External hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

Insofar as a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. de-vice fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Our hoster will process your data only insofar as this is necessary for the fulfillment of its service obligations and follow our instructions regarding this data.

3.1 Data protection

We, the operators of these pages, take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. When you use this website, various personal data are collected.

Personal data is data with which you can be personally identified. This data protection declaration explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

3.2 Note on the responsible entity

The responsible body for data processing on this website is:

PONGS GROUP GmbH & CO. KG
Villa Lantz
Lohauser Dorfstraße 51 – Lantz’scher Park
40474 Düsseldorf
Germany
Phone: +49 211 54230-800
E-mail: info@pongs.de
Website: www.pongs.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, e-mail addresses, etc.).

3.3 Contact details of the data protection officer

PONGS GROUP GmbH & CO. KG
Villa Lantz
Lohauser Dorfstraße 51 – Lantz’scher Park
40474 Düsseldorf
Germany
Phone: +49 211 54230-811
E-mail: datenschutz@pongs.de
Website: www.pongs.com

3.4 Data processing by calling up our internet pages

PONGS® automatically collects and stores in its server log files information that your browser or app transmits to us. This data cannot be assigned by PONGS® to individual persons. This data is not merged with other data sources.

These are:

• Browser type/version
• Operating system used
• Referrer URL (the previously visited page)
• Host name of the accessing computer (IP address v4 and v6)
• Time of the server request

The IP address is the worldwide valid, at the time of allocation by your Internet provider unique identification of your computer and consists, in its currently most common form (IPv4), of four digit blocks separated by dots, or extended by additional digits (IPv6). In most cases, you as a private user will not use a constant IP address, as this is only temporarily assigned to you by your provider (so-called “dynamic IP address”). In the case of a permanently assigned IP address (so-called “static IP address”), it is technically easy to uniquely assign the user data via this characteristic.

3.5 The aforementioned data is processed by us mainly for the following purposes:

• Ensuring a smooth connection to the website
• Ensuring comfortable use of the aforementioned website
• Evaluation of system security and system stability

The personal data of the server log files are processed on the basis of Art. 6 para. 1 lit. f GDPR. This permissive provision allows the processing of personal data within the scope of the “legitimate interest” of the responsible party, insofar as your fundamental rights, freedoms or interests do not prevail. Our legitimate interest is to facilitate administration and the ability to detect and prosecute hacking. You can object to this data processing at any time if there are reasons that exist in your particular situation and that speak against the data processing. For this purpose, an e-mail to the data protection officer is sufficient. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

The server log files with the above-mentioned data are automatically deleted after 30 days or, in the case of use for statistics, anonymized. We reserve the right to store the server log files for longer if facts exist that suggest the assumption of unauthorized access (such as an attempt at hacking or a so-called DDOS attack).

3.6 Linking to external websites

This data protection declaration applies exclusively to the PONGS® websites. These can contain links to web offers of third parties. The present data protection declaration does not extend to these. If you leave the PONGS® websites to visit the offer of a third party provider, we recommend that you also carefully read the data protection declaration of this provider.

3.7 Storage period

Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data, e.g. retention periods under tax or commercial law (HGB or AO); in the latter case, the data will be deleted once these reasons no longer apply.

3.8 Information about cookies and the use of analysis tools

General:

PONGS® uses so-called cookies in several places on its websites and in its apps. They serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies”. They are automatically deleted after the end of your visit. Cookies do not cause any damage to your computer and do not contain viruses.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device as defined by the TTDSG. The consent can be revoked at any time. The legal basis for the processing of personal data using cookies for analysis purposes and for ad control or evaluation is Art. 6 Para. 1 lit. a.

Insofar as cookies are used by third-party companies or for analysis purposes, we will also inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.

3.9 Note on data transfer to the USA and other third countries

 Among other things, we use tools from companies based in the USA or other third countries whose level of data protection does not meet the requirements within the EU.

