Information on the collection of personal data

In the following, we inform you about the collection of personal data when using our website. Personal data is all data that is personally identifiable to you, e.g. name, address, email addresses, user behavior, IP address.

The controller pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is:

Otto Eichhoff GmbH & Co. KG
Am Wendelpfad 16
D-58507 Lüdenscheid

Tel.: + 49 (0) 2351/97850
Fax: + 49 (0) 2351/78530

E-Mail: info@eichhoff-schrauben.de
Website: www.eichhoff-schrauben.de

You can reach our data protection officer at:

progressorg GmbH
Höveler Weg 2
D-58553 Halver

Tel: + 49 (0) 2353 9096 31
Fax: + 49 (0) 2353 9096 49

E-Mail: datenschutz@progressorg.de
Website: www.progressorg.de

If we make use of contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also name the defined criteria for the storage period.

General information on data processing

In principle, we only collect and use personal data of our website visitors insofar as this is necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users also takes place with the user’s consent. An exception applies in those cases in which it is not possible to obtain prior consent for factual reasons and/or the processing of the data is permitted by law.

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other regulations to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion of a contract or the performance of a contract.

Data collection when you visit our website

When using our website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

  1. IP address,
  2. Date and time of the request,
  3. Time zone difference to Greenwich Mean Time (GMT),
  4. Content of the request (specific page),
  5. Access status/HTTP status code,
  6. amount of data transferred in each case,
  7. Website from which the request comes,
  8. previously visited page
  9. Browser,
  10. Operating system and its interface,
  11. Language and version of the browser software.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR. The storage in log files takes place to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

Objection or revocation against the processing of your data

If you have given your consent to the processing of your data, you can revoke this at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation affects the lawfulness of the processing of your personal data after you have expressed it to us.

Insofar as we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if the processing is not necessary in particular to fulfill a contract with you, which is presented by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as carried out by us. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate grounds on the basis of which we will continue the processing.

Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your advertising objection using the following contact details:

Otto Eichhoff GmbH & Co. KG
Am Wendelpfad 16
D-58507 Lüdenscheid

Tel.: + 49 (0) 2351/97850
Fax: + 49 (0) 2351/78530

E-Mail: info@eichhoff-schrauben.de
Website: www.eichhoff-schrauben.de

Further functions and offers of our website

In addition to the purely informational use of our website, we offer various services that you can use if you are interested and use other common functions for analysis or marketing of our offers, which are presented in more detail below. To do this, you usually have to provide further personal data or we process such further data that we use to carry out the respective services. The aforementioned principles for data processing apply to all data processing purposes described here.

In some cases, we use external service providers to process your data. These are carefully selected by us, are bound by our instructions and are regularly monitored.

Furthermore, we may pass on your personal data to third parties if participation in promotions, sweepstakes, contract conclusions or similar services are offered by us together with partners. Depending on the service, your data may also be collected by the partners on their own responsibility. You can find more information when you provide your data or below in the description of the respective offers.

Insofar as our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.

Deletion of data

The data processed by us will be deleted or restricted in its processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal storage obligations to the contrary. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax law reasons. According to legal requirements in Germany, storage is carried out in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

Transfer of data to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs as part of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it is necessary to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Your rights

You have the following rights against us with regard to your personal data:

1. Right to information

You have the right to request confirmation as to whether data relating to you is being processed and to information about this data as well as to further information and a copy of the data in accordance with Art. 15 GDPR.

2. Right to rectification

You have accordingly. Art. 16 GDPR the right to request the completion of the data concerning you or the correction of incorrect data concerning you.

3. Right to erasure or right to restriction of processing

In accordance with Art. 17 GDPR, you have the right to demand that data concerning you be deleted immediately or, alternatively, in accordance with Art. 18 GDPR, to demand a restriction of the processing of the data.

4. Right to data portability

You have the right to demand that the data concerning you that you have provided to us be received in accordance with Art. 20 GDPR and to request its transmission to other controllers.

You also have the right to complain to the competent data protection supervisory authorities about the processing of your personal data by us. For us, this is the Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia (ldi): https://www.ldi.nrw.de/

SSL encryption

To protect the transmission of confidential content that you send to us (e.g. orders, inquiries), this website uses so-called SSL or TLS encryption. You can recognize this by the lock symbol in your browser line. At the same time, the address line changes from “http://” to “https://”. As a result, third parties cannot read this data.

Use of cookies

In addition to the aforementioned data, technical aids such as cookies are stored on your end device when you use our website. Cookies are text files that are stored in the internet browser or by the internet browser on the computer system of the user. Cookies cannot execute programs or transmit viruses to your computer. They serve to make the internet offer more user-friendly and effective overall. Cookies enable us to recognize the users of our website. By means of a cookie, the information and offers on our website can be optimized in the interests of the user. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to enter his access data again each time he visits the website, because this is taken over by the website and the cookie stored on the user’s computer system.

