Data Privacy Statement

Carcoustics International GmbH, Neuenkamp 8, 51381 Leverkusen, Germany (hereinafter: “Carcoustics” or “we”) are pleased that you have expressed an interested in our company and our products. Data privacy is a core element of our activities. A transparent approach to processing personal data is thus of great importance to us. To improve legibility of the following text, the generic masculine linguistic form will be used throughout. We would like to explicitly point out that use of the masculine linguistic form should not be considered gender-specific.

 

As the party responsible for data privacy, we would like you to feel safe when visiting our Internet sites, also with regard to the protection of your personal data. We take the protection of your personal data very seriously. Compliance with German and European data privacy regulations is a matter of course for us.

 

Please see below for information on how we process your personal data when using our website and for the accompanying DATA PRIVACY STATEMENT.


Table of contents

I. Name and address of party responsible

II. Contact data of party responsible for data privacy

III. Provision of website and creation of log files

IV. Use of cookies

V. E-mail contact

VI. Contact form

VII. E-mail application and contact form

VIII. Corporate presence

IX. Use of corporate presence in professional networks

X. Hosting

XI. Software used

I. Name and address of party responsible

The party responsible in the context of the General Data Protection Regulation (GDPR) and other data privacy provisions is:

Carcoustics International GmbH

Neuenkamp 8

51381 Leverkusen

Germany

02171 900-0

info@carcoustics.com

www.carcoustics.de

II. Contact data for data protection supervisor

The data protection supervisor for the party responsible is:

DataCo GmbH

Dachauer Str. 65

80335 Munich

Germany

+49 89 7400 45840

www.dataguard.de

 

III. Provision of website and creation of log files

1. Description and scope of data processing

Each time our Internet site is accessed, our system automatically records data and information from the computer system of the calling computer (“log files”). In doing so, information on the IP address, the data and time of access, and other device information may be processed.

We have hired the company Mittwald to process our log files. For more information on the processing of log files by ourselves and by Mittwald, see here: www.mittwald.de/faq/service-informationen/faq/datenschutz-alles-wichtige-zur-dsgvo

 

2. Purpose of data processing

The system must temporarily store the IP address to enable delivery of the website to the user’s computer. The IP address must be stored for the duration of the session. This information is stored in log files to maintain functionality of the website. We also use the data to optimize the website and ensure the security of our information technology systems. The information is not evaluated for marketing purposes in this context.

The above purposes also represent our legitimate interest in data processing in accordance with Art. 6 (1), p.1, lit. f GDPR.

 

3. Legal basis for the data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) p. 1 lit. f GDPR.

 

4. Recipient

Our website is hosted exclusively on servers within Germany by our processor, Mittwald CM Service GmbH & Co.KG (hereinafter known as “Mittwald”), Königsberger Str. 4 - 6, 32339 Espelkamp, Germany. In doing so, Mittwald processes your personal data exclusively on the basis of our instructions and is accordingly obliged to comply with data privacy contracts in the sense of Article 28 GDPR.

 

5. Duration of storage

The data is deleted as soon as it is no longer required for achieving the purpose for which it was collected. In the case of capturing the data for availability of the website, this is when the respective session has ended.

For more information on the storage of your data, see here: www.mittwald.de/faq/service-informationen/faq/datenschutz-alles-wichtige-zur-dsgvo

 

6. Option to appeal and remove

The recording of data for availability of the website and the storage of data in log files is mandatory for the operation of the Internet site. As a result, there is no option to appeal on the part of the user.

IV. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files stored in the Internet browser, or rather, stored by the Internet browser on the user’s computer system. When a user calls up a website, a cookie can thus be stored on the user’s operating system. Cookies contain a character sequence which enables unique identification of the browser when the website is accessed again.

We use cookies to avoid spam (“Captcha”). The aim of the cookie is to check whether a data input is compliant and that it has not come from a bot. The cookie also authenticates the behavior of a website visitor with regard to a wide range of features. This may result in personal data being stored and evaluated, in particular the activity of the user (specifically mouse movements and which elements were clicked) and device and browser information (specifically the time, IP address and the operating system).

 

2. Purpose of data processing

The Captcha cookie is used to protect our online presence from misuse, for example, to avoid spam via our contact forms.

 

3. Legal basis for the data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) p. 1 lit. f GDPR.

 

4. Storage duration, option to appeal and remove

Cookies are stored on the user’s computer and the data is transferred from there to our site. As a user, you thus also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can also be automated. If cookies are disabled for our website, it may not be possible to use all functions of the website in full.

