I. What is personal data?
‘Personal data’ means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
II. Purposes of data processing
The scope and nature of the collection, processing and use of your data differs depending on whether you visit our website simply to retrieve generally available information or to make use of additional services. In principle, we process your personal data in the context of our business activities for pre-contractual or contractual purposes. Additionally, exercising our legitimate interest or complying with legal requirements may also be the substantive purpose of our data processing operations. We have provided you with information about the relevant specific purposes of data processing in the sections below.
III. Legal basis of data processing
We process your personal data according to the following legal bases:
- For the fulfilment of pre-contractual or contractual obligations (Art. 6 (1) (b) of the GDPR)
- Based on your consent (Art. 6 (1) (a) of the GDPR)
- In the context of balancing of interests (Art. 6 (1) (f) of the GDPR)
- Due to legal requirements (Art. 6 (1) (c) of the GDPR)
There may also be additional legal bases according to country-specific provisions depending on the nature and scope of processing. We will inform you of the specific legal basis of data processing during our relevant processing operations.
IV. Using our website for information purposes
We use an external service provider to host our website. The personal data collected on this website is stored on the hoster’s servers. The hoster is used in the interest of a secure, fast and efficient provision of our website (Art. 6 para. I f) DSGVO). Our hoster will only process your data to the extent that this is necessary for the fulfillment of its performance obligations under the contractual obligations and instructions from us. We have concluded an order processing contract with the hoster in accordance with Art. 28 DSGVO.
You do not need to provide personal data to use our website for purely informational purposes. Rather, in this case, when you access our website, we only record the data that your web browser sends to us automatically, such as:
- The referrer (website visited previously)
- The requested web page or file
- The browser type and browser version
- The operating system used
- The type of device used
- The time of access
- The IP address used (in anonymised form)
- Other similar data and information that serves to avert danger in the event of attacks on our IT systems.
This is usually done through the use of log files. The purpose of processing is to ensure our website’s functionality and compatibility for technically unproblematic use, including troubleshooting, as well as protection against technical attacks and misuse. The legal basis for this processing is our legitimate interest according to Art. 6 (1) (f) of the GDPR. Our legitimate interest lies in the proper operation of our website. The log file data will be deleted as soon as it is no longer required for the purpose of processing.
V. Using our website for other services
Insofar as you use additional services that our company provides through our website, you may need to provide personal data for this purpose, e.g. as part of the registration process for our B2B web store. Some of our download offers, e.g. software downloads or the use of online manuals, are also only delivered after registration. Which personal data is required for the provision of services is determined by the relevant input screen or application. You can enter additional information on a voluntary basis. You can tell which information is required and which is voluntary by the fact that the mandatory information is marked with an asterisk (*) or with the note ‘Mandatory field’. Your data will be processed exclusively for the purpose of providing the service you requested. The legal basis for processing your personal data, as well as the information about when your personal data will be deleted, can be found in the description of the specific services.
VI. Contact us
We give you the opportunity to contact us by means of a contact form on our website. The personal data you provide as a result of contacting us through a contact form will only be processed for the purpose of handling your contact through the contact form. Your data will only be disclosed to third parties if doing so is necessary for the purpose of processing your contact. The legal basis for this processing is Art. 6 (1) (b) of the GDPR. Your personal data will be deleted when it is no longer required to fulfil the purpose of your contact. We would like to point out that your messages may have to be stored in the context of legally existing retention requirements. In this case, the legal basis is Art. 6 (1) (c) of the GDPR.
Contact by email
We give you the opportunity to contact us by email on our website. Please note that unencrypted communication by email is not secure. It cannot be ruled out that data transferred in this way may be read, copied, modified or deleted by unauthorised individuals. The personal data you provide as a result of contacting us through an email enquiry will only be processed for the purpose of handling your email enquiry. Your data will only be disclosed to third parties if doing so is necessary for the purpose of processing this contact. The legal basis for this processing is Art. 6 (1) (b) of the GDPR. Your personal data will be deleted when it is no longer required to fulfil the purpose of your contact. We would like to point out that your messages may have to be stored in the context of legally existing retention requirements. In this case, the legal basis is Art. 6 (1) (c) of the GDPR.
