Contatto
Hotline di assistenza: +49 (0) 40-328079-0
E-Mail: info(at)boltze.de

Informativa sulla protezione dei dati


This policy provides information about the collection of personal data when using the website www.boltze.com (hereinafter "website") and when contacting us by email or telephone. Personal data is any data that could be related to you personally, e.g. your name, address, email addresses, user behaviour

I. Name and contact details of the data controller and the data protection officer

1. The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is BOLTZE Gruppe GmbH, Alte Landstraße 42, 22145 Braak, tel.: +49 (0) 40 328079-0, fax: +49 (0) 40 328079-4999, email: info(at)boltze.de, see our legal notice www.boltze.com/impressum.

 

2. You can contact our data protection officer at datenschutzbeauftragter(at) boltze.de or at our address with the addition "Der Datenschutzbeauftragte".

 

II. Information about the collection and disclosure of personal data

1. We only collect your personal data as a customer, prospective customer or supplier if you provide it to us voluntarily by email, chatbot, post, telephone or - for example in our showrooms or during trade fair visits - in person. We then collect the information that comes about in the course of our contact with you. This includes, in particular, names and transmitted contact details, date and reason for contact. The personal data collected from you will only be used for the purpose of providing you with the requested products or services (legal basis Art. 6 para. 1 lit. b) GDPR), or for other purposes for which you have given your consent (legal basis Art. 6 para. 1 lit. a) GDPR) and which are described in this privacy policy. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing.

2. You are not obliged to provide the aforementioned personal data. The data provided may be necessary for the conclusion of a contract. Without provision of the data, it may not be possible to communicate or to conclude or process a contract.

3. The data relevant in each individual case is transferred on the basis of the statutory provisions or a contractual agreement to public bodies in the event of overriding legal provisions, to external service providers or other contractors, such as agencies working for us, and to other external bodies, such as commercial agents, insofar as you have given your consent (Art. 6 para. 1 lit. a) GDPR) or a transfer is permitted in our overriding interest (Art. 6 para. 1 lit. f) GDPR). If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

4. The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data provided, this is the case when the respective conversation with you has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. Insofar as the data provided is subject to retention obligations under tax and commercial law, it is stored for the obligatory retention period of ten years and then erased unless you have consented to storage beyond this or further processing of the data is necessary for the assertion, exercise or defence of legal claims. The legal basis for processing of personal data for the purpose of fulfilling the statutory archiving and retention obligations is Art. 6 para. 1 lit. c) GDPR.

 

5. Transmission and processing of personal data within the Boltze Group

5.1 As a legally independent company within the Boltze Group, we work together with Boltze Ideen Deutschland GmbH & Co KG , which is also part of the Boltze Group, in the area of marketing and sales. For this reason, customer data, e.g. name, address, contact details, purchase history, preferences and/or other marketing data, are transmitted by us to Boltze Ideen Deutschland GmbH & Co KG for marketing and sales purposes (customer administration, marketing campaigns, product sales, etc.) and processed there for the purposes indicated. Legal basis for the transmission Art. 6 para. 1 lit. b) GDPR (fulfilment of contract) or Art. 6 para. 1 lit. f GDPR (legitimate interest). This does not involve any transfer to a third country (not a member state of the EU/EEA) or an international organisation.

5.2 We and Boltze Ideen Deutschland GmbH & Co KG are jointly responsible for the processing of the relevant customer data. As part of this cooperation, we have entered into an agreement with Boltze Ideen Deutschland GmbH & Co. KG in accordance with Art. 26 para. 1 GDPR on joint responsibility and agreed who fulfils which obligations under the GDPR. This applies in particular to the exercise of the rights of data subjects and the fulfilment of information obligations pursuant to Art. 13 and 14 GDPR. We will be happy to provide you with the main contents of the agreement on request. You can assert your rights as a data subject both with us and with Boltze Ideen Deutschland GmbH & Co. You will then generally receive feedback from the office to which you have asserted your rights. To this end, each party will provide the other with all necessary information from its area of responsibility.

