Data Protection

We are pleased that you are visiting our website. The protection of your personal data is an important concern for us, and we want you to feel safe when visiting our website. We protect your privacy and your personal data. We process your personal data in accordance with the contents of this privacy policy while complying with the applicable data protection regulations of the General Data Protection Regulation (GDPR) and other relevant data protection laws.

Privacy Settings

Here (https://www.cookiebot.com), you can revoke your consent or add/remove individual categories.

Table of Contents

1. Name and contact details of the responsible entity
2. Contact details of the data protection officer
3. What is personal data?
4. Purposes of data processing
5. Legal basis for data processing
6. Right to object
7. Use of our website for informational purposes
8. Use of our website for additional services
9. Hosting
10. Contacting us
11. Newsletter
12. Security
13. Cookies and similar technologies
14. Web analytics
15. Social media
16. Additional functions and content
17. Links to other websites
18. Recipients and data transfers
19. Data transfer to third countries
20. Deletion of your data
21. Your rights
22. Changes to our privacy policy

1. Name and Contact Details of the Responsible Entity

PFISTERER Holding SE, Rosenstr. 44, 73650 Winterbach, is the operator of the website https://catalogue.pfisterer.com/ and is responsible within the meaning of the GDPR.

2. Contact Details of the Data Protection Officer

You can contact our data protection officer at any time regarding any data protection concerns at datenschutz@pfisterer.com.

3. What is Personal Data?

Personal data refers to any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified directly or indirectly, in particular through association with an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

4. Purposes of Data Processing

The scope and type of collection, processing, and use of your data depend on whether you only visit our website for generally available information or also use additional services. Generally, we process your personal data as part of our business activities for pre-contractual or contractual purposes. Additionally, legitimate interests, your consent, or compliance with legal requirements may also be relevant reasons for data processing. We inform you about the specific purposes of data processing in the following sections.

5. Legal Basis for Data Processing

We process your personal data based on the following legal bases:

• To fulfill pre-contractual or contractual obligations (Art. 6 para. 1 lit. b GDPR)
• Based on your consent (Art. 6 para. 1 lit. a GDPR)
• As part of a balancing of interests (Art. 6 para. 1 lit. f GDPR)
• Due to legal requirements (Art. 6 para. 1 lit. c GDPR).

We inform you about the specific legal bases for data processing within the respective processing sections.

6. Right to Object

If we process your personal data based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) as part of a balancing of interests, you have the right to object at any time for reasons arising from your situation. If you exercise your right to object, we will stop processing the affected data. However, further processing remains reserved (except in cases of direct marketing, where we will immediately comply with your objection) if we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms or if processing serves the establishment, exercise, or defense of legal claims. Your further rights remain unaffected.

7. Use of Our Website for Informational Purposes

If you use our website purely for informational purposes, you generally do not need to provide personal data. In this case, we only collect the data that your internet browser automatically transmits to us, such as:

• Your computer's IP address
• Date and time of access
• Your browser type, version, and settings
• The operating system used (Windows, iOS, Linux, etc.)
• The amount of data transferred and the status of transmissions
• The website from which you accessed our site

Other similar data and information necessary for threat defense in case of attacks on our IT systems.

This data is usually collected through log files. The purpose of processing is to ensure the functionality and compatibility of our website for a technically smooth experience, including troubleshooting and protection against technical attacks and misuse. The legal basis for this processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the proper operation of our website. Log file data is deleted when it is no longer necessary for processing purposes.

8. Use of Our Website for Additional Services

If you use additional services offered on our website, it may be necessary for you to provide personal data. The specific personal data required for service provision is derived from the respective input form or application. Additional information may be provided voluntarily. Mandatory fields are marked accordingly (e.g., with an asterisk * or "required field"). Your data is processed solely for the purpose of providing the requested service. The legal basis for data processing and information about when your personal data is deleted can be found in the description of the specific services.

9. Hosting

We use an external service provider for hosting our website. The personal data collected on this website is stored on the provider's servers. The use of the hosting provider is in the interest of a secure, fast, and efficient provision of our website (Art. 6 para. 1 lit. f GDPR). Our hosting provider processes your data only to the extent necessary to fulfill its service obligations and under our instructions. We use DigitalOcean, LLC, 101 Avenue of the Americas, 10th Floor, New York, NY 10013, USA, as our hosting provider. We have entered into a processing agreement under Art. 28 GDPR with our hosting provider.

