Privacy Policy

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Their contact details can be found in the “Information on the data controller” section of this privacy policy.

How do we collect your data?

Your data is collected when you provide it to us. This may be data that you enter in a contact form, for example. Other data is collected automatically or with your consent when you visit the website by our IT systems. This is primarily technical data (e.g., Internet browser, operating system, or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other order inquiries.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. You can contact us at any time if you have any further questions on the subject of data protection.

Analysis tools and third-party tools

When you visit this website, your surfing behavior may be statistically evaluated. This is done primarily with so-called analysis programs.

Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting and content delivery networks (CDN)

Our web hosting provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter: Hetzner).
The use of Hetzner is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Cloudflare

We use the “Cloudflare” service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed content delivery network with DNS. Technically, this means that the transfer of information between your browser and our website is routed through the Cloudflare network. This enables Cloudflare to analyze the data traffic between your browser and our website and to serve as a filter between our servers and potentially malicious data traffic from the Internet. In doing so, Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 (1) (f) GDPR).

Details and further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5666.

Data processing

3. General information and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g., when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

Information about the data controller

The controller for data processing on this website is:

Schorn & Groh GmbH Furniererzeugung Import / Export
Printzstraße 15 – 17
76139 Karlsruhe / Germany

Phone: 0721/9 62 45-0
E-Mail: info@sg-veneers.com

The data controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage period

Unless a more specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will take place once these reasons no longer apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR . In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TDDDG. Consent can be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if it is necessary to fulfill a legal obligation on the basis of Art. 6 (1) lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. The relevant legal basis in each individual case is explained in the following paragraphs of this privacy policy.

Data protection officer

We have appointed a data protection officer.

Dipl.-Inf. (FH) Tim Prinz

Datenschutz Prinz GmbH

Industriestr. 10

91154 Roth

Email: info@datenschutz-prinz.de

Note on data transfer to third countries that are not secure in terms of data protection law and transfer to US companies that are not DPF-certified

Among other things, we use tools from companies based in third countries that are not secure in terms of data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in third countries that are not secure in terms of data protection law.

We would like to point out that the US, as a secure third country, generally has a level of data protection comparable to that of the EU. Data transfer to the US is therefore permissible if the recipient is certified under the EU-US Data Privacy Framework (DPF) or has appropriate additional safeguards in place. Information on transfers to third countries, including data recipients, can be found in this privacy policy.

Recipients of personal data

We work with various external parties in the course of our business activities. In some cases, this requires the transfer of personal data to these external parties. We only pass on personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g. transfer of data to tax authorities), if we have a legitimate interest in the transfer pursuant to Art. 6 (1) lit. f GDPR, or if another legal basis permits the transfer of data. When using processors, we only transfer our customers’ personal data on the basis of a valid contract for data processing. In the case of joint processing, a contract for joint processing is concluded.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 (1) LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Information, correction, and deletion

Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients, and the purpose of data processing, and, if applicable, a right to correct or delete this data. You can contact us at any time for this purpose or if you have any further questions on the subject of personal data.

Right to restriction of processing

You have the right to request a restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of its deletion.
If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from its storage – only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to advertising emails

We hereby object to the use of contact data published within the scope of the legal notice requirements for sending unsolicited advertising and information material. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, for example through spam emails.

4. Data collection on this website

Cookies

Our websites use so-called “cookies.” Cookies are small data packets and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).

Cookies have various functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are necessary for the electronic communication process, for the provision of certain functions you have requested (e.g., for the shopping cart function) or for the optimization of the website (e.g., cookies for measuring the web audience) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively based on this consent (Art. 6 (1) (a) GDPR and § 25 (1) TDDDG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. You can find out which cookies and services are used on this website in this privacy policy.

Consent with Borlabs Cookie

Our website uses consent technology from Borlabs Cookie to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in accordance with data protection regulations. This technology is provided by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).

When you visit our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of Borlabs Cookie.

The collected data is stored until you request us to delete it, delete the Borlabs cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) lit. c GDPR.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website—for this purpose, the server log files must be collected.

Storage period

The server log files are stored for a maximum of 14 days and then deleted.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 (1) lit. b GDPR, provided that your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1) lit. f GDPR).

