This privacy statement explains how, to what extent and for what purpose your personal data (hereinafter “data”) are processed as part of our online services and associated websites, functions, content and external websites such as our social media profiles. (hereinafter referred to jointly as “online services”). Terminology used such as “personal data” and its “processing” is based on the definitions in Article 4 of the General Data Protection Regulation (GDPR).
First Sensor AG
T +49 30 6399 2330
F +49 30 6399 2333
Sibylle Büttner, Robin Maly, Dirk Schäfer
Chairman of the Supervisory Board:
Berlin-Charlottenburg HRB 69326
VAT ID DE 199 466 984
Data Protection Officer:
TE Data Privacy Officer
1. Description of groups of data subjects and data or categories of data relating to them
a. Groups of data subjects
Personal data or data categories listed under 1.b. are collected, processed and used for the purposes described under 3 for the following groups of data subjects:
- Potential customers
- Others who visit and use the online services
Data subjects are hereinafter referred to as “users”.
b. Types of processed data
- Inventory data (e.g. names, addresses).
- Contact details (e.g. email, telephone numbers).
- Content data (e.g. text entries, photographs, videos).
- Contractual data (e.g. subject of the agreement, term, customer category).
- Usage data (e.g. websites visited, links clicked on, interest in content, when they are accessed).
- Metadata/communication data (e.g. device information, IP address, click paths).
2. Processing of Special Categories of Personal Data (Article 9 (1) GDPR):
No special categories of data are processed unless these are provided by the user for processing, e.g. in online forms.
3. Purpose of Collecting, Processing or Using Data
Personal data (such as names or email addresses) are collected on our website on a voluntary basis, unless indicated otherwise or absolutely essential for technical reasons.
Personal data are collected for the following purposes:
- Providing online services, content and functions
- Personalized web content
- Maintaining inventory and usage data
- Gaining new customers
- Preparing and answering contact inquiries and communicating with users
- Further customer services
- Providing contractual services and customer support
- Marketing, advertising and market research
- Security Measures
Updated: 27. September 2018
4. Relevant Legal Basis
In accordance with Article 13 GDPR, we hereby inform you of the legal basis of our data processing. The following applies if the legal basis is not provided in the privacy statement: The legal basis for obtaining consent is Article 6 (1) (a) and Article 7 GDPR, the legal basis for processing in order to provide our services, take steps prior to entering into a contract and respond to inquiries is Article 6 (1) (b) GDPR, the legal basis for processing in order to comply with our legal obligations is Article 6 (1) (c) GDPR, and the legal basis for processing for the purposes of our legitimate interests is Article 6 (1) (f) GDPR. If it is necessary to process personal data to protect the vital interests of the data subject or another natural person, the legal basis is Article 6 (1) (d) GDPR.
5. Amendments and Updates to the Privacy Statement
Please read through our privacy statement on a regular basis. We will amend the privacy statement as soon as changes to our data processing make this necessary. We will inform you as soon as the changes require action by you (e.g. giving consent) or any other individual communication.
6. Security Measures
- In accordance with Article 32 GDPR, we take suitable technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons; in particular, these measures include ensuring the confidentiality, integrity and availability of data by monitoring physical access to the data, as well as data access, input and disclosure and ensuring availability and separation of the data. Furthermore, we have procedures in place to guarantee that data subjects can exercise their rights, that data can be erased and which provide a response if data are compromised. We also take into account protecting personal data at the development stage and when selecting hardware, software and processes, in accordance with the principle of data protection by design and by default (Article 25 GDPR).
- In particular, security measures include encrypted data transmission between your browser and our server or the servers of our suppliers.
7. Collaboration with Processors and Third Parties
- We disclose data to other persons or companies (third parties) and transfer or otherwise grant them access to these data as part of our processing only on the basis of legal authorization (e.g. if it is necessary to transmit data to third parties, such as to payment providers, for the performance of a contract in accordance with Article 6 (1) (b) GDPR), provided you have granted consent, a legal obligation exists or on the basis of our legitimate interests.
