Data Protection

1. Introduction
The following information provides an overview of how we process the personal data we may collect from or about you (the “data subject”) and of your rights under data protection laws. In general, our website can be used without having to enter personal data. The processing of personal data may, however, be necessary if you want to use a special service offered by our enterprise via our website. If the processing of personal data is necessary and if there is no legal basis for such processing, we will obtain your consent.

Personal data, such as your name, address or e-mail address, is always processed in accordance with the EU General Data Protection Regulation (GDPR) and in line with the country-specific data protection regulations applicable to Jowat SE. The purpose of this Data Protection Statement is to inform you of the scope and purpose of the personal data we collect, use and process.

As the data controller, we have implemented a wide range of technical and organizational measures to ensure the most comprehensive possible protection of the personal data processed via this website. In principle, however, there can be security vulnerabilities in the transmission of data over the Internet, and absolute protection can therefore not be guaranteed. For that reason, we also provide the possibility to submit personal data to us via different channels, for example by phone or physical mail.

There are also simple and easy-to-implement steps which you, too, can take to protect your personal data from unauthorized access by third parties. Below we provide a few guidelines on how to handle your data securely:

  • Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with strong passwords.
  • You should be the only person with access to the passwords.
  • Make sure you use each password for one account only (login, user or customer account).
  • Do not use the same password for different websites, applications or online services.
  • Especially when you are using publicly accessible or shared IT systems, be sure to log out each time you have logged in to a website, application or online service.

Passwords should consist of at least 12 characters and not be easy to guess. Therefore, they should not contain common words from everyday life, your own name or names of relatives, but upper and lower case, numbers and special characters.

 

2. Data Controller
The data controller within the meaning of the GDPR is:

Jowat SE

Ernst-Hilker-Str. 10–14, 32758 Detmold, Germany, Phone: +49 (0) 5231 749-0, E-Mail: info@jowat.de

Representatives of the data controller: Klaus Kullmann, Ralf Nitschke, Dr. Christian Terfloth

 

3. Data Protection Officer
The contact information of the data protection officer is:

E-Mail: datenschutz-jowat@audatis.de

You can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.

 

4. Definitions
This Data Protection Statement is based on the terminology used by the European legislature and regulators in the adoption of the General Data Protection Regulation (GDPR). Our Data Protection Statement should be easy to read and understand, for the general public as well as for our customers and business partners. Therefore, we would like to explain the terminology used hereinafter.

The terms we use in this Data Protection Statement include the following:

  1. Personal data
    Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. Data subject
    Data Subject means any identified or identifiable natural person whose personal data is processed by the data controller (our enterprise).
  3. Processing
    Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  4. Restriction of processing
    Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
  5. Profiling
    Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
  6. Pseudonymization
    Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
  7. Processor
    Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  8. Recipient
    Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not considered recipients.
  9. Third party
    Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  10. Consent
    Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

5. Legal Basis for the Processing
Our enterprise relies on Article 6(1) point (a) of the GDPR (in conjunction with Section 25(1) of the TTDSG (German Federal Telecommunication and Telemedia Act)) as a legal basis for processing operations in which we obtain consent for a specific purpose of processing.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations which are necessary for delivering goods or providing a different service or consideration, the processing is based on Article 6(1) point (b) of the GDPR. The same applies to processing operations which are necessary for implementing precontractual measures, e.g. when we receive inquiries about a product or service.

In cases where our enterprise is subject to a legal obligation which requires the processing of personal data, e.g. tax requirements, the processing is based on Article 6(1) point (c) of the GDPR.

In rare cases, it may be necessary to process personal data to protect vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were to be injured on our premises and his or her name, age, health insurance data or other vital information had to be disclosed to a doctor, hospital or other third party. In such a case, the processing would be based on Article 6(1) point (d) of the GDPR.

Finally, processing operations may be based on Article 6(1) point (f) of the GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on Article 6(1) point (f) GDPR if the processing is necessary for safeguarding a legitimate interest of our enterprise or of a third party, provided that the interests, fundamental rights and freedoms of the data subject do not take precedence. In particular, we are permitted to pursue such processing operations because they have been specifically mentioned by the European legislature. In this respect, the legislature took the view that a legitimate interest could be assumed if you are a customer of our enterprise (recital 47, sentence 2 of the GDPR).

