Privacy Policy

Privacy Policy

1. Introduction
The details below are intended to provide you, as a “data subject”, with an overview of how we process your personal data and rights under data protection laws. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services provided by our company via our website, we may need to process your personal data. Whenever the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.

Personal data, such as your name, address and e-mail address, are always processed in accordance with the EU General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to K2 Systems GmbH. In this Privacy Policy, we intend to inform you about the scope and purpose of the personal data we collect, use and process.

As the Data Controller, we have implemented a range of technical and organisational precautions to ensure that any personal data processed via this website is protected as comprehensively as possible. Nevertheless, internet-based data transfers can generally have security loopholes, so that it is impossible to guarantee absolute protection. You are therefore free to provide personal data to us by alternative means, for example by telephone or by post.

2. Data Controller
The Data Controller as defined by the GDPR is:
K2 Systems GmbH
Haldenstraße 1, 71272 Renningen, Germany
Representatives of the Data Controller: Katharina David and Willem Haag

3. Data Protection Officer
You can contact the Data Protection Officer as follows:
E-mail: Datenschutz@K2-Systems.com

If you have any questions or suggestions regarding data protection, you can contact our Data Protection Officer directly at any time.

4. Legal basis for data processing
Article 6 (1) (a) GDPR, in conjunction with Section 25 (1) TDDDG (German Telecommunications-Telemedia Data Protection Act), formerly TTDSG (German Telemedia Data Protection Act), serves as the legal basis for processing operations where we obtain consent for a specific processing purpose.

Processing is based on Article 6 (1) (b) GDPR if the processing of personal data is necessary for the performance of a contract to which you are a party; this applies, for instance, to processing operations required for the delivery of goods or the provision of another service or consideration. The same applies to processing operations necessary for carrying out pre-contractual measures, such as handling enquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as fulfilling tax obligations, this processing is based on Article 6 (1) (c) GDPR.

Ultimately, processing operations may be based on Article 6 (1) (f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, where processing is necessary to protect a legitimate interest of our company or a third party, provided that your interests, fundamental rights and freedoms as the data subject do not override these interests. One reason, in particular, why we are permitted to carry out such processing is that it has been explicitly acknowledged by the European legislator. In this context, the legislator expressed the view that a legitimate interest may be assumed if you are a customer of our company (Recital 47, sentence 2, GDPR).

5. Transfer of data to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal data with third parties if one of the following conditions applies:

you have provided us with your explicit consent to do so under Art. 6 (1) (a) GDPR,
disclosure is permissible under Art. 6 (1) (f) GDPR in order to safeguard our legitimate interests and there is no reason to believe that you have an overriding legitimate interest in the non-disclosure of your data,
the transfer is necessary to comply with a legal obligation under Art. 6 (1) (c) GDPR, and
disclosure is legally permissible and necessary for the performance of a contract with you under Art. 6 (1) (b) GDPR.

As part of the processing operations described in this Privacy Policy, personal data may be transferred to the United States. Companies in the USA only have an adequate level of data protection if they are certified under the EU-US Data Privacy Framework and are covered by the EU Commission’s adequacy decision pursuant to Article 45 GDPR. We have explicitly mentioned this in the Privacy Policy with respect to the relevant service providers. To protect your data in all other instances, we have entered into commissioned data processing agreements based on the European Commission’s standard contractual clauses. If the standard contractual clauses are insufficient to ensure an adequate level of protection, your consent in accordance with Article 49 (1) (a) GDPR may serve as the legal basis for a transfer to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision in accordance with Article 45 GDPR.

6. Technology
6.1 SSL/TLS encryption

This site employs SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential information, such as orders, login data and contact requests that you send to us as the operator. You can recognise an encrypted connection by the presence of “https://” instead of “http://” in the address bar of your browser and by the padlock icon in the browser’s address field.

We use this technology to protect the data you submit.

6.2 Data collection when you visit our website
When you use our website solely for information purposes, if you do not sign up with us or provide us with information in any other way or if you do not give your consent to processing that requires it, we only collect data that is technically necessary for the provision of our service. This typically includes data that your browser transmits to our server (in server log files). Each time a page is accessed, either by you or an automated system, our website collects a range of general data and information. This general data and information are stored in the server log files. The following can be recorded:

Browser types and versions used
The operating system used by the accessing system
The website from which the accessing system reaches our website (referrer)
The pages accessed on our website by the accessing system
The date and time of access to the website
A truncated internet protocol address (anonymised IP address)
The internet service provider of the accessing system

When using this general data and information, we do not draw any conclusions about your identity. Such information, however, is required for the following purposes:

To deliver contents of our website correctly
To optimise the contents of our website and its promotion
To ensure the long-term functionality of our IT systems and the technology of our website
To provide law enforcement authorities with the information required for prosecution in the event of a cyberattack.

