We take the protection of your personal data very seriously. We therefore treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

I. Name and Contact of Data Controller
This privacy policy applies to all data processing by:

zweigrad GmbH & Co. KG (im Folgenden zweigrad),
legally represented by zweigrad Verwaltungsges. mbH,
Managing directos: Birte Jürgensen, Timo Wietzke, Claudia S. Friedrich
Donnerstraße 20 – Produktionsgebäude
D | 22763 Hamburg
info@zweigrad.de
+49 40 32904748-0
+49 40 32904748-48

II. Processing of personal data as well as type and purpose of their use
In the following, we inform you which personal data we process from you in which way and for which purpose in the context of the use of our website as well as when contacting us by other means.

1. Visits to our website
When you visit our website, the following processing of your personal data takes place depending on how you use it:

a) Calling up our Website
When calling up our website www.zweigrad.de the browser used on your terminal will automatically send information to our website server. This information will be stored temporarily in a so-called logfile. The following information will be recorded here without any actions from you and stored until it is automatically erased:

– IP address of the requesting computer,
– Website from which access was made (referrer URL),
– Browser and, if necessary, the operating system on your computer and the name of your access provider.
– Date and time of access,
– Name and URL of the file accessed,
– access status (file transferred, file not found, etc.),
– if applicable, the amount of data transferred.

The aforementioned data is processed by us for the following purposes:

– Ensuring a smooth connection setup of the website,
– Ensuring a comfortable use of our website,
– Evaluating system security and stability
– Tracing of unauthorised or illegal access.

The legal basis for data processing is Art. 6 Para. 1, sentence 1 lit. f GDPR. Our legitimate interest results from the data collection purposes listed above. In this connection, we will not use the data collected for the purposes of drawing conclusions about you.

b) Newsletter subscription
If you would like to receive the newsletter offered on the website, we require an e-mail address from you. If you have confirmed our newsletter on our website by ticking the box “I would like to stay in touch” (opt-in), you will then receive an email with a confirmation link. Only when you confirm by clicking on the link (the so-called double opt-in) will you be added to the e-mail distribution list. We use Sendinblue for the newsletter dispatch, a service of Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Deutschland, https://de.sendinblue.com. The server is located in Germany

The company is TÜV-certified as a service provider with audited data protection management. https://de.sendinblue.com/wp-content/uploads/sites/3/2020/07/Tuev_Zertifikat_Newsletter2Go.pdf

Sendinblue can be used, among other things, to organise and analyse the dispatch of newsletters.  Sendinblue enables us to analyse our newsletter campaigns. We can see, for example, whether a newsletter message was opened and which links were clicked. In this way, we can determine, among other things, which links were clicked on particularly often. We can also see whether certain predefined actions were carried out after opening/clicking (conversion rate).

Sendinblue also enables us to subdivide newsletter recipients according to various categories, e.g. age, gender or place of residence. This serves the purpose of better adapting the newsletters to the respective target groups.The data you enter when registering for the newsletter is stored on the servers of Sendinblue in Germany.

For further information on Sendinblue, please click on the following link:
https://de.sendinblue.com/informationen-newsletter-empfaenger/?tid=331652009271

The data processing described above is based exclusively on your consent and is therefore justified in accordance with Art. 6 Para. 1 sentence 1 lit. a GDPR. You can revoke your consent or unsubscribe from our newsletter at any time. This is possible, for example, via the unsubscribe link provided at the end of each newsletter. Alternatively, you can send your request to unsubscribe at any time by e-mail to info@zweigrad.de. You will be removed from the distribution list immediately after your revocation or unsubscription. Please note that the revocation or unsubscription does not affect the legality of the data processing operations carried out up to the revocation.