 

6. Transfer of Data to Third Parties
We only transfer your personal data to third parties if:

  1. you have given express consent pursuant to Article 6(1) point (a) of the GDPR;
  2. the transfer is permitted in accordance with Article 6(1) point (f) of the GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the not transferring of your data;
  3. there is a legal obligation to transfer your data pursuant to Article 6(1) point (c) of the GDPR; and
  4. it is legally permissible and necessary pursuant to Article 6(1) point (b) for the performance of a contractual agreement with you.

Within the framework of the processing operations described in this Data Protection Statement, personal data may be transferred to the USA. The USA does not have an adequate level of data protection (European Court of Justice, Schrems II). To protect your data, we have concluded data processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are insufficient to establish an adequate level of security, your consent pursuant to Article 49(1) point (a) of the GDPR may provide the legal basis for the transfer to third countries. This sometimes does not apply in the case of a data transfer to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.

 

7. Technology

7.1 SSL/TLS encryption
This site uses SSL or TLS encryption to ensure that data processing operations are secure and to protect the transfer of confidential information, e.g. orders, login data or contact requests, which you send to us, the provider. Encrypted connections are indicated by an “https://” instead of an “http://” in the web address and a lock symbol in the address bar of your browser.

We use this technology to protect the data you transfer to us.

7.2 Data we may collect when you visit our website
When you use our website for information purposes only, i.e. you do not register or otherwise transfer information to us, we only collect such data that your browser transfers to our server (in so-called “server log files”). Our website collects a range of general data and information each time a web page is accessed by you or an automated system. That general data and information is stored in the log files of the server. The following may be collected:

  1. The type and version number of the browser used
  2. The operating system of the system accessing our website
  3. The website from which an accessing system arrives on our website (called a referrer)
  4. The subpages accessed on our website by an accessing system
  5. The date and time when the website is accessed
  6. An Internet protocol (IP) address
  7. The Internet service provider of the accessing system

We do not draw any conclusions about your person when we use that general data and information. That information is rather necessary to

  1. properly deliver the contents of our website;
  2. optimize the content of our website and its advertising;
  3. ensure the continued functioning of our IT systems and the technology of our website; and
  4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

Therefore, the data and information collected is used by us for statistical purposes and to increase the level of data protection and security in our enterprise to ensure an optimum level of protection for the personal data we process. The data of the server log files is stored separately from any personal data provided by a data subject.

The legal basis for data processing is Article 6(1) point (f) of the GDPR. Our legitimate interest arises from the purposes listed above for data collection.

7.3 Amazon Web Services, AWS (Hosting)
Our website is hosted at Amazon Web Services (AWS) provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg.

When you visit our website, your personal data will be processed on the servers of AWS. Within that process, personal data may also be transferred to the parent company of AWS in the USA.  The transfer of data to the USA is based on the EU standard contractual clauses. Details are available at: aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.

AWS is used on the basis of Article 6(1) point (f) of the GDPR. We have a legitimate interest in ensuring that our website is displayed as reliable as possible.

We have concluded a data processing contract with AWS. The contract is stipulated by data protection law and ensures that AWS only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Further information about the data protection policy of AWS is available at: https://aws.amazon.com/privacy/?nc1=f_pr.

 

8. Cookies

8.1 General information about cookies
Cookies are small files which are created automatically by your browser and stored on your IT system (laptop, tablet, smartphone or similar devices) when you visit our website.

Cookies contain information generated in conjunction with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity.

We rely on cookies to provide a more convenient experience for visitors on our website. For example, we use session cookies to determine whether you have previously been on a page of our website. Session cookies are deleted automatically when you leave our website.

In addition, we use temporary cookies to make our website more user-friendly. Temporary cookies are stored on your end device for a certain amount of time. When you return to our website to use our services, the website automatically recognizes that you have been here before and remembers previous entries and adjustments so you will not have to make them again.

We also use cookies to record statistics on the use of our website and to analyze our content for the purpose of optimizing it for you. These cookies allow us to automatically recognize that you have previously been on our website when you return. Cookies created this way are deleted automatically after a defined period of time. Information on the corresponding cookie storage period is available in the settings of the consent tool used.

