PRIVACY POLICY

Thank you for your interest in our website. The protection of your personal data is very important to us. Below you will find information on how we handle your data that is collected through your use of our website. Your data is processed in accordance with the statutory provisions on data protection.

Below you will find our specific privacy policies:

For applicants:

DATA PROTECTION DECLARATION FOR APPLICANTS

For customers and other contractual and business partners, as well as interested parties:

PRIVACY POLICY FOR CUSTOMERS, OTHER BUSINESS PARTNERS AND INTERESTED PARTIES

Responsible party

Privacy Policy

Thank you for your interest in our website. The protection of your personal data is very important to us. Below you will find information on how we handle your data that is collected through your use of our website. Your data is processed in accordance with the statutory provisions on data protection.

Below you will find our specific privacy policies:

For applicants:

DATA PROTECTION DECLARATION FOR APPLICANTS

For customers and other contractual and business partners, as well as interested parties:

Privacy policy for customers, other business partners and interested parties

Responsible party

The controller within the meaning of the General Data Protection Regulation (GDPR) is

BAUER COMP Holding GmbH

Wolfratshauser Straße 80

81379 Munich

Telephone: +49 (0) 89 / 78049 – 0

Email: info@bauer-kompressoren.de

Contact details of the data protection officer

You can contact the data protection officer at

Proliance GmbH

www.proliance.ai

Data Protection Officer

Leopoldstr. 21

80802 Munich

Email: datenschutzbeauftragter@proliance.ai

When contacting the data protection officer, please state the company to which your enquiry relates. Please also refrain from including sensitive information, such as a copy of your ID card, with your enquiry.

General information on data transfer to third countries

Your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA).

For data transfers to certain third countries, an adequacy decision by the EU Commission may exist in accordance with Art. 45 (1) GDPR. Such a decision establishes that an adequate level of data protection exists in the third country. A list of previous adequacy decisions can be found at the following link: Data protection adequacy for non-EU countries.

The scope of an adequacy decision may also be limited to a specific group of recipients or linked to the fulfilment of additional conditions.

For example, the adequacy decision for data transfers to the USA only applies to companies certified under the EU-U.S. Data Privacy Framework. The certification status of a participating company can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to recipients in third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or being able to seek legal redress.

We therefore ensure that appropriate safeguards within the meaning of Article 46 of the GDPR are in place to ensure an adequate level of data protection when transferring your data to recipients in such third countries.

Standard data protection clauses of the European Commission pursuant to Art. 46 (2) (c) GDPR are therefore regularly concluded either by us or by the service providers we use. They oblige the recipient of the data in the third country to process it in accordance with the European level of protection. The clauses can be viewed at the following link: Publications on the Standard Contractual Clauses (SCCs) - European Commission. If you require further information on the modules of the standard data protection clauses or supplementary measures concluded by us in individual cases, we will be happy to provide you with a copy. In this case, simply contact us using the contact details provided above under "Controller".

For certain recipients, data transfers may also be based on binding internal data protection regulations (BCR) approved by the supervisory authorities in accordance with Art. 46 (2) (b) GDPR. These can be viewed at the following link: Approved Binding Corporate Rules | European Data Protection Board.

If the standard data protection clauses or binding internal data protection rules are not sufficient to guarantee the level of protection, additional technical, contractual or organisational measures will be taken to secure the data transfer. In addition, regular reviews and assessments will be carried out to determine whether these additional measures continue to guarantee an adequate level of data protection or whether further supplementary measures need to be taken.

Further information on data transfers to third countries can be found in the relevant cases below in the section on data processing or services used, "Data processing in third countries".

General information on the use of artificial intelligence

Artificial intelligence (AI) may be used in the processing of your data. Either entire AI systems and assistants for general use are used, or specific AI functions integrated into other services and software solutions are used to perform specific tasks.

Use of AI systems and assistants for general purposes

We use AI systems or assistants for general purposes throughout the company. The use of these AI systems and assistants is not limited to individual functions or activities, but can be applied across a range of applications.

These systems are usually based on large language models and can be used flexibly for a variety of purposes, such as assisting with text creation, responding to internal enquiries or analysing content.

In this context, personal data may be processed in so-called "prompts". A prompt is an input request or instruction that our employees send to the AI system in order to obtain a specific output. The AI systems process these inputs and generate corresponding outputs, which may also contain personal data. These outputs can in turn be further processed and used.

With this type of AI use, it is not possible to provide a definitive list of the personal data that is processed in detail. However, we would like to emphasise that:

The input of highly personal and sensitive data does not take place as a matter of principle.

If the processing of personal data is unavoidable, it is limited to the minimum necessary.

It is ensured that any personal data entered is not used for training the AI model used.

We have compiled a list of the AI systems and assistants we use for general purposes below.

