Data protection

The protection of your personal data is important to us.

1. Introduction

The following information is intended to provide you as the “data subject” with an overview of how we process your personal data and what rights you have under data protection laws. It is generally possible to use our website possible without providing us with any personal data. However, if you choose to use specific services offered through our website, we may need to process your personal data. If we must process personal data and no legal basis exists for doing so, we will request your consent.

We process personal data, such as your name, address and email address, in full compliance with the General Data Protection Regulation (GDPR) and the country-specific data protection laws that apply to J.D. Neuhaus GmbH & Co. KG. In this privacy policy we explain the scope and purpose of the personal data we collect, use and process.

As the data controller, we have implemented numerous technical and organisational measures to ensure the most comprehensive protection possible for personal data processed via this website. However, transmitting information via the internet can inherently carry security risks, and we cannot guarantee absolute protection. For this reason, you can choose to send us your personal data through alternative means, such as by telephone or normal post.

2. Data controller

The following entity is the data controller in accordance with the GDPR:

J.D. Neuhaus GmbH & Co. KG
Windenstraße 2-4
58455 Witten-Heven, Germany

E-Mail: info@jdngroup.com

Data controller’s authorised representatives:

Moritz Neuhaus-Galladé,
Gitta Neuhaus-Galladé

3. Data protection officer

You can contact our Data Protection Officer using the details provided in the legal notice or by email at: datenschutz@jdngroup.com.

Please note that if you use the contact options provided, individuals other than our Data Protection Officer may also access the content. If you wish to share confidential information, please contact us directly via the email address provided above.

4. Legal basis for processing

Our company relies on Art. 6(1)(a) of the GDPR, in conjunction with Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG, formerly TTDSG) as the legal basis when we request your consent for specific processing purposes.

If we need to process your personal data to fulfil a contract to which you are a party (for example, processing activities required to deliver goods, provide services or carry out related obligations), we base the processing on Art. 6(1)(b) of the GDPR. The same legal basis applies when we carry out pre-contractual measures, such as responding to enquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data (for example, to meet tax-related duties), we rely on Art. 6(1)(c) of the GDPR as the legal basis.

In certain cases, we may process personal data based on Art. 6(1)(f) of the GDPR. This legal basis applies to processing activities not covered by the above-mentioned grounds, where the processing is necessary to protect a legitimate interest of our organisation or a third party, provided that your interests, fundamental rights and freedoms do not override those interests.

As a rule, our services are intended for adults. Individuals under the age of 16 may not submit personal data to us without the consent of their parents or legal guardians. We do not request personal data from children or young people, nor do we collect or share such data with third parties.

5. Disclosure of data to third parties

We do not disclose your personal data to third parties for any purposes other than those listed below.

We shall only share your personal data with third parties if:

1. You have given us your explicit consent in accordance with Art. 6(1)(a) of the GDPR;

2. The disclosure is permitted under Art. 6(1)(f) of the GDPR to protect our legitimate interests, and there is no reason to believe that your interests or fundamental rights and freedoms override those interests;

3. We have a legal obligation to disclose the data under Art. 6(1)(c) of the GDPR; and

4. The disclosure is legally permitted and necessary under Art. 6(1)(b) of the GDPR in order to fulfil our contractual obligations to you.

To protect your data and make it possible for us to transfer this data to third countries (outside the EU/EEA) when this is necessary, we have entered into data processing agreements based on the European Commission’s Standard Contractual Clauses. If these clauses do not ensure an adequate level of protection, we may rely on your consent under Art. 49(1)(a) of the GDPR as the legal basis for the transfer. This does not apply to transfers to countries recognised by the European Commission as providing an adequate level of data protection under Art. 45 of the GDPR.

6. Technology

6.1 SSL/TLS encryption
This website uses SSL or TLS encryption to safeguard the security of data processing and to protect the transmission of confidential information such as orders, login details, and contact enquiries you send to us. You will recognise an encrypted connection by the “https://” prefix in your browser’s address bar and the padlock icon displayed next to it.

We use this technology to safeguard the data you transmit to us.