 

III. Collection of personal data on our website

1. Visiting our website

1.1 If you use the website purely for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the data that is technically necessary for us to display our website to you and to ensure its stability and security:

•           IP address

•           Date and time of the request

•           Time zone difference from Greenwich Mean Time (GMT)

•           Content of the request (specific page)

•           Access status/HTTP status code

•           Volume of data transmitted in each case

•           Website from which the request comes

•           Browser

•           Operating system and its interface

•           Language and version of the browser software.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

1.2 The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f) GDPR.

1.3 Temporary storage of your IP address by the system is necessary to enable delivery of the website to your browser. Your IP address must be stored for this purpose for the duration of the session. Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in data processing according to Art. 6 para 1. lit. f) GDPR. An evaluation of the data for marketing purposes does not take place in this context.

1.4 The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. In the case of collection of data for the provision of the website, this is the case when the session ends

1.5 Collection of data when you visit the website and storage of the data in log files is absolutely essential for the operation of the website. There is therefore no option to object on your part.

 

2. Use of cookies

2.1 When you use our website, cookies are stored on your computer system. Cookies are text files that are stored in your internet browser or by your internet browser on your computer system. When you visit a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when the website is accessed again.

2.2 There are different ways of distinguishing between cookies:

Firstly, there is a distinction between first- and third-party cookies, depending on where a cookie comes from:

First-party cookies are cookies that are set and accessed by the operator of the website as the controller or by a processor commissioned by the operator. Third-party cookies are cookies that are set and accessed by controllers other than the website operator who are not acting as processors on behalf of the website operator.

In addition, a distinction can be made between transient and persistent cookies, depending on the validity period:

Transient cookies (session cookies) are cookies that are automatically deleted when you close your browser. Persistent cookies are cookies that remain stored on your end device for a certain period of time after you close the browser.

Furthermore, a distinction can be made between cookies that do not require consent and those that do:

depending on their function and purpose, the use of certain cookies may require the consent of the user. In this respect, cookies can be differentiated according to whether the user’s consent is required for their use.

2.3 You give your consent to the use of cookies on our website by means of a so-called “cookie banner”:

when you access our website, we display the “cookie banner”. You can declare your consent to the use of all cookies requiring consent on our website by pressing the “Accept all” button on the cookie banner. Alternatively, you can completely reject the use of cookies requiring consent by clicking on the “Reject” button. This decision is stored in a cookie. If you click on the “More” link on our cookie banner or, if the banner is not displayed (or has disappeared), on the blue icon at the bottom right, you will be taken to our “cookie dashboard”, where you can adjust your specific privacy settings. You can select the cookies that you wish to accept individually; and you can also adjust the selection at a later date. We store your cookie settings in the form of a cookie on your end device so that, when you return to the website, we can determine whether you already have cookie settings in place.

Cookies required for the website to function cannot be disabled via the website’s cookie management function. However, you can generally disable these cookies in your browser at any time. Different browsers offer different ways to configure the cookie settings in the browser. Further detailed information on this can be found, for example, at www.allaboutcookies.org/how-to-manage-cookies. However, we would like to point out that some functions of the website may not work or may not work properly if you disable cookies generally in your browser.

2.4 Usercentrics Consent Management Platform ("CMP")

We use the services of the “Usercentrics Consent Management Platform” of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (“Usercentrics”) for our cookie banner. Usercentrics collects log file and consent data using JavaScript. This JavaScript enables us to inform users of their consent to certain cookies and other technologies on our website and to obtain, manage and document that consent.

Usercentrics is therefore a recipient of your data within the meaning of Art. 13 para. 1 lit. e) GDPR. We transmit personal data (consent data) to Usercentrics within the framework of a commissioned data processing agreement with Usercentrics. Consent data means the following data: date and time of visit or consent/refusal, information about the type and version of your internet browser, information about the operating system of your computer or smartphone, your internet service provider, your IP address (anonymised) and the internet pages from which you accessed us.

