Version March 2024

I. Identity and contact details of the data controller
II. Contact details of the data protection officer
III. General information on data processing
IV. Rights of the data subject
V. Provision of website and creation of log files
VI. Use of cookies
VII. Registration
VIII. Web shop
IX. Payment options
X. Credit assessment
XI. Shipping service providers
XII. Newsletter
XIII. Contact via Email
XIV. Callback service
XV. Application via Email
XVI. Geotargeting
XVII. Content delivery networks
XVIII. Usage of Plugins

I. Name and address of the data controller

The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) of the European Union and other national data protection laws of the Member States as well as other data protection regulations is

FIPA GmbH
Freisinger Str. 30
85737 Ismaning
Germany
Tel.: +49 89 962489-0
info@fipa.com
www.fipa.com

II. Name and address of the designated data protection officer

The designated data protection officer is:

DataCo GmbH 
Dachauer Str. 65
80335 Munich
Germany
datenschutz@dataguard.de
www.dataguard.de

III. General information on data processing

1. Scope of processing personal data

In general, we only process the personal data of our users to the extent necessary in order to provide a functioning website with our content and services. The processing of personal data regularly only takes place with the consent of the user. Exceptions include cases where prior consent technically cannot be obtained and where the processing of the data is permitted by law.

2. Legal basis for data processing

Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis to obtain the consent of the data subject for the processing of their data.

As for the processing of personal data required for the performance of a contract of which the data subject is party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual activities.

When it is necessary to process personal data in order to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.

If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.

If the processing of data is necessary to safeguard the legitimate interests of our company or that of a third party, and the fundamental rights and freedoms of the data subject do not outweigh the interest of the former, Art. 6 para. 1 sentence 1 lit. f GDPR will serve as the legal basis for the processing of data.

3. Data removal and storage duration

The personal data of the data subject will be erased or restricted as soon as the purpose of its storage has been accomplished. Additional storage may occur if it was provided for by the European or national legislator within the EU regulations, law, or other relevant regulations to which the data controller is subject. Restriction or erasure of the data also takes place when the storage period stipulated by the aforementioned standards expires, unless there is a need to prolong the storage of the data for the purpose of concluding or fulfilling the respective contract.

IV. Rights of the data subject

When your personal data is processed, you are subsequently a data subject in the sense of the GDPR and have the following rights:

1. Right to information

You may request from the data controller to confirm whether your personal data is processed by them. If such processing is the case, you can request the following information from the data controller:

• the purpose for which the personal data is processed;
• the categories of personal data being processed;
• the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
• the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
• the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the data controller or a right to object to such processing;
• the existence of a right of appeal to a supervisory authority;
• all available information on the source of the data if the personal data is not collected from the data subject;
• the existence of automated decision-making including profiling under Article 22 para. 1 and para. 4 GDPR and, in certain cases, meaningful information about the data processing system involved, and the scope and intended result of such processing on the data subject.

You have the right to request information on whether your personal data will be transmitted to a third country or an international organization. In this context, you can then request for the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right to rectification and/or completion of the data controller, if your processed personal data is incorrect or incomplete. The data controller must correct the data without delay.

3. Right to the restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

• if you challenge the correctness of your personal data for a period of time that enables the data controller to verify the accuracy of your personal data;
• the processing is unlawful, and you refuse the erasure of the personal data and instead demand the restriction of the use of the personal data;
• the representative no longer needs the personal data for the purpose of processing, but you need it to assert, exercise or defend legal claims; or
• if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the data controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may – with the exception of data storage – only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest, interest to the Union, or a Member State.

If the processing has been restricted according to the beforementioned conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to erasure

a) Obligation to erase

If you request from the data controller to delete your personal data with immediate effect, they are required to do so immediately given that one of the following applies:

• Personal data concerning you is no longer necessary for the purposes for which they were collected or processed.
• You revoke your consent, to which the processing is allowed pursuant to Art. 6 para. 1 sentence 1 lit. a oder Art. 9 para. 2 lit. a GDPR and there is no other legal basis for processing the data
• According to Art. 21 para. 1 GDPR you object to the processing of the data given that the processing of the data is justified by a legitimate interest, or you object pursuant to Art. 21 para. 2 GDPR.
• Your personal data has been processed unlawfully.
• The act of deleting your personal data will invoke a legal obligation under the Union law or the law of the Member States to which the data controller is subject.
• Your personal data was collected in relation to information business services offered pursuant to Art. 8 para. 1 GDPR.