6.2 Data collection when you visit our website
When you visit our website purely for informational purposes (without registering, submitting data or consenting to processing activities), we only collect data that is technically essential to deliver the website’s core functionality. This typically includes data that your browser automatically transmits to our server (known as “server log files”). Each time you or an automated system accesses a page on our website, a range of general data and information is collected. This general data and information is stored in the server’s log files. This may include:

1. The types and versions of browsers used;

2. The operating system used by the accessing device;

3. The website from which the accessing system reached our site (known as the referrer);

4. The subpages accessed on our website by the accessing system;

5. The date and time that the website is accessed;

6. A truncated Internet Protocol address (anonymised IP address); and

7. The internet service provider of the accessing system.

We do not use this general data and information to draw any conclusions about your identity. This information is instead required in order to:

1. Deliver the content of our website correctly;

2. Ensure the long-term functionality of our IT systems and website technology; and

3. Provide law enforcement authorities with the information required for prosecution in the event of a cyberattack.

The data and information that we collect is evaluated both statistically and with the aim of improving data protection and security within our company, ultimately to ensure the highest possible level of protection for the personal data we process. Anonymous server log data is stored separately from any personal data provided by an individual.

The legal basis for this data processing is Art. 6(1)(f) of the GDPR. Our legitimate interest arises from the purposes listed above.

6.3 Hosting by Host Europe
Our website is hosted by Host Europe GmbH, Hauptstrasse 111, 51149 Cologne, Germany (hereinafter referred to as “Host Europe”).

When you visit our website, your personal data (e.g. IP addresses in log files) is processed on Host Europe’s servers.

The use of Host Europe is based on Art. 6(1)(f) of the GDPR. We have a legitimate interest in ensuring reliable presentation, availability and security of our website.

We have entered into a data processing agreement (DPA) with Host Europe in accordance with Art. 28 of the GDPR. This legally required agreement ensures that Host Europe processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

For more information on Host Europe’s data protection practices, please visit: https://www.hosteurope.de/AGB/Datenschutzerklaerung/

6.4 Hosting via Microsoft Azure
You have received an invitation to use a Microsoft 365 application from J.D. Neuhaus GmbH & Co. KG or one of its affiliated subsidiaries, acting as the data controller under the applicable data protection laws, or you are accessing our website. If you need more information on how Microsoft processes personal data, please refer to their privacy policy. Microsoft Privacy Statement: https://privacy.microsoft.com/de-de/privacystatement

Information on processing and categories of personal data affected when using Microsoft Cloud services:

Certain information is automatically processed as soon as you use Microsoft Cloud services or access our website. The following is a summary of which personal data is processed and the legal basis for that processing:

Your IP address, which is used to access Microsoft Cloud applications. The legal bases for this processing are Art. 6(1)(a), (b), and (f) GDPR, as well as Art. 88 GDPR in conjunction with applicable national employee data protection laws.

Your username (login credentials for Microsoft applications), and data used for multi-factor authentication that you have stored in your Microsoft account (e.g. optionally your (private) mobile number). The legal bases for this processing are Art. 6(1)(a), (b) and (c) of the GDPR.

Personal identifiers: This refers to information that identifies you as a user, sender or recipient of data within Microsoft Cloud services. This includes in particular the following core personal data: your name, surname and business contact details (for example, telephone number, email address and business fax number) if this is provided by you or transmitted by your organisation. Additional voluntary information, such as a profile picture you may have uploaded, is also visible in your user profile. These details are accessible in your profile and, in particular, within Outlook, where they may be visible to you and other Microsoft 365 users. You can update or change these details at any time. The legal bases for this processing are Article 6(1)(a), (b), (c) and (f) of the GDPR.

Data required for authentication, licence usage, logging and abuse detection. In Microsoft Cloud services, all user activities are processed. This includes the time and date of access, type of access and information about the data, files or documents that were accessed. It also covers all usage-related actions, such as creating, modifying or deleting documents, setting up Teams and channels, making notes in OneNote, starting chats and replying to messages. The legal bases for this processing are Art. 6(1)(b) and (c) of the GDPR.

Usage data: This refers to usage data that you create or that we collect from you. It includes, in particular, communication content (such as text, audio or video) and files that are created by you. The specific data that is processed depends on the Microsoft 365 application that you use. If audio or video content is recorded, you will be informed in advance and asked to provide your consent. The legal bases for this processing are Art. 6(1)(b) and (f) of the GDPR.

Data backups and archiving: Personal data collected from or about you is stored as part of our system backups. This ensures the recoverability of both the system and the data itself. In addition, your data may be (partially) archived if this is required by statutory obligations. The legal bases for this processing is Art. 6(1)(c) and (f) of the GDPR.

