using the general data and information we do not draw any conclusions about your person. In fact, this information is used to

1. correctly deliver the contents of our website,

2. optimize the contents of our website and the advertisement for them,

3. ensure the permanent functionality of our IT-systems and of the technology of our website and

4. provide law enforcement authorities the information required for the prosecution in case of a cyber-attack.

On the one hand, we evaluate these data and pieces of information gathered statistically, but on the other hand also with the goal to increase data protection and data security in our company in order to finally ensure an optimum protection level for the personal data processed by us. The anonymous data of the server logfiles are saved separate from all personal data provided by a person concerned.

The legal basis of the data processing is art. 6 para. 1 lit. f) GDPR. Our justified interest results from the purposes of data collection listed above.

7.3 Akamai (Content Delivery Network)

For the purpose of accelerating our website we use the content delivery network (CDN) by Akamai Technologies Inc., 150 Broadway, Cambridge, MA 02142, USA, (?Akamai?). A CDN is a service by means of which the contents of our online offering, in particular large media files such as graphics or scripts, can be delivered more quickly by means of regionally distributed servers that are connected via the Internet. The processing of your data is performed exclusively for the purposes named above and to maintain the security and functionality of the CDN.

During every data processing Akamai transfers personal data from the logfiles (e.g. IP addresses) to the USA, as certain servers for the processing of logfiles are only based in the USA. As a consequence, Akamai has committed itself to meet the standards and regulations of the European data protection law.

Akamai saves data up to 24 hours so that contents can be provided more quickly when our website is visited. Akamai cookies are classified as required cookies.

We process your data to accelerate our website on the basis of our justified interests acc. art. 6 para. 1 lit. f) GDPR. Our justified interest consists in the performant provision of our website.

This US enterprise is certified under the EU-US Data Privacy Framework. Thus, there is an adequacy decision acc. art. 45 GDPR so that a transfer of personal data may also be made without further guarantees or additional measures.

Please find further information on data protection regulations by Akamai under: www.akamai.com/de/de/privacy-policies/.

8. Cookies

8.1 General Information on Cookies

Cookies are small files that your browser generates automatically; they are saved on your IT-system (laptop, tablet, smartphone, or similar) if you visit our site.

The cookie contains information that results from the connection with the respective end device used. This does not mean, however, that in doing so we immediately gain knowledge of your identity.

The use of cookies serves to make the use of our offer more agreeable for you. This is why we use so-called session cookies to find out that you have already visited particular pages of our website. Once you leave our site they are automatically deleted.

To optimize user-friendliness, we also use temporary cookies which are saved on your end device for a defined period of time. If you visit our site again to use our services it is automatically recognized that you have been with us before, including your inputs and settings, so that you need not enter them again.

On the other hand, we use cookies to statistically record the use of our website and in order to evaluate our offer for you for the purpose of optimization. These cookies allow us to automatically detect that you have visited our website before when you return to our website. The cookies set this way are automatically deleted after a defined period of time. The cookies’ respective duration of storage can be learned from the settings of the consent tool used.

8.2. Legal Basis of the Use of Cookies

The data processed by the cookies that are necessary for the proper functioning of our website are thus required to safeguard our justified interests and those of third parties acc. art. 6 para. 1 lit. f) GDPR.

For all other cookies you have given your consent by our opt-in cookie banner in the sense of art. 6 para. 1 lit. a) GDPR.

8.3 Consent Management Tool

We use the consent management platform "Consentmanager" of the consentmanager AB, Haltegelvägen 1b, 72348 Västeras, Sweden. This service allows us to obtain and manage the consent to the data processing by the website users.

Consentmanager collects data generated by end users who visit our website. If an end user gives their consent, Consentmanager automatically records the following data:

l Browser information.

l Date and time of the access.

l Device information.

l The URL of the site visited.

l Banner language.

l Consent ID.

l The consent status of the end user that serves as proof of the consent.

The consent status is also saved in the browser of the end user so that the website can automatically read and observe the consent of the end user during all subsequent site requests and future end user sessions for up to 12 months. The consent data (consent and revocation of consent) are saved for three years. The storage period is equivalent to the regular limitation period acc. § 195 German Civil Code. After that, the data are deleted without delay.