10. Contacting Us

On our website, we offer you the opportunity to contact us via email. Please note that unencrypted email communication is insecure. It cannot be ruled out that data transmitted in this way can be read, copied, modified, or deleted by unauthorized persons. The personal data you provide will only be processed to handle and respond to your request. Data is only shared with third parties if necessary to process your request. The legal basis for this is Art. 6 para. 1 lit. b GDPR if your request is related to contract fulfillment or pre-contractual measures. In all other cases, the legal basis is our legitimate interest in effectively processing inquiries addressed to us (Art. 6 para. 1 lit. f GDPR). Your personal data will be deleted when it is no longer necessary for processing your request. However, your messages may need to be stored due to legal retention obligations. In this case, the legal basis is Art. 6 para. 1 lit. c GDPR.

11. Newsletter

Newsletters are currently not offered.

12. Security

We have secured our website and other systems against loss, destruction, unauthorized access, modification, or distribution of your data through technical and organizational measures. In particular, any personal data you provide as part of a request for a specific product is transmitted in encrypted form. We use the TLS 1.3 (Transport Layer Security) encryption system.

13. Cookies and Similar Technologies

We use cookies or similar technologies for various purposes, such as ensuring the functionality, security, and convenience of online services and analyzing visitor flows.

Cookies are small text files stored on your computer when you visit our website. Similar technologies include web storage techniques (also known as "local data" and "local storage"), where data is stored locally in your browser's memory (referred to as "cache"). For better readability, we collectively refer to cookies and similar technologies as "cookies."

We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless such consent is not required by law.

If users give their consent, the legal basis for processing their data is the declared consent under Art. 6(1)(a) GDPR. The revocable consent is clearly communicated to users and includes information about the specific use of cookies. More details about individual cookies or similar technologies and their purposes can be found in our privacy settings. (https://www.cookiebot.com).

Consent is not required when storing and accessing information, including cookies, is strictly necessary to provide users with a digital service they have explicitly requested (i.e., our online offering). In these cases, the legal basis for processing your data is the fulfillment of our contractual obligations under Art. 6(1)(b) GDPR, compliance with legal obligations under Art. 6(1)(c) GDPR, or our legitimate interest (e.g., in the secure and efficient use of our online services and improving their usability) under Art. 6(1)(f) GDPR. More details about individual cookies and their purposes can be found in our privacy settings. (https://www.cookiebot.com).

If you wish, you can delete cookies at any time. However, this may result in certain functions no longer being available to you. To delete cookies, please refer to your browser’s help function or adjust your settings in the privacy settings (https://www.cookiebot.com).

Cookiebot
This website uses the "Cookiebot" consent management tool provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. The purpose of processing is to obtain and document consent for storing certain cookies on your device or for using specific technologies, as well as to provide the technical means for withdrawing consent.

When you visit our website, the following personal data is transmitted to Usercentrics:

• Your IP address
• Your consent(s) or withdrawal of consent(s)
• Date and time of consent
• Information about your browser
• Information about your device
• An anonymous, randomly generated, and encrypted key

Additionally, Cookiebot stores a cookie in your browser to associate the given consents or their withdrawal with you.

The legal basis for data processing is § 25(2) No. 2 TDDDG and Art. 6(1)(c) and (f) GDPR to fulfill our legal obligation to obtain and document consent for processing personal data in accordance with applicable data protection laws. The collected data is stored until you effectively object to the storage, request its deletion, delete the Cookiebot cookie yourself, or the purpose for data storage ceases to exist. Mandatory legal retention obligations remain unaffected. Further information can be found in Usercentrics' privacy policy at: https://www.cookiebot.com/de/privacy-policy/

We have concluded a data processing agreement with Usercentrics as our service provider under Art. 28 GDPR.

Information on Recipients of Consent
Our website integrates core platform services from "gatekeepers" as defined by the Digital Markets Act (DMA). Gatekeepers are required under Art. 5(2)(b) DMA to obtain consent for these core platform services. To ensure that the consent you provide via our consent tool also applies to these services, our consent tool forwards your consent to the respective service provider. We provide specific details about these services in our privacy policy.

14. Web Analytics

Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies stored on your computer to analyze how you use the website. On behalf of the website operator, Google will use this information to evaluate your website usage, compile reports on website activity, and provide other services related to website and internet usage.