7. Cookies

7.1 General information about cookies
Cookies are small files that your browser automatically creates and stores on your device (such as a laptop, tablet, smartphone or similar) when you visit our website.

Cookies store information that relates to the context of the specific device you are using. However, this does not mean we can identify you directly from it.

The use of cookies helps make your experience with our services more convenient and user-friendly. We use what are known as session cookies to recognise when you have already visited specific pages on our website. These cookies are automatically deleted once you leave our site.

In addition, we use temporary cookies to improve user experience. These are stored on your device for a specific, predefined period. If you return to our website to use our services, the system will automatically recognise that you have visited before and recall the inputs and settings you previously selected, so you do not need to enter them again.

We also use cookies to collect statistical data on how our website is used, allowing us to evaluate and optimise our services for your benefit. These cookies allow us to automatically recognise when you return to our website. Cookies set in this way are automatically deleted after a defined period. The specific storage duration for each cookie can be found in the settings of the consent tool used.

7.2 Legal basis for the use of cookies
Data processed through cookies that are necessary for the proper functioning of the website are required to safeguard our legitimate interests, as well as those of third parties, in accordance with Art. 6(1)(f) of the GDPR.

For all other cookies, your consent is obtained via our opt-in cookie banner, in accordance with Art. 6(1)(a) of the GDPR in conjunction with Section 25 of the German Telecommunications Digital Services Data Protection Act [TDDDG].

7.3 Instructions for disabling cookies in standard web browsers
You can delete cookies, allow only selected cookies or disable cookies entirely at any time via your browser settings. For more information, please refer to the support pages of your browser provider:

7.4 Borlabs Cookie (consent management tool)
We use the WordPress cookie plugin “Borlabs Cookie” provided by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. This service enables us to obtain and manage user consent for data processing on our website.

Borlabs Cookie uses cookies to collect data generated by end users who visit our website. When an end user gives consent, the following data is automatically logged, among other details:

cookie duration,
cookie version,
domain and path of the WordPress site,
selection made in the cookie banner,
UID (a randomly generated ID).

The consent status is also stored in the end user’s browser, allowing the website to automatically recognise and apply the user’s consent for all subsequent page requests and future sessions for up to 12 months.

The proper functioning of the website cannot be guaranteed without the processing described above. Users do not have the option to object as long as there is a legal obligation to obtain their consent for certain data processing activities, in accordance with Art. 7(1) and Art. 6(1)(c) of the GDPR.

The data collected is neither shared with Borlabs GmbH nor does the company have access to it.

Further information can be found at: https://de.borlabs.io/borlabs-cookie/ .

8. Content of our website

8.1 Contacting us / contact form
When you contact us (e.g. via our contact form or by email), personal data is collected. The specific data that is collected when you use a contact form is indicated in the respective form. This data is stored and used solely for the purpose of responding to your enquiry and for the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request, in accordance with Art. 6(1)(f) of the GDPR. If the purpose for contacting us is entering into a contract, the additional legal basis for processing your data is Art. 6(1)(b) of the GDPR. Your data will be deleted once your enquiry has been fully processed, provided it is evident from the circumstances that the matter has been conclusively resolved and no statutory retention obligations prevent deletion.

8.2 Application management / job portal

8.2.1 What data do we process and for what purposes?
We process the data you have submitted to us in connection with your application in order to assess your suitability for the position (or, where applicable, other vacancies within our company) and to carry out the recruitment process.

Where we consider it necessary for filling the position, it is possible that we may also collect personal data about you from third parties. This may include online research or searches on social media platforms (e.g. LinkedIn, XING). In this regard, we refer you to the additional information provided at the end of this section. Any additional information that may be required under Art. 14 of the GDPR in such cases will be provided to you separately, where necessary.

8.2.2 What is the legal basis for this?
The main legal basis for processing your personal data in this recruitment procedure is Art. 6(1)(b) of the GDPR.

Accordingly, the processing of data is permitted where it is necessary in connection with the decision to establish an employment relationship.

If, after the conclusion of the application process, the data is required for legal proceedings, processing may take place on the basis of Art. 6 of the GDPR, in particular to safeguard legitimate interests pursuant to Art. 6(1)(f) of the GDPR. In such cases, our interest lies in asserting or defending legal claims.