Microsoft CoPilot

Our company uses the AI system "Microsoft CoPilot" from Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Description of data processing and purpose

When using Microsoft Copilot, prompts in the form of requests, questions, documents, images and other content can be entered and generated. These may then be processed internally or externally, as long as such processing is permissible within the scope of our business activities. For example, we use CoPilot for:

Research and questioning

Revising documents

It cannot be ruled out that CoPilot prompts may contain personal data or that such data may be included in responses. In principle, all categories of personal data that we hold about you may be affected, although the entry of sensitive personal data is expressly prohibited.

The use of the processed data for training the AI model by Microsoft is contractually excluded.

The purpose of data processing and our legitimate interest lie in enabling a more efficient way of working and facilitating the performance of certain work tasks within the scope of the aforementioned activities.

Legal basis for data processing

Data processing is carried out in accordance with Art. 6(1)(1)(f) GDPR in our aforementioned legitimate interest.

Recipients

As part of data processing, your data will be transferred to the following recipients:

Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,

Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.

Data processing in third countries

Your data will be transferred to recipients in third countries. For data transfers to the USA, there is an adequacy decision by the EU Commission with regard to companies certified under the EU-U.S. Data Privacy Framework. Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework.

Additional information and further links can be found above in the section "General information on data transfers to third countries".

Storage period

When you use CoPilot, data is transferred to the above-mentioned recipients and stored there for as long as necessary to achieve the stated purposes. In addition, this data is processed in our own systems for as long as necessary to achieve the stated purposes. We will then delete your data from our operational systems, unless data processing is still permitted for another purpose specified in this statement and on a corresponding legal basis.

ChatGPT Enterprise

Our company uses the AI system "Chat GPT Enterprise" from Open AI Inc., 3180 18th St, San Francisco, CA 94110, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by OpenAI Ireland Ltd., 1st Floor, The Liffey Trust Centre 117-126 Sheriff Street Upper Dublin 1, D01 YC43, Ireland.

Description of data processing and purpose

When using ChatGPT, prompts in the form of requests, questions, documents, images and other content can be entered and generated. These may then be processed internally or externally, as long as such processing is permissible within the scope of our business activities. For example, we use ChatGPT for:

research and questioning,

Revising documents.

It cannot be ruled out that ChatGPT prompts may contain personal data or that this data may be included in responses. In principle, all categories of personal data that we hold about you may be affected, although the entry of sensitive personal data is expressly prohibited.

The use of the processed data for training the AI model by OpenAI is contractually excluded.

The purpose of data processing and our legitimate interest lie in enabling a more efficient way of working and facilitating the performance of certain work tasks within the scope of the aforementioned activities.

Legal basis for data processing

Data processing is carried out in accordance with Art. 6(1)(1)(f) GDPR in our aforementioned legitimate interest.

Recipients

As part of data processing, your data will be transferred to the following recipients:

OpenAI Ireland Ltd., 1st Floor, The Liffey Trust Centre 117-126 Sheriff Street Upper Dublin 1, D01 YC43, Ireland,

Open AI Inc., 3180 18th St, San Francisco, CA 94110, USA

Data processing in third countries

Your data will be transferred to recipients in third countries. For data transfers to the USA where the recipients are not certified under the EU-U.S. Data Privacy Framework, there is no adequacy decision by the EU Commission. Therefore, standard data protection clauses are concluded and further measures are taken to ensure an adequate level of data protection.

Additional information on this and further links can be found above in the section "General information on data transfers to third countries".

Storage period

When using ChatGPT, data is transferred to the above-mentioned recipients and stored there for as long as necessary to achieve the stated purposes. In addition, this data is processed in our own systems for as long as necessary to achieve the stated purposes. We will then delete your data from our operational systems, unless data processing is still permitted for another purpose mentioned in this statement and on a corresponding legal basis.

Use of specific AI functions

In addition to the use of AI systems and assistants for general purposes, we use specific, purpose-built AI functions and extensions for certain data processing operations or when using certain services and software solutions.

Such AI functions and extensions may, for example, be integrated into the software we use in the context of one of the data processing operations described here. In this case, specifically defined tasks are always performed using AI.

In these cases, we provide separate information in the relevant section below about the specific use, its purpose and the type and scope of data processing.

Data protection information for visitors to the website

Data processing in connection with web hosting

Usage data and server log files

Description of data processing and purpose

When you visit our website, it is technically necessary for data to be transmitted between your internet browser and ours for communication purposes. During an ongoing connection for communication between the internet browser and the web server, the following data is regularly collected:

IP address of the requesting entity (router or mobile device),

Date and time of the request,

Name of the requested file,

Website from which the file was requested (referrer URL),

Access status,

Amount of data transferred,

Web browser and operating system used,

Language used.

The listed data is stored in log files and analysed if necessary.

The purpose of data processing and our legitimate interest lie in ensuring a smooth connection between your internet browser and our website and the technically error-free provision of our services, as well as in detecting, preventing and tracking attacks on our website. The log files are used to evaluate system stability, functionality and security. The processing of this data is absolutely necessary in order to make the website available to you.

Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. f GDPR.

Recipients

As part of data processing, your data will be transferred to the following categories of recipients or recipients that we use in the context of data processing to achieve the aforementioned purposes

Hosting service providers,

IT support and administration service providers,

Software service providers who provide us with solutions for evaluating log file data.

In the event of anomalies or attacks, the data may also be passed on in individual cases to:

Information security consultants and IT forensic experts

lawyers,

Investigative authorities,

courts.

Data processing in third countries

Your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA).

For data transfers to certain third countries, an adequacy decision by the EU Commission pursuant to Art. 45(1) GDPR may exist. Such a decision establishes that an adequate level of data protection exists in the third country. A list of previous adequacy decisions can be found at the following link: Data protection adequacy for non-EU countries.

The scope of an adequacy decision may also be limited to a specific group of recipients or be subject to further conditions.

For example, the adequacy decision for data transfers to the United States only applies to companies certified under the EU-U.S. Data Privacy Framework. The certification status of a participating company can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to recipients in third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or being able to seek legal redress.

To ensure an adequate level of data protection when transferring your data to recipients in such third countries, we therefore ensure that appropriate safeguards within the meaning of Art. 46 GDPR are in place.

Standard data protection clauses of the European Commission in accordance with Art. 46(2)(c) GDPR are therefore regularly concluded either by us or by the service providers we use. They oblige the recipient of the data in the third country to process it in accordance with the European level of protection. The clauses can be viewed at the following link: Publications on the Standard Contractual Clauses (SCCs) - European Commission. If you require further information on the modules of the standard data protection clauses or supplementary measures concluded by us in individual cases, we will be happy to provide you with a copy. In this case, simply contact us using the contact details provided above under "Controller".

For certain recipients, data transfers may also be based on binding internal data protection regulations (BCR) approved by the supervisory authorities in accordance with Art. 46(2)(b) GDPR. These can be viewed at the following link: Approved Binding Corporate Rules | European Data Protection Board.

If the standard data protection clauses or binding internal data protection rules are not sufficient to guarantee the level of protection, additional technical, contractual or organisational measures will be taken to secure the data transfer. In addition, regular reviews and assessments will be carried out to determine whether these additional measures continue to guarantee an adequate level of data protection or whether further supplementary measures need to be taken.

Storage period

For reasons of technical security, in particular to defend against attempts to attack our web server, we store this data for a short period of time. After 7 days at the latest, the data is anonymised by shortening the IP address at domain level so that it is no longer possible to establish a connection to the individual user.

In individual cases, the data may be stored for longer in the event of attacks or attempted attacks, insofar as this is necessary until the conclusion of investigations or court proceedings or for the exercise of legal claims.

In anonymised form, the data from the log files may be stored and processed further for statistical purposes.

Data processing in connection with cookies and similar technologies

Access to and storage of information in terminal equipment

When you use our website, information (e.g. IP address) may be accessed or stored (e.g. cookies) on your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of Section 25 (2) No. 1 or No. 2 of the Telecommunications Digital Services Data Protection Act (TDDDG).

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this is carried out on the basis of Section 25 (1) TDDDG only with your consent. Consent can be revoked at any time for the future.

If personal data is subsequently processed, this is done on the basis of the GDPR and the Federal Data Protection Act (BDSG). We explain this data processing separately in our privacy policy.

Further information on the processing of your personal data and the relevant legal basis in this context can be found in the following sections on the specific processing activities on our website.

Cookies and similar technologies

General information

We use services on this website that employ cookies and similar technologies to store data in your device's browser and to read data that has already been stored. Cookies, your browser's local storage, pixels and so-called tags may be used for this purpose.

Cookies are small text files that can be stored and read on your device.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored for a certain period of time beyond the individual session.

In addition to cookies, we may use your browser's session storage or local storage to store and read data.

We may also embed pixels in our websites. Pixels are small, individualised, invisible image files that are loaded when the page is built and can be used to track user activity.

Finally, we may use tags on our websites. Tags are small HTML or JavaScript code fragments or markers that enable services for website analysis ( ) or user tracking to distinguish or identify users and track certain user activities.

Further information on the cookies and similar technologies we use can be found below in the descriptions of the categories of cookies and in our consent management platform, which is displayed when you visit our website. You can use the platform to give your consent and also to revoke it easily.

You can access the platform again at any time via the "Cookie settings" link at the bottom of the website to change your settings.

Please note that without the use of certain cookies and similar technologies, our websites may not display correctly and some functions may no longer be available.

category Necessary

Services in this category may use cookies and similar technologies to store and read information on your device. We use these for the purpose and in the interest of

enable the display of the website and provide its basic functions, in particular page navigation and access to login areas,

to enable the submission and revocation of consents,

protect our forms from misuse, and

protect our website from cyber attacks and fraud attempts.