However, these tools are only activated after your active consent; this is given via the Cookie Consent banner.

This consent can be revoked at any time.

If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to the EU can be guaranteed in these countries.

For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

The transfer of personal data to these third countries in the context of order processing is generally based on an EU adequacy decision and the signing of standard data protection clauses, taking into account contractual, technical and organizational measures to comply with the level of data protection in the EU. If the data is transferred to a third country that does not meet the above criteria, this will be done in exceptional cases on the basis of a legal obligation or your active consent.

In the event of your express consent to the transfer of personal data to third countries (e.g. the USA) via our Cookie Consent Banner, the data processing is also carried out on the basis of Article 49 (1) a GDPR.

3.10 Recipients or categories of recipients of the personal data

Within the company, only those departments that need the data to fulfill contractual and legal obligations or to implement our legitimate interests (e.g., sales) will have access to the data. Processors used by us in accordance with Art. 28 GDPR may also process data for these purposes, such as IT service providers, cloud providers and disposal companies in the area of data destruction. All service providers are contractually obligated to treat your data confidentially.

Data is only passed on to recipients outside the company in accordance with the applicable data protection regulations. Recipients of personal data can be, for example, companies in the field of logistics, service providers, suppliers, subcontractors, tax consultants, auditors, credit and financial service providers, credit agencies, collection agencies, lawyers and authorities. In such cases, information is passed on to these companies or individuals in order to enable further processing.

3.11 In addition to the above information, an overview of your other data protection rights follows below:

Right to confirmation (Art. 15(1) GDPR)

Every data subject has the right granted by the European Directive and Regulation to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If a data subject wishes to exercise this right, he or she may, at any time, contact any employee of the controller.

Right of access to the personal data concerned (Art. 15 GDPR)

Every person affected by the processing of personal data has the right, granted by the European Directive and Regulation-maker, to obtain at any time from the controller, free of charge, information about the personal data stored about him or her and a copy of that information. Furthermore, the European legislator has granted the data subject access to the following information:

• the purposes of processing
• the categories of personal data processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
• if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
• the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or to obtain the restriction of processing by the controller, or a right to object to such processing
• the existence of a right of appeal to a supervisory authority
• if the personal data are not collected from the data subject: Any available information on the origin of the data
• the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

Furthermore, the data subject shall have the right to obtain information as to whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right of access, he or she may, at any time, contact an employee of the controller.

Right to rectification (Art. 16 GDPR)

Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to request the immediate rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data – also by means of a supplementary declaration – taking into account the purposes of the processing.

If a data subject wishes to exercise this right to rectify, he or she may, at any time, contact any employee of the controller.

Right to erasure (Art. 17 GDPR)

Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is no longer necessary:

• The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.
• The data subject revokes the consent on which the processing was based pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
• The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
• The personal data have been processed unlawfully.
• The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data was collected in relation to information society services offered in accordance with Article 8 (1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the PONGS GROUP GmbH & CO. KG, he or she may, at any time, contact any employee of the controller. The employee of the PONGS GROUP GmbH & CO. KG shall promptly ensure that the erasure request is complied with immediately.

If the personal data were publicly collected by the PONGS GROUP GmbH & CO. KG has been made public and our company is obligated as a responsible party pursuant to Art. 17 Para. 1 GDPR to delete the personal data, the PONGS GROUP GmbH & CO. KG shall implement appropriate measures, including technical measures, taking into account the available technology and the cost of implementation, in order to inform other data controllers that process the published personal data that the data subject has requested from those other data controllers to erase all links to the personal data or copies or replications of the personal data, unless the processing is necessary. The employee of the PONGS GROUP GmbH & CO. KG will arrange the necessary in individual cases.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data. If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.

If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from being stored – may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Right to data portability (Art. 20 GDPR)

Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to receive the personal data concerning him or her, which have been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to obtain that the personal data be transferred directly from one controller to another controller, where technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

In order to assert the right to data portability, the data subject may at any time contact any employee of the PONGS GROUP GmbH & CO. KG.