The data you enter in the contact form will remain with us until you request us to delete it or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

OpenAI

We use the OpenAI service provided by OpenAI Ireland Limited, 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland. Incoming inquiries via the forms on our website are checked and categorized. They are checked for spam, the language used in the inquiry, and the product categories requested. The data processed falls into the following categories: IP address, first and last name, email address; voluntary, additional information would be telephone number, company, and message content. A contract ensures that OpenAI does not use the processed personal data for training the AI. The OpenAI service is integrated into our CRM system in order to pre-sort and classify inquiries and assign them to the appropriate contact persons within our company.

Data processing is carried out on the basis of our legitimate interests pursuant to Art. 6 (1) lit. f GDPR, in order to assign inquiries to the correct contact persons as quickly as possible and thus process them as quickly as possible. Furthermore, OpenAI processes the data on our behalf in accordance with Art. 28 GDPR.

Storage period

The data is only stored by the provider OpenAI for the duration of the processing.

Right to object and right to erasure

You can object to the processing of your data at any time. In this case, it will no longer be possible to process your inquiries submitted via the forms on our website, and we ask you to contact us by phone or email.

Inquiries by email, telephone, or fax

If you contact us by email, telephone, or fax, your request, including all resulting personal data (first name, last name, telephone number/fax number, email address, request details), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 (1) lit. b GDPR, provided that your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 (1) lit. f GDPR).

The data you send us via contact requests will remain with us until you request us to delete it or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

Zoho CRM

We use Zoho CRM on this website. The provider is Zoho Corporation Pvt. Ltd., Estancia IT Park, Plot No. 140 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India (hereinafter “Zoho CRM”).

Zoho CRM enables us, among other things, to manage existing and potential customers and customer contacts and to organize sales and communication processes. The use of the CRM system also enables us to analyze and optimize our customer-related processes. Customer data is stored on Zoho CRM’s servers. Details on the functions of Zoho CRM can be found here: https://www.zoho.com/de/crm/help/getting-started/key-features.html.

The use of Zoho CRM is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the most efficient possible customer management and customer communication.

Data transfer to third countries (in this case: India) is based on the standard contractual clauses of the EU Commission.

For details, please refer to the Zoho CRM privacy policy: https://www.zoho.com/privacy.html and https://www.zoho.com/gdpr.html.

Data Processing

5. Analysis tools and advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that helps us integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It is used solely for the management and display of the tools integrated through it. However, for technical reasons, Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based exclusively on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

According to Google, the IP address is stored in technical logs for security and diagnostic purposes for a period of 14 days and then deleted.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used, and the origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the data sets collected and employs machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Storage period: Google Analytics cookies are stored on your device for up to two years. Event data stored by Google is automatically deleted after 2 months; stored user data is deleted after 14 months.

IP anonymization

Google Analytics IP anonymization is activated. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on how Google Analytics handles user data, please refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your approximate location (IP address), search history and YouTube history, as well as demographic data ( visitor data ). This data can be used for personalized advertising with the help of Google Signals. If you have a Google account, Google Signal visitor data is linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymous statistics on the user behavior of our users.

Data Processing

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics e-commerce measurement

This website uses the “e-commerce measurement” function of Google Analytics ( ). With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors in order to improve their online marketing campaigns.
Processed data: As part of e-commerce measurement, transaction IDs, product information (item name, item number/SKU, category), prices, quantities, total sales, tax and shipping costs, currency codes, and transaction timestamps are processed in particular. This data can be aggregated by Google under a transaction ID that is assigned to the respective user or their device.

The use of this function is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Storage period: The data is deleted in accordance with the settings we have made in Google Analytics. Event data (which includes transactions) is deleted after 2 months; other user data is deleted after 14 months.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available to Google (e.g., location data and interests) (target group targeting). As website operators, we can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

Within the scope of Google Ads, we process in particular your IP address, device and browser information (user agent), location data, referrer URLs, and interaction data (e.g., clicks on ads).

The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Storage period: Google Ads cookies usually expire after 30 days. Special cookies for conversion measurement can be stored for up to 90 days, and remarketing data for up to 540 days (18 months).