8.2 Legal basis for the use of cookies
The data processed by cookies necessary for the proper functioning of the website is necessary for safeguarding the legitimate interests of our enterprise and of third parties pursuant to Article 6(1) point (f) of the GDPR.

For all other cookies, we will obtain your consent pursuant to Article 6(1) point (a) of the GDPR via our opt-in cookie banner.

8.3 Usercentrics (consent management tool)
We use the consent management platform “Usercentrics” provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service allows us to obtain and manage consent for the processing of data from website users.

Usercentrics collects data generated by end users who use our website. If the end user has consented, Usercentrics automatically logs the following data:

  • browser information
  • date and time of access
  • device information
  • URL of the page visited
  • geographic location
  • page path of the website
  • the end user’s consent status, which provides evidence of consent

The consent status is also stored in the end user's browser so that the website can automatically read and comply with the end user's preferences every time the end user subsequently opens a page or starts a new session, for a period of up to 12 months. Consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular period of limitation in accordance with Section 195 of the BGB (German Federal Civil Code). The data will then be deleted immediately or—upon request—transferred to the person responsible, in form of a data export.

The functionality of the website cannot be ensured without the processing operations described above. The user does not have the possibility to object if there is a legal obligation to obtain the user’s consent for certain data processing operations (Article 7(1) and Article 6(1) point (c) of the GDPR).

Usercentrics is a recipient of your personal data and acts as a processor on our behalf.

Detailed information about the use of Usercentrics is available at: usercentrics.com/privacy-policy/.

 

9. Our Activity on Social Networks
We have set up our own pages on social networks to allow us to communicate with you and inform you of the services we provide. When you visit one of our social media pages, we and the provider of the social media platform are joint controllers within the meaning of Article 26 of the GDPR with respect to the processing operations of personal data related to that visit.

We are not the original provider of those pages, but only use them within the scope of the possibilities offered to us by the corresponding provider.

Out of an abundance of caution, we would therefore like to point out that your data may also be processed outside of the European Union or the European Economic Area. A use of the social networks may therefore involve data protection risks for you, because it may be more difficult to protect your rights, e.g. access, erasure, objection, etc., and social media providers frequently process personal data for advertising purposes or to analyze user behavior, without us having any influence on those operations. Providers who create usage profiles, frequently use cookies or directly associate the usage behavior with your personal member profile on the social network.

The processing operations of personal data described above are carried out in accordance with Article 6(1) point (f) of the GDPR on the basis of the legitimate interest of our enterprise and of the respective provider to facilitate our communication with you in a timely manner or to inform you of our services. If the respective provider requires you to consent to data processing as a user, the legal basis for that processing is Article 6(1) point (a) of the GDPR in conjunction with Article 7 of the GDPR.

Because we have no access to the databases of those providers, you would be best placed to exercise your rights (e.g. access, rectification, erasure, etc.) directly with the respective provider. Further information about the processing of your data on social networks and your options for exercising your right to object or to withdraw consent (opt out) are available at the following links to the individual social network providers used on our website:

9.1 LinkedIn
(Co-)responsible for data processing in Europe:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Data protection statement: https://www.linkedin.com/legal/privacy-policy

9.2 YouTube
(Co-)responsible for data processing in Europe:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection statement: https://policies.google.com/privacy

9.3 Facebook
(Co-)responsible for data processing in Europe:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Data protection statement (data guideline): https://www.facebook.com/about/privacy

9.4 Instagram
(Co-)responsible for data processing in Germany:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Data protection statement (data guideline): https://instagram.com/legal/privacy/

 

10. Web Analysis

10.1 Google Analytics
On our website, we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
That service creates pseudonymized usage profiles and uses cookies (see “Cookies”). The information generated by the cookie regarding your use of this website can includes for example:

  • short-term collection of the IP address, without permanent storage
  • geolocation data
  • browser type and version
  • operating system used
  • referrer URL (previously visited page)
  • the time at which the server was accessed

The pseudonymized data may be transferred by Google to a server in the USA and stored there.

The information is used to analyze how the website is used, to compile reports on website activity and to provide other services related to the use of the website and the internet, for the purposes of market research and facilitating a user-focused design of these web pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. In no case will your IP address be merged with other Google data.

These processing operations are carried out exclusively when express consent has been given pursuant to Article 6(1) point (a) of the GDPR.

Further data protection information concerning the use of GA4 is available at: support.google.com/analytics/answer/12017362.

10.2 LinkedIn Analytics
On this website, we use the Retargeting Tool and Conversion-Tracking provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (LinkedIn).

For that purpose, we have integrated the LinkedIn Insight Tag on our website, which enables us to collect statistical data about your visit and the use of our website and which provides us with corresponding aggregated statistics on that basis. In addition, we use the service to show you relevant offers and recommendations in line with your interests after you have looked at certain services, information and offers. The relevant information is stored in a cookie.

In general, the following data is collected and processed for this purpose:

  • IP address
  • device information
  • browser information
  • referrer URL
  • time stamp

These processing operations are carried out exclusively when express consent has been given pursuant to Article 6(1) point (a) of the GDPR. Your data will be stored until you withdraw consent.

You can configure your browser to receive a notification when a cookie is set and to only allow cookies in individual cases, to reject cookies in certain cases or in general, and to automatically delete cookies when the browser is closed. If cookies are disabled, some features of this website may not function properly. The personal data is retained for as long as it is necessary for the fulfillment of the processing purpose. As soon as the data is no longer required for the fulfillment of the purpose, it will be deleted.

Within the framework of the data processing via LinkedIn, data may be transferred to the USA and to Singapore. The security of the transfer is ensured by so-called standard contractual clauses which ensure that the processing of personal data is subject to a security level which corresponds to that of the GDPR. If the standard contractual clauses are insufficient to ensure an adequate level of security, we will obtain your consent in accordance with Article 49(1) point (a) of the GDPR.

Further information about the data protection policy of LinkedIn is available at: www.linkedin.com/legal/privacy-policy.

 

11. Cooperation with Our Subsidiaries for Advertising Purposes
To pursue the legitimate interest of the Jowat Group in accordance with Article 6(1) point (f) of the GDPR in optimizing the advertising and commercial presentation of our corporate headquarters and our subsidiaries, it may be necessary to share certain personal data within the Jowat Group. In particular, this applies to potential contact details, information about your interests and your customer profile as well as about your use of our products and services.

 

12. Partner and Affiliate Program, DoubleClick
This website contains components from DoubleClick by Google. DoubleClick is a brand of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), under which special online marketing solutions are provided to advertisers and publishers.

DoubleClick by Google transfers data to the DoubleClick server with each click and impression or a similar action. Each of these data transfers also involves a cookie request to your browser. If the browser accepts that request, DoubleClick will set a cookie on your IT system. The purpose of the cookie is to optimize and display advertisements. Among other functions, the cookie is also used to display relevant advertisements and to create reports for marketing campaigns or to improve them. In addition, the cookie is used for preventing duplicate displays of the same advertisement.

DoubleClick uses a Cookie-ID which is necessary for the technical procedure. For example, the cookie ID is needed to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser to prevent duplicate displays. Furthermore, the cookie ID enables DoubleClick to record conversions.

Cookies from DoubleClick do not contain any personal data. However, cookies from DoubleClick may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which you have already been in contact.

Every time you open an individual page of this website which is operated by us and in which a DoubleClick component has been integrated, the Internet browser on your IT system will automatically transfer data to Google via the DoubleClick component for the purposes of online advertising and the settlement of commissions. Within the framework of this technical procedure, Google obtains knowledge of data which Google also uses to create commission settlements. For example, Google can see that you have clicked certain links on our website.

You can prevent DoubleClick and our website from setting cookies at any time by configuring your browser accordingly. In addition, cookies which have already been set can be deleted at any time in the Internet browser or by using other software.

These processing operations are carried out exclusively when express consent has been given pursuant to Article 6(1) point (a) of the GDPR.

The data protection policy of DoubleClick by Google is available at: https://www.google.com/intl/en/policies/.

 

13. Plug-Ins and Other Services

13.1 Google Maps
Our website uses Google Maps (API), a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Ireland Limited is part of the Google group with corporate headquarters in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web mapping service for the presentation of geographic data in visual form. For example, it can show our locations on a map and help you with directions.

When you access a page in which Google Maps is embedded, information about your use of our website (e.g. your IP address) will be transferred to and stored on Google’s servers in the USA. This is independent of whether Google provides a user account to which you are logged in or there is no user account. When you are logged in to Google, your data will be associated directly with your account. If you do not want that data to be associated with your Google profile, you must log out from your Google account. Google stores your data (incl. of users who are not logged in) to create usage profiles for analysis purposes. You have the right to object to user profiles being created. To make use of this right, you must contact Google.

If you do not consent to a future transfer of your data to Google within the framework of a use of Google Maps, there is also the possibility to completely disable the Google Maps web service, by deactivating the JavaScript application in your browser. Google Maps can then no longer be used and maps will not be displayed on this website.

These processing operations are carried out only if the express consent has been obtained in accordance with Article 6(1) point (a) of the GDPR.

The Google Terms of Service are available at www.google.com/intl/en/policies/terms/regional.html. The additional Terms of Service of Google Maps are available at www.google.com/intl/de_US/help/terms_maps.html.

The data protection policy of Google Maps is available at: (“Google Privacy Policy”): https://www.google.com/intl/en/policies/privacy/.

13.2 Google Photos
We use the online service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to store photos which are embedded on our home page.

Embedding is a procedure by which a certain foreign content (text, video or image data) hosted on a different website (Google Photos) is integrated and then displayed on our own website. The content is embedded using a so-called embed code. If we have integrated an embed code, the external content from Google Photos is displayed immediately by default as soon as one of our web pages is opened.

The technical implementation of an embed code, which facilitates the displaying of images from Google Photos, means that your IP address is transmitted to Google Photos. In addition, Google Photos records our web address, the type of browser you are using, the language in your browser, the time and the duration of the visit. The information collected by Google Photos may also include which of our subpages you have visited and which links were clicked, as well as other interactions during the time on our website. That data can be stored and analyzed by Google Photos.

These processing operations are carried out only if the express consent has been obtained in accordance with Article 6(1) point (a) of the GDPR.

The data protection policy of Google is available at: https://www.google.com/policies/privacy/.

13.3 Google Tag Manager
On this website, we use the Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group with corporate headquarters in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The tool allows us to integrate “website tags” (i.e. keywords which are embedded in HTML elements) and to manage them via a user interface. By using the Google Tag Manager, we can automatically track which button, link or personalized image you have actively clicked on and can then identify which content on our website is most of interest to you.

In addition, the tool triggers other tags, which in turn may collect data. Google Tag Manager does not access that data. If you have disabled specific cookies or cookies at the domain level, those restrictions will also apply to all tracking tags implemented with Google Tag Manager.

These processing operations are carried out only if the express consent has been obtained in accordance with Article 6(1) point (a) of the GDPR.

Further information about the Google Tag Manager and the data protection policy of Google are available at: https://www.google.com/intl/policies/privacy/.

13.4 Google WebFonts
Our website uses so-called web fonts to ensure the consistent display of typefaces. Google WebFonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group with corporate headquarters in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

These processing operations are carried out only if the express consent has been obtained in accordance with Article 6(1) point (a) of the GDPR.

Further Information about Google WebFonts and the data protection policy of Google are available at: developers.google.com/fonts/faq ; https://www.google.com/policies/privacy/.

13.5 YouTube (Videos)
On this website, we have integrated components of YouTube, a service provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you are logged in to YouTube at the same time, YouTube recognizes which specific subpage on our website you are accessing when you open a subpage which contains a YouTube video. This information is collected by YouTube and Google and associated with your YouTube account.

The YouTube component will record each instance when you open one of our web pages on which it has been integrated and transfer this information to YouTube and Google if you are logged in to YouTube at that same time. This happens regardless of whether or not you click on the YouTube video itself. If you do not want that information to be transferred to YouTube and Google, you can prevent the transfer by logging out of your YouTube account before you access our website.

These processing operations are carried out only if the express consent has been obtained in accordance with Article 6(1) point (a) of the GDPR.

The data protection policy of YouTube is available at: https://www.google.com/intl/en/policies/.

13.6 Font Awesome
Our website uses so-called web fonts provided by Fonticons Inc, 307 S Main St., Ste. 202, Bentonville, AR, USA, to ensure the consistent display of typefaces and icons (symbols). When you access a page on our website, the web fonts needed for the correct rendering of text, typefaces and icons are loaded by your browser into its cache memory.

For that purpose, the browser you are using has to establish a connection with the servers of Fonticons, Inc. The web fonts are also loaded via a Font Awesome content delivery network. This ensures that the loading duration is consistent and as short as possible by adapting the storage location. Among other data, the following is collected within the scope of that process: your IP address, type and version of the browser, the operating system used, the referrer URL (previously visited website), and the time when the service was requested. The web fonts are also loaded via a content delivery network. This ensures that the loading duration is consistent and as short as possible by adapting the storage location. This data is used for the optimization of services and for internal analysis purposes. Once your data has been statistically recorded, it is deleted and only processed further in an aggregated and nonpersonal form.

These processing operations are carried out exclusively when express consent has been given pursuant to Article 6(1) point (a) of the GDPR.

If you have not given consent, a standard typeface from your end device will be used instead. This may have a detrimental effect on the performance experienced on our website.

Further information about the data protection policy of Fonticons Inc. is available at: https://fontawesome.com/privacy.

13.7 ImgiX
On our website, we use the Imgix service provided by Zebrafish Labs, Inc., 423 Tehama St., CA 94103 San Francisco, USA.

ImgiX allows us to automatically adapt the format of our images to your browser and the appropriate resolution.

This requires the establishing of an Internet connection to the servers of Zebrafish Labs, Inc. Among other data, the following is collected within the scope of that process: your IP address, type and version of the browser, the operating system used, the referrer URL (previously visited website), and the time when the service was requested. ImgiX also functions as a content delivery network. This ensures that the loading duration is consistent and as short as possible by adapting the storage location. The data collected is used for the optimization of services and for internal analysis purposes. Once your data has been statistically recorded, it is deleted and only processed further in an aggregated and nonpersonal form.

The legal basis for the processing of personal data is your consent pursuant to Article 6(1) point (a) of the GDPR.

Further information about the data protection policy of Imgix is available at: https://www.imgix.com/privacy.

 

14. Your Rights as a Data Subject

14.1 Right to confirmation
You have the right to request a confirmation from us on whether any personal data concerning you is being processed.

14.2 Right of access Article 15 GDPR
You have the right to obtain information about the personal data concerning you stored by us and to obtain a copy of that data in accordance with the statutory regulations, at any time and free of charge.

14.3 Right to rectification Article 16 GDPR
You have the right to obtain the rectification of inaccurate personal data concerning you. In addition, you also have the right to have incomplete personal data completed, taking into account the purposes of the processing.

14.4 Right to erasure Article 17 GDPR
You have the right to obtain the erasure of personal data concerning you without undue delay if one of the reasons provided for by law applies and if the processing or retention is not necessary

14.5 Right to restriction of processing Article 18 GDPR
You have the right to obtain the restriction of processing if one of the statutory requirements applies.

14.6 Right to data portability Article 20 GDPR
You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. You also have the right to transfer this data to another responsible without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6(1) point (a) of the GDPR or Article 9(2) point (a) of the GDPR or on a contract pursuant to Article 6(1) point (b) of the GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to obtain that the personal data be transferred directly from one responsible to another responsible, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

14.7 Right to object Article 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1) point (e) (data processing in the public interest) or on Article 6(1) point (f) (data processing based on the balancing of interests).

This applies also to profiling within the meaning of Article 4 number 4 of the GDPR based on those provisions.

If you object, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

In individual cases, we process personal data for direct marketing purposes. You may object at any time to the processing of personal data for such marketing purposes. This includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process the personal data for such purposes.

Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

14.8 Withdrawal of a consent
You have the right to withdraw consent for the processing of personal data at any time with effect for the future.

14.9 File a complaint with a supervisory authority
You have the right to file a complaint with a supervisory authority responsible for data protection about our processing of personal data.

 

15. Retention Period of Personal Data
We process and store your personal data only for the amount of time necessary to achieve the purpose of storage or if this has been provided for by the legal provisions applicable to our enterprise.

If the purpose of storage no longer applies or if a prescribed storage duration expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

 

16. Version and Amendments to the Data Protection Statement
This Data Protection Statement is currently valid and was last updated in November 2022.

We may have to revise this Data Protection Statement periodically as a result of the continual further development of our website and our content or due to changing statutory requirements and regulations. You can read and print out our current Data Protection Statement on this website at any time at: www.jowat.com/de-DE/datenschutz/.

Duties to provide information