The functionality of the website is not granted without the processing described. The user does not have the right to object as long as there exists the legal obligation to obtain the user’s consent to certain data processings (art. 7 para. 1, 9 p. 1 lit. c) GDPR.

Consentmanager is the recipient of your personal data and acts as our processor. The data processing is performed exclusively in the European Union.

Please find detailed information on the use of Consentmanager under: www.consentmanager.de/datenschutz/.

9. Contents of our Website

9.1 Registration as a User

You have the possibility to register on our Internet site by submitting personal data.

Which personal data are transmitted to us results from the respective input mask used for the registration. The personal data entered by you are collected and saved exclusively for our internal use and for our own purposes. We can arrange the transfer to one or more processors, e.g. a parcel service, that also uses the personal data exclusively for an internal use that is attributed to us.

Furthermore, the IP address issued by your Internet service provider (ISP), the date and the time of registration wil be saved by registering on our Internet site. The storage of these data is made against the background that only in this way the misuse of our services can be prevented, and these data allow to clarify criminal offences if necessary. Insofar the storage of these data is necessary for our protection. In principle, these data are not transferred to third parties. This does not apply if we are legally obliged to transfer the data or if the transfer serves the purpose of law enforcement.

Your registration, under optional indication of personal data, also allows us to offer you contents or services that due to their nature can only be offered to registered users. Registered persons are free at any time to change or completely delete from our database the personal data provided during registration.

On request we inform you at any time which personal data are saved about you. Furthermore, we correct or delete personal data on your request unless there are any legal retention periods opposed. A data protection officer named in this privacy statement and all other employees serve as contact persons of the respective person in this context.

The processing of your data is carried out in the interest of a convenient and simple use of our Internet site. This is a justified interest in the sense of art. 6 para. 1 lit. f) GDPR.

9.2 Contacting / Contact Form

Within the framework of contacting us (e.g. by contact form or e-mail) personal data are collected. Which data are collected in case of using a contact form becomes evident from the respective contact form. These data are saved and used exclusively for the purpose of responding to your request resp. for contacting and the related technical administration The legal basis of the data processing is our justified interest in answering your request acc. art. 6 para. 1 lit. f) GDPR. Art. 6 para. 1 lit. b) GDPR is an additional legal basis of the processing if your contacting aims at concluding a contract. Your data are deleted upon the final processing of your request which is the case when it can be derived from the circumstances that the respective matter is conclusively clarified and the deletion is not opposed to any legal retention periods.

9.3 Application Management / Job Platform

We gather and process the personal data of applicants for the purpose of operating the application process. The processing can also be made in electronic form. This is especially the case if an applicant electronically transmits respective application documents, e.g. by e-mail or via web form on the website. If we conclude a work or service contract with an applicant the data transmitted are saved for the purpose of processing the employment relationship in compliance with the legal regulations. If no contract is concluded with the applicant the application documents are deleted two months upon notification of the decision of refusal unless there are any other justified interests on our part that prevent this. Any other justified interest in this sense is, e.g., a burden of proof in a lawsuit under the General Equal Treatment Act (GETA).

The legal basis of processing your data is art. 6 para. 1 lit. b) GDPR in connection with § 26 para. 1 FDPA (Federal Data Protection Act).

10. Mailing of Newsletter

10.1 Mailing of Newsletter to Existing Customers

If you have provided your e-mail address when purchasing goods resp. services, we reserve the right to regularly send you offers of similar goods resp. services as the ones already purchased from our product range by e-mail. Acc. § 7 para. 3 UCA (Unfair Competition Act) we need not request special consent for this purpose. Insofar the data processing is exclusively performed on the basis of our justified interest in personalized direct marketing acc. art. 6 para. 1 lit. f) GDPR. If you have initially objected to the use of your e-mail address for this purpose, there will be no mailing on our side. You are entitled to object to the use of your e-mail address for the above advertising purpose at any time for the future by notifying the person responsible initially named. For this purpose, only transmission costs according to the basic tariffs will accrue for you. Upon reception of your objection the use of your e-mail address for advertising purposes will be stopped immediately.

10.2 Advertising Newsletter

On our website you will be granted the opportunity to subscribe to the newsletter of our company. The input mask used for this purpose determines which personal data are transmitted to us when the newsletter is ordered.