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when data is processed in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website are clicked how often and which products are viewed or purchased particularly frequently. This information is used to compile conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.

As part of conversion tracking, we process in particular your IP address, information about your browser and device (user agent), the referrer URL, the timestamp of the interaction, specific cookie data (e.g., the click ID “GCLID”), and information about the conversion that took place.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Storage period: Cookies set for conversion tracking generally expire after 90 days.

For more information about Google conversion tracking, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de.

6. Newsletter

Newsletter data

If you would like to subscribe to the newsletter offered on the website, we need your email address and your first and last name, which allow us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data is not collected or is collected on a voluntary basis only. We use newsletter service providers to process the newsletter, which are described below.

Zoho Campaigns

This website uses Zoho Campaigns to send newsletters. The provider is Zoho Corporation Pvt. Ltd., Estancia IT Park, Plot No. 140 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India (hereinafter “Zoho Campaigns”).

Zoho Campaigns is a service that can be used, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of receiving the newsletter is stored on the servers of Zoho Campaigns.

Data analysis by Zoho Campaigns

Zoho Campaigns enables us to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on. This allows us to determine, among other things, which links have been clicked on particularly often.

We can also see whether certain predefined actions were performed after opening/clicking (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter. If you do not want Zoho Campaigns to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. Zoho Campaigns also allows us to divide newsletter recipients into different categories (“clusters”). Newsletter recipients can be divided according to age, gender, or place of residence, for example. This allows us to better tailor the newsletter to the respective target groups. If you do not want Zoho Campaigns to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

For detailed information on the functions of Zoho Campaigns, please refer to the following link: https://www.zoho.com/campaigns/features.html.

The Zoho Campaigns privacy policy can be found at: https://www.zoho.com/privacy.html and https://www.zoho.com/gdpr.html.

Data processing is based on your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time with future effect.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.zoho.com/privacy.html.

Storage period

The data you provide us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list or after the purpose has ceased to exist . We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interests and our interests in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). There is no time limit for storage in the blacklist. You can object to the storage if your interests outweigh our legitimate interest.

Data processing

7. Plugins and tools

YouTube with extended data protection

This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, videos played in extended data protection mode are not used to personalize browsing on YouTube. Ads played in extended data protection mode are also not personalized. No cookies are set in extended data protection mode. Instead, however, so-called local storage elements are stored in the user’s browser, which, similar to cookies, contain personal data and can be used for recognition purposes. Details on extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.

When you visit one of these websites that has YouTube embedded, a connection to YouTube’s servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

Processed data: The processed data includes, in particular, your IP address, the referrer URL (the page you came from), information about the device and browser used (user agent), the time of access, and—if you are logged into Google—your Google account information.

Legal basis: The use of YouTube is based exclusively on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

Google Maps

This site uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This service allows us to embed map material on our website.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform font display. When you access Google Maps, your browser loads the required web fonts into your browser cache to display text and fonts correctly.

The use of Google Maps is based exclusively on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how user data is handled, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that is intended to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Wordfence

We have integrated Wordfence into this website. The provider is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).

Wordfence serves to protect our website from unwanted access or malicious cyber attacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the accesses made on our website and block them if necessary.

For security analysis and defense against attacks, Wordfence collects, in particular, your IP address, the time of access, the URL accessed (request path), information about your browser and operating system (user agent), and, if applicable, the referrer URL.

The use of Wordfence is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyber attacks.

Data transfer to the USA: Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.

Data processing

CleanTalk

This website uses anti-spam plugins from CleanTalk. The provider is CleanTalk Inc, 711 S Carson Street, suite 4, Carson City, NV, 89701, USA (hereinafter “CleanTalk”).

CleanTalk serves to protect our website from spam activities (e.g., preventing unwanted advertising, unwanted messages, or comments). For this purpose, CleanTalk collects various personal data such as IP address, email address, nickname of the message sender, information about the JavaScript technology in the sender’s browser, and the texts entered.

This information is usually transferred to a CleanTalk server in the USA and stored there.

For security reasons and to protect against spam, your data is processed in the CleanTalk Cloud Service and stored in log files for a maximum of 31 days. After this period, the data is completely deleted.