If you use a safari browser with version 12.1 or higher, cookies are deleted automatically after seven days. This also applies to opt-out cookies which are set to prevent tracking actions.

V. E-mail contact

1. Description and scope of data processing

On our Internet site, communication is possible via the e-mail address provided. In this case, the personal user data transmitted with the e-mail is saved. This data is used exclusively for processing the conversation.

 

2. Purpose of data processing

In the case of contact via e-mail, the required legitimate interest is also present in the processing of the data.

 

3. Legal basis for the data processing

The legal basis for the processing of the data is, in the presence of consent from the user, Art. 6 (1) lit. a GDPR.

The legal basis for the processing of the data which is transmitted via an e-mail is Art. 6 (1) lit. f GDPR.

If the goal of the e-mail contact is conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.

 

4. Duration of storage

No sent form data is saved. The inquiries are sent directly by mail. The data is deleted as soon as it is no longer required for achieving the purpose for which it was collected. For personal data sent via e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be concluded from the circumstances that the relevant facts have been finally clarified.

 

5. Option to appeal and remove

The user has the option at any time to revoke his consent for processing of the personal data by sending an e-mail to the above point of contact. If the user contacts us via e-mail, he can object to his personal data being saved at any time. If this is the case, the conversation cannot be continued.

In this case, all personal data that has been saved in the course of this communication is deleted.

VI. Contact form

1. Description and scope of data processing

Our Internet site includes a contact form which can be used to make contact electronically. If a user uses this option, data entered in the input template is transmitted to us and saved.

The following data is saved at the point when the message is sent:

  • e-mail address
  • name
  • first name
  • telephone / mobile number (optional)
  • IP address of calling computer
  • date and time of contact

Reference is made to this Data Privacy Statement for the processing of data.

Alternatively, contact can be made via the e-mail address provided. In this case, the personal user data transmitted with the e-mail is saved. This data is used exclusively for processing the conversation.

 

2. Purpose of data processing

The purpose of processing the personal data from the input template is solely to process the contact request. In the case of contact via e-mail, there is also the required legitimate interest in processing the data.

The other personal data processed during the mailing process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

3. Legal basis for the data processing

The legal basis for the processing of the data that is transmitted via an e-mail is Art. 6 (1) lit. f GDPR. If the goal of the e-mail contact is conclusion of a contract, an additional legal basis for the processing is Art. 6 (1) lit. b GDPR.

 

4. Duration of storage

No sent form data is saved. The inquiries are sent directly by mail. The data is deleted as soon as it is no longer required for achieving the purpose for which it was collected. For personal data sent via e-mail, this is the case when the respective conversation with the user has ended. The conversation is then terminated if it can be concluded from the circumstances that the relevant facts have been finally clarified.

 

5. Option to appeal and remove

If you contact us via e-mail, you can object to your personal data being saved at any time in accordance with Art. 21 GDPR. If this is the case, the conversation cannot be continued. In this case, all personal data that has been saved in the course of making contact is deleted.

VII. E-mail application and contact form

1. Scope of processing of personal data

Our Internet site provides a contact form which can be used for an electronic application or for general communication. If an applicant uses this option, data entered in the input template is transmitted to us and saved. This data is:

  • name
  • e-mail address
  • telephone number (optional) and
  • content of your message

There is also the possibility that you may be forwarded to the external URL jobs.carcoustics.com/go from the “Careers” tab on our job portal. There is a separate Data Privacy Statement under jobs.carcoustics.com/go for all data collected there and the website functions.

Alternatively, you can also send us your application via e-mail or by post. In this case, we record your e-mail address and the data shared by you in the e-mail.

 

2. Purpose of data processing

The purpose of processing the personal data from the contact form is solely to process your inquiry. In the case of contact via e-mail, there is also the required legitimate interest in processing the data.

The other personal data processed during the mailing process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

3. Legal basis for the data processing

The legal basis for processing your data is the contract initiation which is conducted upon the request of the person in question, Art. 6 (1) p. 1 lit. b Alt. 1, Art. 88 GDPR and § 26 (1) p. 1 BDSG and our legitimate interest is in accordance with Art. 6 (1) p.1 lit. f GDPR.

 

4. Storage duration

No sent form data is saved. The inquiries are sent directly by mail. The data is deleted as soon as it is no longer required for achieving the purpose for which it was collected. For personal data sent via e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended if it can be concluded from the circumstances that the relevant facts have been finally clarified.