- Engaging third parties with data processing as part of a “data processing agreement” will take place on the basis of Article 28 GDPR. Processors include providers from:
- Web hosting services
- Analysis and advertising services
- CRM, registration and marketing automation systems
8. Transfers to Third Countries
Any processing of data in a third country (outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third-party services or disclosure or transfer of data to third parties, will occur only for the purposes of fulfilling our (pre)contractual obligations or on the basis of your consent, a legal obligation or our legitimate interests. Subject to legal or contractual authorization, we process data or allow the data to be processed in a third country only if the special requirements under Article 44 et seqq. GDPR are met. That means that data are processed, for example, on the basis of special guaranties such as officially recognized levels of data protection in the EU (e.g. the “privacy shield” for the US) or by observing officially recognized special contractual obligations (“standard contractual clauses”).
9. Rights of the Data Subjects
- Users have the right to obtain confirmation of whether their data are being processed, information on these data and further information and copies of the data in accordance with Article 15 GDPR.
- Under Article 16 GDPR, users have the right to have incomplete personal data completed and incorrect personal data rectified.
- In accordance with Article 17 GDPR, users also have the right to the erasure of personal data without undue delay or, alternatively, the right to restriction of processing pursuant to Article 18 GDPR.
- In accordance with Article 20 GDPR, users have the right to receive personal data they provided to us and transmit these data to another controller.
- Article 77 GDPR also grants users the right to lodge a complaint with a supervisory authority, e.g. with the Berlin data protection authority responsible for First Sensor AG.
10. Right to Withdraw Consent
Users have the right to withdraw consent previously given with effect for the future in accordance with Article 7 (3) GDPR.
11. Right to Object
In accordance with Article 21 GDPR, users can object to their personal data being processed in the future on the basis of First Sensor AG’s legitimate interests at any time. In particular, they can object to processing for direct marketing purposes.
12. Storage Period of Data
1. Unless explicitly stated in this privacy statement, data stored by us is erased as soon as no longer required for their intended purpose and as long as no legal retention period prevents their erasure. If the data are not erased because they are required for other, legally permitted purposes, processing is restricted. That means that the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
2. According to statutory requirements, data must be retained for 6 years in accordance with Section 257 (1) of the German Commercial Code (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) of the German Tax Code (books, records, status reports, accounting documents, commercial and business letters, documents relevant to taxation etc.).
13. Contacting Us
1. In accordance with Article 6 (1) (b) GDPR, user information is processed when contacting us (using the contact form or by email) in order to handle the inquiry.
2. User details may be stored in our customer relationship management system and marketing automation platform (“CRM & marketing system”) or in similar contact request systems.
3. We use the CRM, registration and marketing automation system “HubSpot” from the provider HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with branches in Ireland (One Dockland Central, Dublin 1, Ireland) and Germany (Unter den Linden 26, 10117 Berlin) on the basis of the consent of the recipient in accordance with Article 6 (1) (a) and Section 7 (2) No. 3 of the Gesetz gegen den unlauteren Wettbewerb (UWG - German Unfair Competition Act) or on the basis of legal permission in accordance with Section 7 (3) UWG. For this purpose we have entered into a contract with HubSpot with standard contractual clauses whereby HubSpot undertakes to process user data only in line with our instructions and to adhere to the level of data protection in the EU. HubSpot is also certified under the Privacy Shield agreement, providing an additional guarantee that it will comply with European data protection law (https://www.privacyshield.gov/list)
4. Our registration service allows website users to find out more about our company, download content and provide their contact details and further demographic information. This information is stored on the servers of our software partner HubSpot
. We can use this information to contact visitors to our website and identify which of our services they are interested in. All information collected by us is subject to this privacy statement. We use the data we collect exclusively to improve our marketing.
5. We delete inquiries once they are no longer needed. We check which data are no longer required every 12 months; inquiries from customers with a customer account are stored permanently. Please refer to the customer account details for deletion. In the event of statutory archiving obligations, data are deleted after the obligations expire (at the end of commercial (6 years) and taxation (10 years) retention requirements).