The data is processed for the purpose of complying with legal obligations (obligation to provide evidence pursuant to Art. 7 para. 1 GDPR) and the associated documentation of consent and thus on the basis of Art. 6 para. 1 lit. c) GDPR. The purpose is to be aware of users’ preferences and to act accordingly.

Local storage is used to store the data, and consent data (consent given and consent revoked) is stored in a consent database within the European Union. The consent data (consent given) is stored for three years, unless longer storage has been expressly agreed. Notice of revocation of consent previously given is also kept for three years. The retention is based, among other things, on our accountability under Art. 5 para. 2 GDPR. “Usercentrics CMP” is not a cookie. Usercentrics itself does not use cookies, but local storage.

You can permanently prevent the execution of JavaScript at any time by adjusting the relevant settings in your browser, which would also prevent Usercentrics from running its JavaScript.

For more information about the privacy policy of Usercentrics, please visit: https://usercentrics.com/privacy-policy.

 

3. Other functions and services on our website

3.1 In addition to the purely informational use of our website, we offer various services that you can use if you are interested. This usually requires you to provide further personal data which we use to provide the relevant service and to which the aforementioned data processing principles apply.

3.2 We may also pass on your personal data to third parties if participation in promotions, competitions, conclusion of contracts or similar services are offered by us in conjunction with partners. You will receive more information about this when you provide your personal data or you can find it below in the description of the service.

3.3 Insofar as our service providers or partners have their registered office in a state outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the service.

 

4. Use of contact forms or chatbots

4.1 Further personal data is only collected if you provide it to us voluntarily via our contact forms or chatbots. We then collect the information that comes about in the course of our contact with you. This includes, in particular, names and transmitted contact details, date and reason for contact. We only use the personal data collected from you for the purpose of providing you with the requested products or services (legal basis Art. 6 para. 1 lit. b) GDPR), or for other purposes for which you have given your consent (legal basis Art. 6 para. 1 lit. a) GDPR) and which are described in this privacy policy. Your consent, for example to accept cookies set by third-party providers or for web tracking by them, can also be given in the appropriate technical settings of your browser. You have the option to revoke your consent to the processing of personal data at any time.

4.2 The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form or the personal data entered by you in a chatbot, this is the case when the respective conversation with you has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

 

5. Use of our B2B dealer portal my.Boltze

5.1 Registration and the creation of a user account (“my.Boltze-Account”) is required for the use of our B2B dealer portal, which may only be used for commercial trade. The following data is collected as part of the registration process: title, first name, last name and email address. A password must also be set. The aforementioned data is stored revocably. Deletion of your user account is possible at any time and can be initiated by sending a message using the contact details above. The legal basis for the processing of this personal data is Art. 6 para. 1 lit. b) GDPR.

5.2 If you wish to place an order in our B2B merchant portal, it is necessary for conclusion of the contract that you provide the personal data that we require to process your order. Mandatory information required for the processing of contracts is marked specifically as such; other information is voluntary. The legal basis for the processing of this personal data is also Art. 6 para. 1 lit. b) GDPR.

5.3 Your address and payment and order details are stored for the obligatory retention period under tax and commercial law of ten years after completion of the contract and then erased, unless you have consented to storage beyond this or further processing of the data is necessary for the assertion, exercise or defence of legal claims. The legal basis for processing of personal data for the purpose of fulfilling the statutory archiving and retention obligations is Art. 6 para. 1 lit. c) GDPR.

5.4 We process the data you provide to deal with your order. In order to fulfil the contract, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the order process, we pass on the payment data collected for this purpose to the financial institution commissioned with the payment and, if applicable, to the payment service providers commissioned by us or the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. You must then log in to the payment service provider with your access data during the order process. In this respect, the privacy policy of the respective payment service provider applies. We are entitled to disclose personal data in the aforementioned cases pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR. Our service providers may only process or use your data for the purpose for which it was transmitted to them, as necessary. Where data is passed on to external service providers, we have taken technical and organisational measures to ensure that the data protection regulations are observed.

5.5 You are not obliged to provide the aforementioned personal data. The data provided is necessary for the conclusion of a contract. Without provision of the data, it may not be possible to communicate or to conclude or process a contract.