 

5. Option to appeal and remove

If you contact us via e-mail, you can object to your personal data being saved at any time in accordance with Art. 21 GDPR. If this is the case, the conversation cannot be continued. In this case, all personal data that has been saved in the course of this communication is deleted.

VIII. Corporate presence and social media channels

We operate and use company presences in the following social networks:

YouTube, der YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States

On our company page, we provide information and offer YouTube users the opportunity to communicate. If you carry out an action on our YouTube corporate site (e.g. comments, posts, likes, etc.), you may make personal data (e.g. clear name or photo of your user profile) public. However, since we generally or to a large extent have no influence on the processing of your personal data by YouTube, which is jointly responsible for the Carcoustics Shared Services GmbH corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data.

Our corporate presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the corporate presence for:

The company website serves purely to provide information about the company and any vacancies within the company.

In this context, publications about the company's presence may include the following content:

  • Information about products
  • Information about services
  • Advertising

Every user is entitled to publish personal data through activities. The legal basis for data processing in this regard is Art. 6 para.1 p.1 lit. a DS-GVO. The data generated by the company website is not stored in our own systems.

At any time, you can object to the processing of your personal data that we collect in the course of your use of our YouTube corporate presence and assert your data subject rights as stated under IV. of this data protection declaration. To do so, send us an informal e-mail to info@carcoustics.com. You can find more information about the processing of your personal data by YouTube and the corresponding objection options here:

https://policies.google.com/privacy?gl=DE&hl=de

IX. Use of corporate presence in professional networks

We operate and use a corporate presence in the following professional networks:

1. Scope of data processing

We take the opportunity to have a corporate presence in professional networks. We have a corporate presence in the following professional networks:

LinkedIn:

LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland

XING:

XING SE, Dammtorstraße 30, 20354 Hamburg, Germany

We provide information on our page and offer communication options to the users.

The corporate presence is used for applications, information/PR and active sourcing.

We have no information on how your personal data is processed by the companies jointly responsible for our corporate presence. For more information, please see the Data Privacy Statement for:

LinkedIn: www.linkedin.com/legal/privacy-policy

XING: https://privacy.xing.com/en/privacy-policy

If you perform an action on our YouTube corporate presence (e.g. comment, contribution, likes, etc.), it may be the case that your personal data (e.g. real name or photo from your user profile) becomes public as a result.

 

2. Purpose of data processing

Our corporate presence serves to inform users about our services. Each user is free to publish their personal data through activities.

 

3. Legal basis for the data processing

The legal basis for the processing of the data is, in the presence of consent from the user, Art. 6 (1 1) p. 1, lit. a GDPR.

The legal basis for processing your data in conjunction with using our corporate presence is Art. 6 (1), p. 1, lit. f GDPR.

 

4. Duration of storage

We store your activities published via our corporate presence and your personal data until consent is revoked. We also uphold the statutory retention periods.

 

5. Option to appeal and remove

You can object to the processing of the personal data that we record while you are using our corporate presence at any time and assert your data subject rights as specified under IV of this Data Privacy Statement. To do so, please send an informal e-mail to the e-mail address specified in this Data Protection Statement.

For further information on the option to appeal and remove, see here:

LinkedIn: www.linkedin.com/legal/privacy-policy

XING: privacy.xing.com/en/privacy-policy

X. Hosting

We have commissioned a service provider, Mittwald CM Service GmbH & Co.KG, to host the website on their servers.

The servers automatically collect and save information in server log files, which your browser automatically submits when visiting the website. The saved information is:

  • browser type and browser version
  • operating system used
  • referrer URL
  • host name of accessing computer
  • date and time of server query
  • IP address

This data is not merged with other data sources. This data is captured on the basis of Art. 6 (1), lit. f GDPR. The website operator has a legitimate interest in the technically faultless display and optimization of his website – to do so, the server log files must be captured.

The geographical location of the website server is in Germany.

For more information on how we and Mittwald process the log files, see here: www.mittwald.de/faq/service-informationen/faq/datenschutz-alles-wichtige-zur-dsgvo

XI. Software used

We use software for different purposes. The software used is listed below:

Use of Microsoft

1. Scope of processing of personal data

By using Microsoft Office 365, we use functionality provided by the Microsoft Corporation, One Microsoft Way, 98052, Redmond, Washington, USA and their representatives in the European Union, Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland

(hereinafter: known as Microsoft).

With Microsoft Office 365, we can organize our internal processes, specifically the sending and receipt of e-mails using Outlook and the storage of information in SharePoint or OneDrive.