14. Use of Optional Functions/Services on our Website
Some personal data such as name, address, contact and communication data (e.g. phone number and email address) are collected on the basis of your consent when you voluntarily use optional functions/services on our website (e.g. webinars, white papers, comment function). If you have filled out and sent the contact form, you can access content and services, e.g. find out more about our company or download content.
This information is stored on servers of our software partner HubSpot with the permission of the recipient in accordance with Article 6 (1) (a) and Section 7 (2) No. 3 UWG or on the basis of legal permission pursuant to Section 7 (3) UWG. We can use this information to contact visitors to our website and identify which of our services they are interested in. Users can request their data be erased at any time. Of course, we will provide you with information on data we have saved about you at any time.
15. Comments and Contributions
Only registered users can add comments and contributions. That requires agreeing to your data being stored and used and accepting our privacy statement.
16. Collecting Access Data and Log Files
1. On the basis of our legitimate interests as defined in Article 6 (1) (f) GDPR, we collect data about each time the server where this service is located is accessed (“server log files”). Access data include the name of websites accessed, file, date and time it was accessed, the volume of data transmitted, notification of successful access, browser type and version, the user operating system, the URL referrer (the previous page visited), IP address and the provider making the request.
2. For security reasons (e.g. to investigate misuse or fraud), log file information is stored for a maximum of seven days and then erased. Data that must be retained for the purpose of providing evidence are exempt from the erasure requirement until the respective incident has been completely resolved.
17. Cookies & Measuring Reach
2. We use “session cookies” which are stored only for the amount of time the visitor spends on our website (e.g. so that our online services can be used). Session cookies randomly generate a unique identification number known as a session ID. A cookie also contains information on its origin and how long it may be stored. These cookies cannot store any other data. Session cookies are deleted when the user finishes using our online services and, for example, logs off or closes the browser.
3. As well as session cookies, this website also uses other types of cookies. Some cookies are employed by third parties which appear on our website. When a user visits our site for the first time, the user is asked to read our cookie notice and then either accept or reject our cookies. Permission can be changed or revoked at any time under the following link:Cookie Settings
4. The list below shows the various types of cookies used by us and third parties on the website:
6. If users do not want cookies to be saved on their computer, they can deactivate this in their browser system settings. Stored cookies can be deleted in the browser system settings. Deactivating cookies may restrict functions on online services.
7. You can also object to customized online marketing from many companies via the Network Advertising Initiative’s opt out page (http://optout.networkadvertising.org/), the US website (http://www.aboutads.info/choices) or the European site (http://www.youronlinechoices.com/uk/your-ad-choices/
2.1. Use of Google Analytics
We use Google Analytics, a web analysis service by Google LLC (“Google”), with the permission of the recipient in accordance with Article 6 (1) (a) and Section 7 (2) No. 3 UWG or on the basis of legal permission pursuant to Section 7 (3) UWG. Google employs cookies. Information generated by the cookie about the user’s activity on online services are usually transmitted to a Google server in the US and stored there.
Google is certified under the Privacy Shield agreement, providing an additional guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online services by users, create activity reports and provide us with other services associated with the use of these online services and the internet. This processed data can be used to create user usage profiles under a pseudonym.
We use Google Analytics so that only users who have also shown interest in our online services or have certain characteristics (e.g. interest in particular areas or products as determined by the websites visited) which we pass on to Google (“remarketing” or “Google Analytics audiences”), see adverts placed in our advertising services by Google and its partners. By using remarketing audiences, we also want to ensure that our advertisements are relevant to the interests of the user and are not irritating.
Google Analytics is used only when IP anonymization is activated. That means that users’ IP addresses are shortened by Google within European Union member states or in other Contracting States to the Agreement on the European Economic Area. Full IP addresses are transmitted to a Google server in the US and shortened there only in exceptional cases.
IP addresses transmitted from the user’s browser are not combined with other data from Google. Users can prevent cookies being stored by going to their browser software settings; users can also prevent data from the cookie about their use of the online services being collected or processed by Google by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=en.