We analyse collected data and information for two purposes: (1) statistics, (2) to increase the data protection and data security of our company and thus to ensure the best level of protection for any personal data we process. The anonymous data in the server log files is stored separately from any personal data provided by a data subject.

The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest is based on the data collection purposes listed above.

6.3 Cloudflare (content delivery network)
Our website uses features provided by CloudFlare. The provider is CloudFlare, Inc. 665 3rd St. #200, San Francisco, CA 94107, USA.

CloudFlare offers a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed via the CloudFlare network. This enables CloudFlare to analyse data traffic between users and our websites, for example to detect and defend against attacks on our services. In addition, CloudFlare may store cookies on your device in order to optimise performance and for analysis purposes.

You can configure your browser settings so that you are notified whenever cookies are set and only allow cookies in specific cases, accept cookies in certain cases or generally reject them, and activate the automatic deletion of cookies when you close your browser. Disabling cookies may limit the functionality of this website.

We have entered into a commissioned data processing agreement with Cloudflare, based on the GDPR and EU standard contractual clauses. Cloudflare collects statistical data about visits to our website. Such access data includes: name of website accessed, file, date and time of access, volume of data transmitted, report on successful access, browser type and version, user’s operating system, referrer URL (previously visited page), IP address and requesting provider. Cloudflare uses log data for the purpose of statistical analysis, so that we can operate, provide security and optimise our website.

If you have consented to the use of Cloudflare, the legal basis for the processing of personal data is Art. 6 (1) (a) GDPR. Furthermore, we have a legitimate interest in using Cloudflare to optimise our website and enhance its security. The legal basis for this purpose is Art. 6 (1) (f) GDPR. Personal data is stored for as long as it is needed to fulfil the purpose of such processing. The data will be erased as soon as it is no longer required for its purpose.

This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision under Art. 45 GDPR, so that personal data may be transferred without further guarantees or additional measures.

Further details about CloudFlare can be found at: https://www.cloudflare.com/privacypolicy/.

6.4 Hosting by Amazon Web Services – AWS
Our website is hosted by Amazon Web Services (AWS). The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg.

When you visit our website, your personal data is processed on AWS servers. This may also involve the transfer of personal data to the AWS parent company in the USA.

AWS is used on the basis of Art. 6 (1) (f) GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible.

We have entered into a commissioned data processing agreement with AWS. This contract is required under data protection law and ensures that AWS processes the personal data of our site visitors only as instructed by us and in compliance with the GDPR.

Further details about AWS’s data privacy provisions can be found at: https://aws.amazon.com/privacy/?nc1=f_pr

6.5 jsDelivr
Our website uses embedded components from jsDelivr, operated by the provider Prospect One, Królewska 65A/1, PL-30-081 Kraków, Poland.

Our website uses the open-source service jsDelivr to ensure that content from our website is delivered to the various devices of our users as quickly and smoothly as possible.

jsDelivr is a content delivery network (CDN) that distributes our website content across a number of servers to ensure its best possible global availability. A CDN typically uses servers that are geographically close to a given website user. It can therefore be assumed that users within the EU receive content via servers within the EU. In order to deliver content, jsDelivr collects user data such as the IP address.

According to the information available from the provider, jsDelivr does not use cookies or similar tracking methods but is only necessary for the technical reasons mentioned above.

Data processing is based on your consent as per Art. 6 (1) (a) GDPR.

You can view the privacy policy of jsDelivr at: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.

7. Cookies
7.1 General information about cookies
Cookies are small files that your browser automatically creates when you visit our website and which are stored on your IT system (laptop, tablet, smartphone, etc.).

The information stored in a cookie is derived from the context of the specific device that is being used. However, this does not mean that we will become directly aware of your identity.

7.2 Legal basis for the use of cookies
Where data processed by cookies is necessary for the proper functioning of or website, it is required to protect our own legitimate interests and those of third parties, in both cases under Art. 6 (1) (f) GDPR.

As regards all other cookies, you have given your consent to them via our opt-in cookie banner in accordance with Art. 6 (1) (a) GDPR.

7.3 Usercentrics (consent management tool)
Usercentrics, our consent management tool, is provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service allows us to obtain and manage the consent of website users for data processing.

Usercentrics collects data generated by end users when they access our website. When an end user provides consent, Usercentrics automatically logs the following data:

Browser details
Date and time of access
Device information
URL of page visited
Geographical location
Path of website
Status of end-user consent, which serves as proof of consent

The consent status is also stored in the end user’s browser so that the website can automatically read and comply with the end user’s consent for all subsequent page requests and future end-user sessions for up to 12 months. Your consent data (consent and withdrawal of consent) will be stored for three years. The retention period is the same as the regular limitation period in accordance with Section 195 of the German Civil Code (BGB). Data will then be erased immediately or, upon request, will be forwarded to the Data Controller in the form of a data export.

We cannot guarantee the functioning of our website without the processing described above. As long as we are legally required to obtain the user’s consent for certain data processing operations (Art. 7 (1) and 6 (1) sentence 1 (c) GDPR), the user has no right to object.

