Data privacy statement of Folit GmbH

1. a) Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. Session cookies are deleted when you log out or close the browser.

2. b) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

(3) Our WEBSITE uses different types of cookies. The cookies are classified into (a) “Necessary”, (b) “Statistics” and “Marketing”.

(a) Necessary cookies or similar functionalities help us to make our WEBSITE usable by enabling basic functions such as page navigation and the correct display of the page on the respective end device. Our WEBSITE cannot function properly without these cookies. Furthermore, our site is protected against attacks as a result.

(b) We only integrate cookies and similar functionalities of the respective service providers of statistics and marketing tools if you have given us your prior consent via our consentmanager. You can give us your consent via the consentmanager of our WEBSITE by confirming the green “Accept all” button. You can also configure the setting of these cookies and similar functionalities yourself via the extended settings in the consentmanager of our WEBSITE. You can revoke your consent at any time with effect for the future via the consentmanager, which you can access at any time via the “Data privacy settings” link at the bottom left of our WEBSITE. Of course, you can also (re)grant your consent at any time via the consentmanager.

(4) If personal data are processed by individual cookies and similar functionalities, the processing takes place in accordance with Art. 6 para. 1 Subpara. 1 letter f GDPR to protect our legitimate interests in the best possible functionality of our WEBSITE and the correct display on the respective end device. With regard to the processing of personal data by cookies and similar functionalities of the respective service providers, you will find further data protection information on this in section 7 of this data protection declaration below.

(5) You can also prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of our WEBSITE to their full extent.

3.3 Consent management platform consentmanager

(1) Our WEBSITE uses the consent tool consentmanager from the service provider consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden “consentmanager“ to obtain consent for the processing of your end device information and personal data using cookies or other tracking technologies.

(2) The purpose of integrating “consentmanager“ is to leave it up to you as a visitor/user of our WEBSITE to decide whether and which cookies and similar functionalities are set as part of the further use of our WEBSITE. You can use the “consentmanager“ tool to grant and/or revoke your consent for all or individual processing purposes. You can change the settings you have selected at any time afterwards using the “consentmanager“ tool. You can find more information on this above under item 3.2 para. 3 letter (b) of this data privacy statement.

(3) In the course of using “consentmanager“, personal data and information from the end devices used are processed by the service provider consentmanager. Your data is also transmitted to the service provider consentmanager. consentmanager acts as a data processor and we have concluded a corresponding agreement with consentmanager. The information about the settings you have made is also stored in your end device.

(4) Insofar as the storage of your data is necessary to prove your consent pursuant to Art. 7 Para. 1 GDPR, the legal basis for the use of consentmanager is the fulfillment of our legal obligations pursuant to Art. 6 Para. 1 Subpara. 1 Lit. c GDPR. In all other respects, Art. 6 Para. 1 Subpara. 1 Lit. f) GDPR is the relevant legal basis. Our legitimate interests in processing lie in the storage of user settings and preferences regarding the use of cookies and the evaluation of consent rates.

(5) Your data will be deleted as soon as it is no longer required for logging purposes and there are no legal retention periods to the contrary. We will ask for your consent again twelve months after the user settings have been made. The user settings made will then be saved again for this period. However, you can delete the information about your user settings in the end device capacities provided for this purpose at any time yourself.

(6) Further information on the processing of your data by consentmanager can be found in the data privacy statement of consentmanager. There you will also find further information on your rights and setting options to protect your privacy: https://www.consentmanager.de/datenschutz/

3.4 Analysis and advertising

3.4.1 Google Analytics 4

(1) We use Google Analytics on our WEBSITE, a web analysis service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). The purpose of our use of the tool is to enable the analysis of your user interactions on our websites and to improve our offer through the statistics and reports obtained. We can also check the success of our marketing campaigns by Google linking the information with Google Ads (see our further information on Google Ads).

(2) We primarily record the interactions between you as a user of the website and our website with the help of cookies, device recognition (data on the device/browser), IP addresses and website activities (e.g. mouse and scroll movements and clicks). Your IP address is also recorded to ensure the security of the service and to provide us as a website operator with information about the country, region or location from which the respective user comes (so-called “IP location determination”).

For your protection, we only use Google Analytics with the anonymization function (“IP Masking”), i.e. Google shortens your addresses by the last octet on servers within the EU. A combination with other data does not take place.