The use of services and corresponding cookies and similar technologies in this category is based on Section 25 (2) No. 1, No. 2 TDDDG. Subsequent data processing is based on Art. 6 (1) (f) GDPR.

Preferences category

Services or external content and media from third-party providers in this category may use cookies and similar technologies to store and read information on your device. We use these

to enable the loading of third-party content and media,

to make our websites appealing to you and to operate them efficiently, and

to provide you with certain settings and additional functions on the website.

The use of services and corresponding cookies and similar technologies in this category is based on your consent in accordance with Section 25 (1) TDDDG. Subsequent data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.

Statistics category

Services in this category may use cookies and similar technologies to store and read information on your device. We use these to

to count and distinguish you as an individual website visitor and to compile statistical analyses of your interactions and use of our websites,

to design our websites in line with requirements and adapt them to user interactions,

to test adjustments to the website and measure user response to them (A/B testing), and

to monitor the technical functionality of our website and enable troubleshooting.

To this end, we and the services regularly store individual pseudonymous identifiers (recognition features) consisting of numbers and letters in cookies on your device when you visit our website and read them again when you visit again.

The use of pseudonyms enables individual differentiation and recognition of users. However, the natural person behind a pseudonym cannot usually be identified directly, in particular by name, without further additional data.

Other technologies may also be used on a regular basis to read recognition features from your device, such as in the case of so-called browser or device fingerprinting, in which data from the properties of the browser you are using (e.g. type and version of the browser) and its configuration (e.g. preferred language), from the properties of your device (e.g. manufacturer and model of your mobile phone, operating system) or the hardware you use (e.g. screen resolution) to recognise you as a different user pseudonymously.

The use of services and corresponding cookies and similar technologies in this category is based on your consent in accordance with Section 25 (1) TDDDG. Subsequent data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.

Marketing category

Services in this category may use cookies and similar technologies to store and read information on your device. We use these to

to count and distinguish you as an individual website visitor and to perform statistical analyses of your interactions and use of our websites,

to track your interactions with advertisements placed by us via third-party providers on other websites across different end devices and websites (so-called conversion tracking),

to track and evaluate your interactions with our website and then use this information as the basis for targeted advertising campaigns in advertising networks aimed at you or a specific target group to which you belong (known as retargeting and remarketing),

to improve the effectiveness of our advertising measures and to control our advertising campaigns.

To this end, individual pseudonymous identifiers (recognition features) consisting of numbers and letters are regularly stored in cookies on your device when you visit another website or our website, and are read again when you visit this or a new website again.

Other technologies may also be used regularly to read recognition features from your device, such as in the case of so-called browser or device fingerprinting, in which data from the properties of the browser you are using (e.g. type and version of the browser) and its configuration (e.g. preferred language) or from the properties of your device (e.g. manufacturer and model of your mobile phone, operating system) or the hardware you use (e.g. screen resolution) to recognise you as a different user pseudonymously.

If necessary, the processed pseudonymous recognition features may also be merged with other data by us or the providers of the services used.

This allows the services we use and their providers to exchange and compare recognition features (IDs) with each other in order to merge the features in the event of a match and assign them to the same pseudonymous user (known as ID matching/ID syncing). This enables cross-device, cross-platform and cross-advertising network recognition and advertising targeting of website visitors.

If you identify yourself with your clear data such as your name or email address, or enter your own user data on our websites, or log in to social networks or online services from third-party providers who also provide us with corresponding tracking and advertising services, pseudonymous recognition features can also be linked to your clear data or user data.

In this way, we or the service providers can create and evaluate comprehensive pseudonymous or non-pseudonymous user profiles, which we can then use to target advertising based on your interests.

The use of the services and corresponding cookies and similar technologies in this category is based on your consent in accordance with Section 25 (1) TDDDG. Subsequent data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.

1. Consent management via the Consent Management Platform Cookiebot

On our websites, we use the consent management platform "Cookiebot" from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Description of data processing and purpose

We use the service to manage your consent to the use of cookies and similar technologies, as well as the subsequent data processing.

If you give or refuse consent via the banner of our consent management platform, the service processes the following data:

the IP address of the requesting computer,

the description of the web browser and operating system used,

the address of the website from which your consent was sent

the date and time of consent,

a pseudonymous, random and encrypted consent key (consent ID).

Your consent status, which serves as proof of your consent.

This data is logged on the provider's servers. Your IP address is shortened by removing the last three digits so that it can no longer be traced back to you.

As part of data processing, your consent ID and consent status are stored both in the cookie "CookieConsent" in your device's browser and on the provider's servers in order to read and compare your consent status when you visit the page again. The check is carried out by comparing the consent key and consent status from the "CookieConsent" cookie with the values transmitted to the provider when you gave your consent, in order to ensure that the status of your original consent has not changed.

This enables us to check your consent status for all subsequent and future visits to our websites and to activate or deactivate cookies and other technologies when you visit the site again, in accordance with your decision.