b) Information to third parties

If the data controller has made your personal data public and has to delete the data pursuant to Art. 17 para. 1 GDPR, they shall take appropriate measures, including technical means, to inform data processors who process the personal data, that a request has been made to delete all links to such personal data or copies or replications of the personal data, taking into account available technology and implementation costs to execute the process.

c) Exceptions

The right to delete does not exist if the processing is necessary

• to exercise the right to freedom of speech and information;
• to fulfill a legal obligation required by the law of the Union or of the Member States to which the representative is subject, or to perform a task of public interest or in the exercise of public authority delegated to the representative;
• for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
•       for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
• to enforce, exercise or defend legal claims.

5. Right to information

If you have the right of rectification, erasure or restriction of processing over the data controller, they are obliged to notify all recipients to whom your personal data have been disclosed of the correction or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You reserve the right to be informed about the recipients of your data by the data controller.

6. Right to Data Portability

You have the right to receive your personal data given to the data controller in a structured, standard and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the data controller who was initially given the data, given that

• the processing is based on a consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or
• on a contract in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR and the processing is done by automated means.

In exercising this right, you also have the right to maintain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons shall not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the data controller.

7. Right to object

Subjective to your situation, you have, at any time, the right to object against the processing of your personal data pursuant to Art. 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The data controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data in regard to such advertising; this also applies to profiling insofar as it is associated with direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purpose.

Regardless of Directive 2002/58/EG, you have the option, in the context of the use of information society services, to exercise your right to object to automated procedures that use technical specifications.

8. Right to revoke the data protection consent declaration

You have the right to withdraw your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Automated decision on a case-by-case basis, including profiling

You have the right not to subject to a decision based solely on automated processing – including profiling – that will have legal effect or affect you in a similar manner. This does not apply if the decision

• is required for the conclusion or execution of a contract between you and the data controller,
• is permitted by the Union or Member State legislation to which the data controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
• with your expressed consent.

However, these decisions must not be based on special categories of personal data under Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the data controller shall take appropriate measures to uphold your rights and freedoms as well as your legitimate interests, including the right to obtain assistance from the data controller or their representative, to express your opinion on the matter, and to contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in the Member State of their residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

V. Provision of website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

We use the following external service provider to host our website:

• Amazon Web Services, Inc, 410 Terry Avenue North, Seattle WA 98109, United States
• Hetzner Online GmbH, Industriestr. 25, 1710 Gunzenhausen Germany

The servers of Amazon Web Services and Hetzner Online GmbH are geographically located in Germany. 

Our website is managed by an external service provider who may also process personal data of visitors to our website. We use the services of Silberball Digital GmbH, Mariahilfstr. 29, 6900 Bregenz, Austria and Alpin11 New Media GmbH, Rennfeld 15, 6370 Kitzbühel, Austria for this purpose. Naturally, we have concluded a corresponding order processing contract with both companies.

The following data is collected:

• Information about the browser type and version used
• The user's operating system
• The user's internet service provider
• The IP address of the user
• Date and time of access
• Websites from which the user's system accesses our website
• Websites that are accessed by the user's system via our website

This data is stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

Data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

3. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

VI. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

• Language settings
• Item in shopping basket
• Log-in information

We also use cookies on our website that enable us to analyse the surfing behaviour of users.

The following data can be transmitted in this way:

• Search terms entered
• Frequency of page views
• Utilisation of website functions

The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal user data.

2. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change.

We require cookies for the following applications:

• Shopping basket
• Transfer of language settings
• Memorising search terms

The user data collected by technically necessary cookies is not used to create user profiles.

The purpose of using analytics cookies is to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

3. Legal basis for data processing

The legal basis for the processing of personal data using technically unnecessary cookies is Art. 6 para. 1 sentence 1 lit. a GDPR.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash Player settings.

If you use a Safari browser version 12.1 or higher, cookies are automatically deleted after seven days. This also applies to opt-out cookies, which are set to prevent tracking measures.