Cookies that are deleted after a user leaves an online offer and closes his browser are referred to as temporary cookies or “session cookies” or “transient cookies”. In such a cookie, the content of a shopping cart in an online shop or a login status can be stored, for example.

Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be saved if users visit it after several days.

In addition to so-called “first-party cookies”, which are set by us as the controller, “third-party cookies” are also used, which are offered by third-party providers. If “third-party cookies” are set, we will inform you about this within the respective data protection information of the online offers as well as about the cooperation with external service providers.

Mandatory functions that are technically necessary to display the website: The technical structure of the website requires that we use techniques, in particular cookies. Without these techniques, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are generally transient cookies that are deleted after the end of your website visit, at the latest when you close your browser. You cannot deselect these cookies if you want to use our website. The individual cookies are visible in the Consent Manager. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

We only set various cookies after your consent. The functions are only activated in the event of your consent and can in particular serve to enable us to analyze and improve visits to our website, to make it easier for you to use it via various browsers or end devices, to recognize you during a visit or to place advertising (if necessary also to orient advertising to interests, to measure the effectiveness of advertisements or to show interest-oriented advertising). The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR. The revocation of your consent is possible at any time without affecting the lawfulness of the processing until revocation.

Within the framework of a Consent Management (“Cookie Banner”), we offer you the opportunity to decide according to your specifications about the setting of cookies in the area of our online offers. You have the possibility to change the decision made there at any time and to grant or revoke your consent retroactively. You can call up the setting options by clicking on the link Cookies. The link with the same name is also displayed at the very bottom of each page. You can also make changes in your browser settings.

Use of our contact form

A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. This data is:

  • Your name
  • Your email address
  • Your company (optional)
  • Your phone number (optional)
  • Your message (optional)

The following data is also stored at the time the message is sent:

  • IP address of the user
  • Date and time of registration

In order to process the data, your consent is obtained as part of the sending process and reference is made to this data protection declaration. Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation. The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given their consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. The processing of personal data from the input mask serves solely to process the contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted no later than seven days after the deadline. The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

Use of Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). Web analysis is the collection, compilation and evaluation of data on the behavior of visitors to websites. Google Analytics uses ‘cookies’, which are stored on your computer and enable an analysis of your use of the website. We have already explained what cookies are above. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. For these cases, Google has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has pledged to comply with applicable data protection laws in international data transmission. We have also agreed on so-called standard contractual clauses with Google, the purpose of which is to ensure an adequate level of data protection in the third country.

This website uses Google Analytics with the anonymization function. As a result, IP addresses are processed in abbreviated form, which means that it is impossible to establish a personal reference. Due to the activation of IP anonymization on these websites, your IP address will, however, be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. We use Google Analytics to analyze and improve the use of our website. We can use the statistics obtained to regularly improve our offer and make it more interesting for you as a user.

The following types of data are processed by Google:

  • Online identifiers (including cookie identifiers)
  • IP address
  • Data on the device/browser
  • Website or app activities

The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Further information on the scope of services of Google Analytics can be found at google.com/about/analytics/terms/de/. Information on data processing when using Google Analytics is provided by Google at the following link: support.google.com/analytics/answer/6004245?hl=de/. General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google’s privacy policy at www.google.de/intl/de/policies/privacy/.

By integrating Google Analytics, we pursue the purpose of analyzing user behavior on our website and being able to react to it. This enables us to continuously improve our offer. The legal basis for the processing of personal data described here is Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing up to the point of withdrawal. In apps, you can reset the advertising ID under the settings of Android or iOS. The easiest way to withdraw your consent is via our consent manager or by installing the browser add-on from Google, which can be accessed via the following link: google.com/dlpage/gaoptout?hl=de/.

We have concluded an order processing contract with Google for the use of Google Analytics in accordance with Art. 28 GDPR. Google processes the data on our behalf for the above-mentioned purposes. As part of order processing, Google is entitled to commission subcontractors. A list of these subcontractors can be viewed at https://privacy.google.com/businesses/subprocessors/.

Use and application of Google Ads Conversion (formerly Google Adwords)

We use the services of Google Ads to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google Ads). In relation to the data from the advertising campaigns, we can determine how successful the individual advertising measures are. We are pursuing the interest of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs. Google Ads enables an advertiser to predefine specific keywords by means of which an ad is only displayed in the search engine results of Google if the user uses the search engine to retrieve a keyword-relevant search result. The operating company of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of Google Ads is to advertise our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine and to display third-party advertising on our website.

These advertising materials are delivered by Google via so-called ‘ad servers’. For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Ads stores a conversion cookie on your PC. These conversion cookies usually lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be contacted) are usually stored as analysis values for this cookie.

These cookies enable Google to recognize your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect or process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. These evaluations enable us to identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising material, in particular we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and are therefore informing you according to our level of knowledge: By integrating Ads, Google receives the information that you have accessed the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out and store your IP address.