The use of CleanTalk is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its website from spam activities as effectively as possible.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://cleantalk.org/publicoffer#privacy.

Data processing

SolidWP

We have integrated SolidWP into this website. The provider is iThemes Media LLC (Liquid Web), 2703 Ena Dr., Lansing, MI 48917, USA (hereinafter “SolidWP”). SolidWP serves to protect our website from unwanted access or malicious cyber attacks. The plugin is installed locally on our servers. No data is transferred to the provider for regular visitors to our website. Only when attempts are made to log into the administrative area of the website (admin login) or when attacks on the website are detected are the IP address, the time, and data about the system used (user agent) analyzed. Only in the event of such an attack or login attempt will the IP address be transmitted to a central database of SolidWP in the USA (Network Brute Force Protection) in order to block the attack.

The use of SolidWP is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyber attacks. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://solidwp.com/privacy-policy/.

Lead Forensics

We use the Lead Forensics service on this website. The provider is Lead Forensics Limited, 3000 Lakeside Western Road, Portsmouth, England, PO6 3EN (hereinafter “Lead Forensics”).

Lead Forensics enables us to identify visits by companies to our website. For this purpose, the visitor’s IP address is collected and compared with the Lead Forensics company database. Only IP addresses that can be clearly assigned to legal entities (companies) are processed. According to the provider, private IP addresses are filtered out or not identified. The aim is to identify B2B contacts and optimize our online offering for business customers.

Processing is carried out on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in analyzing the user behavior of companies (B2B) in order to optimize its website and for marketing purposes.

Data transfer to a third country (United Kingdom): The provider is based in the United Kingdom (UK). The EU Commission has determined that the United Kingdom has an adequate level of data protection (adequacy decision). Separate approval or standard contractual clauses are therefore not required for the transfer.

You can object to data processing at any time. To do so, use the following opt-out link: http://lfwebproxy.westeurope.cloudapp.azure.com:5000/?clientID=72829.

Data processing

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with the provider. This contract ensures that Lead Forensics only processes the data in accordance with our instructions and in compliance with the GDPR.

For further details, please refer to Lead Forensics’ privacy policy: https://www.leadforensics.com/privacy-policy/.

8. eCommerce and payment providers

Processing of customer and contract data

We collect, process, and use personal customer and contract data for the establishment, content design, and modification of our contractual relationships. We collect, process, and use personal data relating to the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6 (1) lit. b GDPR.

The customer data collected will be deleted after completion of the order or termination of the business relationship and expiry of any statutory retention periods. Statutory retention periods remain unaffected.

Data transfer upon conclusion of a contract for services and digital content

We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the credit institution responsible for payment processing.

No further transfer of data will take place unless you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 (1) lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

9. Audio and video conferences

We use online conference tools, among other things, to communicate with our customers. The specific tools we use are listed below. If you communicate with us via video or audio conference over the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/use to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants, and other “contextual information” related to the communication process (metadata).

Furthermore, the tool provider processes all technical data required for online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded, or otherwise made available within the tool, it is also stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools, which we have listed below this text.

The conference tools are used to simplify and speed up communication with us and our company in general. The tools are used on the basis of our legitimate interest in effective communication with our customers and interested parties (Art. 6 (1) (f) GDPR).

Conference tools used

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

The use of Microsoft Teams is based on our legitimate interest in effective communication with our customers and interested parties (Art. 6 (1) (f) GDPR).

Data processing

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with the provider. This is part of Microsoft’s license terms (Data Processing Addendum). Details on data processing can be found in the Microsoft Teams privacy policy: https://www.microsoft.com/de-de/privacy/privacystatement.

Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6474.

10. Own services

Handling of applicant data

We offer you the opportunity to apply for a position with us (e.g., by email, post, or via our online application form). Below, we provide information about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions, and that your data will be treated as strictly confidential.

Scope and purpose of data collection: When you send us an application, we process your associated personal data to the extent necessary to decide whether to establish an employment relationship. The data processed includes, in particular, master data, contact and communication data (e.g., name, email address, telephone number, address, date of birth), application documents, qualifications and application photo, organizational data relating to the position, and notes taken during job interviews.

