Privacy policy

1. data protection at a glance

General information

We, PONGS GROUP GmbH & CO. KG (hereinafter “PONGS®” or “we”), take the protection of your personal data very seriously and strictly adhere to the rules of the currently applicable data protection laws, especially the General Data Protection Regulation (hereinafter: “GDPR”, Regulation (EU) 2016/679) of the European Parliament and Council. 

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are all data with which you can be personally identified. Personal data is collected and processed on our websites and when using our services only to the extent necessary and for specific purposes. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Scope of the data protection declaration

The following statement provides an overview of how we ensure data protection, what type of data is collected for what purpose, and on what legal basis it is collected and processed. It applies to all websites operated by PONGS® and when you contact us through other communication channels. If PONGS® websites deviate from these data processing principles or supplement them with their own, this will be made clear on the respective websites in an appropriate manner.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the “Note on the Responsible Party” section of this privacy policy.

How do we collect your data?

Your data is collected on the one hand by you providing it to us. This can be data that you enter in a contact form, for example. Other data is automatically collected or with your consent when you visit the website by our IT systems. This is mainly technical data (e.g., internet browser, operating system, or time of page access). The collection of this data occurs automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. More detailed information on this can be found in section 3.11, “Data Protection Rights.” For this and any other questions on the subject of data protection, you can contact us at any time.

Analysis tools and third-party tools

When visiting this website, your browsing behavior can be statistically evaluated. This is mainly done with so-called analysis programs. Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

External hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

If appropriate consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfill their performance obligations and follow our instructions regarding this data.

3 General notes and mandatory information

3.1 Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data are collected.

Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We point out that data transmission on the internet (e.g., when communicating by email) can have security gaps. A complete protection of the data from access by third parties is not possible.

3.2 Note on the responsible entity

The responsible party for data processing on this website is:

PONGS GROUP GmbH & CO. KG

Villa Lantz, Lohauser Dorfstraße 51 – Lantz’scher Park, 40474 Düsseldorf

Germany

Phone: +49 211 54230-800

Email: info@pongs.de

Website: www.pongs.com

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

3.3 Contact details of the data protection officer

PONGS GROUP GmbH & CO. KG

Villa Lantz, Lohauser Dorfstraße 51 – Lantz’scher Park, 40474 Düsseldorf

Germany

Phone: +49 211 54230-811

Email: datenschutz@pongs.de

Website: www.pongs.com

 

3.4 Data processing by calling up our internet pages

PONGS® automatically collects and stores information in its server log files that your browser or app transmits to us. These data cannot be assigned to specific individuals by PONGS®. A combination of these data with other data sources is not carried out.

These are:

Browser type/version

Operating system used

Referrer URL (the previously visited page)

Hostname of the accessing computer (IP address v4 and v6)

Time of the server request

The IP address is the worldwide valid, at the time of allocation by your internet provider unique identification of your computer and consists, in its most common form (IPv4), of four blocks of digits separated by dots, or extended by additional digits (IPv6). Usually, as a private user, you will not use a constant IP address, as you are assigned a temporary IP address by your provider (so-called “dynamic IP address”). In the case of a permanently assigned IP address (so-called “static IP address”), it is technically easy to assign user data via this feature.

3.5 The aforementioned data is processed by us mainly for the following purposes:

  • Ensuring a smooth connection setup of the website
  • Ensuring a comfortable use of the aforementioned website
  • Evaluation of system security and stability

The personal data of the server log files are processed based on Art. 6 para. 1 lit. f GDPR. This legal basis allows the processing of personal data within the framework of the “legitimate interest” of the controller, provided that your fundamental rights, freedoms, or interests do not outweigh them. Our legitimate interest lies in easier administration and the ability to detect and track hacking. You can object to this data processing at any time if there are reasons arising from your particular situation that speak against the data processing. A simple email to the data protection officer is sufficient for this. Our legitimate interest follows from the above-listed purposes for data collection. In no case do we use the collected data for the purpose of drawing conclusions about your person.