(3) Google acts as a data processor and we have concluded a corresponding agreement with Google. Information on data processing by Google can be found here: https://business.safety.google/adsprocessorterms/

On our behalf, Google will use the above information to evaluate your use of the WEBSITE, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The information collected by Google about the use of this website is usually transferred to a Google server in the USA and processed there.

(4) The legal basis for processing personal data in connection with Google Analytics is your consent pursuant to Art. 6 Para. 1 Subpara. 1 Lit. a GDPR. We also use cookies or similar technologies with your consent on the basis of Section 25 Para. 1 Sentence 1 TTDSG in conjunction with Art. 6 Para. 1 Subpara. 1 Lit. a GDPR

(5) Google is certified according to the “EU-US Data Privacy Framework”. This is an agreement between the European Union and the USA to comply with European data protection standards for data processing in the USA. Certified companies undertake to comply with these data protection standards. You can find more information on this here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

The transfer is also carried out by Google, among other things, on the basis of standard contractual clauses of the EU Commission as suitable guarantees for the protection of personal data, which can be viewed at: https://privacy.google.com/businesses/controllerterms/mccs/

(6) You can withdraw your consent at any time without affecting the lawfulness of the processing up to the point of withdrawal. The easiest way to withdraw your consent is via our Consent Manager.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the WEBSITE (including your IP address) and from processing this data by Google at any time with future effect by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

(7) If you consent to the storage of cookies and enable them, Google Analytics will store your data for 2 months. Data for which this retention period has expired will be automatically deleted.

(8) Information on data processing when using Google Analytics is provided by Google at the following link: support.google.com/analytics/answer/6004245?hl=de/. General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google’s data privacy statement at www.google.de/intl/de/policies/privacy. There you will also find further information on your rights and setting options to protect your privacy.

3.4.2 Google Tag Manager

(1) Our WEBSITE uses the Google Tag Manager of the provider Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). With the help of the Google Tag Manager, we can manage our tags on a central interface. Tags are small code elements on our WEBSITE that are used to measure visitor behavior and visitor volume.

(2) The Google Tag Manager itself does not use cookies, does not store user profiles and does not carry out any independent analyses. Rather, the Google Tag Manager triggers tags that come from other services, provided that these in turn collect data with your consent. In our case, these are the following services from Google. If you have not given your consent for the aforementioned services, no tags will be implemented with the Google Tag Manager either. However, the Google Tag Manager collects your IP address. In this regard, the above information on Google Analytics applies.

(3) Further information on the Google Tag Manager can be found at https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

3.4.3 Google Ads

(1) We use the Google Ads service, a service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”), to draw attention to our offers with the help of advertisements. If you reach our WEBSITE via a Google ad, a cookie is stored in your end device by Google Ads.

(2) Advertising materials are delivered by Google via so-called “Ad Servers”. For this purpose, we and other websites use so-called Ad Server cookies, through which certain parameters for measuring success, such as ad impressions or clicks by users, can be measured. Through the Google Ads cookies stored on our WEBSITE, we can obtain information about the success of our advertising campaigns. These cookies are not intended to personally identify you. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that a user no longer wishes to be addressed) are generally stored as analytical values.

(3) The cookies set by Google enable Google to recognize your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer, so that the cookies cannot be tracked across the websites of other Ads customers. By integrating Google Ads, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider may obtain and store your IP address.

(4) Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. It cannot be ruled out that personal data may be transferred to Google’s servers in the USA. We ourselves do not independently collect personal data in the aforementioned advertising measures, but merely provide Google with the opportunity to collect data. We only receive statistical evaluations from Google, which provide information on which ads were clicked how often and at what prices. We do not receive further data from the use of advertising materials; in particular, we cannot identify users based on this information.

(5) The legal basis for processing personal data in connection with Google Ads is your consent pursuant to Art. 6 Para. 1 Subpara. 1 Lit. a GDPR. We also use cookies or similar technologies with your consent on the basis of Section 25 Para. 1 Sentence 1 TTDSG in conjunction with Art. 6 Para. 1 Subpara. 1 Lit. a GDPR.

(6) Google is certified under the “EU-US Data Privacy Framework”. This is an agreement between the European Union and the USA for compliance with European data protection standards for data processing in the USA. Certified companies commit to complying with these data protection standards. Further information on this can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

The transfer is also carried out by Google, among other things, on the basis of standard contractual clauses of the EU Commission as suitable guarantees for the protection of personal data, which can be viewed at: https://privacy.google.com/businesses/controllerterms/mccs/

(7) You can withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal. You can most easily withdraw your consent via our Consent Manager.