The data you provide when registering for the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Sendinblue GmbH after revocation or unsubscription. Data that has been lawfully stored by us for other purposes (e.g. as part of a business relationship with you) remains unaffected by this and is subject to separate storage and deletion periods.

c) Contact form
You can send us a message using the contact form available on our website. In doing so, you are required to state your desired title, your surname and a valid e-mail address so that we know from whom the enquiry originates. In order to be able to answer your enquiry, we also need to know your message to us. The information in the fields “Country” and “Company” is voluntary.If you wish to be contacted by telephone, it is necessary to provide your telephone number.The processing of the personal data provided by you in the context of this contact is based on the fulfilment of your request in accordance with Art. 6 Para. 1 sentence 1 lit. b GDPR.We will not contact you by telephone without your express request in your message. Any telephone number you may have provided will then not be stored by us.

d) Map service mapz
We use the services of www.mapz.com, a map service of Kober-Kümmerly+Frey Media AG, Rolandstr. 83, 50677 Cologne (hereinafter referred to as “mapz”), to display an interactive map. mapz operates its server systems exclusively in member states of the European Union. Only renewable energy is used for operation.When you visit our website, mapz receives the information that the IP address used by you has called up the corresponding page and that a map graphic has been delivered by mapz.com to the IP address used by you. mapz collects the data collected when you call up our website (see II.1.a) above). This is technically necessary to display the map on your device and to ensure the stability and security of the map service. However, mapz stores this data in an anonymised form so that it is not possible to draw conclusions about your person.mapz does not transmit any data to third parties or to third countries.The processing of the personal data provided by you in the context of this service is based on the fulfilment of your request in accordance with Art. 6 Para. 1 sentence 1 lit. b GDPR.

e) WebAnalytics
For the purpose of evaluating user behaviour, we use IONOS-WebAnalytics on our website, a web analysis service provided by IONOS SE, Eigendorfer Straße 57, 56410 Montabaur.IONOS uses its service to evaluate user behaviour either via a Javascript-based tracking pixel implemented on our site or, alternatively, by reading a log file on the user’s terminal device. Via the tracking pixel or the readout of the log file, certain user information is collected in anonymised form, transmitted to IONOS and evaluated there as well as stored in anonymised form. This anonymised information includes the user’s IP address, referrer abbreviations of previously visited websites, the type of terminal device used, the type of browser used, the operating system used and the timestamp of the access. Conclusions about your person cannot be drawn/derived from this.All processing described above, in particular the reading of information on the end device used via the tracking pixel, will only be carried out if you have given us your express consent to do so in accordance with Section 25 (1) TTDSG. Without this consent, 1&1 IONOS Webanalytics will not be used during your visit to the site.You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website.

f) Social Media Button (Facebook, LinkedIn, XING und Instagram)
Our social media buttons are only designed as links. Therefore, when you visit our website, no data is automatically passed on to the operators of these social media. You will only be taken to the corresponding social media page when you activate the respective link. In this case your IP address will be transmitted to the responsible operator of the specific social media platform.We would like to point out that activating the respective links may result in data processing in third countries, including third countries classified as insecure under data protection law, such as the USA.

g) Links to third-party sites – here partners and networks
Under the heading “Our partners and networks” you will find links to the online presences of the companies named in each case. If you activate the respective link, your IP address will be transmitted to the responsible operator of the other website. We are responsible for this. Tracking is not carried out by us. There are also no links to websites that directly pass on the transmitted data to third countries classified as insecure under data protection law.Any further data processing that takes place when visiting the other website is the sole responsibility of the respective operator of that website. Therefore, when visiting the websites linked by us, please inform yourself about the data processing that takes place there.

2. Data processing for applications and in the application process
In the context of applications, we collect and process the personal data of applicants for the purpose of processing the application procedure. The legal basis for the processing is Art. 88 GDPR in conjunction with § 26 FDPA (Federal Data Protection Act). Processing may also take place electronically.This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail or via a contact form provided on our website. If we conclude a contract with an applicant, the transmitted data will be stored for the purpose of processing the contractual relationship in compliance with the statutory provisions. The legal basis for this results from Art. 6 Para. 1 lit. b GDPR.