The server log files with the aforementioned data are automatically deleted after 30 days or anonymized in the case of use for statistics. We reserve the right to store the server log files longer if facts exist that suggest the assumption of an unauthorized access (such as the attempt of hacking or a so-called DDOS attack).

3.6 Linking to external websites

This privacy policy applies exclusively to the PONGS® websites. These may contain links to third-party web offerings. This privacy policy does not extend to these. If you leave the PONGS® websites to visit a third-party offering, we recommend that you carefully read the privacy policy of the respective provider.

3.7 Storage period

Unless a specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods (HGB or AO)); in the latter case, the deletion will take place after these reasons no longer apply.

3.8 Information about cookies and the use of analysis tools

General:

PONGS® uses so-called cookies on its websites and in its apps in several places. They serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Cookies do not harm your computer and do not contain viruses.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our internet site cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

If appropriate consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device within the meaning of the TTDSG. Consent can be revoked at any time. The legal basis for the processing of personal data using cookies for analysis purposes and for controlling and evaluating advertisements is Art. 6 para. 1 lit. a GDPR.

If cookies from third-party companies or for analysis purposes are used, we will inform you about this separately within this privacy policy and, if necessary, request your consent.

3.9 Note on data transfer to the USA and other third countries

We use tools from companies based in the USA or other third countries whose data protection level may not meet EU standards. These tools are activated only with your active consent, which is obtained via the Cookie Consent Banner. This consent can be revoked at any time. When these tools are active, your personal data can be transferred to these third countries and processed there. We point out that in these countries, it may not be possible to guarantee a data protection level comparable to that in the EU.

The transfer of personal data to these third countries generally takes place within the framework of order processing based on an EU adequacy decision and the signing of standard data protection clauses, taking into account contractual, technical, and organizational measures to comply with the data protection level of the EU. If data transfer to a third country that does not meet these criteria occurs, it happens in exceptional cases based on a legal obligation or your active consent.

EU-US Data Privacy Framework: As part of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA within the framework of the adequacy decision of 10.07.2023 as safe. You can find the list of certified companies and more information about the DPF on the US Department of Commerce website at Data Privacy Framework (in English). We inform you within the privacy notices which service providers we use are certified under the Data Privacy Framework.

3.10 Recipients or categories of recipients of the personal data

Within the company, only those departments that need the data to fulfill contractual and legal obligations or to implement our legitimate interest (e.g., sales) have access to it. Processors we use in accordance with Art. 28 GDPR can also process data for these purposes, such as IT service providers, cloud providers, and disposers in the area of data destruction. All service providers are contractually obligated to treat your data confidentially.

A transfer of data to recipients outside the company only takes place in compliance with applicable data protection regulations. Recipients of personal data can be companies in the logistics sector, service providers, suppliers, subcontractors, tax consultants, auditors, credit and financial service providers, credit agencies, debt collection companies, lawyers, and authorities. In such cases, information is passed on to these companies or individuals to enable further processing.

3.11 In addition to the above information, an overview of your other data protection rights follows below:

Right to confirmation (Article 15(1) of the GDPR).

Every data subject has the right granted by the European directives and regulations to obtain confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they can contact an employee of the controller at any time.

Right of access to the personal data concerned (Art. 15 DS-GVO)

Every data subject affected by the processing of personal data has the right granted by the European directives and regulations to obtain at any time from the controller free information about the personal data stored about them and a copy of this information. The European directives and regulations also grant the data subject information about the following:

  • The purposes of the processing
  • The categories of personal data processed
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly in recipients in third countries or international organizations
  • Where possible, the planned duration for which the personal data will be stored, or if this is not possible, the criteria used to determine that period
  • The existence of a right to rectification or erasure of personal data concerning them, or to restriction of processing by the controller, or to object to such processing
  • The existence of a right to lodge a complaint with a supervisory authority
  • If the personal data is not collected from the data subject: Any available information about the source of the data

The existence of automated decision-making, including profiling, referred to in Article 22 paras.1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject has the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to exercise this right to information, they can contact an employee of the controller at any time.