Right to object to processing (Art. 21 GDPR)

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

Every person affected by the processing of personal data has the right granted by the European Directive and Regulation-maker to object at any time, on grounds arising from his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.

The PONGS GROUP GmbH & CO. KG shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.

If the PONGS GROUP GmbH & CO. KG personal data for direct marketing purposes, the data subject shall have the right, in accordance with Article 21(2) of the Data Protection Regulation, to object at any time to processing of personal data processed for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to the PONGS GROUP GmbH & CO. KG to processing for the purposes of direct marketing, the PONGS GROUP GmbH & CO. KG will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out by the PONGS GROUP GmbH & CO. KG for scientific or historical research purposes, or for statistical purposes pursuant to Article 89 (1) of the Data Protection Regulation, unless such processing is necessary for the performance of a task carried out in the public interest.

In order to exercise the right to object, the data subject may directly contact any employee of the PONGS GROUP GmbH & CO. KG. A communication in text form shall suffice. The data subject may write to us or contact us by e-mail. The data subject is also free to exercise his/her right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Right to automated decisions in individual cases, including profiling (Art. 22 GDPR)

Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) is permitted by Union or Member State law to which the controller is subject, and that law contains suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) has the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the data controller, or (2) it is made with the data subject’s explicit consent, the PONGS GROUP GmbH & CO. KG will take reasonable steps to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which at least include the right to obtain the intervention of a data subject on behalf of the controller, to express his or her point of view and to contest the decision.

If the data subject wishes to exercise the rights concerning automated decisions, he or she may, at any time, contact any employee of the controller.

For the establishment, fulfillment or implementation of the business relationship as well as for pre-contractual measures, we generally do not use fully automated decision-making pursuant to Art. 22 GDPR. If we use these procedures in individual cases, we will inform you separately or obtain your consent, if this is required by law.

Right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent until withdrawal (Art. 7(3) GDPR).

Any person concerned by the processing of personal data has the right granted by the European Directive and Regulation to withdraw consent to the processing of personal data at any time without affecting the lawfulness of the processing carried out on the basis of the consent until withdrawal.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the controller.

Right of appeal to a supervisory authority (Art. 77 GDPR)

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.

Is there an obligation to provide data?

Within the framework of the contractual relationship or the initiation of the contract, you must provide the personal data that is required for the initiation, implementation and termination as well as for the fulfillment of the associated contractual obligations or for the collection of which we are legally obligated. Without this data, we will generally not be able to carry out the necessary pre-contractual measures or the contractual relationship with you.

3.12 SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

3.13 Contact form

If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

3.14 Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of handling your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; the consent can be revoked at any time.

The data you send us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

3.15 Objection to advertising e-mails

The use of contact data published within the framework of the imprint obligation for the transmission of advertising and information material not expressly requested is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Facebook

Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data, e.g. to the USA. This may be associated with various risks for the legality and security of data processing.

An overview of Facebook social media elements can be found here:

https://developers.facebook.com/docs/plugins/?locale=de_DE.

The activation of Facebook components on this site requires your active consent according to Art. 6 (1) lit. a GDPR and § 25 TTDSG. This consent is given via the Cookie Consent banner. By consenting to the activation of the Facebook components, you also consent to the aforementioned transfer of the data collected in the process to the USA and other third countries for which no level of data protection comparable to that in the EU can be guaranteed, because there is no adequacy decision by the European Commission for these countries pursuant to Article 45 (3) of the GDPR. In addition, there are no suitable guarantees pursuant to Art. 46 (1) GDPR. The legal basis for the data transfer is therefore your above-mentioned consent pursuant to Art. 49 Para. 1 lit. a GDPR.

This consent can be revoked at any time.

When the social media element is active, a direct connection is established between your end device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of this website on your Facebook profile.