If special categories of personal data within the meaning of Art. 9 of the GDPR are processed (e.g. health data), the legal basis is Section 26(3) of the German Federal Data Protection Act (BDSG) or Art. 9(2)(b) of the GDPR in conjunction with Art. 6(1)(b) of the GDPR

8.2.3 How long is the data stored?
In the event that an application is rejected, the applicant’s data is deleted after six months.

If you have consented to further storage of your personal data, we will add your details to our applicant pool. In this case, the data will be deleted after two years.

If you are offered a position as a result of the recruitment process, your data will be transferred from the applicant management system to our personnel information system.

8.2.4 To whom is the data disclosed?
Once your application has been received, your applicant data is reviewed by our HR department. Suitable applications are then internally forwarded to the relevant department managers responsible for the respective vacancy. The next steps in the process are then coordinated. Within the company, only those individuals who require access to your data to ensure the proper conduct of the recruitment process will have access to it.

8.2.5 Additional information on the processing of personal data not collected from the data subject (Art. 14 GDPR)
If we process personal data about you during the application process that we have not obtained directly from you, the following additional information applies:

The categories of data we may process in this context include information about you that is publicly accessible on the internet or that can be found via social media platforms (e.g. LinkedIn, XING). This may also include data relating to previous employment relationships. The legal basis for this data processing is Art. 6(1)(f) of the GDPR, as our legitimate interest lies in identifying the most suitable candidates for the respective positions.

If we process personal data about you that we have not collected directly from you, we will inform you separately of the source of this data, unless you already possess this information. For all other information required under Art. 14 of the GDPR, please refer to the information provided in this privacy policy.

9. Our activities on social media

To communicate with you via social media and inform you about our services, we maintain our own pages on various platforms. When you visit one of our social media pages, we are jointly responsible, together with the provider of the respective platform, for the data processing operations triggered by that visit, in accordance with Art. 26 of the GDPR.

We are not the original provider of these platforms, but merely use them within the scope of the options made available to us by the respective providers.

We would like to point out, as a precaution, that your data may also be processed outside the European Union or the European Economic Area. Use of social media platforms may therefore involve data protection risks for you, as it may be more difficult to enforce your rights, such as access, erasure or objection. In addition, data processing on social networks is often carried out directly by the platform providers for advertising purposes or to analyse user behaviour, and we have no influence over this. If user profiles are created by the provider, cookies are often used, or usage behaviour is linked to your personal member profile on the respective social network.

The processing of personal data as described here is carried out pursuant to Art. 6(1)(f) of the GDPR, based on our legitimate interest and that of the respective provider to communicate with you in a modern and appropriate manner and informing you about our services. If you as a user are required to give consent to data processing by the respective providers, the legal basis is Art. 6(1)(a) of the GDPR in conjunction with Art. 7 of the GDPR.

As we do not have access to the providers’ data repositories, we would like to point out that you should assert your rights (e.g. access, rectification, erasure, etc.) directly with the respective provider. Additional information on how your data is processed on social networks is provided below for each social media provider we use:

9.1 Meta (Facebook)
Data controller (or joint controller) for processing data in Europe:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Unless you object, Meta (Facebook) may use content from adult users in the EU, such as photos, posts or comments, to train its AI models. The legal basis for this processing is Meta’s legitimate interest under Art. 6(1)(f) of the GDPR. We as a company have no influence over this specific data processing by Meta. Users may object via an online form available on Meta’s platforms.

9.2 Microsoft (LinkedIn)
Data controller (or joint controller) for processing data in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland

9.3 XING (New Work SE)
Joint controller for data processing in Germany:
New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland

Access requests for XING members:
https://www.xing.com/settings/privacy/data/disclosure

9.4 Google (YouTube)
Data controller (or joint controller) for processing data in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland

10. Web analysis

10.1 Google Analytics 4 (GA4)
We use Google Analytics 4 (GA4), a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”), on our website.

In this context, pseudonymised usage profiles are created and cookies are used (see the “Cookies section). The information that the cookie generates about your use of this website may include, among other things:

Temporary collection of the IP address without permanently storing the information
Location information
Browser type/version
Operating system that is used
Referrer URL (previous site visited)
Time of the server request

The pseudonymised data may be transmitted by Google to a server in the USA and stored there.

This information is used to evaluate the use of the website, compile reports on website activity and provide other services related to website and internet usage for the purposes of market research and needs-based design of these internet pages. The information may also be transferred to third parties if required by law, or if third parties process this data on behalf of Google.