Right to rectification (Art. 16 DS-GVO)

Every data subject affected by the processing of personal data has the right granted by the European directives and regulations to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, they can contact an employee of the controller at any time.

Right to erasure (Art. 17 DS-GVO)

Every data subject affected by the processing of personal data has the right granted by the European directives and regulations to obtain from the controller the erasure of personal data concerning them without undue delay, where one of the following grounds applies and insofar as the processing is not necessary:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • The data subject withdraws consent on which the processing is based according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, and there is no other legal ground for the processing.
  • The data subject objects to the processing pursuant to Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 para. 2 GDPR.
  • The personal data has been unlawfully processed.
  • The erasure of the personal data is required to fulfill a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data has been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.

If one of the above reasons applies and a data subject wishes to arrange for the deletion of personal data stored by PONGS GROUP GmbH & CO. KG, they can contact an employee of the controller at any time. The employee of PONGS GROUP GmbH & CO. KG will ensure that the deletion request is complied with without delay.

If the personal data has been made public by PONGS GROUP GmbH & CO. KG and our company is responsible under Art. 17 para. 1 GDPR for the deletion of the personal data, PONGS GROUP GmbH & CO. KG, taking into account the available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to or copies or replications of the personal data, insofar as the processing is not necessary. The employee of PONGS GROUP GmbH & CO. KG will arrange the necessary measures in individual cases.

Right to restriction of processing (Art. 18 DS-GVO)

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. The right to restriction of processing exists in the following cases:

  • If you contest the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it to establish, exercise, or defend legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
  • If you have objected to processing pursuant to Art. 21 para. 1 GDPR, a balancing of your and our interests must be carried out. As long as it has not been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
  • If you have restricted the processing of your personal data, this data may – apart from its storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Right to data portability (Art. 20 DS-GVO)

Every data subject affected by the processing of personal data has the right granted by the European directives and regulations to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, insofar as the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR, and the processing is carried out by automated means, provided the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising their right to data portability pursuant to Art. 20 para. 1 GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject can contact an employee of PONGS GROUP GmbH & CO. KG at any time.

Right to object to processing (Art. 21 DS-GVO)

Many data processing operations are only possible with your explicit consent. You can revoke any consent you have given at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Every data subject affected by the processing of personal data has the right granted by the European directives and regulations to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is based on Art. 6 para. 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

PONGS GROUP GmbH & CO. KG will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or the processing is for the establishment, exercise, or defense of legal claims.

If PONGS GROUP GmbH & CO. KG processes personal data to carry out direct marketing, the data subject has the right to object at any time to the processing of personal data for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to PONGS GROUP GmbH & CO. KG processing for direct marketing purposes, PONGS GROUP GmbH & CO. KG will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject can contact any employee of PONGS GROUP GmbH & CO. KG directly. A simple message in text form is sufficient. The data subject can write to us or contact us by email. The data subject is also free to exercise their right to object in the context of the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Right to automated decisions in individual cases, including profiling (Art. 22 DS-GVO).

Every data subject affected by the processing of personal data has the right granted by the European directives and regulations not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, provided that the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a controller, or (2) it is based on the data subject’s explicit consent, PONGS GROUP GmbH & CO. KG will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

If the data subject wishes to exercise rights concerning automated decisions, they can contact an employee of the controller at any time.

For the establishment, performance, or termination of the business relationship and for pre-contractual measures, we do not generally use fully automated decision-making pursuant to Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you separately or obtain your consent, if legally required.

Right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent until withdrawal (Art. 7(3) DS-GVO).

Every data subject affected by the processing of personal data has the right granted by the European directives and regulations to withdraw consent to the processing of personal data at any time without affecting the lawfulness of the processing based on consent before its withdrawal.

If the data subject wishes to exercise their right to withdraw consent, they can contact an employee of the controller at any time.