Our newsletter informs our customers and business partners about our offers at regular intervals. In general, the newsletter of our company can only be received if

1. you have a valid e-mail address and

2. you have registered for the newsletter mailing.

For legal reasons, a confirmation mail in the double opt-in procedure will be sent to your e-mail address first entered for the mailing of the newsletter. This confirmation mail serves to check if you as holder of the e-mail address have authorized the reception of the newsletter.

When you register for the newsletter, we also save the IP-address of the IT-system allocated by your Internet service provider (ISP) and used by you during the time of registration and the date and time of your registration itself. The collection of these data is necessary to be able to retrace the (possible) misuse of your e-mail address at a later stage and thus serves our legal protection.

The personal data collected within the framework of a registration for the newsletter are exclusively used to send the newsletter. Furthermore, subscribers of the newsletter can be informed via e-mail if this is required for the operation of the newsletter service or a respective registration, as this might happen in case of changes of the newsletter service or some change of the technical circumstances. No data collected within the framework of the newsletter service are transferred to third parties. The subscription of the newsletter can be terminated by you at any time. The consent to the storage of personal data that you gave us for mailing the newsletter can be revoked at any time. In every newsletter there is a respective link to revoke the consent. Furthermore, it is possible to unsubscribe from the newsletter directly on our website or to inform us accordingly in a different way.

Art. 6 para. 1 lit. a) GDPR is the legal basis of data processing for the purpose of sending the newsletter.

10.3 CleverReach

This website uses SC-Networks for sending newsletters. The provider is SC-Networks GmbH, Würmstraße 4, 82319 Starnberg. SC-Networks is a service by which the sending of newsletter can be organized and analyzed. The data entered by you for the purpose of obtaining the newsletter (e.g. the e-mail address) are saved on the servers of SC-Networks in Germany.

Our newsletters sent by SC-Networks allow to analyze the behavior of the newsletter recipients. In this way, it can be analyzed (among other things) how many newsletter recipients have opened the newsletter and how often which links in the newsletter have been clicked on.

The data processing is made on the basis of your consent (art. 6 para. 1 lit. a) GDPR. You can revoke this consent at any time by unsubscribing to the newsletter. The righteousness of the data processing executed so far remains unaffected by the revocation.

You can revoke the consent you have given at any time. You can also prevent the processing at any time by unsubscribing to the newsletter. Furthermore, you can prevent the storage of cookies by a respective setting of your web browser. It is also possible to prevent the storage and transfer of personal data by deactivating Java scrip tin your web browser or by installing a Java script blocker (e.g. noscript.net or www.ghostery.com). We would like to point out that these measures may prevent some functionalities of our Internet offer.

11. Our Activities in Social Networks

To make it possible to communicate in social networks with you and inform you about our services we are present with our own websites there. If you visit one of our social media sites we assume joint responsibility for the processing with the provider of the respective social media platform in the sense of art. 26 GDPR with respect to the processing operations triggered thereby.

In this case, we are not the original provider of these sites but only use them within the framework of the opportunities offered by the respective providers.

Therefore, as a matter of precaution we thereby inform you that your data may also be processed outside the European Union resp. the European Economic Area. The usage may therefore involve privacy risks for you because the protection of your rights, e.g. to information, deletion, revocation, etc., might be impeded and the processing in the social networks is often directly made for advertising purposes or to analyze the user behavior by the providers, while we are not able to influence this in any way. If user profiles are created by the provider cookies are often used resp. the user behavior is directly allocated to the member profile of the social networks you have created.

The processing operations of personal data described are made acc. art. 6 para. 1 lit. f) GDPR on the basis of our justified interest and of the justified interest of the respective provider in order to communicate with you in a topical way resp. to inform you about our services. If you as a user have to submit a consent to data processing to the respective providers the legal basis refers to art. 6 para. 1 lit. a) GDPR in connection with art. 7 GDPR.

As we have no access to the databases of the providers we point out that you best assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in the social networks are listed below with the respective providers of social networks used by us:

11.1 LinkedIn

(Co-)responsible for the data processing in Europe:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland

Privacy Statement

www.linkedin.com/legal/privacy-policy

11.2 XING (New Work SE)

(Co-)responsible for the data processing in Germany:

New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland

Privacy Statement:

privacy.xing.com/de/datenschutzerklaerung

Information requests for XING members:

www.xing.com/settings/privacy/data/disclosure

12. Web Analysis

12.1 Google Analytics 4 (GA4)

On our websites we use Google Analytics 4 (GA4), a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; ("Google").