(8) Further information on data protection at Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, can be found here: www.google.com/intl/de/policies/privacy and services.google.com/sitestats/de.html.

3.4.4 Matomo

(1) Our WEBSITE uses the web analytics service Matomo from InnoCraft Ltd. (150 Willis St, 6011 Wellington, New Zealand; “Matomo”) to analyze and regularly improve the use of our WEBSITE. Through the statistics obtained, we can improve our offerings and make them more interesting for you as a user.

(2) Our WEBSITE uses Matomo with the “AnonymizeIP” extension. This means IP addresses are processed in a truncated form, thus excluding direct personal identifiability. The IP address transmitted by your browser via Matomo is not merged with other data collected by us or passed on to third parties.

(3) No tracking cookies are placed on your computer as part of our web analysis. The Matomo software and the data collected via Matomo are operated, stored, and processed exclusively on our own servers.

(4) Our legitimate interests lie in the optimization and marketing purposes. The legal basis for the use of Matomo is Art. 6 para. 1 Subpara. 1 Lit. f GDPR.

(5) You have the option to prevent actions you take on our WEBSITE from being analyzed and linked by unchecking the following box. In this case, a so-called opt-out cookie will be placed in your browser, which prevents the future collection of your data when visiting our WEBSITE. This will protect your privacy, but will prevent us from learning from your actions and improving usability for you and other visitors to our WEBSITE.

(6) In addition, the “Do not track” function is activated in our Matomo installation. If your browser supports this function and you have activated it in your browser settings, Matomo will not collect any data, even if you do not use the aforementioned opt-out cookie.

(7) The Matomo program is an open-source project. Third-party information on data protection can be found at https://matomo.org/privacy/policy.

3.5 Web Fonts

3.5.1 Monotype

(1) Our WEBSITE uses so-called web fonts from the provider Monotype Inc., Monotype, 600 Unicorn Park Drive, Woburn, MA 01801, USA (“Monotype”) for the uniform display of fonts.

(2) The tracking code of the web fonts does not collect, process, or store any personal data. When you access our WEBSITE, Monotype collects the project identification number of the web font (anonymized), the URL of the licensed website, which is linked to a customer number to identify the licensee and the licensed web fonts, and the URL of the previously visited page.

(3) Monotype stores the anonymized project identification number of the web fonts in encrypted log files with such data for a period of 30 days to determine the monthly number of page views. After such determination and storage of the number of page views, the log files are deleted.

(4) Monotype shares anonymized data with subsidiaries and affiliated companies.

(5) These web fonts are used in the interest of a uniform and appealing presentation. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 Subpara. 1 letter f GDPR.

(6) Further information on this and on Monotype can be found in Monotype’s privacy policy: https://www.monotype.com/de/rechtshinweise/datenschutzrichtlinie/datenschutzrichtlinie-zum-tracking-von-webschriften

3.5.2 Adobe Fonts/Typekit

(1) On our website, we use fonts from Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe) for the uniform display of external fonts.

(2) We have technically stored the fonts on our server so that no data is transferred to Adobe.

4. Contact/Feedback

(1) If you contact us, for example, to provide us with your feedback, your communicated contact data (e.g., first and last name, email address, phone number) will be processed to answer your inquiries and/or suggestions submitted via email or otherwise.

(2) The legal basis for processing the data is Art. 6 Para. 1 Subpara. 1 Lit. f GDPR. If your message aims at concluding a contract, then an additional legal basis for processing your data is Art. 6 Para. 1 Subpara. 1 Lit. b GDPR.

(3) Unless legal retention periods prevent the deletion of your personal data, we will delete them as soon as they are no longer necessary for the purpose for which they were collected.

(4) For inquiries from a business context (B2B), the further information in the Information for Business Partners also applies; for inquiries related to applications, the information in our Applicant Information applies.

5. Use of our B2B Webshop

(1) If you wish to order in our B2B webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for processing your order. Mandatory information required for the execution of contracts is specially marked; further details are voluntary. We also process the voluntary data provided by you for processing your order. For this purpose, we may pass on your personal data to shipping or logistics companies as well as your payment data to our house bank. The legal basis for this is Art. 6 Para. 1 Subpara. 1 Lit. b GDPR or Art. 6 Para. 1 Subpara. 1 Lit. f GDPR for the voluntary data provided by you.