In doing so, it cannot be ruled out that data may be processed on Microsoft servers in the USA, which the European Commission does not recognize as a country with an appropriate data protection level. To ensure suitable guarantees to protect the transmission and processing of personal data outside of the EU, data transmission to and data processing by Microsoft is carried out on the basis of suitable guarantees in accordance with Art. 46 ff. GDPR, specifically through the conclusion of standard data protection clauses as per Art. 46 (2), lit. c GDPR. A copy of the suitable guarantees can be requested by sending an informal e-mail to the point of contact mentioned above. For more information on how Microsoft processes the data, see here: https://privacy.microsoft.com/de-de/privacystatement

 

2. Purpose of data processing

The Microsoft applications are used for communication, storage, and internal organization and administration.

 

3. The legal basis for processing personal data

The legal basis for the data processing is Art. 6 (1), p. 1, lit. GDPR. Our legitimate interest here is in the purpose of data processing specified under 2.

 

4. Duration of storage

Your personal information is stored for as long as is required to fulfill the purpose described in this Data Privacy Statement, or as prescribed by law, e.g. for tax and accounting purposes.

 

5. Option to appeal and remove

As an affected person, you have the right, at any time, to submit an objection to the processing of personal data relating to you that is carried out in accordance with Article 6 (1), lit. e or f, for reasons arising from your particular situation. This also applies to profiling based on these provisions. As the party responsible, we will no longer process personal data unless we can prove compelling reasons for processing worthy of protection that outweigh the interests, rights and freedoms of the affected person, or the processing serves the assertion, exercise or defense of legal claims.

You can object to your personal data being evaluated for marketing purposes by Microsoft here: http://choice.microsoft.com/de-DE/opt-out

For further information on the options to appeal and remove from

Microsoft, please see https://privacy.microsoft.com/en-gb/privacystatement

 

The use of YouTube videos on our website

 

1. scope of the processing of personal data

We use YouTube videos, of Google Ireland Limited, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter: Google). We use YouTube to embed videos from YouTube on our online presence. When visiting our online presence, your browser establishes a connection with YouTube's servers. Personal data may be stored and evaluated as a result, including.

  • the user's activity (in particular which pages have been visited and which elements have been clicked on) as well as
  • device and browser information (in particular the IP address and the operating system).

We have no influence on the content of YouTube's processing activities. If you are logged into your YouTube account during your visit, Google can associate your website visit with this account. Through interaction with YouTube, this corresponding information is transmitted directly to Google and stored there.

For more information on the processing of data by Google, click here: policies.google.com/privacy

 

2. purpose of data processing

The use of videos on our website serves to improve user-friendliness and an appealing presentation of our online presence.

 

3. legal basis for the processing of personal data

The legal basis for the processing of users' personal data is, in principle, the user's consent pursuant to Art. 6 (1) p.1 lit. a DS-GVO. Cookies are only set when you press "Play" or "Abspielen".

 

4 Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.

 

5. revocation and removal option

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can prevent the collection as well as the processing of your personal data by Google by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, disabling the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can deactivate the use of your personal data by Google using the following link: adssettings.google.de

You can find more information about objection and removal options vis-à-vis Google here: https://policies.google.com/privacy?gl=DE&hl=de

 

6. danger notice

It cannot be ruled out that your personal data will also be transferred to the USA. There is no adequacy decision for the USA according to Art. 45 (3) DS-GVO. Furthermore, there are no appropriate safeguards according to Art. 46 DS-GVO. We would like to point out that data transfer without an adequacy decision and without appropriate safeguards entails certain risks, which we would like to inform you about below:

Intelligence services in the USA use certain online identifiers (such as the IP address or unique identification numbers) as a starting point for monitoring individuals. In particular, it cannot be ruled out that these intelligence services have already collected information about you, with the help of which the data transmitted here can be traced back to you.

Providers of electronic communications services headquartered in the United States are subject to surveillance by U.S. intelligence agencies pursuant to 50 U.S. Code § 1881a ("FISA 702"). Accordingly, providers of electronic communications services headquartered in the U.S. have an obligation to make personal data available to U.S. authorities pursuant to 50 U.S. Code § 1881a.

Even encryption of data at the electronic communications service provider's data centers may not provide adequate protection because, with respect to imported data in its possession or custody or under its control, an electronic communications service provider has a direct obligation to provide access to or surrender such data. This obligation may expressly extend to the cryptographic keys without which the data cannot be read.

The fact that this is not merely a "theoretical risk" is demonstrated by the ECJ's judgment of July 16, 2020, C-311/18.