Right of appeal to a supervisory authority (Art. 77 DS-GVO)

If there are violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or the place of the alleged violation. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Is there an obligation to provide data?

As part of the contractual relationship or pre-contractual measures, you must provide the personal data that is required for the initiation, performance, and termination, as well as the fulfillment of the associated contractual obligations or for which we are legally obliged to collect. Without this data, we will generally not be able to carry out the necessary pre-contractual measures or the contractual relationship with you.

3.12 SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

3.13 Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of these data is based on Art. 6 para. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.

3.14 Inquiry by e-mail, telephone or fax

If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of these data is based on Art. 6 para. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact inquiries will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – especially statutory retention periods – remain unaffected.

3.15 Objection to advertising e-mails

We hereby object to the use of contact data published within the scope of the imprint obligation for sending unsolicited advertising and information materials. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

4. analysis tools and other cookies

4.1 Matomo

This website uses Matomo, an open-source web analysis tool, to collect anonymous usage data for this website. The software creates detailed statistics, including search engines used, search terms, browsers, and user origin.

The provider of this service is InnoCraft Ltd., 7 Waterloo Quay, PO625, 6140 Wellington, New Zealand.

Matomo sets a cookie in your browser for data collection.

To activate Matomo, we obtain your active consent via our Cookie Consent Banner. Thus, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

The storage period of the cookie is 30 minutes.

The data about your behavior when visiting the website is collected to identify potential problems such as not found pages, search engine problems, or unpopular pages. Once the data (number of website visitors seeing error pages or only one page, etc.) is processed, Matomo generates reports for the website operator so that they can respond technically or content-wise.

Matomo processes the following data:

  • Cookies
  • Anonymized IP addresses by removing the last 2 bytes (e.g., 198.51.0.0 instead of 198.51.100.54)
  • Pseudonymized location (based on the anonymized IP address)
  • Date and time
  • Title of the accessed page
  • URL of the accessed page
  • URL of the previous page (if this allows)
  • Screen resolution
  • Local time
  • Information on files clicked and downloaded
  • External links
  • Duration of page load
  • Country, region, city (with low accuracy due to the reference to the IP address)
  • Main language of the browser
  •  agent of the browser
  • Interactions with forms, but not storing their content

More about the data processed by Matomo can be found in Matomo’s privacy policy: Matomo Privacy Policy

 

4.2 Borlabs Cookie

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents in your browser and document them in a data protection-compliant manner. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. These data are not passed on to the provider of Borlabs Cookie.

Among other things, the following data is stored:

  • Cookie duration
  • Cookie version
  • Domain and path of the WordPress website
  • Consents chosen by the user
  • UID (a randomly generated ID for the user)

The collected data will be stored until you request us to delete it, the Borlabs cookie itself is deleted, or the purpose for data storage no longer applies. The Borlabs cookie has a storage duration of 1 week. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at Borlabs Cookie Data Processing

The use of the Borlabs Cookie Consent technology takes place to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 S. 1 lit. c GDPR.

5. matterport (virtual 3D tour)

For this website, PONGS® uses the Matterport service platform to provide the virtual 3D tour. The provider is Matterport, Inc., 352 E. Java Dr. Sunnyvale, CA 94089, USA. To ensure data protection on this website, the virtual tour is deactivated when you first visit our website. A direct connection to the servers of Matterport is only established if you activate the virtual tour yourself.

This requires your active consent according to Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. This consent is obtained via the Cookie Consent Banner. By consenting to the activation of Matterport, you also consent to the aforementioned transfer of the data collected to the USA and other third countries.

As part of the so-called EU-US Data Privacy Framework (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA within the framework of the adequacy decision of 10.07.2023 as safe. However, the provider Matterport has not yet been certified under the DPF.

Thus, the aforementioned transfer of the data collected to the USA occurs to a provider that cannot guarantee a data protection level comparable to that in the EU, as the adequacy decision of the European Commission for the USA under Art. 45 para. 3 GDPR in the form of the DPF does not apply here. Moreover, appropriate safeguards according to Art. 46 para. 1 GDPR are missing. Therefore, the legal basis for the data transfer is your above-mentioned consent according to Art. 49 para. 1 lit. a GDPR.