We may also process the data you provide to inform you about other interesting offers. The legal basis for this is Art. 6 Para. 1 Subpara. 1 Lit. f GDPR.

(2) Due to commercial and tax law requirements, we are obliged to store your address, payment, and order data for a period of ten years. However, after two years, we restrict processing, meaning your data will only be used to comply with legal obligations.

(3) To prevent unauthorized third-party access to your personal data, especially financial data, the order process is encrypted using TLS technology.

6. Data Security

(1) We implement technical and organizational security measures to protect personal data that arises or is collected, in particular against accidental or intentional manipulation, loss, destruction, or against attack by unauthorized persons. Our security measures are continuously improved in line with technological developments.

(2) Our WEBSITE is encrypted using SSL technology to prevent unauthorized third-party access. You can recognize secure transmission by the protocol designation “https://” in the URL bar.

7. Your Rights

(1) With regard to the processing of your personal data, you have the rights listed below under letters a – h against us, subject to legal requirements. Please contact us or our data protection officer for this purpose. Contact details can be found under section. 1.

a) Right of Access

You can request from us pursuant to Art. 15 GDPR a confirmation as to whether personal data concerning you is being processed by us. In this case, you have, pursuant to Art. 15 Para. 1 GDPR, a right to information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom we have disclosed or will disclose the personal data, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification or erasure of your personal data as well as to restriction of processing or objection to processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of the data, if we have not collected your data from you, the existence of automated decision-making including profiling, as well as pursuant to Art. 15 Para. 2 GDPR, the right to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in the context of transferring personal data to third countries.

b) Right to Rectification

You can request from us pursuant to Art. 16 GDPR to request the immediate correction and/or, taking into account the purposes of the processing, the completion of your personal data, provided that your data are incorrect or incomplete.

c) Right to Erasure

You can request from us pursuant to Art. 17 GDPR to demand the immediate deletion of your personal data, provided that a reason according to Art. 17 para. 1 letter a-f GDPR exists. However, the right to deletion of your personal data does not exist in particular if their processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims (Art. 17 para. 3 GDPR).

d) Right to Restriction of Processing

Pursuant to Art. 18 GDPR, you can demand from us the restriction of processing of your personal data for as long as we verify the accuracy of your data that you have contested, if you refuse the erasure of your data due to unlawful processing and instead request the restriction of the use of your data, if you require your data for the establishment, exercise, or defense of legal claims, or if you have objected to the processing, pending verification of whether our legitimate grounds override yours.

e) Right to Notification

Pursuant to Art. 19 GDPR, we shall communicate any rectification or erasure of your personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 para. 1 and Art. 18 GDPR to all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. Pursuant to Art. 19 sentence 2 GDPR, you have the right to be informed about these recipients upon request.

f) Right to Data Portability

Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller, provided that the further requirements of Art. 20 GDPR are met, in particular, if this is technically feasible.

g) Right to Object

Insofar as we base the processing of your personal data on the legitimate interests pursuant to Art. 6 para. 1 Subpara. 1 letter f GDPR, you can object to the processing pursuant to Art. 21 GDPR. This is the case if the processing is not necessary in particular for the fulfillment of a contract with you, which is presented by us in each case in the above description of the offers. In the event of such an objection, we ask that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and, in accordance with Art. 21 para. 1 sentence 2 GDPR, either no longer process the personal data or prove to you our compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms. Furthermore, further processing remains reserved if the processing serves the assertion, exercise or defense of legal claims.

Of course, pursuant to Art. 21 para. 2 GDPR, you can object to the processing of your personal data for direct marketing and profiling purposes, insofar as it is related to such direct marketing, at any time.

You can inform us or our data protection officer of your objection using the contact details provided in section 1.

h) Right to Withdraw Consent

You have acc. Art. 7 Para. 3 GDPR the right to revoke a data protection consent given to us at any time with effect for the future. However, this does not affect the lawfulness of the processing that took place on the basis of your consent until the time of revocation.

(2) Should you believe that the processing of your data violates data protection regulations, you also have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. Please contact a supervisory authority in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.

8. Amendment of these Data Protection Provisions

We reserve the right to amend these data protection provisions at any time with effect for the future. An up-to-date version is available on our WEBSITE. Please visit the WEBSITE regularly and inform yourself about the applicable data protection provisions.

As of: August 26, 2024