 

6. Newsletter

6.1 With your consent, you can subscribe to our newsletter, by means of which we inform you about our latest interesting offers. The advertised goods and services are specified in the declaration of consent.

6.2 We use the so-called double-opt-in procedure to register for our newsletter. This means that, following your registration, we send you an email to the email address you have provided, in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of the process is to be able to prove your registration and, if necessary, to clarify any misuse of your personal data. The legal basis is Art. 6 para. 1 lit. a) and c), Art. 7 para. 1 GDPR.

6.3 The only mandatory information for sending the newsletter is your email address. The provision of further, specifically marked data is voluntary and is used to address you personally. Following your confirmation, we store your email address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 lit. a) GDPR. The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. The user’s email address is therefore stored for as long as the subscription to the newsletter is active.

6.4 You can revoke your consent to receipt of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation of consent by clicking on the link provided in every newsletter email or by sending a message to the contact details provided in the legal notice.

6.5 We use the services of “Evalanche” for the distribution of newsletters. The provider of the “Evalanche” services is SC-NETWORKS GmbH, Enzianstr. 2, 82319 Starnberg, Germany.

Evalanche is a service that can be used to organise and analyse the sending of newsletters, among other things. The data you enter for the purpose of receiving our newsletter is stored on Evalanche servers in Germany.

If you do not want Evalanche to carry out any analysis, you can unsubscribe from the newsletter at any time. We provide a link for this in every newsletter. You can also unsubscribe from the newsletter directly on the website.

(a) Data analysis by Evalanche

With the help of Evalanche, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, you have clicked on. In this way, we can determine, among other things, which links have been clicked on particularly often. We can also see whether certain previously defined actions have been carried out after opening/clicking (conversion rate). Among other things, this enables us to recognise whether you have visited a website after clicking on the newsletter. Evalanche also allows us to subdivide (“cluster”) newsletter recipients according to different categories. For detailed information about the functions of Evalanche, see the following link:

https://www.sc-networks.de/loesungen/enterprise/.

(b) Legal basis

Data processing is based on your consent (Art. 6 para. 1 (a) GDPR). You can revoke this consent at any time. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.

(c) Storage period

The data you provide for the purpose of receiving the newsletter is stored by us until you unsubscribe from the newsletter and will be erased from our servers and from the servers of Evalanche after you have unsubscribed. Data stored by us for other purposes (e.g. email addresses for enquiries) remains unaffected by this. For more details, please refer to Evalanche’s privacy policy at https://www.sc-networks.com/data-protection.

(d) Conclusion of a commissioned data processing agreement

We have concluded a commissioned data processing agreement with SC-Networks GmbH/Evalanche, in which we oblige Evalanche, among other things, to protect the data of newsletter recipients and not to disclose it to third parties.

 

7. Web analytics

7.1 Google Analytics 4

(a) We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google Analytics"): "Google"), version 4, as an analysis service for the statistical evaluation of our website. This includes, for example, the number of visits to our website, sub-pages visited and the time spent by visitors.

Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users. This information is used, among other things, to compile reports on website activity.

When using Google Analytics 4, the IP address transmitted by your end device when you use the website is always collected and processed in anonymised form by default and automatically, so that the information collected cannot be directly linked to a person. This automatic anonymisation takes place by Google truncating the IP address transmitted by your device within member states of the European Union (EU) or other signatory states to the Agreement on the European Economic Area (EEA).

(b) The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TDDDG.

(c) We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Data is transferred to the USA in accordance with Art. 45 para. 1 GDPR on the basis of the European Commission's adequacy decision. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework.

In addition, before a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the cookie banner used by us (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

(d) The specific storage period of the processed data cannot be influenced by us, but is determined by Google. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

 

7.2 Matomo

(a) We use the open source web analysis service Matomo.

(b) With the help of Matomo, we are able to collect and analyse data about the use of our website by visitors to the website. This allows us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether visitors to the website perform certain actions (e.g. clicks, purchases).

(c) The use of Matomo is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TDDDG.