This allows Facebook to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook’s privacy policy at:

https://de-de.facebook.com/privacy/explanation.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limi-ted, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at:

https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum

https://de-de.facebook.com/help/566994660333381 and

https://www.facebook.com/policy.php.

Google Analytics

We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website and advertising measures.

The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. However, according to Google, the data collected is also transferred to the USA and other third countries. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data, e.g. to the USA. This may be associated with various risks for the legality and security of data processing.

The activation of Google Analytics on this site requires your active consent according to Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. This consent is given via the Cookie Consent banner. By consenting to the activation of Google Analytics, you also consent to the aforementioned transfer of the data collected in the process to the USA and other third countries for which no level of data protection comparable to that in the EU can be guaranteed, as there is no adequacy decision by the European Commission for these countries pursuant to Art. 45 (3) GDPR. In addition, there are no suitable guarantees pursuant to Art. 46 (1) GDPR. The legal basis for the data transfer is therefore your consent as stated above in accordance with Art. 49 (1) a GDPR.

This consent can be revoked at any time.

In addition, Google Analytics processes website usage data on our behalf and is contractually committed to measures to ensure the security and confidentiality of the processed data. For this purpose, we have concluded an order processing agreement with Google Analytics.

You can find the corresponding conditions here: https://www.google.com/analytics/terms/dpa/dataprocessingamendment_20200816.html

During your website visit, the following data is processed, among others:

• Pages viewed
• The achievement of “website goals” (e.g., contact requests and newsletter sign-ups)
• Your behavior on the pages (for example, dwell time, clicks, scrolling behavior)
• Your approximate location (country and city)
• Your IP address
• Technical information such as browser, Internet service provider, terminal device and screen resolution
• Source of origin of your visit (i.e. via which website or advertising medium you came to us)

No personal data such as name, address or contact details are ever transferred to Google Analytics.

Google Analytics stores cookies in your web browser for a period of 30 days since your last visit. These cookies contain a randomly generated user ID, with which you can be recognized during future website visits.

The processed data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 30 days. Other data remains stored in aggregated form indefinitely.

For more information, see the privacy policy of the provider Google: https://policies.google.com/privacy?hl=de

For this website PONGS® uses the anti-spam system hCaptcha. The service provider is Intuition Machines Inc, 350 Alabama St, San Francisco, CA 94110, USA.

The purpose of hCaptcha is to check whether the data input on this website (e.g. in our contact form) is made by a human or by an automated program. For this purpose, hCaptcha analyzes the behavior of the website visitor based on various characteristics.

In order for hCaptcha to become active, we obtain your active consent via our Cookie Consent Banner. Thus, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked by you at any time.

For analysis purposes, hCaptcha evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user).

In order for you to be able to send us a message via our contact form, it is also necessary for you to click on the “I am a human being” checkbox at the bottom of the website in question. Depending on the data collected up to that point, hCaptcha may then ask you to select certain motifs from a series of predefined images.

hCaptcha processes your data collected in this way in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may entail various risks for the legality and security of data processing.

The basis for data processing with recipients located in third countries (outside the EU, Iceland, Liechtenstein and Norway, i.e. e.g. in the USA) or a data transfer there are so-called standard contractual clauses (SCC according to Art. 46 para. 2 and 3 GDPR) for hCaptcha. Standard Contractual Clauses are templates provided by the EU Commission and are intended to ensure that the protection of your data complies with EU data protection standards even if it is transferred to third countries (e.g. the USA) and stored there. Through these clauses, hCaptcha undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. This decision and the corresponding SCC can be found here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The Data Processing Agreements (DPA) that refer to these standard contractual clauses can be found at the following link:
https://newassets.hcaptcha.com/dpa/IMI.DPA.10.06.22.New.SCCs.UK.updates.pdf?utm_medium=checkbox&utm_campaign=00075504-b6aa-44eb-8c60-41b8c295b108

You can learn more about the data that is processed when using hCaptcha in hCaptcha’s privacy policy. You can find them at: https://www.hcaptcha.com/privacy

Newsletter data

If you would like to receive the newsletter offered on the website, we require a valid e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

With the newsletter, we inform you about our offers at regular intervals. For the processing of data, your consent is obtained during the registration process and reference is made to this privacy policy. The registration for our newsletter takes place in a so-called double opt-in procedure. I.e.: After the actual registration, you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored by the newsletter service provider are also logged.