VII. Registration

1. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected as part of the registration process:

• Salutation
• Title (optional)
• Name
• First name
• Email address
• The company
• Industry
• Company address
• Sales tax identification number (optional)
• Tax number (optional)
• Department in the company (optional)
• Function in the company (optional)
• Telephone / mobile phone number (optional)
• Fax (optional)
• IP address of the calling computer
• Date and time of registration

As part of the registration process, the user's consent to the processing of this data is obtained.

2. Purpose of data processing

User registration is required to fulfil a contract with the user or to carry out pre-contractual measures.

The user is also identified for the purposes of customer administration and purchase processing.

3. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent.

If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

This is the case for the data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

5. Possibility of objection and removal

As a user, you have the option of cancelling your registration at any time. You can have the data stored about you amended at any time by sending an email to info@fipa.com.

If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

VIII. Webshop

We offer a webshop on our website. We use the following webshop software for this purpose:

Pimcore from the provider Pimcore GmbH, Söllheimer Straße 16, 5020 Salzburg, Austria

The website and the webshop are hosted on external servers by a service provider commissioned by us. Our service provider is:

AWS of the provider Amazon Web Service Inc., 410 Terry Avenue North, Seattle WA 98109, USA

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Date and time of the server request
• IP address

This data is not merged with other data sources. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - the server log files must be recorded for this purpose.

We have concluded an order processing contract with the relevant service provider, in which we oblige the relevant service provider to protect user data and not to pass it on to third parties.

The website server is geographically located in Germany.

IV. Payment

1. Description and scope of data processing

In addition to purchase on account, we offer our customers various payment options for processing their orders. Depending on the payment option, we forward customers to the platform of the relevant payment service provider. After completing the payment process, we receive the customer's payment details from the payment service providers or our house bank and process them in our systems for invoicing and accounting purposes.

Payment by credit card

It is possible to complete the payment process by credit card. If you have selected payment by credit card, payment data will be forwarded to payment service providers for payment processing. All payment service providers comply with the Payment Card Industry (PCI) Data Security Standards and have been certified by an independent PCI Qualified Security Assessor.

The following data is regularly transmitted as part of payment by credit card:

• Purchase amount
• Date and time of purchase
• First name and surname
• Address
• Email address
• Credit card number
• Period of validity of the credit card
• Security code (CVC)
• IP address
• Telephone number / mobile phone number

Payment data is forwarded to the following payment service providers:

Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, The Netherlands

Further information on the data protection guidelines as well as cancellation and removal options vis-à-vis the payment service providers can be found here: https://www.mollie.com/de/privacy

Payment via PayPal

It is possible to complete the payment process with the payment service provider PayPal. In addition to a direct payment method, PayPal also offers purchase on account, direct debit, credit card and payment by instalments.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.

If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal.

This involved the following data in particular:

• Name
• Address
• Email address
• Telephone / mobile phone number
• IP address
• Bank details
• Card number
• Validity date and CVC code
• Number of articles
• Item number
• Data on goods and services
• Transaction amount and tax charges
• Information on previous purchasing behaviour

The data transmitted to PayPal may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check identity and creditworthiness.

PayPal may also pass on your data to third parties if this is necessary to fulfil contractual obligations or if the data is to be processed on our behalf. When transferring your personal data within companies affiliated with PayPal, the Binding Corporate Rules approved by the competent supervisory authorities apply. You can find them here: https://www.paypal.com/de/webapps/mpp/ua/bcr

Other data transfers may be based on contractual protection provisions. For further information, please contact PayPal.

All PayPal transactions are subject to PayPal's privacy policy. You can find this at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/

Payment by instant bank transfer

It is possible to pay by instant bank transfer. In this case, the data is collected by Sofort GmbH, Theresienhöhe 12, 80339 Munich.

The controller does not collect or store the data itself.

By issuing an instant bank transfer, you instruct Sofort GmbH to automatically check whether your account covers the amount to be transferred (account coverage check) and whether any instant bank transfers from your account have been successfully carried out in the last 30 days and, after a positive check, to transmit the transfer order approved by you to your bank in electronic form and to inform us, as the payee selected by you (online provider), of the successful completion of the transfer.

To do this, Sofort GmbH requires the IBAN as well as the PIN and TAN of your online banking account. As part of the ordering process, you will be automatically redirected to the secure payment form of Sofort GmbH.