The purpose of data processing and our legitimate interest lie in centrally controlling cookies and similar technologies integrated into our website, as well as integrated services, and in offering you a simple way to give and revoke your declarations of consent, in order to fulfil our legal obligations to obtain consent and our accountability obligations in accordance with Art. 5 (2) GDPR.

Legal basis for data processing

Insofar as we use cookies and similar technologies in connection with the integration of the service, or insofar as data is stored on your end device or read from it by the service, this is done in accordance with Section 25(2)(2) TDDDG. Subsequent data processing is carried out on the basis of Article 6(1)(f) GDPR.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Storage period

By integrating the service into our websites, data is transmitted to the above-mentioned recipients and stored there for a period of 12 months. Beyond this, the data processed by the service and made available to us is not regularly stored in our own systems. In individual cases, data on the time, status and scope of consent may also be stored in our own systems for longer, insofar as this is permissible for other purposes mentioned in this declaration.

1. Google Tag Manager

We integrate the "Google Tag Manager" service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, into our websites.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of data processing and purpose

"Google Tag Manager" is a tag management system (TMS) that enables us to integrate and manage additional website content in JavaScript or HTML code.

In particular, it can be used to integrate and manage so-called tags in our website. Tags are small code fragments or markers (web beacons, tracking pixels or similar markers) that enable website analysis or user tracking services to distinguish or identify users.

The analysis of website visits and user tracking is not carried out by Google Tag Manager, but by the services used for these purposes, such as Google Analytics or other third-party solutions. Rather, Google Tag Manager is only used to integrate and manage the markers required for analysis and tracking on our websites.

Since Google Tag Manager is provided by Google and is reloaded from its servers when the page is accessed, the usage data technically required to access the page is also transmitted. In this respect, Google also receives your IP address, which is technically necessary to retrieve the content.

The purpose of data processing and our legitimate interest lie in being able to integrate additional services and content into our websites in a simple and efficient manner through the use of Google Tag Manager.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given it via our consent management platform.

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.

Your consent is voluntary and can be revoked at any time with effect for the future. To exercise your right of revocation, please use the "Cookie settings" link at the bottom of the website to access the consent management platform again and change your settings.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,

Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

Further information on the handling of personal data by the service provider can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

Your data will be transferred to recipients in third countries. For data transfers to the USA, there is an adequacy decision by the EU Commission with regard to companies certified under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework.

Additional information on this and further links can be found above in the section "General information on data transfers to third countries".

Storage period

By integrating the service on our websites, data is transferred to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes. The data processed by the service and made available to us is not stored in our own systems beyond this.

1. Google Analytics

We use the Google Analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, on our websites.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of data processing and purpose

Google Analytics creates usage profiles based on pseudonyms (recognition features from cookies and device IDs and other data about the device used or the so-called browser fingerprint) and usage data (e.g. name and address of the website content requested by your browser, referral links, description of the web browser and operating system used, and the IP address of the requesting device).

Demographic data (such as continent, country, region, city, age group, gender

demographic data (such as continent, country, region, city, age group, gender, language and interests of users)

data on your interactions with search engines or other websites that are collected by Google (such as search engine queries that can be associated with your Google account, the origin of your visit to our site, i.e. whether it was made by clicking on a paid advertisement in a search engine, search terms used or, under certain circumstances, the history of websites you have visited)

Information about which website you used to access our website

Information about your device (such as category, manufacturer and model) and configuration (e.g. language settings, screen resolution).

Information about your interests, as far as these are recorded by Google in the context of your internet usage,

Information about your interactions with our advertisements or advertising campaigns, e.g. that a specific action on our website can be attributed to clicking on a specific advertisement),

data on your interactions with our websites and our web shop (in particular login status, customer number, status as a commercial customer or consumer, past visits to our website, subpages accessed, data on the time of the visit and duration of the session, button clicks, scroll depth, reading depth, and the use of filters, searches, forms and other input and registration options, links clicked on external websites/files, data on products and services viewed or purchased by you on our websites, data on the use of the shopping basket and completed and incomplete purchase transactions, data on your sales) and

data on your interactions with social media networks (such as sharing content).

collected and analysed.

This enables Google to recognise website visitors and the end devices they use pseudonymously, count them as such, and assign them to specific demographic target groups, interest groups, or customer segments.

Visitors who have their own user account on Google platforms can also be identified by Google as visitors to our websites across devices.

Cookies and similar technologies, in particular JavaScript, are used to store and read data on your device. Further details can be found above under "Data processing in connection with cookies and similar technologies".

Google uses the processed information to create summary statistics for us, which allow us to see what users of our websites are interested in and how many users have interacted with our websites and in what way.

We only receive summarised statistics (aggregated data) from Google, from which we, as users of Google advertising services, cannot draw any conclusions about individual persons.

We then use these findings to place target group-oriented online advertising measures and marketing campaigns in advertising networks, in particular in Google advertising services.