A comparison of the data collected in this way with data that may be collected by other components of our site does not take place.

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose is no longer served. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR.

Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

YouTube

This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is embedded, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

However, according to YouTube, the collected data is also transferred to the USA and other third countries. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data, e.g. to the USA. This may be associated with various risks for the legality and security of data processing.

The activation of YouTube on this site requires your active consent according to Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. This consent is given via the Cookie Consent banner. By consenting to the activation of YouTube, you also consent to the aforementioned transfer of the data collected in this process to the USA and other third countries for which no level of data protection comparable to that of the EU can be guaranteed, as there is no adequacy decision by the European Commission for these countries pursuant to Art. 45 (3) GDPR. In addition, there are no suitable guarantees pursuant to Art. 46 (1) GDPR. The legal basis for the data transfer is therefore your consent as stated above in accordance with Art. 49 (1) a GDPR.

This consent can be revoked at any time.

Furthermore, YouTube may store various cookies on your terminal device or use similar technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile on YouTube. You can prevent this by logging out of your YouTube account.

For more information on the handling of user data, please refer to YouTube’s privacy policy at:

https://policies.google.com/privacy?hl=de.

Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data, e.g. to the USA. This may entail various risks for the legality and security of data processing.

The activation of Google Maps on this site requires your active consent according to Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. This consent is given via the Cookie Consent Ban-ner. By consenting to the activation of Google Maps, you also consent to the aforementioned transfer of the data collected in the process to the USA and other third countries for which no level of data protection comparable to that in the EU can be guaranteed, because there is no adequacy decision by the European Commission for these countries pursuant to Article 45 (3) of the GDPR. In addition, there are no suitable guarantees pursuant to Art. 46 (1) GDPR. The legal basis for the data transfer is therefore your above-mentioned consent pursuant to Art. 49 (1) a GDPR.

This consent can be revoked at any time.

More information on the handling of user data can be found in Google’s privacy policy:

https://policies.google.com/privacy?hl=de.

9.1 Purposes for which the personal data are processed and the legal basis for the processing

We process personal data insofar as this is necessary for the establishment, execution and fulfillment of a contract as well as for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR, e.g. in connection with the initiation, execution and management of orders), for the fulfillment of a legal obligation (Art. 6 para. 1 lit. c GDPR, e.g. Compliance with commercial and tax retention obligations under § 257 HGB and § 147 AO), to protect the legitimate interests of the responsible party or a third party (Art. 6 para. 1 lit. f GDPR, e.g. storage of data for a reasonable period of time for acquisition efforts or for the assertion of legal claims and defense in legal disputes).

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data are processed according to Art. 9 para. 1 GDPR (e.g. forwarding of data to third parties, evaluation for marketing purposes or addressing you by e-mail for advertising purposes).

In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) a GDPR. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. The consent can be revoked at any time.

9.2 Sources and categories of personal data processed

We process personal data that we receive from you or from public sources such as commercial registers, the Internet and directories or from third parties such as credit or credit agencies or business partners in the course of contacting you and in the course of our business relationship, e.g. for processing an inquiry or an order.

Relevant personal data are in particular personal data (such as name, first name, address, bank details, billing address, tax number or VAT ID number) and other contact data (such as telephone number, e-mail address). In addition, this may also include contract or order data (e.g. sales data, order volume), information about your financial situation (e.g. creditworthiness data) and personal data (e.g. occupation, position, duties and powers) as well as other data comparable with the aforementioned categories.