In this connection, pseudonymized user profiles are created and cookies (see item “cookies”) are used. The information generated by the cookie about your use of this website may include, among others:

l a temporary recording of the IP address without permant storage

l location data

l browser type / version

l operating system used

l referrer URL (the site visited before)

l time of server request

The pseudonymized data can be transferred to a server of Google in the USA and saved there.

The information is used to evaluate the usage of the website, compile reports about the website activities and render further services in connection with website and Internet use for purposes of market research and the needs-based design of these websites. Also, this information may be passed on to third parties if this is legally required or insofar as third parties process these data on behalf.

These processing operations are only performed if you have given your explicit consent to do so acc. art. 6 para. 1 lit. a) GDPR.

The storage period of the data preset by Google is 14 months. Apart from that, the personal data are saved as long as they are required to fulfil the purpose of processing. The data are deleted as soon as they are no longer required to achieve the purpose.

The mother company Google LLC is certified as a US enterprise under the EU-US Data Privacy Framework. Thus, there is an adequacy decision acc. art. 45 GDPR so that a transfer of personal data may also be made without further guarantees or additional measures.

Please find further information on privacy when using GA4 under: support.google.com/analytics/answer/12017362.

12.2 Google Analytics Universal

On our websites we use Google Analytics, a web analysis service of Google Ireland Limited (https://www.google.de/intl/de/about/), Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). In this connection, pseudonymized user profiles are created and cookies (see item “cookies”) are used. The information generated by the cookie about your use of this website such as

1. the browser type / version,

2. the operating system used,

3. the referrer URL (the site visited before)

4. the host name of the accessing computer (IP-address) and

5. the time of server request,

are transferred to a server of Google in the USA and saved there. The information is used to evaluate the usage of the website, compile reports about the website activities and render further services in connection with website and Internet use for purposes of market research and the needs-based design of these websites. Also, this information may be passed on to third parties if this is legally required or insofar as third parties process these data on behalf. Your IP-address will under no circumstances be brought together with other data from Google. The IP-addresses are anonymized in such a way that an allocation is not possible (IP-masking).

You can prevent the installation of cookies by a respective setting of the browser software; we would like to point out, though, that possibly not all functions of this website can be fully used in such a case.

These processing operations are only performed if you have given your explicit consent to do so acc. art. 6 para. 1 lit. a) GDPR.

Moreover, you can prevent the collection and transfer of your data (incl. your IP-address) created by the cookie and related to your use of the website and the processing of these data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

You can see the data protection regulations of Google Analytics under: support.google.com/analytics/answer/6004245.

13. Plugins and Other Services

13.1 Google Tag Manager

On this website we use the service Google Tag Manager. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is the operating company of Google Tag Manager. Google Ireland Limited is part of the Google group of companies with its headquarters in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Through this tool “website tags” (i.e. tags included in HTML elements) can be implemented and administered via a surface. Through the use of the Google Tag Manager we can automatically retrace which button, link or which personalized image you actively clicked on and can then note which contents of our website are of particular interest to you.

Furthermore, the tool triggers other tags that might gather data on their part. Google Tag Manager does not access these data. If you have performed a deactivation on domain or cookie level it continues to exist for all tracking tags that were implemented with Google Tag Manager.

These processing operations are only performed if you have given explicit consent to do so acc. art. 6 para. 1 lit. a) GDPR.

Please find further information on Google Tag Manager and the Google Privacy Statement under: www.google.com/intl/de/policies/privacy/.

13.2 Vimeo (Videos)

On our website plugins of the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are integrated. When you call up a page of our website that includes such a plugin your browser sets up a direct connection to the servers of Vimeo. The content of the plugin is directly transmitted from Vimeo to your browser and integrated into the page. Through this integration Vimeo receives the information that your browser has called up the respective page of our website even if you do not have an account with Vimeo or are currently not logged in with Vimeo. This information (including your IP-address) is directly transmitted from your browser to a server of Vimeo in the USA and saved there.