This consent can be revoked at any time.

The consent is obtained on our website via the so-called “two-click solution”: Access to the virtual tour is thus only possible after consent (1st click); only then can the virtual tour be started with another, 2nd click, and a data connection to Matterport is established.

Your consent is given voluntarily; not giving consent has no disadvantages. As stated, the virtual tour is merely an additional offer.

If you start the virtual tour on our website, a connection to the Matterport server in the USA is established. The Matterport server is informed which of our pages you are visiting. Matterport also obtains your IP address, the type and version of your internet browser, the operating system model, and the identifier of your computer or mobile device as well as your usage patterns associated with the services. This applies even if you are not logged in to Matterport or do not have an account with Matterport. The information collected by Matterport is transmitted to the Matterport server in the USA. If you have a Matterport account and are logged in, you enable Matterport to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your Matterport account.

When you leave or refresh our website, the connection to the Matterport server is automatically disconnected again. If you visit our website again later, you must consent again to the processing of your personal data.

According to its statement, Matterport uses the information mentioned to manage and improve its services, diagnose problems with its services, and better assess the use of the services. The Ministry of Economics has no influence on the type and scope of the data processed by Matterport, the way it is processed and used, or the transfer of this data to third parties. Therefore, we explicitly point out that you use the Matterport service platform at your own risk.

You can find Matterport’s privacy policy at Matterport Privacy Policy.

6. newsletter

Newsletter data

If you want to receive the newsletter offered on the website, we need your valid email address and information that allows us to verify that you are the owner of the email address provided and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based solely on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of data, the email address, and its use for sending the newsletter at any time, for example, via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

With the newsletter, we inform you at regular intervals about our offers. During the registration process for the newsletter, your consent will be obtained and this privacy policy referred to. The registration for our newsletter takes place in a so-called double-opt-in procedure. This means: After the actual registration, you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with third-party email addresses. The registrations for the newsletter are logged to prove the registration process according to legal requirements. This includes storing the registration and confirmation times as well as the IP address. Changes to your data stored by the newsletter service provider are also logged.

No comparison of the data collected with data that may be collected by other components of our site is carried out.

The data you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion within the framework of our legitimate interest according to Art. 6 para. 1 lit. f GDPR.

Data that has been stored by us for other purposes remains unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and not combined with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

7. plugins and tools

7.1 YouTube

This website integrates videos from the YouTube website. The operator of the site is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our web pages that has YouTube embedded, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.

Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the EU-US Privacy Framework (DPF). Google, as the parent company of YouTube, has certified itself under the DPF and is thereby committed to complying with European data protection principles.

The activation of YouTube on this page requires your active consent according to Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. This consent is obtained via the Cookie Consent Banner. By consenting to the activation of YouTube, you also consent to the aforementioned transfer of the data collected to the USA.

This consent can be revoked at any time.

If you accept only essential cookies (technically necessary), the aforementioned transfer will not occur.

Furthermore, YouTube may store various cookies on your device or use similar technologies for recognition (e.g., device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness, and prevent fraud attempts.

The storage duration is 6 months.

If you are logged into your YouTube account, you enable YouTube to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

For more information on how user data is handled, please refer to YouTube’s privacy policy at: Google Privacy Policy.

7.2 Google Maps

This site uses the Google Maps mapping service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA and stored there. There is an adequacy decision by the EU Commission for the USA, the EU-US Privacy Framework (DPF). Google has certified itself under the DPF and is thereby committed to complying with European data protection principles.

PONGS has no influence on this data transmission. By integrating Google Maps, we can provide you with essential information on various locations. You can see the company locations depicted there and, if necessary, the way to the relevant location. For this purpose, Google Maps stores certain data to offer the service. Your consent is required for this.