Usercentrics is the recipient of your personal data and acts as a processor for us. You can find further details about the use of Usercentrics at: https://usercentrics.com/privacy-policy/.

8. Content of our website
8.1 Making contact and contact form
Personal data is collected whenever you contact us (e.g. via a contact form or by e-mail). The data that is collected when you use a contact form is clearly shown on that form. This data is stored and used exclusively for the purpose of responding to your enquiry and/or for contacting you and to carry out the relevant technical administration. The legal basis for processing your data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR. If your purpose in contacting us is to enter into a contract with us, the additional legal basis for processing your data is Art. 6 (1) (b) GDPR. Once your enquiry has conclusively been processed, your data will be erased; this is the case when it can be inferred from circumstances that the matter at hand has been conclusively addressed and erasure does not conflict with any statutory retention requirements.

8.2 Application management and recruitment
We collect and process the personal data of applicants for the purpose of conducting application processes. Processing may also be carried out electronically. This is particularly the case if an applicant submits their application documents to us electronically, for example by e-mail or via a web form on our website. If we conclude an employment or service contract with an applicant, the transmitted data is stored for the purpose of implementing the employment relationship in compliance with the statutory provisions. If we do not enter into a contract with the applicant, their application documents will be automatically erased two months after we have notified them of our refusal decision, provided that no other legitimate interests on our part prevent such erasure. Another legitimate interest for this purpose would be, for example, a requirement to provide proof in legal proceedings initiated under the German General Act on Equal Treatment (AGG).

The legal basis for the processing of your data is Art. 6 (1) (b), 88 GDPR in conjunction with Section 26 (1) of the German Federal Data Protection Act (BDSG).

9. Sending newsletters
9.1 Sending newsletters to existing customers
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular offers by e-mail for goods or services similar to those already purchased from our range. In accordance with Section 7 (3) of the German Unfair Competition Act (UWG), we do not need to obtain your separate consent to this. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalised direct advertising in accordance with Art. 6 (1) (f) GDPR. If you initially objected to the use of your e-mail address for this purpose, we will not send you any e-mails. You have the right to object at any time, with future effect, to the use of your e-mail address for the aforementioned promotional purpose by sending a notice to the Data Controller specified at the beginning. The only costs you would incur would be transmission costs at the basic rates. Once we have received your objection, we will stop using your e-mail address for promotional purposes without undue delay.

9.2 Promotional newsletter
Our website gives you the option of subscribing to our company newsletter. When you subscribe, the personal data we collect can be gathered from the form you complete.

We use a newsletter to keep our customers and business partners regularly updated about our products and services. You can only receive our company newsletter if

you have an up-to-date e-mail address and
you have subscribed to our newsletter.

For legal reasons, we will send a confirmation message to the e-mail address you entered when you first subscribed to our newsletter under our double opt-in procedure. The purpose of this confirmation e-mail is to verify that you, the owner of the e-mail address, have authorised the receipt of our newsletter.

The personal data collected as part of a newsletter subscription will be used exclusively for sending our newsletter. Additionally, newsletter subscribers may be notified by e-mail if this is necessary for the operation of the newsletter service or for any related registration, such as in the case of changes to our newsletter service or alterations to technical requirements. Personal data collected as part of our newsletter service will not be disclosed to third parties. You can cancel your newsletter subscription at any time. After consenting to our storage of your personal data for the purpose of receiving the newsletter, you can revoke your consent at any time. Each newsletter contains a link that allows you to revoke your consent. Additionally, you can unsubscribe from the newsletter at any time, either directly on our website or by notifying us in some other way.

Data processing for the sending of newsletters has its legal basis in Art. 6 (1) (a) GDPR.

9.3 Newsletter tracking
Each of our newsletters contains a tracking pixel. A tracking pixel is a miniature graphic embedded in an e-mail sent in HTML format; this is to enable log file recording and log file analysis. It allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the company can see if and when you have opened an e-mail from us and which links in the e-mail you have accessed.

We store and analyse personal data collected through tracking pixels in our newsletters to optimise the delivery of our newsletters and better tailor the content of future newsletters to your interests. Such personal data is not disclosed to third parties. As a data subject, you may revoke your consent given for this purpose via our double opt-in procedure at any time. Following revocation, we will erase such personal data. We will automatically interpret unsubscribing from our newsletter as a revocation.

In accordance with Art. 6 (1) (f) GDPR, such an analysis is carried out in particular on the basis of our legitimate interests in displaying personalised advertising, conducting market research and/or tailoring our website to meet customers’ needs.

10. Our activities on social media
To enable us to communicate with you on social media and keep you informed about our services, we have our own social media profiles. When you visit one of our social media profiles, we work together with the relevant social media platform provider as joint data controllers under the terms of Art. 26 GDPR.

However, we are not the original provider of such sites, but only use them within the options made available to us by their respective providers.