The purpose of data processing is to evaluate and analyse the origin, preferences and interests of visitors to our websites so that we can then optimise our online advertising measures and display advertisements tailored to specific target groups on the basis of these findings.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given it via our consent management platform.

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.

Your consent is voluntary and can be revoked at any time with effect for the future. To exercise your right of revocation, please use the "Cookie settings" link at the bottom of the website to access the consent management platform again and change your settings.

Recipients

When using the services, the data collected via our websites is transferred to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,

Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

Further information on the handling of personal data by the service provider can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

Your data will be transferred to recipients in third countries. For data transfers to the USA, there is an adequacy decision by the EU Commission with regard to companies certified under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework.

Additional information on this and further links can be found above in the section "General information on data transfers to third countries".

Storage period

By integrating the service on our websites, data is transferred to the above-mentioned recipients and stored there for a period of 14 months. The data processed by the service and made available to us is not stored in our own systems beyond this period.

1. Google advertising services and functions: Google Ads, Google Ads Conversion Tracking, Google Adsense, Google Ads Remarketing, Google Marketing Platform (formerly Google DoubleClick)

We integrate advertising services and functions from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, into our websites.

In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of data processing and purpose

We use Google advertising services and functions such as Google Ads, Google Ads Conversion Tracking, Google Ads Remarketing, Google Adsense and the Google Marketing Platform to place and control target group-oriented advertisements for our products and services via the Google advertising network and to measure how successful these advertisements are.

Cookies and similar technologies, in particular JavaScript, are used to store and read data on your device. Further details can be found above under "Data processing in connection with cookies and similar technologies".

The use of these technologies enables Google to recognise website visitors and the devices they use pseudonymously. Visitors who have their own user account on Google platforms can also be identified by Google as visitors to our websites across devices.

When you click on an advertisement placed for us via Google, cookies for conversion tracking are set by the website or app of other providers. These are read again when you visit our site. Data from the original website or app is processed to determine which search terms (keywords) you may have entered in a search engine, which advertisement or group of advertisements you clicked on, and which of our online marketing campaigns the advertisement was associated with.

We then collect data on our websites about how you used our website and how you interacted with the website content, e.g. which subpages were accessed, which content was clicked on or retrieved, or which forms or dialogues you used. The conversion of an advertisement into a specific action by the website visitor on a website is referred to as a conversion.

When using "Google Analytics" at the same time, we can evaluate your actions on our websites even more accurately with the data collected via this tool.

From the processed information, Google creates summarised statistics for us as part of "Google Ads Conversion Tracking" in "Google Ads" and in the "Google Marketing Platform", from which we can see how many users have responded to our advertisements and in what way. We only receive summarised statistics (aggregated data) from Google, from which we, as users of Google advertising services, cannot draw any conclusions about individual persons.

Based on the statistics, we can optimise the effectiveness of our online advertising and control our advertising strategy via Google advertising services.

Google Ads remarketing then enables us to place interest- and target group-related advertisements during your further use of the internet or apps based on the websites and content you have visited on our site, how you have used them and what actions (conversions) you have taken on our websites.

The purpose of data processing is to enable us to place and control target group-oriented advertisements for our products and services via Google's advertising network, and to measure how successful these advertisements are.

Legal basis for data processing

The legal basis for the integration and use of the respective service is your consent, provided that you have given it via our consent management platform.

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.

Your consent is voluntary and can be revoked at any time with effect for the future. To exercise your right of revocation, please use the "Cookie settings" link at the bottom of the website to access the consent management platform again and change your settings.

Recipients

When using the services, the data collected via our websites is transferred to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,

Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

Further information on the handling of personal data by the service provider can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

Your data will be transferred to recipients in third countries. For data transfers to the USA, there is an adequacy decision by the EU Commission with regard to companies certified under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework.

Additional information on this and further links can be found above in the section "General information on data transfers to third countries".

Storage period

By integrating the service on our websites, data is transferred to the above-mentioned recipients and stored there for a period of 6 months. The data processed by the service and made available to us is not stored in our own systems beyond this period.

Google Fonts

We integrate the "Google Fonts" service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, into our websites.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of data processing and purpose

"Google Fonts" enables us to use web fonts. To do this, when you visit our website, the required Google Fonts are loaded from your web browser into your browser cache. This is necessary so that your browser can display our texts in a visually improved way. If your browser does not support this function, a standard font from your computer will be used for display.

Since Google Fonts is provided by Google and is downloaded from its servers when the page is accessed, the usage data technically required to access the page is also transmitted. Google also receives your IP address, which is technically necessary to retrieve the content.

Cookies and similar technologies, in particular JavaScript, may be used to store and read data on your device. Further details can be found above under "Data processing in connection with cookies and similar technologies".

The purpose of data processing and our legitimate interest is to make our website more visually appealing to you.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given this via our consent management platform.

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.