(d) We use IP anonymisation for the analysis with Matomo. Your IP address is shortened before it is analysed so that it can no longer be clearly assigned to you.

(e) We have configured Matomo so that Matomo does not store cookies in your browser.

(f) We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

 

8. Google Ads

We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to display targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users.

Google Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Google Ads also delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider.

If you are registered with a Google Ireland Limited service, Google Ads can assign the visit to your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider will find out and store your IP address and other identification features.

In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited.

Google Ads Remarketing

This website also uses the functions of Google Ads Remarketing. With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently show them interest-based advertising in the Google advertising network (remarketing or retargeting).

Google Ads Customer Match

We also use the Google Ads Customer Match service to target potential new customers as part of our online advertising. We transmit selected information from our customer base - in particular email addresses and, if applicable, other details such as postcode, country or sector - to Google in encrypted form. The personal data (e.g. email address) is encrypted using a hashing process (e.g. SHA256) before transmission. The non-personal data is added unencrypted in order to increase the accuracy of the target group.

Google compares the hashed data with existing Google user accounts and can thus create target groups ("customer match audiences") or so-called "similar audiences". This enables us to target our Google adverts more specifically at user groups that are similar to our existing customers. Data processing takes place within the framework of the technical and organisational security measures used by Google, including an ISO 27001-certified infrastructure.

The use of Google Ads (including Google Ads Remarketing and Google Ads Customer Match) is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Data is transferred to the USA in accordance with Art. 45 para. 1 GDPR on the basis of the European Commission's adequacy decision. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework.

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 lit. a GDPR, which you give via the consent via cookie banner or elsewhere. We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Ads: https://policies.google.com/privacy.

 

9. Google Tag Manager

We have integrated the Google Tag Manager on our website. Google Tag Manager is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and is used to manage website tags via an interface. The tool itself (which implements the tags) does not process any personal user data. However, it triggers other tags, which in turn may collect data under certain circumstances

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Data is transferred to the USA in accordance with Art. 45 para. 1 GDPR on the basis of the European Commission's adequacy decision. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework.

In addition, we obtain your consent in accordance with Art. 49 para. 1 lit. a GDPR before such a third country transfer, which you give via the consent via cookie banner or elsewhere. We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Ads: policies.google.com/privacy.

 

10. Meta Pixel

We use the Meta Pixel of the social network Facebook/Instagram, operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the meta pixel, we can track the behaviour of visitors after they have been redirected to our website by clicking on a Facebook or Instagram ad. This enables us to evaluate the effectiveness of our advertisements for statistical and market research purposes and to optimise our advertising measures. Meta may link the data collected in this way to your Facebook or Instagram account and also use it for its own advertising purposes in accordance with the Meta Data Policy.

The use of meta pixels is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Data is transferred to the USA in accordance with Art. 45 para. 1 GDPR on the basis of the European Commission's adequacy decision. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework.

In addition, we obtain your consent in accordance with Art. 49 para. 1 lit. a GDPR before such a third country transfer, which you give via the consent via cookie banner or elsewhere. We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

The specific storage period of the processed data cannot be influenced by us, but is determined by Meta Platforms Ireland Limited. Further information can be found in Meta's privacy policy: www.facebook.com/about/privacy/.

 

11. LinkedIn Insight Tag

We use the LinkedIn Insight Tag on our website, an analytics service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. With the help of the Insight Tag, we receive information about how visitors interact with our website (e.g. page views, conversion measurement, target group formation for adverts). In particular, LinkedIn processes the URL, referrer URL, IP address, device and browser properties and timestamp. LinkedIn may also link the data collected to your LinkedIn user account and use it for its own purposes.

The LinkedIn Insight Tag is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Data is transferred to the USA in accordance with Art. 45 para. 1 GDPR on the basis of the European Commission's adequacy decision. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework.