Please note, therefore, by way of precaution, that your data may also be processed outside the European Union or the European Economic Area. Use of such sites may therefore pose data privacy risks for you, as it may be more difficult to protect your rights, e.g. rights of access, erasure, objection, etc.; furthermore, social media sites often process data directly for promotional purposes or to analyse user behaviour, and we have no influence over such processing. If a provider creates user profiles, cookies are often used and/or your usage behaviour is associated with the profile you created on the relevant social media platform.

The processing of personal data described above is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest and the legitimate interest of the provider, so that it is possible to communicate with you in a timely manner and to provide you with information about our services. Where you are required to give your consent to a provider to process your user data, this is done on the legal basis of Art. 6 (1) (a) GDPR in conjunction with Art. 7 GDPR.

As we do not have access to the providers’ records, please note that the best way to exercise your rights (e.g. rights to access, correction, erasure, etc.) is to contact each specific provider directly. Please note the following further details of how your data is processed on social media platforms, broken down by the social media providers we use:

10.1 Facebook
(Joint) data controller for Europe:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland

10.2 Instagram

(Joint) data controller for Germany:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland

10.3 LinkedIn
(Joint) data controller for Europe:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Republic of Ireland

10.4 X (Twitter)
(Joint) data controller for Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Republic of Ireland

Access to your data:
https://twitter.com/settings/your_twitter_data

10.5 YouTube
(Joint) data controller for Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland

11. Social media plugins
11.1 YouTube plugin
We have embedded YouTube components on this website. YouTube is an internet video portal where video publishers can post video clips free of charge while other users can view, rate and comment on those video clips, also free of charge. YouTube allows the publication of all types of videos, so that entire films, TV programmes, music videos, trailers and user-made videos can be accessed through this web portal.

YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

Each time you visit a page on our website that we operate and that contains an embedded YouTube component (YouTube plugin), your web browser is automatically prompted by the YouTube component to download the corresponding content from YouTube. Additional information about YouTube is available at https://about.youtube/. As part of this technical process, YouTube and Google receive information about the specific page on our website that you are visiting.

If you are logged into YouTube at the same time, YouTube recognises which specific page of our website you are visiting when you access a page that contains a YouTube plugin. This information is collected by YouTube and Google and is associated with your YouTube account.

If you are logged into YouTube when you visit our website, the YouTube component always informs both YouTube and Google that you have visited our website; this happens regardless of whether you click on a YouTube video or not. If you do not want this information to be sent to YouTube and Google, you can prevent it from happening by logging out of your YouTube account before accessing our website.

Our use of YouTube is based on our interest in making our website convenient and easy to use. This is a legitimate interest as defined in Art. 6 (1) (f) GDPR.

Any processing of personal data via social media buttons will only take place under Art. 6 (1) (a) GDPR with your express consent.

YouTube’s privacy policy, which can be found at https://policies.google.com/privacy?hl=en, provides information about the collection, processing and use of personal data by YouTube and Google.

12. Web analysis
12.1 LinkedIn pixel (Insight Tag)
This website uses LinkedIn Insights from the LinkedIn Corporation, 1000 W Maude Ave Sunnyvale, CA 94085, USA (LinkedIn). Once you have given your express consent, it is possible to track your user behaviour.

This procedure aims to analyse the effectiveness of advertisements for statistics and market research, thereby helping us to optimise future advertising activities. The LinkedIn pixel provides us with additional information about people who are interested in our products, such as their job title, employer or the industry in which they work.

When visiting our website, the LinkedIn pixel may also process, for example, the following data:

IP address
Interactions on our website (e.g. pages viewed, clicks, conversions)
Browser type and version
Operating system used
Referrer URL (previously visited page)
Time of server request

Direct identifiers are automatically removed from the database by LinkedIn within seven days, and the data is erased after 180 days. The retention period for the cookie can be gathered from our consent solution. The data is stored and processed by LinkedIn in such a way that it can be associated with the relevant user profile.

Such processing is carried out exclusively with your express consent as a data subject in accordance with Art. 6 (1) (a) GDPR.

LinkedIn is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision under Art. 45 GDPR, so that personal data may be transferred without further guarantees or additional measures.

Additional information and the LinkedIn Pixel privacy policy can be viewed at: https://www.linkedin.com/legal/privacy-policy.

12.2 Meta Pixel (formerly Facebook Pixel)
This website uses the Facebook Pixel of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Meta”). Once you have given your express consent, it is possible to track your user behaviour whenever you have viewed or clicked a Facebook advertisement. This procedure aims to analyse the effectiveness of Facebook advertisements for statistics and market research, thereby helping us to optimise future advertising activities.

When visiting our website, the Meta Pixel may also process, for example, the following data:

IP address
Device information
Browsing history
Interactions on our website (e.g. pages viewed, clicks, conversions).