Immediately afterwards, you will receive confirmation of the transaction. We will then immediately receive the credit note for the transfer.

Anyone who has an authorised online banking account with a PIN/TAN procedure can use Sofortüberweisung as a payment method.

Please note that a few banks do not yet support payment by instant bank transfer.

You can find more information on this via the following link: https://www.klarna.com/sofort/

Further information on the stored data can be found at https://www.klarna.com/sofort/#cq-0

Payment in advance

1. Description and scope of data processing

If you have chosen to pay in advance, we will not process any data other than the data transmitted by your bank. These are only used to check the receipt of payment.

2. Purpose of data processing

The transmission of payment data to payment service providers serves to process the payment, e.g. when you purchase a product and/or utilise a service.

3. Legal basis for data processing

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, as the processing of the data is necessary for the execution of the concluded purchase contract.

4. Duration of storage

All payment data and data on any chargebacks will only be stored for as long as they are required for payment processing and possible processing of chargebacks and debt collection as well as to combat misuse.

Furthermore, payment data may be stored beyond this if and as long as this is necessary to comply with statutory retention periods or to prosecute a specific case of misuse.

Your personal data will be deleted upon expiry of the statutory retention obligations, i.e. after 10 years at the latest.

5. Possibility of objection and removal

You can withdraw your consent to the processing of your payment data at any time by notifying the controller or the payment service provider used. However, the payment service provider used may continue to be authorised to process your payment data if and for as long as this is necessary to process payments in accordance with the contract.

In the USA, we process our payments via a payment service provider and pass on the payment data accordingly:

• Stripe Inc, 510 Townsend Street San Francisco, CA 94103, USA

X. Determination of creditworthiness

1. Description and scope of data processing

We may use the services of rating agencies and credit reference agencies to determine the creditworthiness of our customers, including an analysis of payment behavior and credit default risk.

We use the services of the following providers of credit reports (in relation to company customer-specific data):

Dun & Bradstreet (D&B) (formerly Bisnode Deutschland GmbH) Robert-Bosch-Straße 11, 64293 Darmstadt)

The transmitted data includes in particular

• Company name
• Company address
• VAT ID number

2. Purpose of data processing

We transmit the data for the purpose of checking the creditworthiness of our customers. This serves to reduce the default rate and protect against credit risks.

3 Legal basis for data processing

The legal basis for the processing of the data for the credit assessment of the customer by the controller is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given his consent.

4. Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.

XI. Shipping service provider

1. Description and scope of data processing

If you order products or services on our website for which a shipping service provider is used for delivery, you will receive your order and shipping confirmation via your email address and, depending on the respective shipping service provider, notification that your shipment has arrived and/or notification of the package announcement and possible delivery options.

The data is transmitted to the following service providers:

UPS Europa SA, Ave Ariane 5, Brüssel, B-1200, Belgien
DHL, Deutsche Post AG, Charles-de-Gaulle-Str. 20, 53113 Bonn, Deutschland
GLS, General Logistics Systems B.V., Breguetlaan 28-30, 1438 BC Oude Meer, The Netherlands
FedEx Express Deutschland GmbH, Haberstr. 2, 53842 Troisdorf, Deutschland

The transmitted data is regularly

• Name
• Address
• Email address

2. Purpose of the data processing

The purpose of processing the personal data is to give shipping service providers the opportunity to inform recipients about the progress of the shipment by email and thus increase the probability of successful delivery.

3. Legal basis for data processing

The legal basis for the transmission of the email address to the respective shipping service provider and its use is consent pursuant to Art. 6 para. 1 lit. a GDPR.

4. Duration of storage

The transmitted data will be deleted by the respective shipping service provider once the parcel has been delivered.

5. Possibility of objection and removal

The notification service by the shipping service provider can be terminated by the user concerned at any time. For this purpose, there is a corresponding opt-out link in every email.

XII. Newsletter

1. Description and scope of data processing

It is possible to subscribe to a free newsletter. When you register for the newsletter, the following data from the input mask is transmitted to us:

• Email address

Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.

If you purchase goods or services on our website and enter your e-mail address, we may subsequently use it to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter.

No data is passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.

2. Purpose of data processing

The purpose of collecting the user's email address is to send the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

3. Legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent.

The legal basis for sending the newsletter as a result of the sale of goods or services is Art. 7 para. 3 UWG.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user's email address is therefore stored for as long as the subscription to the newsletter is active.