Google Analytics 4 enables automatic IP anonymization, meaning your IP address is shortened by Google. This truncation generally occurs within EU member states or other signatories to the European Economic Area (EEA) agreement. In exceptional cases, the full IP address is transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

It cannot be ruled out that your personal data may also be transferred to Google LLC in the USA. Google is certified under the EU-US Data Privacy Framework, ensuring compliance with EU data protection standards. The certificate can be accessed at: https://www.dataprivacyframework.gov/s/

The legal basis for data processing is your consent under Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by removing the Google Analytics checkbox at: [https://tools.google.com/dlpage/gaoptout?hl=de]

You can also prevent cookie storage through your browser settings. However, this may limit the full functionality of the website. Additionally, you can prevent Google from collecting and processing data related to your website usage (including your IP address) by downloading and installing the browser plugin available at: [https://tools.google.com/dlpage/gaoptout?hl=de]

More information about terms of use and privacy policies can be found at:
http://www.google.com/analytics/terms/de.html or https://www.google.com/policies/privacy/

Notes on recipients of the consent

Google Analytics is a central platform service under the Digital Markets Act. This means that Google is obliged to obtain your consent for this in accordance with Art. 5 Para. 2 b) DMA. This consent is obtained technically via our Consent Tool in simple consent mode. This means that with your consent to Google Analytics, in addition to the above-mentioned data, the information about your consent is also transmitted to Google.

15. Social Media

We do not operate publicly accessible profiles on social networks.

16. Additional Features and Content

DigitalOcean
We use the Content Delivery Network (CDN) from DigitalOcean, LLC, 101 Avenue of the Americas, New York 10013, USA, on our website. In this context, your browser may transmit personal data to DigitalOcean LLC in the USA. DigitalOcean is certified under the EU-US Data Privacy Framework, ensuring compliance with EU data protection standards. The certificate can be accessed at: https://www.dataprivacyframework.gov/s/

The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the full functionality of our website. This service enables shorter and more stable load times for data and information, even during peak traffic. More details on DigitalOcean’s privacy policy can be found at: https://www.digitalocean.com/legal/privacy-policy

17. Links to Other Websites

When we provide links to other organizations' websites, this privacy policy does not apply to the processing of personal data by those organizations. We recommend reading the privacy notices on any other websites you visit.

18. Recipients and Data Transfers

Certain data processing activities are centralized within our company. These may be handled by different company divisions, such as for processing inquiries. External service providers (e.g., logistics or IT providers) may also be used to fulfill our tasks and contractual obligations. Additionally, data may be shared with recipients to whom we are legally or contractually obligated to provide data, or with those for whom we have received your consent to share data.

19. Data Transfers to Third Countries

Data transfer to third countries

Data will only be transferred to third countries (countries outside the EU and the European Economic Area EEA) if this is necessary for the performance of a contract/order/business relationship, including the initiation thereof, or if this is permitted by our legitimate interest or on the basis of your consent and only in compliance with the data protection requirements prescribed for this purpose.

Note on data transfer to the USA

As part of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure within the framework of the adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at www.dataprivacyframework.gov. We will inform you in this privacy policy for the respective service which of the service providers we use are certified under the DPF.

20. Deletion of Your Data

We process your personal data only as long as necessary for the respective purpose or until no legal basis for processing exists. Legal retention and storage obligations are observed.

21. Your Rights

You have the right

• to receive information free of charge about the personal data we have stored about you (right to information)
• to request confirmation as to whether we are processing personal data concerning you (right to confirmation)
• to demand that we erase the personal data concerning you without undue delay, provided that the processing is no longer necessary and the other requirements of the GDPR for erasure are also met (right to erasure)
• to demand the immediate rectification and completion of inaccurate personal data concerning you (right to rectification)
• to request the restriction of the processing of your personal data (right to restriction of processing)
• to receive the personal data concerning you in a structured, commonly used and machine-readable format (right to data portability)
• to object to the processing of your personal data (right to object)
• you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you (right to individual decision-making)
• to withdraw your consent to the processing of your personal data at any time with effect for the future
• to lodge a complaint with the supervisory authority responsible for data protection if you believe that the processing of your personal data violates the GDPR (right to lodge a complaint).

For further information on your rights, please contact our data protection officer.

22. Changes to Our Privacy Policy

To ensure that our privacy policy always complies with current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy has to be adapted due to new or revised services, for example new services.