The collected and stored data include, among other things, the search terms entered, your IP address, and the latitude and longitude coordinates entered if applicable. If you use the route planner function, the start address entered is also stored. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google uses this data to optimize its services and provide you with individual, personalized advertising.

The storage duration is 6 months.

We point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks for the lawfulness and security of data processing.

The activation of Google Maps on this page requires your active consent according to Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. This consent is obtained via the Cookie Consent Banner. By consenting to the activation of Google Maps, you also consent to the aforementioned transfer of the data collected to the USA.

This consent can be revoked at any time.

More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

8. Separate information obligations of PONGS GROUP GmbH & Co. KG for business partners

8.1 Purposes for which the personal data are processed and the legal basis for the processing

We process personal data if it is necessary for the establishment, execution, and fulfillment of a contract and to carry out pre-contractual measures (Art. 6 para. 1 lit. b GDPR, e.g., in connection with the initiation, execution, and management of orders), to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR, e.g., compliance with commercial and tax retention obligations according to § 257 HGB and § 147 AO), to safeguard the legitimate interests of the controller or a third party (Art. 6 para. 1 lit. f GDPR, e.g., storing data for a reasonable period for acquisition efforts or to assert legal claims and defense in legal disputes).

If you have given your consent to data processing, we process your personal data based on Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data according to Art. 9 para. 1 GDPR are processed (e.g., disclosure of data to third parties, evaluation for marketing purposes, or advertising communication via email).

In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place based on Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing also takes place based on § 25 para. 1 TTDSG. Consent can be revoked at any time.

8.2 Sources and categories of personal data processed

We process personal data that we receive from you or from public sources such as commercial registers, the internet, and directories, or from third parties such as credit agencies or business partners in the course of contact and our business relationship, e.g., to process an inquiry or an order.

Relevant personal data includes personal data (such as name, first name, address, bank details, billing address, tax number, or VAT ID number) and other contact details (such as phone number, email address). This can also include contract or order data (e.g., sales data, order volume), information about your financial situation (e.g., creditworthiness data), and data about your person (e.g., profession, position, tasks, and powers) as well as other data comparable to the mentioned categories.

8.3 Duration for which the personal data are stored and the criteria for determining this duration.

The required personal data is stored for the duration of the existence of warranty and guarantee claims. In addition, personal data is stored in accordance with statutory retention periods. Corresponding proof and retention obligations result from the Commercial Code (HGB) and the Fiscal Code (AO). The specified retention or documentation periods are up to ten years. If the data is no longer required for the fulfillment of contractual or legal obligations, it will be regularly deleted.

9. Separate information obligations of PONGS GROUP GmbH & CO. KG for applicants

We are pleased that you are applying or have applied for a position in our company. Below we inform you in accordance with Art. 13, 14 of the EU General Data Protection Regulation (EU GDPR) for what purposes we process the application documents (data) you provide on a voluntary basis and what rights you have in this regard.

9.1 Purposes for which your personal data are processed and the legal basis for the processing

We process the data you send us in connection with your application to check your suitability for the position (or possibly other open positions in our company) and to conduct the application process.

The legal basis for processing your personal data in this application process is primarily § 26 BDSG. Thereafter, the processing of the data is permissible if it is necessary in connection with the decision on establishing an employment relationship.

Furthermore, we may process personal data about you as far as this is necessary to fulfill legal obligations (Art. 6 para. 1 lit. c GDPR, e.g., reimbursement of travel expenses) and to defend against asserted legal claims from the application process against us. The legal basis is then Art. 6 para. 1 lit. f GDPR; the legitimate interest is, for example, a duty to provide evidence in a procedure under the General Equal Treatment Act (AGG). Should there be a need for longer-term storage (e.g., for further vacant or vacant positions), this will be done on the basis of your consent in written form (in accordance with Art. 6 para. 1 lit. a GDPR).

If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated during the application process, their processing is also carried out according to Art. 9 para. 2 lit. b GDPR in conjunction with § 26 para. 3 BDSG (e.g., disability status). If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants in the course of the application process, their processing is also carried out according to Art. 9 para. 2 lit. a GDPR in conjunction with § 26 para. 2 as well as para. 3 sentence 2 BDSG (e.g., health data if required for the exercise of the profession).

