I. Definitions
Our data privacy statement makes use of terms defined in the EU General Data Protection Regulations (GDPR). We have explained these terms below in order to ensure legibility and comprehension of our data privacy statement:
1. Personal data
According to the GDPR, personal data is all information referring to an identified or identifiable natural person. This refers to information such as your name, your date of birth, your address, your E‑Mail address, your IP address or your telephone number, as well as your user behaviour. On the other hand, information not directly related to your real identity – such as websites generally preferred by all users or a website’s number of users – is not regarded as personal data.
2. Data subject
The data subject is any identified or identifiable natural person whose personal data is used by the controller responsible for processing.
3. Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future..
5. Controller or controller responsible for processing
The controller or controller responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or member state law, the controller or the specific criteria for its nomination may be provided for by Union or member state law.
6. Processor
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
7. Recipient
The recipient is a natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or member state law shall not be regarded as recipients.
8. Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
9. Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning them.
II. Name and address of the controller [Art. 4, Para. 7 of the GDPR]
The controller under the terms of the General Data Protection Regulation, other national data protection legislation of the member states and other provisions under data protection legislation is:
Pilz GmbH & Co. KG
Felix-Wankel-Straße 2
73760 Ostfildern
Germany
Tel.: +49 711 3409–0
E‑Mail: info@pilz.de
Website: www.pilz.com
III. Data protection officer
You can reach our data protection officer at: dataprotection@pilz.com
IV. General information on data processing
1. Extent of personal data processing
As a basic principle, we collect and process our users’ personal data only to the extent required for providing a functional website and supplying our content and services. We process our users’ personal data regularly only if the respective users have given their consent. An exception applies in those cases where it is not actually possible to obtain prior consent and where data processing is permitted by law.
2. Legal basis for processing personal data
The data you transfer or collect shall only be collected, used, processed, stored and if necessary forwarded to third parties – where this is legally prescribed, contractually necessary or permitted within the framework of current legislation – within the framework of current data protection legislation (GDPR, the German Federal Data Protection Act and the German Broadcast Media Act).
Art. 6 of the GDPR is the respective legal basis for processing your personal data to which this data privacy statement refers:
Insofar as we obtain the data subject’s consent to process their personal data, Art. 6, Para. 1, lit. a of the EU General Data Protection Regulation (GDPR) shall apply as the legal basis for processing personal data.
Where it is necessary to process personal data for the purposes of fulfilling a contract and the data subject is the contracting party, Art. 6, Para. 1, lit. b of the GDPR shall apply as the legal basis. This shall also apply to processing which is required to carry out pre-contractual measures.
Where processing of personal data is necessary for our company to fulfil a legal obligation, Art. 6, Para. 1, lit. c of the GDPR shall apply as the legal basis.
Where processing of personal data is necessary for protecting the vital interests of the data subject, or those of another natural person, Art. 6, Para. 1, lit. d of the GDPR shall apply as the legal basis.
Where processing is necessary to protect our company’s or a third party’s legitimate interests, and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6, Para. 1, lit. f of the GDPR shall apply as the legal basis for processing.
3. Erasure of data and duration of storage
The data subject’s personal data shall be erased or blocked as soon as the purpose for which it has been stored has been fulfilled. Data may be stored beyond this period if this is specified in European or national legislation from European Union Regulations, laws or other provisions to which the controller is subject. Data shall also be blocked or erased if a storage period specified in the above standards expires, unless conclusion or fulfilment of a contract requires the data to be stored for longer.
V. Providing the website and creating log files
The extent and manner of collection and use of your data shall vary, depending on whether you visit our website only to access information or whether you are making use of our offers — static links (I), comment function (II) and the option of E‑Mail contact as set out in the contact form or by E‑Mail address (III) as well as Vimeo (IV):
1. Description and extent of data processing
Each time our website is accessed, our system automatically collects data and information from the accessing computer system.
The following data is collected:
- Information on the browser type and version used
- The user’s operating system
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reaches our website
- Websites the user’s system accesses from our website
The data is also stored in our system’s log files. This data is not stored together with any of the user’s other personal data.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6, Par. 1, lit. f of the GDPR.
3. Purpose of data processing
The system needs to store the IP address temporarily in order to provide the website to the user’s computer. The user’s IP address must remain stored for the duration of the session for this purpose.
Storage in log files is carried out to guarantee the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. No data is evaluated for marketing purposes in this context.
The above purposes also constitute our legitimate interest in data processing under Art. 6, Para. 1, lit. f of the GDPR.
4. Duration of storage
The data shall be erased as soon as it is no longer required to achieve the purpose for which it was collected. When data is collected in order to provide the website, this is the case when the respective session is ended.