III. Data processing on our social media sites (Facebook, Instagram, XING and Linkedin
We have set up own pages on Facebook, Instagram, Xing and Linkedin (hereinafter referred to as fan pages). On these fan pages we inform you about the latest news on our company, our services, projects and events.

1. Facebook/Instragram fan page
a) Generell Information
We would like to point out, that you use our Facebook/Instagram fan pages on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).Facebook and Instagram (hereinafter referred to as Facebook) are operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Responsible for data protection in the EU is:Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

You can find information on the data processing, the purpose, categories of recipients of the data, the legal basis for the processing of this data and the possibility of revoking any consent you have given to Facebook Ireland
https://www.facebook.com/about/privacy/

Provided you are logged in to your own Facebook account, advertising settings on Facebook can be changed at: https://www.facebook.com/settings?tab=ads

b) Data processing by Facebook
When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to information from Facebook, this IP address is anonymised (in the case of “German” IP addresses). Facebook also stores information about the devices of its users (e.g. as part of the “login notification” function); this may enable Facebook to assign IP addresses to individual users. If, or as long as, you are logged in to Facebook when you visit our fan page, a cookie with your Facebook ID is stored on your device. This enables Facebook to track that your visit of that specific page and how you have used it. This also applies to all other Facebook pages. This data can be used to tailor content or advertising to your needs.

If you do not want this to happen, you should log out of Facebook or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser. This will delete Facebook information that can be used to directly identify you what allows you to use our Facebook page without revealing your Facebook identifier. However, in order to access interactive functions of the page (Like, Comment, Share, News, etc.), you will need to log in to Facebook. You will then again be recognisable to Facebook as a specific user.

c) Data processing by us
Facebook provides us with so-called page insights about the use of our fan pages by their visitors. The collected data is anonymised. It is not possible for us to draw conclusions about individual visitors or assign them to visitor profiles. Further information on this processing can be found at: https://www.facebook.com/legal/terms/information_about_page_insights_data

d) Joint responsibility – assertion of data subject rights – disclosure of personal data by Facebook
Any other processing of personal data is carried out by Facebook and us as so called joint controllers. We have entered into a joint controller agreement with Facebook which sets out the allocation of data protection obligations between us and Facebook. Details of this agreement can be found at: https://www.facebook.com/legal/terms/page_controller_addendum

You can exercise your data protection rights (see “Data protection rights” below III.6.) in relation to these data processing operations, against Facebook. For more information on this, please see Facebook’s privacy policy at: https://www.facebook.com/privacy/explanation

We expressly point out that according to the Facebook data protection regulations your user data will also be processed in non-EU countries. However, according to Facebook, it only transfers user data to countries for which the European Commission has issued an adequacy decision in accordance with Article 45 of the GDPR, or otherwise – if such decision does not exist – on the basis of appropriate guarantees in accordance with Article 46 of the GDPR.

e) Legal basis for the data processing carried out by us
If you contact us via the chat function, we process your information to be able to communicate with you. The basis for such data processing is a contract or a pre-contractual measure according to Art. 6 Para. 1 sentence 1 lit. b GDPR.

Furthermore, the processing of data by means of our fan page serves our legitimate interest in an optimal and up-to-date advertising of our products and services; this also includes the (anonymised) evaluation of the use of our fan pages. The legal basis for this processing is Art. 6 Para. 1 sentence 1 lit. f GDPR.

2. XING und Linkedin
Information about the data processing on our presences on XING and Linkedin is provided on our company pages.

IV. TRANSFERRING DATA
Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only transmit your personal data to third parties if:

–   this is legally permissible and required as per Art. 6 para. 1 sentence 1 lit. b GDPR to execute contractual relationships with you,
–   there is a legal obligation for the transfer as per  Art. 6 para. 1 sentence 1 lit. c GDPR and/or
–   the transfer is required asper Art. 6 Para 1 sentence 1 lit. f GDPR to assert, exercise or defend against legal claims and there is no reason to assume that you have an interest requiring protection in the non-transfer of your data that outweighs this.