In addition, we obtain your consent in accordance with Art. 49 para. 1 lit. a GDPR before such a third country transfer, which you give via the consent via cookie banner or elsewhere. We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

The specific storage period of the processed data cannot be influenced by us, but is determined by LinkedIn Ireland Unlimited Company. Further information can be found in the privacy policy of LinkedIn Ireland Unlimited Company: https://www.linkedin.com/legal/privacy-policy.

 

12. Linking to social media channels

We offer links to the following social media channels on our website: Facebook, Instagram, Pinterest, Xing and LinkedIn. We do not process personal data through the link. We do not use social media plugins on our website.

 

13. Use of our social media pages

13.1 We maintain publicly accessible profiles in various social networks. Visiting those profiles initiates a variety of data processing operations. You are not obliged to provide us with your personal data when using our social media pages. However, this may be necessary for individual functions of our pages. These functions are only available to you to a limited extent, if at all, if you do not provide us with your personal details.

13.2 When you visit our social media pages, your personal data is collected, used and stored not only by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile on the social network in question. The individual data processing operations and their scope differ depending on the operator of the social network, and they are not necessarily known to us. For details about the collection and storage of your personal data and the type, scope and purpose of use by the operator of the social network, please refer to the privacy policies of the respective operator:

13.3 As the operator of the respective social media site, we can only view the information stored in your public profile, and only if you have such a profile. In addition, the respective operator of the social network provides us with anonymous usage statistics, which we use to improve the user experience when visiting our social media page. We do not have access to the usage data that the operator of the social network collects to create these statistics. The respective operator of the social network has undertaken to us to assume primary responsibility under the GDPR for the processing of this data, to fulfil all obligations under the GDPR with regard to this data and to make the essential provisions of this obligation available to the data subjects. This data processing serves our (and your) legitimate interest in improving the user experience for specific target groups who visit our social media site. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f) GDPR.

13.4 If you use our social media pages to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data you provide us with will be processed by us exclusively for the purpose of contacting you. The legal basis for the data collection is Art. 6 para. 1 lit. a) and b) GDPR. We erase stored data as soon as its storage is no longer required or you request us to erase it; in the case of statutory retention obligations, we limit processing of the stored data accordingly.

 

14. YouTube video

14.1 We have integrated YouTube video on our website. YouTube Video is a component of the website operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "YouTube"): "Google"), a video platform on which users can upload content, share it over the Internet and obtain detailed statistics. All YouTube videos on our website are integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to Google if you do not play the videos. When you play YouTube videos, Google receives the information that you have accessed the corresponding subpage of our website. In addition, basic data such as your IP address and the time stamp are transmitted. This takes place regardless of whether you are registered with Google and/or logged in. If you are logged in to Google, your data is assigned directly to your account. If you do not wish to be associated with your profile, you must log out before playing YouTube videos.

14.2 The use of YouTube Video is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TDDDG.

14.3 We intend to transfer personal data to third countries outside the EEA, in particular the United States of America. Data is transferred to the USA in accordance with Art. 45 para. 1 GDPR on the basis of the European Commission's adequacy decision. The companies involved and/or their subcontractors based in the United States of America are certified in accordance with the EU-U.S. Data Privacy Framework. In cases where there is no adequacy decision by the European Commission (including companies based in the United States of America that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR with the recipients of the data. Unless otherwise stated, these are the standard contractual clauses of the EU Commission.

14.4 In addition, we obtain your consent in accordance with Art. 49 para. 1 lit. a GDPR, which you give via the consent via cookie banner or elsewhere, before such a third country transfer. We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

14.5 The specific storage period of the processed data cannot be influenced by us, but is determined by Google. Further information can be found in the privacy policy for YouTube Video: https://policies.google.com/privacy.

 

15. Google Fonts

We have integrated Google Fonts on our website. Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Fonts are integrated locally on our web server. Personal data (e.g. IP addresses) is not transmitted to Google servers. The use is based on Art. 6 para. 1 lit. f GDPR from our legitimate interest in a uniform and appealing presentation of our website. Further information on Google Fonts can be found in Google's privacy policy: https://policies.google.com/privacy.