Each time you visit our websites, personal data, including the IP address of the internet connection used by the data subject, is therefore transmitted to Google in the United States of America and stored there. Google is certified under the Privacy Shield Agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

You can prevent the setting of cookies by our website in various ways: a) by setting your browser software accordingly, in particular suppressing third-party cookies will prevent you from receiving ads from third-party providers; b) by deactivating the cookies for conversion tracking by setting your browser so that cookies from the domain ‘www.googleadservices.com’ are blocked, https://www.google.de/settings/ads, whereby this setting will be deleted if you delete your cookies; c) by deactivating the interest-based ads of the providers that are part of the ‘About Ads’ self-regulation campaign via the link https://www.aboutads.info/choices, whereby this setting will be deleted if you delete your cookies; d) by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers under the link https://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR. Further information on data protection at Google can be found here: https://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can use the website of the Network Advertising Initiative (NAI) at https://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Use and application of Google Ads Remarketing

We use the remarketing function within the Google Ads service. This is a function from Google that we would like to use to contact you again. This application enables our advertisements to be displayed to you after you have visited our website during your further internet use. This is done using cookies stored in your browser, which Google uses to record and evaluate your usage behavior when visiting various websites. This allows Google to determine your previous visit to our website. Google is certified under the Privacy Shield Agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google does not merge the data collected as part of remarketing with your personal data that may be stored by Google. In particular, according to Google, pseudonymization is used for remarketing. The operating company of the Google Ads Remarketing services is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland. If corresponding consent has been requested (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be withdrawn at any time.

Google Ads Remarketing places a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to recognize the visitor to our website when they subsequently access websites that are also members of the Google advertising network. Each time a website is accessed on which the Google Ads Remarketing service has been integrated, the data subject’s internet browser automatically identifies itself to Google. As part of this technical process, Google obtains knowledge of personal data, such as the IP address or the user’s surfing behavior, which Google uses, among other things, to display interest-relevant advertising. The cookie is used to store personal information, such as the websites visited by the data subject. Each time you visit our website, personal data, including the IP address of the internet connection used by the data subject, is therefore transmitted to Google.

The data subject can prevent the setting of cookies by our website at any time, as described above, by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google can be deleted at any time via the internet browser or other software programs. Furthermore, the data subject has the option of objecting to interest-based advertising by Google. To do this, the data subject must access the link https://www.google.com/settings/ads/plugin from each of the internet browsers they use and make the desired settings there. Further information and Google’s applicable data protection regulations can be found at https://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

Carrying out credit checks

If delivery is made on account, we reserve the right to carry out a credit check on the basis of mathematical-statistical procedures in order to protect our legitimate interest in determining the solvency of our customers. We transmit the personal data required for a credit check in accordance with Art. 6 para. 1 lit. f GDPR to the following service provider: Atradius Credit Insurance N.V., Opladener Straße 14, 50679 Cologne.

Credit information may contain probability values (so-called score values). If score values are included in the result of the credit information, these are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. We use the result of the credit check with regard to the statistical probability of payment default for the purpose of deciding on the establishment, implementation or termination of a contractual relationship.

You can object to this processing of your data at any time by sending a message to the controller or to Atradius Credit Insurance N.V.. You can object to this processing of your data at any time by sending a message to us or to the aforementioned credit agency. However, we may continue to be entitled to process your personal data if this is necessary for the contractual processing of payments.

Integration of Google Maps

We integrate maps from Google Maps on our website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. The legal basis for the use of the maps is Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. the integration only takes place with your consent. OR We use content or service offers from Google Maps within our website on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) in order to integrate their content and services.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the basic data mentioned above, such as IP address and timestamp, are transmitted. This happens regardless of whether Google provides a user account through which you are logged in, or whether there is no user account. If you are logged in to Google, your data will be directly associated with your account. If you do not want the association with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or needs-based design of its website. Such evaluation takes place in particular (even for non-logged-in users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

The information collected is stored on Google’s servers, including in the USA. For these cases, the provider has, according to its own statements, imposed a standard that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in international data transmission. We have also agreed on so-called standard data protection clauses with Google, the purpose of which is to ensure an adequate level of data protection in the third country.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s data protection declarations. There you will also receive further information on your rights in this regard and setting options for the protection of your privacy: google.de/intl/de/policies/privacy.

Cloudflare Turnstile

We use Cloudflare Turnstile (hereinafter referred to as “Turnstile”) on this website. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as “Cloudflare”).

Turnstile is used to check whether data entry on this website (e.g. in a contact form) is performed by a human or by an automated program. To do this, Turnstile analyzes the behavior of the website visitor based on various characteristics.

This analysis begins automatically as soon as the website visitor enters a website with Turnstile enabled. Turnstile evaluates various information for analysis (e.g., IP address, length of time the website visitor stays on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Cloudflare.

The storage and analysis of data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and spam. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data processing is based on standard contractual clauses, which can be found here: https://www.cloudflare.com/cloudflare-customer-scc/.

For more information about Cloudflare Turnstile, please refer to the privacy policy at https://www.cloudflare.com/cloudflare-customer-dpa/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when data is processed in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5666.