These processing operations are carried out exclusively with your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Google retains the data for a period of 2 months. Personal data is otherwise stored only for as long as it is required for the intended processing purpose. The data will be deleted as soon as it is no longer required for the intended purpose.

The parent company Google LLC is certified under the EU-US Data Privacy Framework as a US company. This is considered an adequacy decision under Art. 45 of the GDPR, permitting the transfer of personal data without the need for additional safeguards.

Further information on data protection when using Ga4is available at: https://support.google.com/analytics/answer/12017362?hl=de.

10.2 Microsoft Dynamics 365 Customer Journey Insights
We use Microsoft Dynamics 365 Customer Journey Insights to conduct marketing campaigns, for analytical purposes (including personalised email tracking) and to engage with customers and prospects in a targeted manner. Specifically, the system is used to send email communications (e.g. in connection with providing downloads), to manage events (e.g. handling event participants) and to provide contact forms (see above).

The following information is collected as part of this process:
– Client ID, IP address, geographic location, browser type, duration of visit, session name and pages accessed.

In addition, the following data is processed as part of personalised email tracking:
– IP address, browser and device type, time the email was opened and whether (and which) links were clicked.

This personal data is processed until the associated profile is deleted. Email tracking helps us optimise and personalise marketing content, which allows us to tailor communications to different recipient groups.

Access to free resources, such as white papers and other downloads, the following data is collected and processed as a condition of provision:
– Title, surname, email address and, where applicable, company affiliation, telephone number, contact messages, interests and downloaded assets.

Double opt-in and data collection:
Email marketing subscriptions are confirmed through a double opt-in process. This means that after signing up, you’ll receive a confirmation email asking you to verify your subscription. This step ensures that no one can sign up using someone else’s email address without permission. Your subscription is logged to ensure the registration process complies with legal requirements. This includes recording the date and time of your sign-up and confirmation, as well as your IP address. Changes to your personal data stored by our email marketing provider are also logged.

Once you unsubscribe, any personal data used to deliver marketing content will be removed.

Further information on data protection can be found in the Microsoft Privacy Statement at: https://www.microsoft.com/de-de/privacy/privacystatement

For more information on the use of cookies within this system, please visit: https://docs.microsoft.com/en-US/dynamics365/marketing/cookies.

11. Plugins und andere Dienste

11.1 Google infrastructure – csp.withgoogle.com
This website includes components of various Google services. Within the EU, the entity responsible for data processing is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).

The following Google services may be embedded on our pages:

YouTube (video platform),
Google Maps (map display),
Google Tag Manager (script management),
Google Ads / Google Publisher Services (online advertising).

Details of the specific Google services used can be found in this privacy policy.

When you visit a subpage that includes a Google service (such as an embedded YouTube video or Google Maps), your browser may automatically load additional content from Google servers. This may also activate supporting services such as Google WebFonts, Google Video, Google Photos, Google Static, Google Ads Services and Google Maps Tiles.

In many cases, a connection is also established to https://csp.withgoogle.com. This domain is part of Google’s infrastructure and is used to transmit Content Security Policy (CSP) reports. Modern browsers automatically generate these reports to identify breaches of defined security policies, especially those aimed at preventing cross-site scripting (XSS) and data tampering.

The privacy assessment of the connection tohttps://csp.withgoogle.com depends on which specific Google service technically initiates the security check. This connection is considered a technical component of the embedded service and does not occur independently. Therefore, whether this connection is legally permissible depends on the lawful basis for the specific Google service:

– If a Google service (e.g. YouTube) is embedded solely on the basis of your explicit consent under Art. 6(1)(a) UK GDPR, this consent extends to the associated security check via csp.withgoogle.com.

– If a service is embedded based on another lawful basis, such as Art. 6(1)(b) UK GDPR (performance of a contract) or Art. 6(1)(f) UK GDPR (legitimate interests), the connection to csp.withgoogle.com may also be established on that basis, provided no additional personal data, such as user identifiers or tracking IDs, is processed.

For further information on Google’s data protection practices, please visit: https://www.google.de/intl/de/policies/privacy/.

11.2 Google Maps
We use Google Maps (API) on our website. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google corporate group, which has its head office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web-based tool for rendering interactive maps and visually presenting geographic data. This service lets you see where we are and helps you find the best way to get here.