9.2 Sources and categories of personal data processed

We process personal data that we receive from you or from personnel service providers in the course of the application process, such as personal data (name, address, and other contact details, date and place of birth, nationality), bank details (for the purpose of travel expense reimbursement), qualification certificates (e.g., references, evaluations, and other training certificates), IP addresses, and photographs.

9.3 Recipients or categories of recipients of the personal data

Applicants can send us their documents by email. However, please note that emails are generally not sent encrypted, and applicants are responsible for encryption themselves. Therefore, we cannot assume responsibility for the transmission path of the application between the sender and the receipt on our server and therefore recommend using postal mail.

Your data will be reviewed by the HR department after receiving your application. Suitable applications will then be forwarded internally to the person responsible for the respective open position, and possibly also to the works council. In the company, only those  persons have access to your data who need it for the proper conduct of the application process.

Otherwise, personal data is processed on our behalf on the basis of contracts under Art. 28 GDPR (order processing), especially for providers of cloud solutions and applicant management systems. Personnel service providers may also be engaged as part of the application process. All service providers are contractually obligated to treat your data confidentially.

Otherwise, data is only passed on to recipients outside the company if statutory provisions allow or require this, the transfer is necessary for the fulfillment of legal obligations, or we have your consent.

9.4 Transfer to a third country (outside the EU / EEA) or to an international organization.

The data is processed exclusively in data centers in the Federal Republic of Germany. A transfer to a third country does not take place and is not planned.

9.5 Duration for which the personal data is stored and the criteria for determining this duration:

If an employment relationship does not come about following an application, we store applicant data for a maximum of six months from the date of the rejection decision, so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the General Equal Treatment Act (AGG). This does not apply if legal provisions prevent deletion (e.g., archiving of travel expense reimbursements according to tax regulations for up to 10 years), further storage is necessary for evidence purposes, or you have expressly consented to longer storage. If the data subject has given consent to longer storage of their personal data, we will include this data in our applicant pool. There, the data will be deleted after one year.

If the data subject receives a job offer as part of the application process, the relevant and necessary data from the applicant data will be transferred to our personnel data system.

10. separate data protection information for online meetings of PONGS GROUP GmbH & CO. KG with “MS Teams“

Below we inform you based on the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) about the processing of personal data in connection with the implementation of online meetings using the video conferencing tool “Microsoft Teams.”

Name and Contact Details of the Controller

The controller for data processing that is directly related to the implementation of “online meetings” is:

PONGS Group GmbH & Co. KG

Lohauser Dorfstraße 51, 40474 Düsseldorf

Phone: +49 211 54230800

Email: info@pongs.de

Note: If you access the “Microsoft Teams” website, the provider of “Microsoft Teams” is responsible for data processing. Accessing the website is only necessary to download the software for use.

If you do not want or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. The service is then provided to that extent via the “Microsoft Teams” website.

Contact Details of the Data Protection Officer

We have appointed a data protection officer. You can reach this officer as follows:

PONGS Group GmbH & Co. KG

Lohauser Dorfstraße 51, 40474 Düsseldorf

Phone: +49 211 54230811

Email: datenschutz@pongs.de

10.1 Purpose of the processing

We use the “Microsoft Teams” tool to conduct telephone conferences, video conferences, and webinars (hereinafter: “online meetings”). “Microsoft Teams” is a service provided by Microsoft Corporation.

10.2 Legal basis of data processing

Insofar as personal data of employees of PONGS Group GmbH & Co. KG is processed, § 26 BDSG is the legal basis for data processing. If personal data is not required for the establishment, performance, or termination of the employment relationship but is nevertheless an elementary component in the use of “Microsoft Teams,” Art. 6 para. 1 lit. f GDPR is the legal basis for data processing. In these cases, our interest lies in the effective conduct of “online meetings.”