When data is stored in log files, this is the case after 7 days at the latest. Extended storage is possible. In this case, users’ IP addresses are erased or modified so that they can no longer be allocated to the accessing user.
5. Option to object and remove
It is absolutely essential to collect data in order to provide the website; it is necessary to store data in log files in order to operate the website. As a result, the user has no option to object.
I. Static links to Facebook, Twitter, YouTube and LinkedIn
Our website makes use of static links to the social network Facebook, the microblogging service Twitter and the social platform LinkedIn. These services are offered by the companies Meta Platforms Inc., Twitter Inc. and LinkedIn Corp. (“service providers”). Please inform yourself about the data privacy regulations on the respective platform.
Sharing content
You have the option to recommend content on our website via the buttons placed on the article. We provide information — and no personal data — to the social networks for the sole purpose of displaying content. When you use the buttons, we merely link to the page of the respective social media provider. We do not process any personal data.
II. Comment function
1. Description and extent of data processing
On our website we offer the option to leave comments about individual articles. Should a data subject leave a comment on an article, details about the time the comment was made, as well as the user name (pseudonym) chosen by the data subject are stored and published alongside the comments left by the data subject. The E‑Mail address entered by the data subject is also stored – but not published. Furthermore, the IP address assigned by the data subject’s Internet service provider (ISP) is also recorded.
2. Legal basis for data processing
The legal basis for data processing, provided that the user has given their consent to this effect, is Art. 6, Para. 1, lit. a of the GDPR. The legal basis for processing data transferred in the course of sending an E‑Mail is Art. 6, Para. 1, lit. f of the GDPR. If you have contacted us by E‑Mail with the aim of concluding a contract, Art. 6, Para. 1, lit. b of the GDPR forms an additional legal basis.
3. Purpose of data processing
Processing of personal data from the input screen serves only to process the comment. If the user makes contact by E‑Mail, there is also a required legitimate interest in data processing.
The IP address is stored for security reasons and in case the data subject should leave a comment that violates third-party rights or posts unlawful content. Therefore, this personal data is stored in the interests of the controller, so that they can exculpate themselves, if necessary, in case the law is infringed. The personal data collected in this way shall not be forwarded to third parties unless it is required by law or serves as the legal defence for the controller.
4. Duration of storage
The data shall be erased as soon as it is no longer required to achieve the purpose for which it was collected. For the E‑Mail address from the comment function’s input screen, this is the case when E‑Mail communication is not required beyond replying to the comment, or the respective conversation with the user via E‑Mail communication has ended. The conversation is ended when the circumstances indicate that the situation concerned has been conclusively clarified. The article, including the comments published under the user name (pseudonym) chosen by the data subject shall automatically be deleted three years after the article’s publication date.
5. Option to object and remove
Users shall have the option to withdraw their consent to the processing of their personal data at any time. If users contacts us by E‑Mail, they can object to the storage of their personal data at any time. The conversation cannot be continued in a case such as this. All personal data stored during the course of contact is erased in this case.
III. Contact form and E‑Mail contact
1. Description and extent of data processing
On our website there is a contact form which can be used to contact us electronically. If a user uses this option, the data entered in the input screen shall be transferred to us and stored. Mandatory data is:
Title
Surname
First name
Company
Street, house number
Postcode, town
Country
E‑Mail
Voluntary data is:
Department
PO box
State/County
Telephone
Telefax
Industry
Customer number
At the time of sending the message, the following data is also stored:
- The user’s IP address
Your consent to data processing is obtained during the sending process, with reference to this data privacy statement.
Alternatively, you can also contact us on the E‑Mail address provided. In this case, the user’s personal data that is transferred with the E‑Mail is stored.
Your data shall not be disclosed to third parties in this regard. Data is only used for processing the conversation.
2. Legal basis for data processing
The legal basis for data processing, provided that the user has given their consent to this effect, is Art. 6, Par. 1, lit. a of the GDPR. The legal basis for processing data transferred in the course of sending an E‑Mail is Art. 6, Para. 1, lit. f of the GDPR. If you have contacted us by E‑Mail with the aim of concluding a contract, Art. 6, Para. 1, lit. b of the GDPR forms an additional legal basis.
3. Purpose of data processing
Processing of personal data from the input screen serves only to allow us to process the contact request. If the user makes contact by E‑Mail, there is also a required legitimate interest in data processing.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our IT systems.
4. Duration of storage
The data shall be erased as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the contact form’s input screen and the data sent by E‑Mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the situation concerned has been conclusively clarified.
The personal data also collected during the sending process is erased after a period of seven days at the latest.
5. Option to object and remove
Users have the option to withdraw their consent to the processing of their personal data at any time
If users contact us by E‑Mail, they can object to the storage of their personal data at any time. The conversation cannot be continued in a case such as this.
All personal data stored during the course of contact is erased in this case.
6. LinkedIn — Generating leads through a form
By means of ads we place forms via LinkedIn; these give you the opportunity to receive further information or take advantage of additional offers. We use this form to ask for your personal data (first name and surname, company, E‑Mail address, telephone number) and, depending on the type of ad, other personal data provided by LinkedIn in the form.
You send the data you enter in the form by pressing the “Send” button. This is sent to LinkedIn first, then LinkedIn makes this data available to us via an interface.
The data you provide is processed exclusively on the basis of your consent (Art. 6, Par. 1, lit. a of the GDPR). You can withdraw that consent at any time. An informal notification via E‑Mail is enough to withdraw your consent. The legality of any data processing operations carried out before consent is withdrawn shall remain unaffected.
We shall store the data submitted to us via the form until such time as you instruct us to erase it, withdraw your consent to it being stored or there is no further need to store the data. Mandatory statutory provisions – in particular retention periods – shall remain unaffected. In accordance with its internal data privacy policies, LinkedIn stores your data independently for a period of 90 days and then erases it automatically.
IV. Vimeo
We use “Vimeo”, an online video portal supplied by Vimeo.com, Inc., 330 West 34th Street, 5th Floor New York, New York 10001, USA to display videos on our website.
a. Type of personal data
On our website, when you call up a page containing a “Vimeo” video, your browser connects to “Vimeo’s” servers. This results in a data transfer, during which your IP address, technical information about your browser type, the operating system, plus date and time are transmitted and processed by “Vimeo”.
“Vimeo” stores information about the website through which you use the “Vimeo” service and which web activities you carry out on our website. Web activities include session duration, bounce rate, or also which button you clicked on in the embedded “Vimeo” player on our website. “Vimeo” can track and store these actions using cookies. We ask for your permission to store and process data each time you view a “Vimeo” video on our website by clicking on the video. Should you not consent to storage and processing, you will need to prevent the installation of cookies. This can be done via the appropriate settings in your browser.
If you are logged into “Vimeo” when you visit an Internet page on our website that has a “Vimeo” player embedded, the collected user data is assigned to your personal user account.
You can find out more about the use of cookies at Vimeo at https://vimeo.com/cookie_policy. Information on data protection at Vimeo is available at https://vimeo.com/privacy.
b. Storage period
“Vimeo” stores your data until “Vimeo” no longer has any commercial reason for storing the data. At this point your data is deleted or anonymised.
c. Purpose of data processing
“Vimeo” uses the data to improve its own service, to communicate with you and to implement its own targeted advertising measures.
d. Legal basis for processing
The legal basis is Art. 6 Para. 1 lit. a) GDPR. You give your consent by allowing external content to be incorporated.
e. Transfer of your data
We will never pass your personal data to a third party — other than as outlined above.
The user data is processed on “Vimeo’s” servers in the USA. “Vimeo” uses so-called standard contractual clauses (= Art. 46 Para. 2 and 3 of the GDPR) as the basis for data processing for recipients based in third countries or for transferring data there. Through these clauses, Vimeo undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA.
VI. Use of cookies
Our website uses cookies. Cookies are text files which are stored in the user’s Internet browser or on the user’s computer system by the Internet browser. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic character string which enables unique identification of the browser the next time the website is called up.
I. Cookies used by third parties
Necessary (1)
Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
- Name: __cf_bm
Provider: fonts.net
Purpose: This cookie is used to distinguish between humans and bots. This is beneficial for the website to generate valid reports about the usage of the website.
Expiration: 1 day
Type: http cookie
VII. Web analysis through Matomo
1. Description and extent of data processing
We use the open source software tool Matomo on our website to analyse the surfing behaviour of our users. This is an open source web analysis tool. Matomo does not transfer any data to servers outside of our control.
We do not use cookies when using Matomo.
In using Matomo to analyse visitors to our website, our aim is to further improve our website and adapt it to users’ needs.
When calling up our website and its individual pages, Matomo collects the following data:
(1) 2 Bytes of the IP address of the user’s calling system
(2) The called website
(3) The website from which the user accessed the called website (referrer)
(4) The sub-pages called up from the called website
(5) The time spent on the website, but no longer than one session
(6) The frequency with which the website is called, observed over no more than one session
The software runs exclusively on our website’s servers. This is the only place where the user’s anonymised personal data is stored. Data is not disclosed to third parties.
2. Legal basis for personal data processing
The legal basis for processing the user’s personal data is Art. 6, Para. 1 lit. f of the GDPR.
3. Purpose of data processing
Processing the user’s anonymised personal data enables us to analyse our users’ surfing behaviour. By evaluating the data collected we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user friendliness. By shortening the IP address, users’ interest in the protection of their personal data is sufficiently taken into account.
4. Duration of storage and option to object and remove
The data is deleted as soon as it is no longer required for our recording purposes. The generated aggregated statistics and underlying data are not deleted.
5. Option to object and remove
We do not use cookies and only use anonymised user data for web analysis. For this reason, the option to object and remove is not necessary for users of our website.
VIII. Rights of the data subject
If your personal data is processed, then you are the data subject under the provisions of the GDPR and you are entitled to the following rights vis-à-vis the controller:
1. Right of access
You can request confirmation from the controller as to whether we are processing personal data concerning you.
If such processing is taking place, you can request access to the following information from the controller:
The purposes for which the personal data is being processed;
The categories of personal data that are being processed;
The recipients or categories of recipients to whom the relevant personal data has been disclosed or is being disclosed;
The planned duration of storage of the personal data concerning you or, if that is not possible, the criteria used to define that period;
The existence of the right to request from the controller rectification or erasure of personal data concerning you, the right to restrict processing by the controller or the right to object to this processing;
The right to lodge a complaint with a supervisory authority;
All available information about the origin of the data, if the personal data is not obtained from the data subject;
The existence of automated decision-making, including profiling, referred to in Art. 22 Par. 1 and 4 of the GDPR and – at least in those cases – meaningful information about the logic involved, as well as the implications and intended effects of such procedures for the data subject.
You have the right to request information about whether the personal data concerning you is transferred to a third country or an international organisation. In this context, you can request to be informed of the appropriate safeguards according to Art. 46 of the GDPR in connection with such transfer.
2. Right to rectification
You have a right to obtain rectification and/or completion from the controller, where the processed personal data concerning you is incorrect or incomplete. The controller shall rectify the data without delay.
3. Right to restrict processing
You can request that processing of the personal data concerning you be restricted under the following conditions:
When you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
Processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
The controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims, or
When you have objected to processing pursuant to Art. 21 Par. 1 of the GDPR, pending verification of whether the legitimate grounds of the controller override yours.
Where processing of the personal data concerning you is restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of rights of another natural or legal person or for reasons of important public interest of the Union or of a member state.
If restriction of processing was obtained in accordance with the aforementioned conditions, you shall be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to erase
You can make a request to the controller that the personal data concerning you be erased without undue delay and the controller shall be obliged to erase this data without undue delay where one of the following grounds applies:
The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which processing is based in accordance with Art. 6, Para. 1, lit. a or Art. 9, Para. 2, lit. a of the GDPR and there are no other legal grounds for processing.
You object to processing pursuant to Art. 21, Para. 1 of the GDPR and there are no other overriding legitimate grounds for processing or you object to processing pursuant to Art. 21, Para. 2 of the GDPR.
The personal data concerning you was processed unlawfully.
The personal data concerning you must be erased for compliance with a legal obligation in Union or member state law to which the controller is subject.
The personal data concerning you was collected in relation to the offer of information society services referred to in Art. 8, Para. 1 of the GDPR.
b) Information to third parties
Where the controller has made the personal data concerning you public and is obliged to erase the personal data pursuant to Art. 17, Par. 1 of the GDPR, taking account of the available technology and the cost of implementation, the controller shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you as the data subject have requested the erasure of any links to, or copy or replication of this personal data.
c) Exceptions
The right to erasure shall not apply where processing is necessary
For exercising the right of freedom of expression and information;
For compliance with a legal obligation which requires processing by Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
For reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 Par. 2 as well as Art. 9 Par. 3 of the GDPR;
For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Par. 1 of the GDPR, in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
For the establishment, exercise or defence of legal claims.
5. Right to notification
If you have asserted your right to rectification, erasure or restriction of processing from the controller, the controller shall be obliged to inform all the recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You are entitled to receive information about these recipients from the controller.
6. Right to data portability
You have the right to receive the personal data concerning you, which you provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
Processing is based on consent pursuant to Art. 6 Par. 1 lit. a or Art. 9 Par. 2 lit. a of the GDPR or on a contract pursuant to Art. 6 Par. 1 lit. b of the GDPR and processing is carried out by automated means.
In exercising this right, you further have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by the exercising of this right.
7. Right to object
You shall have the right, on grounds relating to your particular situation, to object at any time to processing of the personal data concerning you based on Art. 6, Para. 1, lit. e or f of the GDPR; this shall also apply to profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you shall have the right at any time to object to processing of the personal data concerning you for the purposes of such marketing; this shall also apply to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you can exercise your right to object by automated means using technical specifications.
8. Right to withdraw your declaration of consent under data privacy legislation
You have the right to withdraw your declaration of consent under data privacy legislation at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.
IX. Right of amendment
We reserve the right to amend this data privacy statement in order to adapt it to current regulations; the same applies to the offerings on our website.