Supply Chain
Transparency - Insights - Resilience

Legal disclaimer

––––––––––––––––––––
Privacy policy
––––––––––––––––––––
1) Introduction and contact details of the controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Stefan Koehler, Am Katzbach 6b, 85465 Langenpreising, Germany, Tel.: +4915124046851, E-Mail: stefan_koehler@yahoo.com. The controller of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
2) Data collection when you visit our website
2.1 If you use our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the site server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock icon in your browser line.
3) Contact us
3.1 Own function for online appointment scheduling
We process your personal data within the framework of the online appointment scheduling made available. You can see which data we collect for online appointment scheduling from the respective input form or the appointment query for making an appointment. If certain data is necessary to be able to make an online appointment, we will indicate this accordingly in the entry form or when requesting an appointment. If we provide you with a free text field in the input form, you can describe your request in more detail there. You can then also control which additional data you want to enter. The data you provide will be stored and used exclusively for the purpose of making an appointment. In the case of the processing of personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary to carry out pre-contractual measures), Art. 6 (1) (b) GDPR serves as the legal basis. If you have given us consent for the processing of your data, the processing is carried out on the basis of Art. 6 (1) (a) GDPR. Consent may be revoked at any time by sending a message to the controller named at the beginning of this statement.
3.2 Personal data is collected when contacting us (e.g. via contact form or e-mail). The data collected when using a contact form can be seen in the respective contact form. This data will be stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration.
The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the facts in question have been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
4) Site functionalities
4.1 Google Meet
We use this provider to conduct online meetings, video conferences and/or webinars: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
This may also result in a transfer to the servers of Google LLC. in the USA.
The Provider processes different data, with the scope of the data processed depending on what data you share before or during participation in an online meeting, video conference or webinar. Your data as a communication participant will be processed and stored on the provider's servers. This may include, but is not limited to, your login details (name, email address, phone number (optional) and password) and session data (subject, subscriber IP address, device information, description (optional)).
In addition, video and audio contributions from participants as well as voice input in chats can be processed.
For the processing of personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary to carry out pre-contractual measures), Art. 6 (1) (b) GDPR serves as the legal basis. If you have given us your consent to the processing of your data, the processing will be carried out on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future.
In addition, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest in the effective conduct of the online meeting, webinar or video conference in accordance with Art. 6 (1) (f) GDPR.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission.
4.2 Microsoft Teams
We use the following provider to conduct online meetings, video conferences and/or webinars: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA
The Provider processes different data, with the scope of the data processed depending on what data you share before or during participation in an online meeting, video conference or webinar. Your data as a communication participant will be processed and stored on the provider's servers. This may include, but is not limited to, your login details (name, email address, phone number (optional) and password) and session data (subject, subscriber IP address, device information, description (optional)).
In addition, video and audio contributions from participants as well as voice input in chats can be processed.
For the processing of personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary to carry out pre-contractual measures), Art. 6 (1) (b) GDPR serves as the legal basis. If you have given us your consent to the processing of your data, the processing will be carried out on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future.
In addition, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest in the effective conduct of the online meeting, webinar or video conference in accordance with Art. 6 (1) (f) GDPR.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.
For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission.
5) Rights of the data subject
5.1 The applicable data protection law grants you the following rights of data subjects (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis mentioned for the respective conditions for exercising:
- Right of access in accordance with Art. 15 GDPR;
- Right to rectification pursuant to Art. 16 GDPR;
- Right to erasure in accordance with Art. 17 GDPR;
- Right to restriction of processing in accordance with Art. 18 GDPR;
- Right to information pursuant to Art. 19 GDPR;
- Right to data portability in accordance with Art. 20 GDPR;
- Right to revoke consent given in accordance with Art. 7 para. 3 GDPR;
- Right to lodge a complaint pursuant to Art. 77 GDPR.
5.2 RIGHT TO OBJECT
IF, AS PART OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
6) Duration of storage of personal data
The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of processing and – if relevant – additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent in accordance with Art. 6 (1) (a) GDPR, the data concerned will be stored until you revoke your consent.
If there are statutory retention periods for data that are processed within the framework of legal transaction or quasi-legal obligations on the basis of Art. 6 (1) (b) GDPR, this data will be routinely deleted after the expiry of the retention periods, provided that it is no longer necessary for the performance or initiation of a contract and/or there is no legitimate interest on our part in further storage.
When processing personal data on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert,  Exercising or defending legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right to object in accordance with Art. 21 (2) GDPR.
Unless otherwise stated in the other information in this Statement about specific processing situations, stored personal data will also be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.