When you visit a page that includes Google Maps, information about your use of our website, such as your IP address, may be sent to and stored on Google servers in the USA, if you have given consent in accordance with Art. 6(1)(a) of the GDPR. In addition, Google Maps may load supporting services such as Google Web Fonts, Google Photos and Google Stats. These services are also provided by Google Ireland Limited. When you visit a page that uses Google Maps, your browser downloads the required Web Fonts and Photos into its cache to display the map properly. To do this, your browser connects to Google’s servers. This allows Google to see that our website was accessed using your IP address. This happens even if you do not have a Google account or you are not logged in at the time. If you are logged into Google, the data may be directly associated with your account. If you do not wish the data to be linked to your Google profile, you must log out of your Google account. Google stores user data (including for users who are not logged in) in the form of usage profiles and analyses them. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google directly.

If you do not agree to your data being transmitted to Google in future when you use Google Maps, you can disable the Google Maps web service entirely by turning off JavaScript in your browser settings. Please note that if JavaScript is disabled, Google Maps and the map display on this website will no longer function.

These processing activities are carried out exclusively with your explicit consent in accordance with Art. 6 (1) (a) GDPR.

For Google’s General Terms of Service, please visit https://www.google.de/intl/de/policies/terms/regional.html

for additional Terms of Service for Google Maps, please visit https://www.google.com/intl/de_US/help/terms_maps.html.

You can view the Google Maps privacy policy at: (“Google Privacy Policy”): https://www.google.de/intl/de/policies/privacy/.

11.3 Google Photos
We use the Google Photos service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to store and display images embedded on our website.

Embedding means integrating external content, such as text, videos and images, from another website (in this case, Google Photos) so it appears directly on our own site. This is done with the use of an embedding code. When this code is used, content from Google Photos is automatically shown as soon as you access one of our web pages.

Through the technical process of using the embedding code to display images from Google Photos, your IP address is transmitted to Google Photos. Google Photos also collects details such as the page you visited on our website, your browser type and language, and the time and duration of your visit. Google Photos may also collect information about which subpages you visited, which links you clicked and how you interacted with our website. These data may be stored and analysed by Google Photos.

These processing activities are carried out exclusively with your explicit consent in accordance with Art. 6 (1) (a) GDPR.

Google LLC is certified under the EU-US Data Privacy Framework. This is considered an adequacy decision under Art. 45 of the GDPR, permitting the transfer of personal data without the need for additional safeguards.

You can view Google’s Privacy Policy at:

https://www.google.com/policies/privacy/.

11.4 Google reCAPTCHA
This website uses the Google reCAPTCHA service. Google reCAPTCHA is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google corporate group, which has its head office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The purpose of reCAPTCHA is to determine whether data input on our website (e.g. through contact forms) is made by a human being or by automated software (commonly known as bots). To do this, reCAPTCHA analyses the behaviour of website visitors based on various characteristics. This analysis begins automatically as soon as the website is accessed. During this process, various data are transmitted to Google (e.g. IP address, mouse movements, time spent on the site and potentially also other technical information).

This data is processed on the basis of Art. 6 (1) (f) GDPR. We have a legitimate interest in protecting our website against abusive automated surveillance, spam and other attacks.

For further information about Google reCAPTCHA and Google’s privacy policy, please visit: https://www.google.com/intl/de/policies/privacy/.

11.5 Google Tag Manager
This website uses the Google Tag Manager service. Google Tag Manager is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google corporate group, which has its head office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool allows website “tags” (i.e. keywords embedded in HTML elements) to be implemented and managed through an interface. By using Google Tag Manager, we can automatically track which button, link or personalised image you actively clicked on and identify which content on our website is particularly interesting to you.

The tool also triggers other tags, which may in turn collect data. Google Tag Manager itself does not access this data. If you have disabled tracking at the domain or cookie level, this setting will continue to apply to all tracking tags implemented through Google Tag Manager.

These processing activities are carried out exclusively with your explicit consent in accordance with Art. 6 (1) (a) GDPR.

Further information on Google Tag Manager and Google’s Privacy Policy can be found at: https://www.google.com/intl/de/policies/privacy/.

11.6 Google WebFonts
Our website uses web fonts to maintain a consistent appearance of typefaces. Google WebFonts is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google corporate group, which has its head office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

These processing activities are carried out exclusively with your explicit consent in accordance with Art. 6 (1) (a) GDPR.