The data is stored and processed by Meta in such a way that a link can be established to the relevant user profile and so that Meta can use the data for its own advertising, in accordance with the Meta (Facebook) privacy policy (https://www.facebook.com/about/privacy/). This enables Meta and its partners to place advertisements both on and outside of Facebook. Also, a cookie may be stored on your device for such purposes.

The collected data is stored by Meta for a period of 180 days and is then removed if the website is not revisited by the user.

Such processing is carried out exclusively with your express consent as a data subject in accordance with Art. 6 (1) (a) GDPR.

12.3 Google Analytics 4 (GA4)
On our websites, we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland (“Google”).

In this context, pseudonymised user profiles are created and cookies (see “Cookies” above) are used. The information generated by the cookie about your use of our website may include, but is not limited to the following:

Short-term recording of the IP address without permanent storage
Location data
Browser type and version
Operating system used
Referrer URL (previously visited page)
Time of server request
The pseudonymised data may be transferred by Google to a server in the USA and stored there.

The information is used to analyse website use, to compile reports on site activities and to provide further services associated with website and internet use for the purposes of market research and tailoring these web pages to meet customers’ needs. Furthermore, this information may be transmitted to third parties if this is required by law or if third parties process this data upon request.

Such processing is carried out exclusively with your express consent as a data subject in accordance with Art. 6 (1) (a) GDPR.

The default retention period set by Google is 14 months. Otherwise, personal data is stored for as long as it is needed to fulfil the purpose of the processing. The data will be erased as soon as it is no longer required for its purpose.

The parent company, Google LLC, is a US company certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision under Art. 45 GDPR, so that personal data may be transferred without further guarantees or additional measures.

Additional information about data privacy when using GA4 can be found at: https://support.google.com/analytics/answer/12017362?hl=en.

12.4 HubSpot
We use HubSpot functions on this website. The provider is HubSpot, Inc, 25 First Street, Cambridge, MA 02141, USA.

HubSpot tracks visitors to our website through browser cookies. Whenever you access our website, HubSpot checks whether a HubSpot tracking cookie has been set. If no such cookie has been set on your browser yet, a HubSpot cookie is set there – subject to your consent – which records any of our web pages that you access subsequently.

Please note the following with regard to HubSpot’s handling of tracking cookies:

Your visit to our website will only be tracked using the HubSpot cookie if you have given your consent to setting it or if you have given your consent to all tracking cookies.
If you complete and submit one of the forms on our website (e.g. a contact form) and have given your consent to the setting of the HubSpot cookie, HubSpot will assign your previous page views resulting from the tracking cookie to the form you have submitted.
If you have previously been in contact with us, the e-mail address you submitted via the form will be associated with the data already stored by us.
If you delete all your cookies or if you specifically delete the HubSpot cookies, you will be considered a new visitor to our website and a new cookie will be set. However, HubSpot automatically duplicates all form submissions received from the same e-mail address, even if different browser cookies have been associated with these submissions.
As cookies are only ever set on a browser once, submissions from two people sharing a single device will be associated with the same contact record. This duplicate removal via cookies ensures that if a contact person sends forms to the website and if that person does so with different e-mail addresses in this process, all submissions are associated with a single contact record in HubSpot.
HubSpot assigns page views whenever the contact person clicks on a link in a tracked marketing e-mail that leads to a page where the HubSpot tracking code is installed.

Such processing is carried out exclusively with your express consent as a data subject in accordance with Art. 6 (1) (a) GDPR. Your data will be stored until you withdraw your consent.

Your personal data is transferred to the USA on the basis of our standard contractual clauses.

Further details about HubSpot can be found at: https://legal.hubspot.com/privacy-policy.

12.5 LinkedIn Analytics
On this website, we use the retargeting and conversion tracking tools of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Republic of Ireland (LinkedIn).

To facilitate this, we have integrated the LinkedIn Insight Tag on our website, which enables LinkedIn to collect statistical data about your visit and usage of our site; based on this data, LinkedIn provides us with summarised statistics. This service also allows us to show you interest-based, relevant offers and recommendations after you have explored certain services, information, or offers on our website. The relevant details are stored in a cookie.

This usually involves collecting and processing the following data:

IP address
Device information
Browser details
Referrer URL
Time stamp

Such processing is carried out exclusively with your express consent as a data subject in accordance with Art. 6 (1) (a) GDPR. Your data will be stored until you withdraw your consent.

As part of processing via LinkedIn, data may be transferred to the USA and Singapore. This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision under Art. 45 GDPR, so that personal data may be transferred without further guarantees or additional measures. Furthermore, transmission security is regularly safeguarded by means of standard contractual clauses, which ensure that personal data is processed with a level of security equal to that of the GDPR. If the standard contractual clauses are not sufficient to provide an adequate level of security, we will obtain your consent in accordance with Art. 49 (1) (a) GDPR.

Further details about the LinkedIn privacy policy can be found at: https://www.linkedin.com/legal/privacy-policy.