More information on Google’s use of data, settings and how to object to data collection can be found on Google’s website: https://policies.google.com/technologies/partner-sites?hl=en (“Google’s use of data when you visit websites or apps from our partners”), https://policies.google.com/technologies/ads?hl=en (“use of data for promotional purposes”), https://adssettings.google.com/authenticated (“manage information Google uses to show you marketing”).
3. Google Analytics will use this information on our behalf to evaluate users’ use of the information displayed, create activity reports for online services and provide us with other services associated with the use of these online services and the internet. This processed data can be used to create user usage profiles under a pseudonym.
4. We use Google Analytics so that only users who have also shown interest in our online services or have certain characteristics (e.g. are interested in particular areas or products determined by the websites visited), which we pass on to Google (“remarketing”), see adverts placed by Google and its partners. By using remarketing audiences, we also want to ensure that our advertisements are relevant to the interests of the user and are not irritating.
5. Google Analytics are used only when IP anonymization is activated. That means that users’ IP addresses are shortened by the providers only within European Union member states or in other Contracting States to the Agreement on the European Economic Area.
6. IP addresses transmitted from the user’s browser are not combined with other data. Users can prevent cookies being stored by going to their browser software settings;
7. For Google Analytics, users can also prevent data from the cookie about their use of the online services being collected or processed by the providers by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=en
19. Newsletter & Email Marketing Automation
1. We collect your personal data (name, address, contact and communication data (e.g. phone number and email address)) so that we can send you the latest information by post, email or over the phone. You will receive this information
a. automatically as one of our customers
b. when you sign up for our newsletter on our website or
c. when you download free documents from our website, such as a white paper, after providing your contact information.
2. Sending the newsletter and assessing success is carried out on the basis of the permission of the recipient in accordance with Article 6 (1) (a) and Section 7 GDPR, Section 7 (2) No. 3 UWG or on the basis of legal permission pursuant to Section 7 (3) UWG.
3. To check that the email address really does belong to the person signing up, we use the “double opt-in” procedure. For this, we record the following information:
- time the newsletter was ordered
- time the confirmation email was sent
- content of the confirmation email
- time the email was confirmed using the confirmation link or time the reply email was archived.
4. The registration procedure is recorded on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR and serves as proof of giving permission to receive the newsletter.
5. Cancellation/withdrawal - you can cancel your subscription to our newsletter at any time, i.e. revoke your consent. A link to cancel your subscription can be found at the bottom of every newsletter. If users registered only for the newsletter and then cancel this subscription, their personal data are erased.
6. Among others we use the newsletter software „Newsletter2Go“, from the provider Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, Germany (https://www.newsletter2go.com/
Your data will be sent to Newsletter2Go GmbH. Newsletter2Go is not allowed to sell your data or to use it for purposes other than the sending of newsletters. Newsletter2Go is a certified German provider that was selected in line with the requirements of the General Data Protection Regulation and the German Federal Data Protection Act. Further information is available here: https://www.newsletter2go.co.uk/information-for-newsletter-recipients/
20. Integration of Third Party Services and Content
1. As part of our online services, we use content and service offers from third party providers on the basis of the consent of the recipient in accordance with Article 6 (1) (a) and Section 7 (2) No. 3 UWG or on the basis of legal permission pursuant to Section 7 (3) UWG, in order to integrate their content and services such as videos or fonts (hereinafter referred to collectively as “content”. We gather permissions and entries through our cookie permission management tool (“OneTrust”). This always requires third party content providers to record users’ IP addresses, as content cannot be sent to the user’s browser without their IP address. The IP address is required to display this content. We try to use only content for which the providers use IP addresses for the sole purpose of delivering the content. Third party providers can also use “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These pixel tags allow information such as visitor traffic to the website to be analyzed. The pseudonym information can also be stored in cookies on the user’s device and may contain technical information regarding the browser and operating system, referring sites, visiting time and other information on the use of our online services. It may also be linked to information from other sources.
2. Below you can find an overview of third party providers, their content and links to their privacy statements which provide further details on data processing and the opt-out options described above: