Privacy policy

1. data protection at a glance

General information

We, the PONGS GROUP GmbH & CO. KG (hereinafter “PONGS®” or “we”), take the protection of your personal data very seriously and strictly adhere to the rules of the currently applicable data protection laws. This includes, above all, the General Data Protection Regulation (hereinafter: “DS-GVO”, Regulation (EU) 2016/679) of the European Parliament and of the Council.

The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. Personal data is collected on our websites and when using our services only to the extent necessary and processed for the intended purpose. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

Scope of the data protection declaration

The following declaration gives you an overview of how we guarantee data protection, what kind of data is collected and processed for what purpose and on what legal basis. It applies in principle to all websites for which PONGS® is responsible and if you contact us via other communication channels. If PONGS® websites deviate from these data processing principles or supplement them with their own, this will be indicated in a suitable manner on the corresponding websites.

Data collection on this website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find his contact details in the section “Notice about the responsible party” in this privacy policy.

How do we collect your data?
On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form.

Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. Internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you enter this website.

What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can find more detailed information on this in section 3.11 Data protection rights.
You can contact us at any time about this and other questions on the subject of data protection.

Analysis tools and third-party tools
When visiting this website, your surfing behavior may be statistically analyzed. This is done primarily with so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

External hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of contract fulfillment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b DS-GVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DS-GVO).

Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Our hoster will or will process your data only insofar as this is necessary for the fulfillment of its service obligations and follow our instructions with regard to this data.

3 General notes and mandatory information

3.1 Data protection

We operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. When you use this website, various personal data are collected.

Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

3.2 Note on the responsible entity

The responsible body for data processing on this website is:

Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

PONGS GROUP GmbH & CO. KG
Villa Lantz, Lohauser Dorfstraße 51 – Lantz’scher Park, 40474 Düsseldorf, Germany

Phone: +49 211 54230-800
E-mail: info@pongs.de
Website: www.pongs.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

3.3 Contact details of the data protection officer

PONGS GROUP GmbH & CO. KG
Villa Lantz, Lohauser Dorfstraße 51 – Lantz’scher Park, 40474 Düsseldorf, Germany

Phone: +49 211 54230-811
E-mail: datenschutz@pongs.de
Website: www.pongs.com

3.4 Data processing by calling up our internet pages

PONGS® automatically collects and stores in its server log files information that your browser or app transmits to us. This data cannot be assigned by PONGS® to individual persons. This data is not merged with other data sources.
These are:

  • Browser type/version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Host name of the accessing computer (IP address v4 and v6)
  • Time of the server request

The IP address is the worldwide valid, at the time of allocation by your Internet provider unique identification of your computer and consists, in its currently most common form (IPv4), of four digit blocks separated by dots, or extended by additional digits (IPv6). In most cases, you as a private user will not use a constant IP address, as this is only temporarily assigned to you by your provider (so-called “dynamic IP address”). In the case of a permanently assigned IP address (so-called “static IP address”), it is technically easy to uniquely assign the user data via this characteristic.

3.5 The aforementioned data is processed by us mainly for the following purposes:

  • Ensuring a smooth connection setup of the website
  • Ensuring comfortable use of the aforementioned website
  • Evaluation of system security and system stability

The personal data of the server log files are processed on the basis of Art. 6 para. 1 lit. f DS-GVO. This permissive provision allows the processing of personal data within the scope of the “legitimate interest” of the responsible party, unless your fundamental rights, freedoms or interests prevail. Our legitimate interest is the easier administration and the possibility to detect and prosecute hacking. You can object to this data processing at any time if there are reasons that exist in your particular situation and that speak against the data processing. For this purpose, an e-mail to the data protection officer is sufficient. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

The server log files with the above-mentioned data are automatically deleted after 30 days or anonymized if used for statistics. We reserve the right to store the server log files longer if facts exist that suggest the assumption of unauthorized access (such as an attempt at hacking or a so-called DDOS attack).

3.6 Linking to external websites

This data protection declaration applies exclusively to the PONGS® websites. These can contain links to web offers of third parties. The present data protection declaration does not extend to these. If you leave the PONGS® websites to visit the offer of a third party provider, we recommend that you also carefully read the data protection declaration of this provider.

3.7 Storage period

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data, e.g. retention periods under tax or commercial law (HGB or AO); in the latter case, the data will be deleted after these reasons cease to apply.

3.8 Information about cookies and the use of analysis tools

General:
PONGS® uses so-called cookies in several places on its websites and in its apps. They serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies”. They are automatically deleted after the end of your visit. Cookies do not cause any damage to your computer and do not contain viruses.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f DS-GVO.

Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device as defined by the TTDSG. The consent can be revoked at any time. The legal basis for the processing of personal data using cookies for analysis purposes and for ad control or evaluation is Art. 6 para. 1 lit. a.

If cookies are used by third-party companies or for analysis purposes, we will also inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.

3.9 Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries whose level of data protection does not meet the requirements within the EU.

However, these tools are only activated after your active consent; this is given via the Cookie Consent banner.

This consent can be revoked at any time.

If these tools are active, your personal data may be transferred to these third countries and processed there. We point out that in these countries no level of data protection comparable to the EU can be guaranteed.

For example, U.S. companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

The transfer of personal data to these third countries in the context of order processing is generally based on an EU adequacy decision and the signing of standard data protection clauses, taking into account contractual, technical and organizational measures to comply with the level of data protection in the EU. If data is transferred to a third country that does not meet the aforementioned criteria, this is done in exceptional cases on the basis of a legal obligation or your active consent.

In case of your explicit consent to the transfer of personal data to third countries (e.g. the USA) via our Cookie Consent Banner, the data processing is also based on Art. 49 (1) lit. a DS-GVO.

3.10 Recipients or categories of recipients of the personal data

Within the company, only those departments that need the data to fulfill contractual and legal obligations or to implement our legitimate interests (e.g., sales) are granted access to the data. Processors used by us in accordance with Art. 28 DS-GVO may also process data for these purposes, such as IT service providers, cloud providers, and disposal companies in the area of data destruction. All service providers are contractually obligated to treat your data confidentially.

Data is only passed on to recipients outside the company in compliance with the applicable data protection regulations. Recipients of personal data may include, for example, companies in the logistics sector, service providers, suppliers, subcontractors, tax consultants, auditors, credit and financial service providers, credit agencies, debt collection companies, lawyers and public authorities. In such cases, information is passed on to these companies or individuals in order to enable them to continue processing.

3.11 In addition to the above information, an overview of your other data protection rights follows below:

Right to confirmation (Article 15(1) of the GDPR).
Every data subject has the right granted by the European Directive and Regulation to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If a data subject wishes to exercise this right, he or she may, at any time, contact any employee of the controller.

Right of access to the personal data concerned (Art. 15 DS-GVO)
Every person affected by the processing of personal data has the right, granted by the European Directive and Regulation Maker, to obtain from the controller, at any time and free of charge, information about the personal data stored about him or her and a copy of that information. Furthermore, the European Directive and Regulation has granted the data subject access to the following information:

  • the purposes of the processing
  • the categories of personal data that are processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
  • the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or to obtain the restriction of processing by the controller, or a right to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data are not collected from the data subject: Any available information on the origin of the data
  • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

Furthermore, the data subject shall have the right to obtain information as to whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right of access, he or she may, at any time, contact an employee of the controller.

Right to rectification (Art. 16 DS-GVO)
Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to request the rectification without delay of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data – also by means of a supplementary declaration – taking into account the purposes of the processing.

If a data subject wishes to exercise this right to rectify, he or she may, at any time, contact any employee of the controller.

Right to erasure (Art. 17 DS-GVO)
Any person concerned by the processing of personal data has the right granted by the European Directive and Regulation to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is not necessary:

  • The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.
  • The data subject revokes the consent on which the processing was based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.
  • The data subject objects to the processing pursuant to Art. 21(1) DS-GVO and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2) DS-GVO.
  • The personal data have been processed unlawfully.
  • The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data has been collected in relation to information society services offered pursuant to Article 8(1) DS-GVO.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the PONGS GROUP GmbH & CO. KG, he or she may, at any time, contact any employee of the controller. The employee of the PONGS GROUP GmbH & CO. KG shall arrange for the deletion request to be complied with immediately.

If the personal data has been made public by the PONGS GROUP GmbH & CO. KG has been made public and our company is obligated as a responsible party pursuant to Art. 17 Para. 1 DS-GVO to delete the personal data, the PONGS GROUP GmbH & CO. KG shall implement reasonable measures, including technical measures, taking into account the available technology and the costs of implementation, in order to inform other data controllers which process the published personal data that the data subject has requested from those other data controllers to erase all links to or copies or replications of the personal data, unless the processing is necessary. The employee of the PONGS GROUP GmbH & CO. KG will arrange the necessary in individual cases.

Right to restriction of processing (Art. 18 DS-GVO)
You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data. If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 (1) DS-GVO, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
  • If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Right to data portability (Art. 20 DS-GVO)
Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to receive the personal data concerning him or her, which have been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

In order to assert the right to data portability, the data subject may at any time contact any employee of the PONGS GROUP GmbH & CO. KG at any time.

Right to object to processing (Art. 21 DS-GVO)
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

The PONGS GROUP GmbH & CO. KG shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.

If the PONGS GROUP GmbH & CO. KG processes personal data for direct marketing purposes, the data subject shall have the right, in accordance with Article 21(2) of the Data Protection Regulation, to object at any time to processing of personal data processed for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to the PONGS GROUP GmbH & CO. KG to processing for the purposes of direct marketing, the PONGS GROUP GmbH & CO. KG will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out by the PONGS GROUP GmbH & CO. KG for scientific or historical research purposes, or for statistical purposes pursuant to Article 89 (1) of the Data Protection Regulation (DS-GVO), unless such processing is necessary for the performance of a task carried out in the public interest.

In order to exercise the right to object, the data subject may directly contact any employee of the PONGS GROUP GmbH & CO. KG. A notification in text form is sufficient. The data subject may write to us or contact us by e-mail. The data subject is also free to exercise his/her right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Right to automated decisions in individual cases, including profiling (Art. 22 DS-GVO).
Any person concerned by the processing of personal data has the right, granted by the European Directive and Regulation, not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) is permitted by Union or Member State law to which the controller is subject and that law contains suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the data controller, or (2) it is made with the explicit consent of the data subject, the PONGS GROUP GmbH & CO. KG will take reasonable steps to safeguard the rights and freedoms of the data subject, and to protect the data subject’s legitimate interests, which include at least the right to obtain the intervention of a data subject on the part of the controller, to express his or her point of view and to contest the decision.

If the data subject wishes to exercise the rights concerning automated decisions, he or she may, at any time, contact any employee of the controller.

For the establishment, fulfillment or implementation of the business relationship as well as for pre-contractual measures, we generally do not use fully automated decision-making pursuant to Art. 22 DS-GVO. Should we use these procedures in individual cases, we will inform you about this separately or obtain your consent, if this is required by law.

Right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent until withdrawal (Art. 7(3) DS-GVO).
Any person affected by the processing of personal data has the right granted by the European Directive and Regulation to withdraw consent to the processing of personal data at any time without affecting the lawfulness of the processing carried out on the basis of the consent until withdrawal.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the controller.

Right of appeal to a supervisory authority (Art. 77 DS-GVO)
In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.

Is there an obligation to provide data?
Within the framework of the contractual relationship or the initiation of the contract, you must provide the personal data that is required for the initiation, implementation and termination as well as for the fulfillment of the associated contractual obligations or which we are legally obligated to collect. Without this data, we will generally not be able to carry out the necessary pre-contractual measures or the contractual relationship with you.

3.12 SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

3.13 Contact form

If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DS-GVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f DS-GVO) or on your consent (Art. 6 para. 1 lit. a DS-GVO) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods – remain unaffected.

3.14 Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DS-GVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 (1) (f) DS-GVO) or on your consent (Art. 6 (1) (a) DS-GVO) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.

3.15 Objection to advertising e-mails

The use of contact data published within the framework of the imprint obligation for the transmission of advertising and information material not expressly requested is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

4. analysis tools and other cookies

4.1 Matomo

This website uses Matomo, an open source web analytics tool, to collect anonymous usage data for this website. For this purpose, the software creates detailed statistics, including on search engines used, search terms, browsers and user origin.

The provider of this service is InnoCraft Ltd, 7 Waterloo Quay, PO625, 6140 Wellington, New Zealand.

For data collection, Matomo sets a cookie in your browser.

In order for Matomo to become active, we obtain your active consent via our Cookie Consent Banner. Thus, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a DS-GVO and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked by you at any time.

The storage time of the cookie is 30 minutes.

The data about your behavior when visiting the website is collected in order to find out any problems such as pages not found, search engine problems or unpopular pages. Once the data (number of website visitors, who see error pages or only one page, etc.) is processed, Matomo generates reports for the website operator so that he can react to this technically or in terms of content.

Matomo processes the following data:

  • Cookies
  • Anonymized IP addresses by removing the last 2 bytes (e.g. 198.51.0.0 instead of 198.51.100.54)
  • Pseudo-anonymized location (based on anonymized IP address
  • Date and time
  • Title of the accessed page
  • URL of the accessed page
  • URL of the previous page (if it allows it)
  • Screen resolution
  • Local time
  • Info about files that were clicked and downloaded
  • External links
  • Duration of the page load
  • Country, region, city (with low accuracy due to reference to IP address)
  • Main language of the browser
  • User agent of the browser
  • Interactions with forms, but without storing information about their content

You can find out more about the data processed with Matomo in Matomo’s privacy policy: https://matomo.org/privacy-policy/

4.2 Borlabs Cookie

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to obtain your consent to store certain cookies in your browser, store them and document them in accordance with data protection laws. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the Borlabs cookie provider.

Among other things, the following data is stored:

  • Cookie runtime,
  • cookie version,
  • domain and path of the WordPress website,
  • the consents selected by the user and a
  • UID (a randomly generated ID for the user).

The collected data is stored until you request us to delete it or delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies. The Borlabs cookie has a storage period of 1 week. Mandatory legal retention periods remain unaffected. Details about the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

The use of Borlabs cookie consent technology takes place in order to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO.

5. matterport (virtual 3D tour)

For this website, PONGS® uses the service platform Matterport to provide the virtual 3D tour. Provider is the company Matterport, Inc, 352 E. Java Dr. Sunnyvale, CA 94089, USA. To ensure data protection on this website, the virtual tour is deactivated when you visit our website for the first time. A direct connection to the servers of the company Matterport is only established when you activate the virtual tour on your own.

This requires your active consent according to Art. 6 para. 1 lit. a DS-GVO and § 25 TTDSG. This consent is given via the Cookie Consent banner. By consenting to the activation of Matterport, you also consent to the aforementioned transfer of the data collected in this process to the USA and other third countries for which no level of data protection comparable to that of the EU can be guaranteed, because there is no adequacy decision by the European Commission for these countries pursuant to Art. 45 (3) DS-GVO. In addition, there are no suitable guarantees pursuant to Art. 46 (1) DS-GVO. The legal basis for the data transfer is therefore your above-mentioned consent pursuant to Art. 49 (1) lit. a DS-GVO.

This consent can be revoked at any time.

Consent is given on our website via the so-called “two-click solution”: access to the virtual tour is accordingly only possible after consent (1st click); only then can the virtual tour be started with a further, 2nd click and a data connection to Matterport is established.

Your consent is voluntary; failure to give consent is not associated with any disadvantages. As shown, the virtual tour is merely an additional offer.

When you start the virtual tour on our website, a connection is established to the Matterport server in the USA. The Matterport server is informed from which of our pages you visit the virtual tour. In addition, Matterport obtains your IP address, the type and version of the Internet browser you are using, the operating system model and identifier of your computer or mobile device, and your usage patterns associated with the services. This is true even if you are not logged into Matterport or do not have an account with Matterport. The information collected by Matterport is transmitted to the Matterport server in the United States. If you have a Matterport account and are logged into it, you enable Matterport to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Matterport account.

When you leave or update our website, the connection to the Matterport server is automatically disconnected again. If you visit our website again at a later time, you must consent to the processing of your personal data again.

According to its own representation, Matterport uses the aforementioned information to manage and improve its services, to diagnose problems with its services and to better assess the use of its services. The Ministry of Economy has no influence on the type and scope of the data processed by Matterport, the way in which it is processed and used, or the transfer of this data to third parties. Nor does it have any effective means of control in this respect. We therefore expressly point out that you use the service platform of Matterport on your own responsibility.

Matterport’s privacy policy can be found at https://matterport.com/legal/privacy-policy/.

6. newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require a valid e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DS-GVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

With the newsletter we inform at regular intervals about our offers. For the processing of data, your consent is obtained during the registration process and reference is made to this privacy policy. The registration for our newsletter takes place in a so-called double opt-in process. I.e.: After the actual registration, you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored by the newsletter service provider are also logged.

A comparison of the data collected in this way with data that may be collected by other components of our site does not take place.

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f DS-GVO.

Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) f DS-GVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

7. plugins and tools

7.1 YouTube

This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is embedded, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

However, according to YouTube, the collected data is also transferred to the USA and other third countries. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data, e.g. to the USA. This may be associated with various risks for the legality and security of data processing.

The activation of YouTube on this page requires your active consent according to Art. 6 para. 1 lit. a DS-GVO and § 25 TTDSG. This consent is given via the Cookie Consent banner. By consenting to the activation of YouTube, you also consent to the aforementioned transfer of the data collected in this process to the USA and other third countries for which no level of data protection comparable to the EU can be guaranteed, because there is no adequacy decision for these countries by the European Commission pursuant to Art. 45 (3) DS-GVO. In addition, there are no suitable guarantees pursuant to Art. 46 (1) DS-GVO. The legal basis for the data transfer is therefore your above-mentioned consent pursuant to Art. 49 (1) lit. a DS-GVO.

This consent can be revoked at any time.

If you accept only essential cookies (technically necessary), the transmission described above does not take place.

Furthermore, YouTube may store various cookies on your terminal device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

The storage period is 6 months.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile on YouTube. You can prevent this by logging out of your YouTube account.

For more information on the handling of user data, please refer to YouTube’s privacy policy at: https://policies.google.com/privacy?hl=de.

7.2 Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. PONGS has no influence on this data transmission. By integrating Google Maps, we can offer you the most important information about various locations. You can see the company locations shown there and, if required, the route to the location in question. For this purpose, Google Maps stores certain data in order to be able to offer the service. Your consent is required for this.

The recorded and saved data includes the search terms entered, your IP address and the latitude and longitude coordinates entered, if applicable. If you use the route planner function, the entered start address is also stored. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google uses this data to optimize its own services and to provide you with individual, personalized advertising.

The storage period is 6 months.

We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data, e.g. to the USA. This may be associated with various risks for the legality and security of data processing.

The activation of Google Maps on this page requires your active consent according to Art. 6 para. 1 lit. a DS-GVO and § 25 TTDSG. This consent is given via the Cookie Consent banner. By consenting to the activation of Google Maps, you also consent to the aforementioned transfer of the data collected in this process to the USA and other third countries for which no level of data protection comparable to the EU can be guaranteed, because there is no adequacy decision for these countries by the European Commission pursuant to Art. 45 (3) DS-GVO. In addition, there are no suitable guarantees pursuant to Art. 46 (1) DS-GVO. The legal basis for the data transfer is therefore your above-mentioned consent pursuant to Art. 49 (1) lit. a DS-GVO.

This consent can be revoked at any time.

More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

8. Separate information obligations of PONGS GROUP GmbH & Co. KG for business partners

8.1 Purposes for which the personal data are processed and the legal basis for the processing

We process personal data insofar as this is necessary for the establishment, execution and fulfillment of a contract as well as for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b DS-GVO, e.g. in connection with the initiation, execution and management of orders), for the fulfillment of a legal obligation (Art. 6 para. 1 lit. c DS-GVO, e.g. Compliance with commercial and tax retention obligations under Section 257 of the German Commercial Code (HGB) and Section 147 of the German Tax Code (AO)), to protect the legitimate interests of the responsible party or a third party (Art. 6 (1) (f) DS-GVO, e.g. storage of data for a reasonable period of time for acquisition efforts or for the assertion of legal claims and defense in legal disputes).

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a DS-GVO or Art. 9 para. 2 lit. a DS-GVO, if special categories of data are processed according to Art. 9 para. 1 DS-GVO (e.g. forwarding of data to third parties, evaluation for marketing purposes or addressing you by e-mail for advertising purposes).

In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) a DS-GVO. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally based on Section 25 (1) TTDSG. The consent can be revoked at any time.

8.2 Sources and categories of personal data processed

We process personal data that we receive from you or from public sources such as commercial registers, the Internet and directories or from third parties such as credit or credit reporting agencies or business partners in the context of contacting you and our business relationship, e.g. for processing an inquiry or an order.

Relevant personal data are in particular personal data (such as surname, first name, address, bank details, billing address, tax number or VAT ID number) and other contact data (such as telephone number, e-mail address). In addition, this may also include contract or order data (e.g. sales data, order volume), information about your financial situation (e.g. creditworthiness data) and personal data (e.g. profession, position, duties and powers) as well as other data comparable with the aforementioned categories.

8.3 Duration for which the personal data are stored and the criteria for determining this duration.

The required personal data will be stored for the duration of the existence of warranty and guarantee claims. In addition, the personal data will be stored in accordance with the periods prescribed by law. Corresponding proof and storage obligations result from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are up to ten years. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted.

9. Separate information obligations of PONGS GROUP GmbH & CO. KG for applicants

We are pleased that you are applying or have applied for a position in our company. In the following, we inform you in accordance with Art. 13, 14 of the EU General Data Protection Regulation (EU DS-GVO) for which purposes we process the application documents (data) received from you on a voluntary basis and which rights you have in this regard.

9.1 Purposes for which your personal data are processed and the legal basis for the processing

We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process.

The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG. Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

Furthermore, we may process personal data about you insofar as this is necessary for the fulfillment of legal obligations (Art. 6 Para. 1 lit. c DS-GVO, e.g. reimbursement of travel expenses) and for the defense of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 (1) lit. f DS-GVO; the legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). If there is a need for longer-term storage (e.g. for further vacant positions or positions that become vacant), this is done on the basis of your consent in writing (pursuant to Art. 6 (1) a DS-GVO).

Insofar as special categories of personal data within the meaning of Art. 9 (1) DS-GVO are voluntarily disclosed within the scope of the application procedure, their processing shall additionally be carried out in accordance with Art. 9 (2) b DS-GVO in conjunction with Section 26 (3) BDSG (e.g. severely disabled status). Insofar as special categories of personal data within the meaning of Art. 9 (1) DS-GVO are requested from applicants as part of the application process, their processing is additionally carried out in accordance with Art. 9 (2) a DS-GVO in conjunction with Section 26 (2) and (3) sentence 2 BDSG (e.g. health data if this is required for the exercise of the profession).

9.2 Sources and categories of personal data processed

We process personal data that we receive from you or recruiters as part of the application process such as, in particular, personal master data (name, address and other contact details, date and place of birth, nationality), bank details (for the purpose of travel expense reimbursement), qualification documents (e.g. certificates, evaluations and other proof of training), IP addresses and photographs.

9.3 Recipients or categories of recipients of the personal data

Applicants can send us their documents by e-mail. However, please note that e-mails are generally not encrypted and applicants must ensure encryption themselves. We can therefore not assume any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend using postal dispatch.

Your data will be reviewed by the HR department after receipt of your application. Suitable applications are then made available internally to the persons responsible for the respective open position, and if necessary also to the works council. In principle, only those persons in the company who require your data for the proper conduct of the application process have access to it.

In addition, personal data is processed on our behalf on the basis of contracts pursuant to Art. 28 DS-GVO (commissioned processing), this applies in particular to providers of cloud solutions and applicant management systems. In the context of the application process, recruitment agencies may also be commissioned if necessary. All service providers are contractually obligated to treat your data confidentially.

Otherwise, data is only forwarded to recipients outside the company if this is permitted or required by law, if the forwarding is necessary to fulfill legal obligations, or if we have your consent.

9.4 Transfer to a third country (outside the EU / EEA) or to an international organization.

The data is processed exclusively in data centers in the Federal Republic of Germany. A transfer to a third country does not take place and is not intended.

9.5 Duration for which the personal data is stored and the criteria for determining this duration:

If no employment relationship is established following an application, we retain applicant data for a maximum of six months from receipt of the rejection decision so that we can answer any follow-up questions about the application and satisfy our obligations to provide evidence under the General Equal Treatment Act (AGG). This does not apply if legal provisions prevent deletion (e.g. archiving of travel expense reimbursements in accordance with tax law requirements for up to 10 years), further storage is necessary for the purpose of providing evidence, or you have expressly consented to longer storage. In the event that the data subject has given consent to a longer storage of your personal data, we will transfer this data to our applicant pool. There, the data will be deleted after one year.

If the data subject is accepted for a position as part of the application process, the relevant and necessary data will be transferred from the applicant data system to our personnel data system.

10. separate data protection information for online meetings of PONGS GROUP GmbH & CO. KG with “MS Teams“

In the following, we inform you on the basis of the General Data Protection Regulation (DS-GVO) as well as the Federal Data Protection Act (BDSG) about the processing of personal data in connection with the conduct of online meetings using the video conferencing tools of “Microsoft Teams“.

Note: If you access the “Microsoft Teams” website, the “Microsoft Teams” provider is responsible for data processing. However, calling up the website is only necessary for the use of “Microsoft Teams” in order to download the software for use.

If you do not want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. The service will then also be provided via the “Microsoft Teams” website.

10.1 Purpose of the processing

We use the “Microsoft Teams” tool to conduct conference calls, video conferences and webinars (hereinafter: “Online Meetings”). “Microsoft Teams” are a service of Microsoft Corporation.

10.2 Legal basis of data processing

Insofar as personal employee data of PONGS Group GmbH & Co. KG are processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of “Microsoft Teams”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “Microsoft Teams”, Article 6 (1) lit. f DS-GVO is the legal basis for data processing. In these cases, our interest is in the effective implementation of “online meetings“.

Insofar as the processing of personal data in the context of online meetings is necessary for the fulfillment of a contract to which you are a party, or for the implementation of pre-contractual measures that take place at your request, Art. 6 (1) lit. b DS-GVO serves as the legal basis for the processing of personal data.

Should no contractual relationship exist, the legal basis is Art. 6 (1) lit. f DS-GVO. Here, too, our interest is in the effective implementation of “online meetings“.

Should video and audio recordings be necessary by way of exception, this will be done exclusively on the basis of the consent given by you pursuant to Art. 6 (1) lit. a DS-GVO.

10.3 Type and scope of data processing

We use “Microsoft Teams” to conduct “online meetings”. If we want to record “online meetings”, we will transparently inform you in advance and ask for your consent. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

Automated decision-making within the meaning of Art. 22 DS-GVO is not used.

The following personal data are subject to processing when using “Microsoft Teams”, whereby the scope of the data also depends on the data you provide before or when participating in an “online meeting“:

  • User details (registration information): e.g. user name, activation and conference codes, email address, first and last name, company, organization ID, participant IP, profile picture (optional).
  • Configuration and communication data: e.g., device name, IP address, geodata, time zone, activity logs, hardware type
  • Conference information: e.g. date, time, duration, number of participants, dial-in method, diagnostic information
  • Text, audio and video data: You may have the opportunity to use the chat function in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “MS Teams” applications.

10.4 Recipients / passing on of data

With regard to the processing of personal data in connection with participation in “online meetings”, as a matter of principle no data is passed on to third parties unless it is specifically intended to be passed on. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

The other recipient is the provider of “Microsoft Teams”, Microsoft Corporation.

10.5 Data processing outside the EU / EEA

Data processing in third countries does not take place in principle, as we or the service provider have restricted the storage location to data centers in the EU or EEA.

However, we cannot exclude that the service provider also uses servers outside the EU or EEA or that the routing of data takes place via internet servers that are located outside the EU or EEA. In this case, an appropriate level of data protection is guaranteed on the one hand by the conclusion of EU standard data protection clauses. In addition, the data is encrypted during transport over the Internet as a supplementary protective measure and is thus generally protected against unauthorized access by third parties.

10.6 Storage period

Your personal data that we process as part of your use of “Microsoft Teams” will generally be deleted as soon as it is no longer required for the purposes for which it was collected. A requirement for storage may exist in particular if the data is still needed to fulfill contractual services and to be able to check and grant or defend against warranty or, if applicable, guarantee claims. In the case of statutory retention obligations of 6 years or 10 years according to commercial and tax law, deletion only comes into consideration after expiry of the respective retention obligation. If and insofar as the processing is based on your consent, the data will only be stored until you revoke your consent, unless there is also another legal basis for the processing.