 

16. Prismic CMS

We use the Prismic service, operated by Prismic Group, 9 Rue des Colonnes, 75002 Paris, France, for the management and provision of website content. Prismic provides a content management system (CMS) that is used to manage and deliver the content of our website. Technical information (e.g. IP address, browser type, access time, requested content) is processed in order to deliver the content to your browser. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR out of our legitimate interest in the efficient, secure and high-performance provision of our website. Prismic may use sub-processors in third countries for individual processing steps, including in the USA, for example the infrastructure provider Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. The storage and processing usually takes place on AWS servers within the European Union. However, the transfer of personal data to third countries cannot be ruled out in individual cases, for example in the context of support or maintenance services. Data is transferred to the USA in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework.  Further information can be found in Prismic's privacy policy: https://prismic.io/legal/privacy.

 

17. Rackspace

For email and cloud services, we use the services of Rackspace Technology, operated in Europe by Rackspace Ltd, 5 Millington Road, Hyde Park Hayes, Middlesex, UB3 4AZ, United Kingdom.  The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR out of our legitimate interest in a reliable, secure and scalable IT infrastructure.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Data is transferred to the USA in accordance with Art. 45 para. 1 GDPR on the basis of the European Commission's adequacy decision. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework.

Further information can be found in Rackspace Technology's privacy policy: www.rackspace.com/en-gb/legal/privacy-policy.

 

18. jsDelivr (Content Delivery Network)

We use the Content Delivery Network (CDN) jsDelivr on our website, operated by Prospect One, Krolewska 65A/1, 30-081 Kraków, Poland. A CDN helps to deliver the content of our website - especially large files such as scripts or libraries - more quickly by caching them on distributed servers.

When using the CDN, connection data (e.g. IP address, browser type, operating system, time and date of access) is transmitted to the jsDelivr servers for technical reasons.

The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR from our legitimate interest in a secure and efficient provision of our website. jsDelivr operates servers worldwide, so that data transfer to third countries, including the USA, is possible. If data is transferred to the USA, protection under the EU-US Data Privacy Framework may apply if the respective sub-processor is certified. Further information can be found in the privacy policy of jsDelivr: www.jsdelivr.com/privacy-policy-jsdelivr-net.

 

19. Use of data for postal marketing and your right to object

We also reserve the right to store your first and last name, your postal address and – insofar as we have received this additional information from you within the framework of the contractual relationship – your title, academic qualifications, year of birth and your profession, industry or business name in summarised lists and to use this information for our own marketing purposes, e.g. to send you interesting offers and information about our products by post. You can object to the storage and use of your data for these purposes at any time by sending us a message using the contact details below.

 

20. Data security

20.1 We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the display of a key or closed lock icon in the lower status bar of your browser.

20.2 We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously being improved in line with technological developments.

 

IV. Processing of personal applicant data

1. Application in response to a specific job advertisement or unsolicited application

(a) We collect your personal data as an applicant if you provide it to us via contact forms or by post, email, telephone or by handing it over in person for applications for job advertisements as well as for unsolicited applications (hereinafter "application" or "application documents"). In this case, we process the information provided in the application. This includes in particular name, date of birth, contact details, interests, qualification data as well as educational and professional backgrounds. In this case, we may also collect further personal data from publicly accessible sources, in particular the social networks XING and LinkedIn. The personal data collected from you will only be used for the purpose of carrying out the application process (legal basis: Art. 6 para. 1 sentence 1 lit. b) or lit. f) GDPR, § 26 BDSG).

(b) You are not obliged to provide the aforementioned personal data. The data provided may be required for the conclusion of a future contract after the application process has been completed. Without the provision of the data, it may not be possible to communicate, carry out the application process or conclude a contract.

(c) In the case of an application for a specific job advertisement, we will retain your personal data for a period of six months after notifying you of the rejection decision in the event of a rejection. In the case of an unsolicited application, we will retain your personal data for a period of 14 days after receipt of the application documents, during which we will check whether there are suitable vacancies for your professional profile. If this is the case, the deadlines specified for an application for a specific job advertisement apply.