Further information on Google Web Fonts and Google’s Privacy Policy can be found at: https://developers.google.com/fonts/faq ; https://www.google.com/policies/privacy/.

11.7 HubSpot forms
We use HubSpot Forms, a service provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA (hereinafter referred to as “HubSpot”).

HubSpot Forms is a web-based application for creating surveys and polls. The forms that are thus created can be shared via links or embedded on a website to gather feedback or facilitate voting from a target audience. Survey results are automatically collected and can be displayed and analysed in real time.

When HubSpot Forms are used, various types of personal data may be collected, including but not limited to:
– Information you voluntarily provide when completing a survey, poll, or quiz, such as your name, email address and responses to questions.
– Data relating to the use of HubSpot Forms (e.g. the date and time of access, browser type, operating system and IP address) may also be collected.

The duration for which personal data is stored is determined by the relevant statutory retention obligations.

Participation in surveys, polls and quizzes is entirely voluntary. The legal basis for processing your personal data is your freely given consent in accordance with Art. 6 (1) (a) GDPR. You may withdraw this consent at any time with effect for the future.

HubSpot Inc. is certified under the EU-US Data Privacy Framework. This is considered an adequacy decision under Art. 45 of the GDPR, permitting the transfer of personal data without the need for additional safeguards.

Further information about the HubSpot Forms service and its privacy policy can be found at: https://ww.hubspot.de/data-privacy/gdpr.

11.8 YouTube (videos)
This website includes components of various YouTube services. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube is an online video platform that allows video publishers to upload video clips free of charge and enables other users to view, rate and comment on them, also at no cost. YouTube allows the publication of all types of videos, including full-length films, television programmes, music videos, trailers and user-generated content, all of which are accessible via the platform. Whenever a page of this website containing an embedded YouTube component (such as a YouTube video) is accessed, the browser on your device is automatically prompted by the component to download the corresponding content from YouTube. Other services like Google WebFonts, Google Video and Google Photo may also load through YouTube. Further information about YouTube is available at: https://www.youtube.com/yt/about/. As part of this technical process, YouTube and Google are informed of the specific subpage of our website you have accessed.

If you are logged into YouTube at the same time, the platform can identify the specific subpage you are viewing when you access a page containing a YouTube video. This information is collected by YouTube and Google and linked to your YouTube account.

If you are logged into YouTube at the time of visiting our website, YouTube and Google are notified via the embedded YouTube component, regardless of whether you click on the video or not. If you do not wish YouTube and Google to receive this information, you can prevent it by logging out of your YouTube account before visiting our website.

These processing activities are carried out exclusively with your explicit consent in accordance with Art. 6 (1) (a) GDPR.

You can view YouTube’s Privacy Policy at: https://www.google.de/intl/de/policies/privacy/

11.9 YouTube Videos im erweiterten Datenschutzmodus (Youtube-NoCookies)
Some subpages of our website contain links or connections to YouTube content. Please note that we are not responsible for the content of any external websites to which we provide links. If you choose to follow a link to YouTube, be aware that YouTube may store user data (e.g. personal information, IP address) in accordance with its own data usage policies and may use this information for commercial purposes.

YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

We embed videos hosted on YouTube directly on certain subpages of our website. In such cases, content from the YouTube website is displayed within parts of your browser window. If you access a (sub)page of our site where YouTube videos are embedded, a connection is established to YouTube’s servers and the video content is delivered to your browser for display.

All YouTube content is embedded using the “enhanced privacy mode”. This feature is provided directly by YouTube, which ensures that no cookies are initially stored on your device. However, when you access the relevant pages, your IP address and potentially other data are transmitted, including information about which of our webpages you have visited. This information cannot be linked to you personally unless you are logged into YouTube or another Google service at the time of access or you remain logged in. Once you start playback by clicking on an embedded video, YouTube uses enhanced privacy mode to store only cookies that do not contain personally identifiable data, unless you are currently logged into a Google service. You can prevent these cookies from being stored by adjusting your browser settings or using appropriate browser extensions.

By requesting the video, you also consent to the placement of the corresponding cookie (Art. 6 (1) (a) GDPR).

You can view YouTube’s Privacy Policy at: https://www.google.de/intl/de/policies/privacy/.