The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship) and Article 6(1)(b) of the GDPR (general contract initiation). Your personal data will only be passed on within our company to persons involved in processing your application.

If your application is successful, the data you submit will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 (1) lit. b GDPR for the purpose of implementing the employment relationship.

Use of HRworks (applicant management software) We use software from HRworks GmbH, Waldkircher Straße 28, 79106 Freiburg, Germany, to carry out our application process. We have concluded a contract for data processing (DPA) with this service provider in accordance with Art. 28 GDPR. This ensures that HRworks processes the data only in accordance with our instructions and in compliance with the GDPR.

Cookies

HRworks uses technically necessary (essential) cookies on our application page to ensure the secure upload of your documents and the functionality of the portal:

HrwJobApplicationmanagementSession: This cookie represents the user’s session on the job portal. It is necessary for operation in order to distinguish users from each other technically.
AWSALB and AWSALBCORS: These cookies from the hosting service provider AWS are required to assign requests to the correct server instance (load balancing) and to ensure the smooth upload of application documents.

Storage period

If we are unable to offer you a job, you reject a job offer, or you withdraw your application, we reserve the right to store the data you have provided on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular to provide evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e.g., due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 (1) (a) GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the applicant pool If we do not offer you a job, we may include you in our applicant pool. If you are included, all documents and information from your application will be transferred to the applicant pool so that we can contact you if a suitable vacancy arises.

Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 (1) (a) GDPR). Giving your consent is voluntary and is not related to the current application process. You can revoke your consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

11. Social media:

Information on data processing in the context of social media presence

Our presence on social media gives us the opportunity to inform interested parties and supporters about our work, to contact them directly, and to open a dialogue. We only process your data if you voluntarily contact us via the respective profile and enter into a dialogue with us there. This is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR, which serves as the legal basis for processing. We do not transfer data that we receive from you via the profiles to third parties. We do not store any personal data that is processed in the context of contact with us via the respective profile or that is made available to us by the provider of the respective profile. Processing generally only takes place within the respective profile.

We receive statistics about our accounts that are provided automatically via Insights functions. The statistics only contain aggregated data that cannot be traced back to individual persons. They are not identifiable to us. Please note that when you visit the respective profile, social media providers may also collect and store data from website visitors without a user account and use cookies and similar technologies, over which we have no control. Further information on the scope and purposes of the processing of your personal data, the storage period/deletion, and guidelines on the use of cookies and similar technologies by social media providers can be found in the privacy policy/cookie policy of the respective social network. There you will also find information about your rights and options for objection.

Meta / Facebook and Instagram

Facebook and Instagram are social networks owned by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Comprehensive information on data processing by Meta can be found in the Meta Privacy Center at the following link: https://www.facebook.com/privacy/policy. Meta’s cookie policy can be found at the following link: https://www.facebook.com/privacy/policies/cookies/?entry_point=cookie_policy_redirect&entry=0. Information on the creation and provision of these Page Insights by Meta can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data.

The regulation of joint responsibility between Facebook and us regarding these Page Insights can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.

Data subjects’ rights can be asserted with Meta Platforms Ireland Ltd. and, in some cases, with us. Transfers from the EU to the US group Meta Platforms, Inc. are certified under the US Adequacy Decision. For transfers to third parties, Facebook relies on the EU Standard Contractual Clauses. The terms of use for Instagram can be found here: https://help.instagram.com/581066165581870

Instagram feed (widget)

We integrate features of the Instagram service on this website. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We use a widget/plugin to display content from our Instagram profile (e.g., current posts or galleries) directly on our website. When you visit a page that contains such an element, your browser establishes a direct connection to Meta’s servers. Content is loaded and your IP address and information about the browser you are using are transmitted to Meta. This happens regardless of whether you have an Instagram account or are logged in there. If you are logged in to Instagram, Meta can associate your visit to our website with your user account.

The use of this service is based exclusively on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Further information on this can be found in Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.