(d) After expiry of the respective deadlines for an application for a specific job advertisement or an unsolicited application, we will delete your personal data unless you have consented to the continued processing of your data (legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR, § 26 BDSG) or continued processing of your data

  • is necessary for the fulfilment of legal obligations to which we or our client are subject - in particular proof of compliance with legal obligations in the context of recruitment (e.g. under the General Equal Treatment Act) or retention obligations under tax or commercial law (legal basis: Art. 6 para. 1 sentence 1 lit. c) GDPR) or
  • is necessary to safeguard our legitimate interests (legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR).

In the latter case, your personal data will only be stored for longer unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail. If the continued processing of your data is based on a purpose other than that for which the personal data was collected, we will observe Art. 6 para. 4 GDPR and inform you of this change of purpose in accordance with Art. 13 para. 3 GDPR.

 

2. Inclusion in our database (applicant pool)

(a) Subject to your consent, we will include your application documents (including the personal data contained therein) in our database and notify you of job advertisements that may be of interest to you based on your application or professional profile (legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR, § 26 BDSG).

(b) If you have consented to inclusion in the database, your personal data will be stored for two years. We will then either delete your data or obtain your consent again. You have the option to withdraw your consent to inclusion in our database at any time. In this case, we will delete your personal data within 1 week of notification of cancellation.

 

3. Application with Finest Jobs

On our career page we offer the possibility to apply via the external application service "Finest Jobs" of Jobnetwork GmbH, Spaldingstraße 210, 20097 Hamburg. If you click on the corresponding link or button, you will be redirected to the Finest Jobs website. Your personal data will then be collected and processed directly by Finest Jobs in accordance with their data protection regulations. In this case, we receive the application documents submitted by you from Finest Jobs and process them exclusively for the purpose of carrying out the application procedure in accordance with the above regulations. Further information can be found in the Finest Jobs privacy policy at https://www.finest-jobs.com/Datenschutz.

 

V. Revocation of consent and objection to the processing of your data

1. If you have given your consent to the processing of your data, you can revoke that consent at any time. Such a revocation affects the permissibility of processing of your personal data from the point at which you express it to us.

2. Where we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case, in particular, if the processing is not necessary for fulfilment of a contract with you, which is indicated by us in each case in the following description of the functions. When exercising this right to object, we ask you to explain the reasons why we should not process your personal data as we have done previously. In the event of your legitimate objection, we will examine the merits of the case and either discontinue or adapt the data processing or demonstrate to you the overriding legitimate grounds on the basis of which we will continue the processing.

3. Of course, you can object to the processing of your personal data for the purposes of marketing and data analysis at any time.

4. You can inform us of your revocation of consent or objection using the following contact details: BOLTZE Gruppe GmbH, Alte Landstraße 42, 22145 Braak, Germany, tel.: +49 (0) 40 328079-0, fax: +49 (0) 40 328079-4999, email: info(at)boltze.de.

 

VI. Your rights

1. You have the right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of the right to lodge a complaint, the origin of your data if it has not been collected by us and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the details of it.

2. Pursuant to Art. 16 GDPR, you may immediately request the rectification of inaccurate or incomplete personal data stored by us. In accordance with Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.

3. In accordance with Art. 18 GDPR, you have the right to request the restriction of processing of your personal data if the accuracy of the data is disputed by you, if the processing is unlawful but you object to erasure of the data, if we no longer require the data but you need it for the assertion, exercise or defence of legal claims or if you have objected to the processing in accordance with Art. 21 GDPR.

4. In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.

5. In accordance with Art. 7(3) GDPR, you have the right to revoke your consent at any time. This has the consequence that we may no longer continue the data processing based on that consent for the future.

6. You also have the right under Art. 77 GDPR to complain to a supervisory authority about our processing of your personal data.

 

VII. Current version and amendment of this privacy policy

1. This privacy policy is currently valid and was last updated in September 2025.

2. As a result of further development of our website and the services offered on it or of changes in legal or official requirements, it may become necessary to amend this privacy policy. You can access and print out the current privacy policy at any time on the websit