If the processing of personal data within the scope of online meetings is necessary for the fulfillment of a contract to which you are a party or for the implementation of pre-contractual measures that take place upon your request, Art. 6 para. 1 lit. b GDPR serves as the legal basis for data processing.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f GDPR. Here, too, our interest lies in the effective conduct of “online meetings.”

If video and audio recordings are exceptionally necessary, this is done exclusively based on the consent you have given according to Art. 6 para. 1 lit. a GDPR.

10.3 Type and scope of data processing

We use “Microsoft Teams” to conduct “online meetings.” If we want to record “online meetings,” we will inform you transparently in advance and ask for your consent. If it is necessary for the purposes of recording the results of an online meeting, we will record the chat content. However, this will generally not be the case.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

The following personal data is processed when using “Microsoft Teams,” whereby the scope of the data also depends on the information you provide before or during the participation in an “online meeting”:

  • User information (registration information): e.g., username, activation and conference codes, email address, first and last name, company, organization ID, participant IP, profile picture (optional)
  • Configuration and communication data: e.g., device name, IP address, geodata, time zone, activity logs, hardware type
  • Conference information: e.g., date, time, duration, number of participants, connection method, diagnostic information
  • Text, audio, and video data: You may have the opportunity to use the chat function in an “online meeting.” In this case, the text inputs you make are processed to display them in the “online meeting.” To enable the display of video and playback of audio, the data from the microphone of your device and any video camera of the device is processed during the meeting. You can switch off or mute the camera or microphone yourself at any time via the “MS Teams” applications.

10.4 Recipients / passing on of data

Personal data processed in connection with participation in “online meetings” is not generally disclosed to third parties unless it is intended for disclosure. Please note that the content of “online meetings,” like in the case of personal meetings, often serves to communicate information with customers, interested parties, or third parties and is therefore intended for disclosure.

Another recipient is the provider of “Microsoft Teams,” Microsoft Corporation.

10.5 Data processing outside the EU / EEA

Data processing in third countries generally does not take place because we or the service provider have restricted the storage location to data centers in the EU or EEA.

However, we cannot exclude that the service provider also uses servers outside the EU or EEA or that data routing takes place via internet servers located outside the EU or EEA. An adequate level of data protection is guaranteed in this case on the one hand by the adequacy decision of the EU Commission for the EU-US Data Privacy Framework (DPF). Microsoft Corporation and thus MS Teams are certified here. Additionally, the data is generally secured against unauthorized access by third parties through encryption during transport over the internet.

10.6 Storage period

Your personal data, which we process in connection with your use of “Microsoft Teams,” is generally deleted as soon as it is no longer required for the purposes for which it was collected. A necessity for storage can exist, especially if the data is still needed to fulfill contractual services, check, grant, or defend warranty or guarantee claims. In the case of statutory retention obligations of 6 years or 10 years under commercial and tax law, deletion is only considered after the respective retention obligation has expired. If and insofar as the processing is based on your consent, the data will only be stored until you revoke your consent unless there is also another legal basis for processing.

10.7 Your Rights as Data Subjects

As a data subject, you can exercise the rights granted to you by the GDPR at any time, provided they are applicable to the processing:

  • The right to information whether and which data is processed about you (Art. 15 GDPR);
  • The right to request the rectification or completion of data concerning you (Art. 16 GDPR);
  • The right to erasure of data concerning you in accordance with Art. 17 GDPR;
  • The right to request the restriction of the processing of data in accordance with Art. 18 GDPR;
  • The right to data portability in accordance with Art. 20 GDPR;
  • The right to object to future processing of data concerning you in accordance with Art. 21 GDPR

Revocability of Your Consent

If processing is based on the legal basis of consent, it can be revoked at any time. The legality of the processing carried out based on the consent until revocation remains unaffected (Art. 7 para. 3 GDPR).

Right to Lodge a Complaint with a Supervisory Authority

You have the right to complain about the processing of personal data by us to a data protection supervisory authority.