YouTube

YouTube is a platform owned by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, and is part of Google Inc. We provide videos here for marketing purposes. No data is stored when these videos are accessed. You can find detailed information about the cookies and content set by YouTube in the cookie banner. When you visit our YouTube channel, YouTube processes your data in order to display the videos to you. Information on data processing by YouTube/Google for its own purposes can be found at: https://policies.google.com/privacy?hl=de. Processing by Google in the USA is covered by its participation in the US Adequacy Decision.

LinkedIn is a platform of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. In some cases, this involves a data processing relationship, and in other cases, LinkedIn and we, as the website operator, act as independent controllers. LinkedIn provides profile operators with so-called insights. Detailed information can be found in the Data Processing Agreement between us and LinkedIn: https://de.linkedin.com/legal/l/dpa.

LinkedIn uses data for its own purposes. Information on data processing by LinkedIn can be found here: https://de.linkedin.com/legal/privacy-policy?.

According to its own information, LinkedIn applies the EU standard contractual clauses for such third-country transfers for processing outside the EU/EEA. Processing by LinkedIn in the US is covered by its participation in the US Adequacy Decision.

Rights of data subjects

As a data subject, you have the following rights:

the right to request information about your personal data processed by us to the extent specified in Art. 15 GDPR;
pursuant to Art. 16 GDPR, the right to request the immediate correction of inaccurate or incomplete personal data stored by us;
pursuant to Art. 17 GDPR, the right to request the erasure of your personal data stored by us, unless further processing is necessary

– to exercise the right to freedom of expression and information;

– to comply with a legal obligation;

– for reasons of public interest, or

– to assert, exercise, or defend legal claims

is necessary;

pursuant to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, insofar as

– the accuracy of the data is disputed by you;

– the processing is unlawful, but you oppose its erasure;

– we no longer need the data, but you need it to assert, exercise, or defend legal claims; or

– you have objected to the processing pursuant to Art. 21 GDPR;

the right, pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller;
the right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDPR: The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart, poststelle@lfdi.bwl.de, www.baden-wuerttemberg.datenschutz.de

Right of objection for data subjects

Insofar as we process personal data as explained above in order to safeguard our legitimate interests, which prevail in the context of a balancing of interests, you may object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have a right to object if there are reasons arising from your particular situation. After you have exercised your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims. This does not apply if the processing is carried out for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.

Printzstraße 15 - 17, 76139 Karlsruhe / Germany

+49 721 96245-0

info@sg-veneers.com

GENERATIONAL CHANGE AT SCHORN & GROH

MINISTER PETER HAUK VISITS SCHORN & GROH

Privacy Policy

1. Data protection at a glance

General information

Data collection on this website

Who is responsible for data collection on this website?

How do we collect your data?

What do we use your data for?

What rights do you have regarding your data?

Analysis tools and third-party tools

2. Hosting and content delivery networks (CDN)

Data processing

Cloudflare

Data processing

3. General information and mandatory information

Data protection

Information about the data controller

Storage period

General information on the legal basis for data processing on this website

Data protection officer

Note on data transfer to third countries that are not secure in terms of data protection law and transfer to US companies that are not DPF-certified

Recipients of personal data

Revocation of your consent to data processing

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

Right to lodge a complaint with the competent supervisory authority

Right to data portability

Information, correction, and deletion

Right to restriction of processing

SSL or TLS encryption

Objection to advertising emails

4. Data collection on this website

Cookies

Consent with Borlabs Cookie

Server log files

Storage period

Contact form

OpenAI

Storage period

Right to object and right to erasure

Inquiries by email, telephone, or fax

Zoho CRM

Data Processing

5. Analysis tools and advertising

Google Tag Manager

Google Analytics

IP anonymization

Browser plugin

Google Signals

Data Processing

Google Analytics e-commerce measurement

Google Ads

Google Conversion Tracking

6. Newsletter

Newsletter data

Zoho Campaigns

Data analysis by Zoho Campaigns

Storage period

Data processing

7. Plugins and tools

YouTube with extended data protection

Google Maps

Wordfence

Data processing

CleanTalk

Data processing

SolidWP

Lead Forensics

Data processing

8. eCommerce and payment providers

Processing of customer and contract data

Data transfer upon conclusion of a contract for services and digital content

9. Audio and video conferences

Conference tools used

10. Own services

Handling of applicant data

Cookies