13. Advertising
13.1 Google Ads (AdWords) remarketing and retargeting
We have embedded Google Ads on this website. Google Ads services are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland (“Google”).

We use this service to promote our website in Google search results and on third-party websites. To do so, Google stores a cookie in the browser of your device; this cookie has a pseudonymous cookie ID and allows interest-focused advertising based on the pages you visit.

Any further data processing will only take place if you have given your consent to Google to link your web and app browsing history to your Google account and to use information from your Google account to personalise the ads you view on the web. If, in such a case, you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for remarketing across devices. For this purpose and in order to create target groups, your personal data is temporarily linked by Google with Google Analytics data.

Such processing is carried out exclusively with your express consent as a data subject in accordance with Art. 6 (1) (a) GDPR.

You can view the privacy policy and further details of Google Ads at: https://www.google.com/policies/technologies/ads/

13.2 Google Ads with conversion tracking
We have embedded Google Ads on this website. Google Ads services are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland. Google Ads is a web advertising service that allows advertisers to place ads both in Google’s search engine results and in the Google advertising network. Google Ads allows an advertiser to pre-define certain keywords that will trigger an ad to be displayed in Google’s search engine results, but only when the search engine is used to retrieve a result with relevance to the keywords. The Google advertising network uses an automatic algorithm and takes account of any pre-defined keywords to distribute ads to thematically relevant websites.

The purpose of Google Ads is to promote our website by displaying interest-focused advertising on third-party websites and in Google’s search engine results and also to display third-party advertising on our website.

If you access our website via a Google advert, a conversion cookie is stored on your IT system by Google. A conversion cookie loses its validity after thirty days and cannot be used to identify you. Until the conversion cookie expires, it tracks whether certain pages, e.g. the shopping basket of an online shop, have been accessed on our website. The conversion cookie enables both us and Google to track whether a user who accessed our website via an AdWords advertisement generated sales, i.e. whether they completed or cancelled a purchase.

The data and information collected through the use of the conversion cookie is used by Google to create visitor statistics for our website. We use such statistics to find out the total number of users referred to us through advertisements on Google Ads and thus to determine the success or failure of the relevant adverts and to optimise our Ads adverts for the future. Neither our company nor any other Google Ads advertisers will receive information from Google that might be used to identify you.

The conversion cookie has the purpose of storing personal details, such as the web pages you have visited. Whenever you visit our website, personal data, including the IP address of the internet connection you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose this personal data collected through the technical procedure to third parties.

Such processing is carried out exclusively with your express consent as a data subject in accordance with Art. 6 (1) (a) GDPR.

You can view the data privacy provisions and further details of Google AdSense at: https://policies.google.com/privacy/.

13.3 LinkedIn Ads
We have embedded LinkedIn Ads on this website. This service is operated by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Republic of Ireland.

We use this service to promote our company on the LinkedIn social media platform. To do so, LinkedIn stores a cookie in the browser of your device; this cookie automatically allows interest-focused advertising based on the pages you visit.

Such processing is carried out exclusively with your express consent as a data subject in accordance with Art. 6 (1) (a) GDPR. The data will be erased as soon as it is no longer required for its purpose or when you revoke your consent.

Further details about the LinkedIn privacy policy can be found at: https://www.linkedin.com/legal/privacy-policy.

14. Partnership and affiliate programmes
14.1 DoubleClick
Our website contains components of DoubleClick by Google. DoubleClick is a brand of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland), through which specialised online marketing solutions are offered to advertising agencies and publishing companies.

DoubleClick by Google transmits data to the DoubleClick server in response to each impression, click or other activity. Each of these data transfers triggers a cookie request to your browser. If the browser accepts the request, DoubleClick saves a cookie to your IT system. The purpose of the cookie is to optimise and display advertising. Among other things, the cookie is used to place and display personalised advertising and to create or improve reports on promotional campaigns. The cookie also serves to ensure that the same advertisement is not displayed more than once.

DoubleClick uses a cookie ID that is necessary for this technical process to take place. The cookie ID is required, for example, to display an advert in a browser. Thanks to the cookie ID, DoubleClick can also record which adverts have been placed in a given browser, so that it is not placed there for a second time. Furthermore, the cookie ID enables DoubleClick to record conversions.

A DoubleClick cookie does not contain personal data. However, it may contain additional campaign identifiers. A campaign ID serves to identify any campaigns with which you have so far been in contact.

Whenever you access a page on our website that we operate and where a DoubleClick component is embedded, the web browser on your system is prompted by the DoubleClick component to send data to Google for online advertising and commission billing purposes. As part of this technical process, Google receives information about data used by Google so that it can create commission invoices. Google can, among other things, track your clicks on certain links on our website.

Such processing is carried out exclusively with your express consent as a data subject in accordance with Art. 6 (1) (a) GDPR.

You can view the privacy policy of DoubleClick by Google at: https://policies.google.com/privacy?hl=en.