We will only transfer your personal data for other purposes if you have given your explicit consent, Art. 6 Para. 1 sentence 1 lit. a GDPR.

We will primarily transfer your personal data to third parties that are service partners involved in executing contracts. In addition, the transfer of your data to the following third parties may be considered within the scope of the legally permissible transfer: Order processors to whom we transfer personal data in order to carry out the business relationship with you or to whom we allow access to your data stored by us. In detail: Support/maintenance of IT applications; archiving; controlling; data destruction; customer administration; marketing; website management.

Your personal data will only be transferred to third parties for purposes other than those mentioned above if and to the extent that:

– you have given your express consent in accordance with Art. 6 Para. 1 sentence 1 lit. a GDPR,
– there is a legal obligation for the transfer in accordance with Art. 6 Para. 1 sentence 1 lit. c DSGVO and/or
– the disclosure is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 Para. 1 sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.

In cases in which your personal data is forwarded to third parties, the scope of the data transmitted will, however, be kept to the necessary minimum.

V. Storage period/deletion period
The data will be deleted – subject to the assertion of the data subject rights listed below under V. – as soon as they are no longer required for the purpose of their processing. Unless already explained above in relation to the individual points, the following applies in detail:

IV Data subject rights
As a data subject, you have the following rights.

1. Right to information, correction, deletion, restriction, data portability
You have the right:

– as per Art. 15 GDPR to demand to be informed free of charge about your personal data that we process. In particular, you can demand to be informed about the purposes of processing, the category of personal data, the categories of recipients that disclosures of your data are or were made to, the planned storage period, the right to rectification, erasure, restriction of processing or objection, the right to complain, the origin of your data if we did not collect this and any automatic decision-making including profiling and, if necessary meaningful information about the details of these
– as per Art. 16 GDPR to demand the rectification of incorrect data or completion of your personal data that we store;
– as per Art. 17 GDPR to demand the erasure of your personal data that we store if the processing is not required to exercise the right of freedom of speech and information, to meet a legal obligation, for reasons of public interest or to assert, exercise or defend against legal claims;
– as per Art. 18 GDPR to demand the restriction of processing of your personal data if you dispute the accuracy of the data, processing is illegal, but you reject erasure and we no longer require the data, however, you require this to assert, exercise or defend against legal claims or as per Art. 21 GDPR you have objected to processing;
– as per Art. 20 GDPR to demand receipt of your personal data that you have provided to us in a structured, common and machine-readable format or transmission to another controller

2. Right of complaint
If you are of the opinion that the processing of your personal data by us is unlawful, you have the right to complain to the supervisory authority responsible for us in accordance with Art. 77 GDPR. In principle, the supervisory authority of your usual place of residence or workplace or our company headquarters is responsible for your complaint.

3. Right of revocation and right of objection
You have the following rights:

a) Right of revocation
You have the right to revoke any consent you have given in accordance with Art. 7 Para. 3 GDPR with effect for the future. Please note that the objection only takes effect for the future.

b) Right of objection
Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6  Para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation. Please note that the objection only takes effect for the future. Processing that took place before the objection is not affected.

4. Assertion of your rights
If you would like to make use of your above-mentioned rights, it is sufficient to send an e-mail to: info@zweigrad.de or a written communication to us by post.

VII. DATA SECURITY
As part of your visit to the website we use the common SSL procedure (Secure Socket Layer) in combination with the respectively highest level of encryption that is supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead.You can recognise an encrypted connection in that the address line of the browser will change from “http://” to “https://” and from the lock symbol in your browser line. When SSL encryption is activated, the data you transmit to us cannot be read by third parties. Otherwise, we use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulations, partial or complete loss, destruction or against unauthorised third-party access. Our security measures will be continuously improved in accordance with technological development.

VIII. Actuality and amendment of this data protection declaration
This data protection declaration is currently valid and has the status May 2022. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration.You can access and print out the current data protection declaration on this website at any time.