12. Your rights as a data subject

12.1 Right to confirmation
You have the right to request confirmation as to whether we process personal data relating to you. If we do, you have the right to access the information listed in Art. 15(1) of the GDPR, provided that the rights and freedoms of other individuals are not affected (see Art. 15(4) of the GDPR).

12.2 Right of access pursuant to Art. 15 GDPR
You have the right to obtain, at any time and free of charge, information about the personal data we hold about you, as well as a copy of this data in accordance with applicable legal provisions.

12.3 Right to rectification pursuant to Art. 16 GDPR
You have the right to request the correction of inaccurate personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

12.4 Right to erasure pursuant to Art. 17 GDPR
In accordance with Art. 17(1) of the GDPR, you have the right to request the deletion of personal data we have collected about you if:

the data is no longer needed for the purposes for which it was collected;
the legal basis for processing no longer applies due to your having withdrawn your consent;
you have objected to the processing and there are no overriding legitimate grounds for continuing it;
your data has been processed unlawfully;
deletion is required to comply with a legal obligation or the data was collected in accordance with Art. 8(1) of the GDPR.

This right does not apply under Art. 17(3) of the GDPR if:

the processing is necessary for exercising the right to freedom of expression and information;
your data was collected on the basis of a legal obligation;
the processing is required for reasons of public interest; or
the data is necessary for the establishment, exercise or defence of legal claims.

12.5 Right to restriction of processing pursuant to Art. 18 GDPR
You have the right to request that we restrict the processing of your personal data if one of the legal conditions is met.
This applies when:

you contest the accuracy of the personal data;
the processing is unlawful and you do not consent to erasure;
the data is no longer required for the original processing purpose, but is needed for the establishment, exercise or defence of legal claims;
you have objected to the processing under Art. 21(1) of the GDPR and it is not yet clear whose interests prevail.

12.6 Right to data portability pursuant to Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without interference from us, as the original recipient of your personal data, if the processing is based on your consent (in accordance with Art. 6(1)(a) or Art. 9(2)(a) of the GDPR) or on a contract (in accordance with Art. 6(1)(b)) and is carried out by automated means; this right does not apply if the processing is necessary for a task carried out in the public interest or in the exercise of official authority assigned to us.

When exercising your right to data portability under Art. 20(1) of the GDPR, you also have the right to have your personal data transmitted directly from one controller to another, if this is technically feasible and provided this does not adversely affect the rights and freedoms of others.

12.7 Right to object pursuant to Art. 21 GDPR
You have the right to object to the processing of your personal data at any time if the objection relates to your specific situation and is based on Art. 6(1)(e) (processing in the public interest) or Art. 6(1)(f) (processing based on legitimate interests).

This also applies to profiling based on these provisions, as defined in Art. 4(4) of the GDPR.

If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or if the processing is necessary for the establishment, exercise or defence of legal claims.

In certain cases, we process personal data for direct marketing purposes. You have the right to object at any time to the processing of your personal data for such marketing. This also applies to profiling, where it is related to direct marketing. If you object to processing for direct marketing purposes, we will stop processing your personal data for these purposes.

You also have the right to object to the processing of your personal data if the objection relates to your specific situation and the data is processed for scientific or historical research purposes or for statistical purposes under Art. 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

You have the right to object to the processing of your personal data in connection with the use of information society services, and may exercise this right by automated means using technical specifications, regardless of Directive 2002/58/EC.

12.8 Withdrawal of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future. The lawfulness of any processing that was carried out before the withdrawal remains unaffected.

12.9 Complaint to a supervisory authority
You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of your personal data.

13. Storage, restriction and deletion of personal data

We process and store personal data only for as long as necessary to fulfil the relevant purpose or to meet legal obligations applicable to our organisation.

If the purpose for storing the data no longer applies or a legally required retention period has expired, the personal data will be routinely restricted or deleted in line with legal requirements.

How long we store personal data depends mainly on the relevant legal retention periods. Once these periods have expired, the relevant data will be deleted, unless it is still needed to perform or initiate a contract.

14. Current version and changes to this privacy policy

This privacy policy is currently valid and reflects the status as of: November 2025.

We may need to update this privacy policy as our website and services develop, or if legal or regulatory requirements change. You can access and print the latest version of this privacy policy at any time from our website via this link: https://www.jdngroup.com/de/datenschutz/.

This privacy policy was prepared with the support of disphere MANAGER data protection software.