9.3 Duration for which the personal data are stored and the criteria for determining this duration

The required personal data will be stored for the duration of the existence of warranty and guarantee claims. In addition, the personal data will be stored in accordance with the periods prescribed by law. Corresponding obligations to provide proof and to preserve data result from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for storage and documentation are up to ten years. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted.

We are pleased that you are applying or have applied for a position in our company. In accordance with Articles 13 and 14 of the EU General Data Protection Regulation (EU GDPR), we would like to inform you below about the purposes for which we process the application documents (data) received from you on a voluntary basis and what rights you have in this regard.

10.1 Purposes for which your personal data are processed and the legal basis for the processing

We process the data that you have sent us in connection with your application in order to check your suitability for the position (or, if applicable, other open positions in our companies) and to carry out the application procedure.

The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG. Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

Furthermore, we may process personal data about you insofar as this is necessary for the fulfillment of legal obligations (Art. 6 Para. 1 lit. c GDPR, e.g. reimbursement of travel expenses) as well as for the defense of asserted legal claims against us arising from the application procedure. The legal basis for this is Art. 6 Para. 1 lit. f GDPR; the legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). If there is a need for longer-term storage (e.g. for further vacant positions or positions that become vacant), this is done on the basis of your consent in writing (pursuant to Art. 6 Para. 1 lit. a GDPR).

If special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily disclosed during the application process, they will also be processed in accordance with Art. 9 (2) (b) GDPR in conjunction with Section 26 (3) BDSG (e.g. severely disabled status). If special categories of personal data within the meaning of Article 9 (1) of the German Data Protection Regulation (GDPR) are requested from applicants as part of the application process, they will also be processed in accordance with Article 9 (2) (a) of the GDPR in conjunction with Section 26 (2) and (3) sentence 2 of the German Data Protection Act (BDSG) (e.g. health data, if this is required for the exercise of the profession).

10.2 Sources and categories of personal data processed

We process personal data that we receive from you or recruiters as part of the application process, such as in particular personal master data (name, address and other contact data, date and place of birth, nationality), bank details (for the purpose of travel expense reimbursement), qualification documents (e.g. certificates, evaluations and other proof of training), IP addresses and photographs.

10.3 Recipients or categories of recipients of the personal data

Applicants can send us their documents by e-mail. Please note, however, that e-mails are generally not encrypted and applicants must ensure that they are encrypted themselves. We cannot therefore accept any responsibility for the transmission of the application between the sender and receipt on our server and therefore recommend that you use the postal service.

After receipt of your application, your data will be viewed by the personnel department. Suitable applications will then be made available internally to the persons responsible for the respective open position, and if necessary also to the works council. In principle, only those persons in the company have access to your data who require it for the proper conduct of the application process.

In addition, personal data is processed on our behalf on the basis of contracts in accordance with Art. 28 GDPR (order processing), this applies in particular to providers of cloud solutions and applicant management systems. In the context of the application process, recruitment agencies may also be commissioned if necessary. All service providers are contractually obligated to treat your data confidentially.

Otherwise, data is only forwarded to recipients outside the company if this is permitted or required by law, if the forwarding is necessary to fulfill legal obligations, or if we have your consent.

10.4 Transfer to a third country (outside the EU / EEA) or to an international organization

The data is processed exclusively in data centers in the Federal Republic of Germany. A transfer to a third country does not take place and is not intended.

10.5 Duration for which the personal data is stored and the criteria for determining this duration:

If no employment relationship is established following an application, we retain applicant data for a maximum of six months from receipt of the rejection decision so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the General Equal Treatment Act (AGG). This does not apply if legal provisions prevent deletion (e.g. archiving of travel expense reimbursements in accordance with tax law requirements for up to 10 years), if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage. In the event that the person concerned has given their consent to a longer storage of their personal data, we will transfer this data to our applicant pool. There, the data will be deleted after one year.