15. Plugins and other services
15.1 Google Maps
We use Google Maps (API) on our website. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland. Google Ireland Limited is part of the Google Group, which has its head office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (terrestrial) maps in order to visualise geographical information. By using this service, you can, for example, view our location, which makes it easier for you to find us.

When you access pages that contain an embedded Google Maps display, information about your use of our website (such as your IP address) is transmitted to and stored by Google servers in the United States, provided that you have given your consent as required by Art. 6 (1) (a) GDPR. In addition, Google Maps also downloads Google Web Fonts, Google Photos and Google Stats. Here, too, the service provider is Google Ireland Limited. When you access a page that includes embedded Google Maps, your browser loads the web fonts and photos required to display Google Maps into your browser cache. This is another purpose for which your browser connects to Google servers. This informs Google that our website has been accessed from your IP address. This happens regardless of whether Google provides a user account through which you are logged in or whether there is no such user account. If you are logged into Google, your data will be associated directly with your account. If you do not want such an association with your Google profile, you must log out of your Google account first. Google stores your data (even if you are not logged in) as a user profile and analyses it. You have the right to object to the creation of such a user profile, but you must contact Google to exercise this right.

If you do not agree to the future transmission of your data to Google within the scope of using Google Maps, you can completely disable the Google Maps web service by disabling the JavaScript application in your browser. However, in such a case, you cannot use Google Maps or the map on this website.

Such processing is carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR.

You can view Google’s terms of service at https://policies.google.com/privacy?hl=en, while the additional terms of use for Google Maps can be found at https://maps.google.com/help/terms_maps/.

You can view the data privacy provisions of Google Maps (“Google Privacy Policy”) at: https://maps.google.com/help/terms_maps/.

15.2 Google reCAPTCHA
We use the reCAPTCHA function on this website. reCAPTCHA is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland. Google Ireland Limited is part of the Google Group, which has its head office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The reCAPTCHA function primarily serves to discern whether input is made by a human being or whether it is made improperly through machine-based or automated processes. The service also includes the transmission of the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google.

Such processing is carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR.

Further information about Google reCAPTCHA and Google’s privacy policy can be found at: https://policies.google.com/privacy?hl=en.

15.3 Google Tag Manager
On this website we use Google Tag Manager. Google Tag Manager is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland. Google Ireland Limited is part of the Google Group, which has its head office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool can be used to implement “tags” (i.e. snippets of code embedded in HTML elements) and manage them via an interface. By using Google Tag Manager, we can automatically track which button, link or personalised image you have actively clicked on, and we can then record which content on our website is of particular interest to you.

The tool also triggers other tags, which in turn may collect data. However, Google Tag Manager does not access such data. If you have disabled tracking at the domain or cookie level, this setting will remain in place for all tracking tags implemented by Google Tag Manager.

Such processing is carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR.

Further details of Google Tag Manager and Google’s privacy policy can be found at: https://policies.google.com/privacy?hl=en.

15.4 HubSpot CRM System
We use the CRM application provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA (“HubSpot”).

HubSpot is a CRM software solution for managing customer relations and includes the following functions:

Deal management, lead management and task management
E-mail tracking and notifications
E-mail templates and scheduling
Sharing of documents
Online booking system for appointments
Telephony solutions such as automatic call recording and logging

All departments (including, for example, marketing, sales and customer service, as well as online and in-store retail) work together, using the software solution described here.

Using HubSpot, the HubSpot provider necessarily has access to the above data to the extent that this is specified in our commissioned data processing agreement (Art. 28 GDPR) with HubSpot. Such data may include names, addresses, e-mail addresses and telephone numbers. Personal data is therefore also processed in a third country (and thus outside the EU and the EEA).

Provided that the appropriate consent has been requested, processing is carried out solely on the basis of Art. 6 (1) (a) GDPR. The legal basis for the use of HubSpot within the framework of contractual relationships is Art. 6 (1) (b) GDPR. In all other respects, the legal basis for processing your personal data is Art. 6 (1) (f) GDPR. Our interest here is in the effective coordination of internal and external communication and the management of customer relations.

Insofar as HubSpot processes personal data in connection with its own legitimate business operations, HubSpot is the independent data controller for such use and therefore responsible for complying with the applicable laws and obligations of a data controller.

You can view the HubSpot privacy policy at: https://legal.hubspot.com/privacy-policy.

15.5 Vimeo (videos)
Our website uses plugins from the video portal Vimeo, operated by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. When you access a page on our site that contains such a plugin, your browser connects directly to Vimeo servers. The content of the plugin is transmitted by Vimeo directly to your browser and embedded into the page. This embedding means that Vimeo is automatically notified that your browser has accessed the relevant page on our website, even if you do not have a Vimeo account or are not currently logged into Vimeo. This information (including your IP address) is transmitted directly from your browser to a Vimeo server in the USA and stored there.