Your consent is voluntary and can be revoked at any time with effect for the future. To exercise your right of revocation, please use the "Cookie settings" link at the bottom of the website to access the consent management platform again and change your settings.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,

Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

Further information on the handling of personal data by the service provider can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

Your data will be transferred to recipients in third countries. For data transfers to the USA, there is an adequacy decision by the EU Commission with regard to companies certified under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework.

Additional information on this and further links can be found above in the section "General information on data transfers to third countries".

Storage period

By integrating the service on our websites, data is transferred to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes. The data processed by the service and made available to us is not stored in our own systems beyond this.

YouTube and YouTube images

We integrate the "YouTube" service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA, into our websites.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Description of data processing and purpose

The service enables us to embed videos uploaded by us to the social media platform YouTube on our website. To do this, embedded videos and corresponding preview images are loaded from your web browser into your browser cache when you visit the page.

Since embedded videos and preview images are provided by Google via the "YouTube" and "YouTube Images" services and are reloaded from its servers when the page is accessed, the usage data technically required to access the page is also transmitted. In this respect, Google also receives your IP address, which is technically necessary to retrieve the content.

The provision of videos via the provider's servers enables us to deliver videos with larger amounts of data quickly without a longer loading time and to conserve the limited resources of our own web server. In this way, we can ensure the performance of our web pages every time they are accessed.

Cookies and similar technologies, in particular JavaScript, are used to store and read data on your device. Further details can be found above under "Data processing in connection with cookies and similar technologies".

We have integrated the service on our websites in a data-saving "no cookie mode" in order to prevent the setting and reading of cookies for the purpose of collecting information on user behaviour, linking to user profiles, creating video statistics, improving user-friendliness and preventing abusive actions by the provider. However, in order to prevent the setting and reading of such cookies, a cookie is stored in the memory of your end device in "No Cookie Mode".

The purpose of data processing is to make our website visually appealing for you and efficient and resource-saving for us.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given it via our consent management platform.

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) (a) GDPR.

Your consent is voluntary and can be revoked at any time with effect for the future. To exercise your right of revocation, please use the "Cookie settings" link at the bottom of the website to reopen the consent management platform and change your settings.

Recipients

When using the service, the data collected via our websites is transmitted to the following recipients:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,

Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

Further information on the handling of personal data by the service provider can be found at https://policies.google.com/privacy?hl=de.

Data processing in third countries

Your data will be transferred to recipients in third countries. For data transfers to the USA, there is an adequacy decision by the EU Commission with regard to companies certified under the EU-U.S. Data Privacy Framework. Google LLC is certified under the EU-U.S. Data Privacy Framework.

Additional information on this and further links can be found above in the section "General information on data transfers to third countries".

Storage period

By integrating the service on our websites, data is transferred to the above-mentioned recipients and stored there for a period of 6, 8 or up to 13 months. The data processed by the service and made available to us is not stored in our own systems for any longer than this.

DooFinder

We integrate the "DooFinder" service from DooFinder S.L., Calle de Cronos, 63, 28037 Madrid, into our website.

Description of data processing and purpose

DooFinder is used on our website to optimise the search function and user-friendliness of our offering. The service enables visitors to our website to search specifically for content, products or information and helps us to display search results that are as relevant and user-oriented as possible.

In order to enable the provision of this service, the following data in particular may be processed by the service provider:

1. User's IP address

2. Device data (e.g. device model, operating system version)

3. Search queries and usage data (e.g. number and frequency of visits to the website)

4. Browser information and, if applicable, location data

5. Technical information on the use of the search function

The purpose of data processing is to provide and improve the search function on our website, analyse user behaviour in order to optimise our offering, and ensure technical functionality.

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given it via our consent management platform "Cookiebot".

The use of cookies and similar technologies is based on Section 25 (1) TDDDG. The subsequent data processing is based on Art. 6 (1) lit. a GDPR.

Your consent is voluntary and can be revoked at any time with effect for the future. To exercise your right of revocation, please use the "Cookie settings" link at the bottom left of the website to call up "Cookiebot" again and change your settings.

Recipients

When using the services, the data collected via our websites is transferred to the following recipients:

1. DooFinder S.L., Calle de Cronos, 63, 28037 Madrid

Further information on the handling of personal data by the service provider can be found at https://www.doofinder.com/en/privacy-policy.

Use of artificial intelligence

Artificial intelligence is used in the processing of your data.

The AI service "DooFinder" from DooFinder S.L., Calle de Cronos, 63, 28037 Madrid, Spain, is used.

This service enables visitors to our website to search for specific content, products or information and helps us to display search results that are as relevant and user-oriented as possible.

The purpose of data processing using AI and our legitimate interest is to ensure, in an efficient and effective manner, that the terms of use of our platform are complied with.

Data processing using AI is carried out in accordance with Art. 6(1)(1)(f) GDPR in our aforementioned legitimate interest.

- Recipients of your data in the context of data processing using AI are

DooFinder S.L., Calle de Cronos, 63, 28037 Madrid, Spain.