If the data subject is accepted for a position during the application process, the relevant and necessary data will be transferred from the applicant data system to our personnel data system.

 

In the following, we inform you on the basis of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) about the processing of personal data in connection with the implementation of online meetings using the video conferencing tools of “Microsoft Teams”.

Note: If you access the “Microsoft Teams” website, the “Microsoft Teams” provider is responsible for data processing. However, accessing the website is only necessary for the use of “Microsoft Teams” in order to download the software for use.

If you do not want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. The service will then also be provided via the “Microsoft Teams” website.

11.1 Purpose of the processing

We use the “Microsoft Teams” tool to conduct conference calls, video conferences and webinars(hereinafter: “Online Meetings”). “Microsoft Teams” are a service of Microsoft Corporation.

11.2 Legal basis of data processing

Insofar as personal employee data of PONGS Group GmbH & Co. KG are processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of “Microsoft Teams”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “Microsoft Teams”, then Art. 6 (1) lit. f GDPR is the legal basis for data processing. In these cases, our interest lies in the effective implementation of “online meetings”.

Insofar as the processing of personal data in the context of online meetings is necessary for the fulfillment of a contract to which you are a party, or for the implementation of pre-contractual measures that take place at your request, Art. 6 (1) lit. b GDPR serves as the legal basis for the processing of personal data.

Should no contractual relationship exist, the legal basis is Art. 6 (1) lit. f GDPR. Here, too, our interest is in the effective conduct of “online meetings”.

Should video and audio recordings be necessary by way of exception, this will be done exclusively on the basis of the consent given by you in accordance with Art. 6 (1) lit. a GDPR.

11.3 Type and scope of data processing

We use “Microsoft Teams” to conduct “online meetings”. If we want to record “online meetings”, we will transparently inform you in advance and ask for your consent. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

The following personal data is the subject of processing when using “Microsoft Teams”, whereby the scope of the data also depends on the data you provide before or when participating in an “online meeting”:

(a) user details (registration information): e.g. user name, activation and conference codes, email address, first and last name, company, organization ID, participant IP, profile picture (optional)

1. b) configuration and communication data: e.g. device name, IP address, geo data, time zone, activity logs, hardware type
2. c) conference information: e.g. date, time, duration, number of participants, dial-in method, diagnostic information
3. d) Text, audio and video data: You may have the opportunity to use the chat function in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “MS Teams” applications. 

11.4 Recipients / passing on of data

With regard to the processing of personal data in connection with participation in “online meetings”, as a matter of principle no data is passed on to third parties unless it is specifically intended to be passed on. Please note that the content of online meetings, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

The other recipient is the provider of “Microsoft Teams”, Microsoft Corporation.

11.5 Data processing outside the EU / EEA

In principle, there is no data processing in third countries, as we or the service provider have limited the storage location to data centers in the EU or EEA.

However, we cannot exclude that the service provider also uses servers outside the EU or EEA or that the routing of data takes place via internet servers that are located outside the EU or EEA. In this case, an appropriate level of data protection is guaranteed on the one hand by the conclusion of EU standard data protection clauses. In addition, the data is encrypted during transport over the Internet as a supplementary protective measure and is thus generally protected against unauthorized access by third parties.

11.6 Storage period

Your personal data that we process as part of your use of “Microsoft Teams” will generally be deleted as soon as it is no longer required for the purposes for which it was collected. A requirement for storage may exist in particular if the data is still needed to fulfill contractual services and to be able to check and grant or defend against warranty or, if applicable, guarantee claims. In the case of statutory retention obligations of 6 years or 10 years according to commercial and tax law, deletion only comes into consideration after expiry of the respective retention obligation. If and insofar as the processing is based on your consent, the data will only be stored until you revoke your consent, unless there is also another legal basis for the processing.