If you would like to subscribe to our newsletter, in addition to your email address we require confirmation that you are the owner of the email address provided and that you consent to receiving the newsletter. This data is only collected for the purpose of being able to send you the newsletter and to document our permission to do so. The following data is also collected during the subscription process:
- The accessing computer’s IP address
- The date and time of registration
We use the CleverReach service to send our newsletters. CleverReach is a service that we use to organise our newsletter sending operations and that allows us to measure how successful our marketing is. Our newsletters sent with CleverReach allow us to analyse newsletter recipients’ behaviour. Among other things, we can analyse how many recipients have opened the newsletter message and how often which link in the newsletter has been clicked on. For more information about data analytics through CleverReach newsletters, please visit: https://www.cleverreach.com/en/features/reporting-tracking/
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remains unaffected by this.
For more information about CleverReach’s data protection activities, please visit: https://www.cleverreach.com/en/privacy-policy/
We have concluded an order data processing contract with CleverReach and thus implement the requirements of data protection.
VIII. Google reCAPTCHA
Additional Google services such as Google Fonts or Google Photos may be downstreamed by Google by using Google reCAPTCHA. You can find more information about how Google processes data here: https://www.google.com/policies/privacy/
We have taken technical and organisational measures to protect our website and other systems against loss, destruction, access, modification or distribution of your data by unauthorised individuals. In particular, your personal data provided in the contact form will be transferred in encrypted form. We use the TLS 1.2 (Transport Layer Security) coding system for this purpose.
XI. Web analytics
We use the open source software tool Matomo on our websites to analyze the surfing behavior of our users. Matomo does not transmit data to servers that are outside the control of ZDS. The software tool runs exclusively on the servers of our website. Storage of this data only takes place there. The data is not passed on to third parties. After activation by the user, the software sets a cookie on the respective user’s computer, which we can use to count and analyze visits. The software is set in such a way that the IP addresses are not stored completely, but the last byte of the IP address is marked (e.g. 192.168.134.xxx). In this way, an assignment of the shortened IP address to the calling computer is no longer possible. The user thus remains anonymous for us.
Contact form: matomo.org/contact
Matomo Representative: EU Representative as a controller or processor not established in the Union (article 27 GDPR) is: ePrivacy Holding GmbH Große Bleichen 21 20354 Hamburg Germany
External Data Protection Officer: ePrivacy GmbH represented by Prof. Dr. Christoph Bauer Große Bleichen 21, 20354 Hamburg Germany
XII. Additional functions and contents
If we use additional functions and contents (e.g. map or font services) on our website, by means of which we or the provider of the services process(es) personal data belonging to you, we will inform you of this at this point.
We use plugins from the website sketchfab.com operated by Sketchfab, Inc. The site operator is Sketchfab, Inc., Sketchfab HQ, 1123 Broadway‚ #501 (25th St), New York City, NY 10010 USA.
When you visit one of our pages featuring a Sketchfab plugin, a connection to Sketchfab’s servers is established. During this process, the Sketchfab server is made aware of which of our pages you have visited. If you are logged into your Sketchfab account, you are enabling Sketchfab to allocate your surfing behaviour directly to your personal profile. You can prevent this from happening by logging out of your Sketchfab account.
XIII. ZDS Vision Channel
We use features of other services for our ZDS Vision Channel webinar and video streaming channel that requires registration. These are listed individually below:
To use the services of our ZDS Vision Channel, you need to create an ZDS website user account. The user account allows you the exclusive playback of videos and to participate in digital live events. Occasionally, these live events are held together with partner companies such as system integrators. With the registration of a user account and your participation in a digital live event which is organized within the framework of our ZDS Vision Channel and together with a partner company, your personal data will be stored on the basis of your consent for possible forwarding to the respective partner company. The data results from the input mask for opening a user account.
XIV. Recipients and data transfer
We have pooled certain data processing operations in our company. They may be handled centrally by our individual divisions, e.g. for processing enquiries. External contractors and service providers (e.g. logistics companies or IT service providers) may also be used to ensure that our tasks are performed and contracts are fulfilled. Additionally, data may be passed on to recipients to whom we are obligated or entitled to disclose the same due to contractual or legal obligations or based on your consent.
XV. Data transfer to third countries
Data transfer to third countries (countries outside of the EU and the European Economic Area (EEA)) only takes place insofar as doing so is necessary for the execution of a contract / order / business relationship, including the initiation of the same, or is permitted by our legitimate interest or based on your consent and only in compliance with the data protection requirements prescribed for this.
Note on data transfer to the USA
Services from companies based in the USA are integrated in our website. In the context of using these services, personal data may be transferred to servers belonging to the relevant service providers that are based in the USA. We would like to point out that the USA is not a safe third country under EU data protection law. US companies are obligated to hand over personal data to security authorities without you (the data subject) being able to take sufficient legal action against this. It cannot, therefore, be completely ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no control over these processing activities.
XVI. Erasure of your data
We process your personal data only for as long as doing so is necessary for the relevant purpose or until a legal basis for processing (e.g. revocation of consent to data processing) no longer exists. In this respect, we observe the existing legal retention and storage periods.
XVII. Your rights
You have the right:
- to receive free access to the personal data that we have stored about you (right of access)
- to request confirmation as to whether we are processing personal data concerning you (right to confirmation)
- to request that we erase the personal data concerning you without delay, provided that processing of the same is no longer necessary and also that the further requirements set out in the GDPR for erasure are met (right to erasure)
- to request the immediate rectification and completion of inaccurate personal data concerning you (right to rectification)
- to request that processing of your personal data be restricted (right to restriction of processing)
- to obtain the personal data concerning you in a structured, commonly used and machine-readable format (right to data portability)
- to object to the processing of your personal data (right to object)
- to not be subjected to a decision based solely on automated processing – including profiling – that has legal implications for you or significantly affects you in another way (right to individual decision-making).
- to, at any time, revoke your consent to processing of your personal data with effect for the future.
- to lodge a complaint with the competent data protection supervisory authority if you believe that processing of personal data concerning you is in breach of the GDPR (right to lodge a complaint).
Please contact our data protection officer for more information about your rights.
XIX. Social media privacy information
Social networks like Facebook, etc., can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media pages triggers numerous processing operations that are relevant to data protection. Specifically: If you are logged into your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be collected if you are not logged in or do not have an account with the relevant social media portal. In this case, this data collection takes place using the likes of cookies that are stored on your terminal device or by recording your IP address. The operators of the social media portals can create user profiles that your preferences and interests are stored in using the data collected in this way. In this way, you may be shown interest-based advertising within and outside of the relevant social media page. If you have an account with the relevant social network, the interest-based advertising may be displayed on all devices that you are or have been logged in on.
Our presence on social media is designed to provide an informative online presence. This is a legitimate interest under Art. 6 (1) (f) of the GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be indicated by the operators of the social networks (e.g. consent under Art. 6 (1) (a) of the GDPR).
Controller and asserting rights
If you visit one of our social media pages, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (access, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the relevant social media portal.
Please note that, despite being a joint controller together with the social media portal operators, we do not have complete control over the social media portals’ data processing operations. Our options are largely determined by the relevant provider’s corporate policy.
The data we collect directly through the social media page will be deleted from our systems as soon as the purpose for storing it no longer applies, you request that we delete it, you revoke your consent to storage or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory statutory provisions – particularly retention periods – remain unaffected.