If you are logged into Vimeo, Vimeo can directly associate your visit to our website with your Vimeo account. When you interact with the plugins (e.g. by pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there.

If you do not want Vimeo to associate data collected through our website directly with your Vimeo account, you must log out of Vimeo before visiting our site.

Vimeo videos embedded on our site automatically include the Google Analytics tracking tool as an integrated component. This is Vimeo’s own tracking, to which we have no access and which we therefore cannot influence. Google Analytics uses ‘cookies’ for tracking purposes, i.e. text files that are stored on your device and permit an analysis of your site use. The information generated by the cookie about your use of this website is typically transferred to a Google server in the USA and stored there.

Such processing is carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR.

You can view the Vimeo privacy policy at: https://vimeo.com/privacy.

15.6 YouTube (videos)
We have embedded YouTube components on this website. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

YouTube is an internet video portal where video publishers can post video clips free of charge while other users can view, rate and comment on those video clips, also free of charge. YouTube allows the publication of all types of videos, so that entire films, TV programmes, music videos, trailers and user-made videos can be accessed through this web portal. Each time you access one of the pages on our website – i.e. the website which we operate and which contains an embedded YouTube component (YouTube video) – the web browser on your IT system is automatically prompted by the YouTube component to download a representation of the relevant YouTube component from YouTube. YouTube may also download the services Google Web Fonts, Google Video and Google Photo. Additional information about YouTube is available at https://about.youtube/. As part of this technical process, YouTube and Google receive information about the specific page on our website that you are visiting.

If you are logged into YouTube at the same time, YouTube recognises which specific page of our website you are visiting when you access a page that contains a YouTube video. This information is collected by YouTube and Google and is associated with your YouTube account.

If you are logged into YouTube when you visit our website, the YouTube component always informs both YouTube and Google that you have visited our website; this happens regardless of whether you click on a YouTube video or not. If you do not want this information to be sent to YouTube and Google, you can prevent it by logging out of your YouTube account before accessing our website.

Such processing is carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR.

You can view the YouTube privacy policy at https://policies.google.com/privacy.

16. Your rights as a data subject
16.1 Right of confirmation
You have the right to require confirmation from us as to whether we process personal data concerning you.

16.2 Right of access, Art. 15 GDPR
Under the terms of statutory provisions, you are entitled at any time to receive free information from us about the personal data we have stored about you and also to receive a copy of such data.

16.3 Right to rectification, Art. 16 GDPR
You have the right to require the rectification of inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.

16.4 Erasure, Art. 17 GDPR
You have the right to require us to erase personal data concerning you without undue delay, provided that legally specified grounds are applicable and that neither processing nor storage is required.

16.5 Restriction of processing, Art. 18 GDPR
You have the right to require us to restrict processing of your personal data if legally specified grounds are applicable.

16.6 Data portability, Art. 20 GDPR
After providing us with personal data concerning you, you have the right to receive that data from us in a structured, commonly used and machine-readable format. You also have the right to transmit such data to a different data controller and to do so without any obstruction by us to whom you originally gave your personal data, provided that processing is based on consent under Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, or on a contract in accordance with Art. 6 (1) (b) GDPR, and the processing is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of an official authority vested in us.

Furthermore, when exercising your right to data portability in accordance with Article 20 (1) GDPR, you have the right to have your personal data transmitted directly from one data controller to another, where technically feasible and provided that this has no adverse effect on the rights or freedoms of others.

16.7 Right to object, Art. 21 GDPR
You have the right to object, at any time and on grounds relating to your particular situation, to the processing of your personal data that is carried out on the basis of Art. 6 (1) (e) (processing in the public interest) or Art. 6 (1) (f) (processing based on legitimate interests) GDPR.

This also applies to profiling based on these provisions, as defined in Art. 4 (4) GDPR.

If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for doing so – grounds which outweigh your interests, rights and freedoms – or unless processing serves the purpose of establishing, exercising or defending legal claims.

In specific cases, we process personal data for direct marketing purposes. You may object to the processing of your personal data for the purpose of such advertising at any time. This also applies to profiling where it is related to such direct marketing. If you object to the processing of your data for direct marketing purposes, we will no longer process your personal data for such purposes.

In accordance with Art. 89 (1) GDPR, you also have the right to object, on grounds relating to your particular situation, to the processing of your personal data for scientific or historical research purposes or for statistical purposes, unless such processing is necessary for the performance of a task carried out in the public interest.

Concerning the use of information society services, irrespective of Directive 2002/58/EC, you are free to exercise your right to object by automated means that involve the use of technical specifications.

16.8 Withdrawal of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

16.9 Complaint to a supervisory authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

17. Updates and amendments to this Privacy Policy
This Privacy Policy is up to date and was last revised in November 2024.

It may become necessary to amend this Privacy Policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can view and print out the latest version of our Privacy Policy on our website at any time by visiting: https://k2-systems.com/en/privacy-policy/.