If you are logged in with Vimeo this company can immediately allocate the visit of our website to your Vimeo account. If you interact with the plugins (e.g. confirmation of the start button of a video) this information is also directly transmitted to a server of Vimeo and stored there.

If you do not want Vimeo to immediately allocate the data collected via our website to your Vimeo account, you have to log out from Vimeo before visiting our website.

With videos of Vimeo that are integrated into our website the tracking tool Google Analytics is automatically integrated. This is Vimeo’s own tracking which we cannot access and that cannot be influenced by our side. Google Analytics uses so-called “cookies” for the tracking; these are text files that are saved on your computer and allow to analyze your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

These processing operations are only performed if you have given explicit consent to do so acc. art. 6 para. 1 lit. a) GDPR.

You can see the privacy policy of Vimeo under: vimeo.com/privacy.

14. Your Rights as a Person Concerned

14.1 Right to Confirmation

You have the right to request a confirmation from us if personal data relating to you have been processed.

14.2 Right to Information Art. 15 GDPR

You have the right to obtain information free of charge and at any time about the personal data saved with respect to your person and a copy of these data according to the legal regulations.

14.3 Right to Correction Art. 16 GDPR

You have the right to request the correction of incorrect personal data pertaining to you. Furthermore, you have the right to request the completion of incomplete personal data under consideration of the purposes of processing.

14.4 Deletion Art. 17 GDPR

You have the right to request from us that the personal data pertaining to you are immediately deleted if one of the reasons provided by law applies and insofar as the processing resp. storage is not required.

14.5 Restraint of Processing Art. 18 GDPR

You have the right to request from us the restraint of processing if one of the legal preconditions is given.

14.6 Data Portability Art. 20 GDPR

You have the right to obtain the personal data pertaining to you which we have been provided by you in a structured, standard and machine-readable format. Furthermore, you have the right to transfer these data to another person responsible without any obstruction by us if the processing is based on the consent acc. art. 6 para. 1 lit. a) GDPR or art. 9 para 2 lit. a) GDPR or on a contract acc. art. 6 para. 1 lit. b) GDPR and the processing is made by means of automated processes if the processing is not required for the performance of a task which is in the public interest or the execution of public authority that has been transferred to us.

Furthermore, when exercising your right to data portability acc. art. 20 para. 1 GDPR you have the right to obtain that the personal data are directly transmitted from one person responsible to another person responsible, if this is technically feasible and insofar the rights and freedoms of other people are not affected thereby.

14.7 Objection Art. 21 GDPR

You have the right to object at any time to the processing of personal data pertaining to you and performed on the basis of art. 6 para 1 lit. e) (data processing in the public interest) or f (data processing on the basis of a balancing of interests) GDPR for reasons resulting from your particular situation.

This also applies to a profiling based on these stipulations in the sense of art. 4 no. 4 GDPR.

If you object, we will not process your personal data any longer unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and liberties, or insofar as the processing serves to assert, exercise or defend legal claims.

In individual cases we process personal data for the purpose of direct advertising. You can object to the processing of the personal data for the purpose of such advertising at any time. This also applies to the profiling, insofar as it is related to such direct advertising. If you object towards us to the processing for direct advertising purposes, we will not process the personal data for these purposes any longer.

For reasons resulting from your particular situation, you also have the right to object to the processing of personal data pertaining to you which is performed for the purpose of scientific or historical research or for statistical purposes acc. art. 89 para. 1 GDPR, unless such a processing is required to fulfil a task in the public interest.

In connection with the use of services of the information society, irrespective of guideline 2002/58/EU, you have the possibility to exercise your right to objection by means of automated procedures in which technical specifications are used.

14.8 Revocation of a Data Protection Consent

You have the right to revoke a consent to the processing of personal data at any time for the future.

14.9 Complaint with a Supervisory Authority

You have the right to complain about our processing of personal data with a supervisory authority concerned with data protection.

15. Status and Changes of the Privacy Statement

This privacy statement is currently valid and has the status: December 2024.

Due to the further development of our website and offers or due to modified legal resp. official regulations it may become necessary to modify this privacy statement. The current privacy statement can be retrieved by you from the website under https://www.phg.de/datenschutz and printed at any time.