Additional information on this topic and further links can be found above in the section "General information on the use of artificial intelligence".

Storage period

By integrating the service into our website, data is transmitted to the above-mentioned recipients and stored there for the duration of active use of the website. The data processed by the service and made available to us is not stored in our own systems beyond this period.

Contact form and general enquiries by e-mail

Description of data processing and purpose

If you send us enquiries via the contact form or email, your details from the enquiry form or your email, including the personal data you have provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions.

Providing an email address is necessary for us to contact you; providing your first and last name and your telephone number is voluntary. We will not pass on this data without your consent.

Legal basis for data processing

The legal basis for the processing of your data is your and our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR and, where applicable, Art. 6 (1) (b) GDPR, provided that your enquiry is aimed at concluding a contract.

Recipients

In the context of data processing, your data will be transferred to the following categories of recipients or recipients that we use in the context of data processing to achieve the aforementioned purposes

Sales departments, customer support, other departments if necessary,

affiliated companies of the group of companies,

Software service providers who provide us with solutions for internal and external communication, for creating and editing documents, and for managing databases.

Data processing in third countries

Your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA).

For data transfers to certain third countries, an adequacy decision by the EU Commission pursuant to Art. 45(1) GDPR may exist. Such a decision establishes that an adequate level of data protection exists in the third country. A list of previous adequacy decisions can be found at the following link: Data protection adequacy for non-EU countries.

The scope of an adequacy decision may also be limited to a specific group of recipients or linked to the fulfilment of additional requirements.

For example, the adequacy decision for data transfers to the United States only applies to companies certified under the EU-U.S. Data Privacy Framework. The certification status of a participating company can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to recipients in third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or being able to seek legal redress.

To ensure an adequate level of data protection when transferring your data to recipients in such third countries, we therefore ensure that appropriate safeguards within the meaning of Art. 46 GDPR are in place.

Standard data protection clauses of the European Commission in accordance with Art. 46(2)(c) GDPR are therefore regularly concluded either by us or by the service providers we use. They oblige the recipient of the data in the third country to process it in accordance with the European level of protection. The clauses can be viewed at the following link: Publications on the Standard Contractual Clauses (SCCs) - European Commission. If you require further information on the modules of the standard data protection clauses or supplementary measures concluded by us in individual cases, we will be happy to provide you with a copy. In this case, simply contact us using the contact details provided above under "Controller".

For certain recipients, data transfers may also be based on binding internal data protection regulations (BCR) approved by the supervisory authorities in accordance with Art. 46(2)(b) GDPR. These can be viewed at the following link: Approved Binding Corporate Rules | European Data Protection Board.

If the standard data protection clauses or binding internal data protection regulations are not sufficient to guarantee the level of protection, additional technical, contractual or organisational measures will be taken to secure the data transfer . In addition, regular checks and assessments will be carried out to determine whether these additional measures continue to guarantee an adequate level of data protection or whether further supplementary measures need to be taken.

Storage period

Your data will be deleted after your enquiry has been processed, as soon as no further queries are expected and provided that there are no legal retention obligations to the contrary.

Web forms for collecting advertising data

On our websites, we collect personal data via various web forms for the purpose of addressing you with advertising in order to promote the sale of our products, goods or services by means of direct advertising.

These may be forms

for registering for newsletters, webinars or events,

for booking appointments or product demo appointments, or

for downloading white papers and other documents

.

Further information on the processing of your data for advertising purposes can be found in the following section of this privacy policy .

1. Data protection information for customers, other business partners and interested parties

Conclusion, execution and fulfilment of contracts, as well as for the implementation of pre-contractual measures in general

Description of data processing and purpose

We process your personal data if it is necessary for the establishment, execution and fulfilment of a contract and for the implementation of pre-contractual measures.

We only process data that is related to the establishment of the contract or pre-contractual measures. This may include general data about you or persons in your company (name, address, contact details, etc.) as well as any other data that you provide to us in the course of establishing the contract.

Legal basis for data processing

Insofar as personal data is required for the initiation or execution of a contractual relationship or in the context of the implementation of pre-contractual measures, processing is lawful in accordance with Art. 6 (1) (b) GDPR.

Sources

We process personal data that we receive from you by post, telephone or email via forms on our website or via one of our social media profiles when you contact us or establish a contractual relationship or in the context of pre-contractual measures.

Recipients

In the context of data processing, your data will be transferred to the following categories of recipients or recipients that we use in the context of data processing to achieve the aforementioned purposes:

Affiliated companies of the BAUER GROUP,

dealers,

Software service providers who provide us with solutions for internal and external communication, for creating and editing documents, and for managing databases

External tax advisor

Public authorities and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax office) in the event of a legal or official obligation,

recipients to whom the transfer is directly necessary for the establishment or fulfilment of a contract,

Other data recipients, provided you have given us your consent to the transfer of data.