5. Possibility of objection and removal

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter.

This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.

XIII. Email contact

1. Description and scope of data processing

It is possible to contact us via the email address provided on our website. In this case, the user's personal data transmitted with the email will be stored.

The data is used exclusively for processing the conversation.

2. Purpose of data processing

In the case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.

3. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. Possibility of objection and removal

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email at info@fipa.com, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

XIV. Callback service

1. Description and scope of data processing

There is a "Callback service" form on our website that can be used to contact us. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.

The following data is stored at the time the message is sent:

• Email address (optional)
• Name
• Telephone / mobile phone number
• IP address of the calling computer
• Date and time of dispatch
• Text field (optional) as a message
• Requested callback date and time (optional)

Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.

The data is used exclusively for processing the conversation.

2. Purpose of data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

3. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. If the email contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. Right of cancellation, objection and removal

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email at info@fipa.com, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

XV. Application via email

1. Scope of the processing of personal data

You can send us your application by email. We will record your email address and the data you provide in the email.

• Salutation
• First name
• Name
• Address
• Telephone / mobile phone number
• Email address
• Salary expectations
• Information on education and schooling
• Language skills
• Curriculum vitae
• Certificates
• Photo

After sending your application, you will receive confirmation of receipt of your application documents by email from us.

Your data will not be passed on to third parties. The data will be used exclusively for processing your application.

2. Purpose of data processing

We process the personal data from your application email solely for the purpose of processing your application.

3. Legal basis for data processing

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. b GDPR and § 26 para. 1 sentence 1 BDSG.

4. Duration of storage

After completion of the application process, the data will be stored for up to six months. Your data will be deleted after six months at the latest. In the event of a legal obligation, the data will be stored in accordance with the applicable provisions.

5. Possibility of objection and removal

The applicant has the option to object to the processing of personal data at any time. In such a case, the application can no longer be considered.

Every applicant can subsequently change or delete their data. To do so, please send us an e-mail.

All personal data stored in the course of electronic applications will be deleted in this case.

XVI. Geotargeting

We use the IP address and other information provided by the user (in particular postcode as part of registration or ordering) to address regional target groups (so-called "geotargeting").

Regional targeting is used, for example, to automatically show you regional offers or adverts that are often more relevant to users. The legal basis for the use of the IP address and any other information provided by the user (in particular postcode) is Art. 6 para. 1 lit. f GDPR, based on our interest in ensuring a more precise target group approach and thus providing offers and advertising with greater relevance for users.

Part of the IP address and the additional information provided by the user (in particular the postcode) is only read out and not stored separately.

You can prevent geotargeting by using a VPN or proxy server, for example, which prevent precise localisation. In addition, depending on the browser you are using, you can also deactivate location localisation in the corresponding browser settings (if supported by the respective browser).

We use geotargeting on our website for the following purposes:

• Customer approach
• Advertising purposes

XVII. Content Delivery Networks

Amazon CloudFront

1. Description and scope of data processing

On our website, we use functions of the Amazon CloudFront content delivery network of Amazon Web Service Inc, 410 Terry Avenue North, Seattle WA 98109, USA (hereinafter referred to as Amazon CloudFront). A content delivery network (CDN) is a network of regionally distributed servers connected via the Internet that is used to deliver content - in particular large media files such as videos. Amazon CloudFront provides web optimisation and security services that we use to improve the loading times of our website and to protect it from misuse. When you visit our website, a connection is established to the Amazon CloudFront servers, e.g. to retrieve content. This allows personal data to be stored and analysed in server log files, in particular the user's activity (in particular which pages have been visited) and device and browser information (in particular the IP address and operating system).

Further information on the collection and storage of data by Amazon CloudFront can be found here: https://aws.amazon.com/de/privacy/

2. purpose of data processing

The functions of Amazon CloudFront are used to deliver and accelerate online applications and content.

3. legal basis for data processing

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - the server log files must be recorded for this purpose.

4. duration of storage

Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law.

5. possibility of objection and removal

Information on objection and removal options vis-à-vis Amazon CloudFront can be found at: https://aws.amazon.com/de/privacy/

XVIII. Plugins used

By using our plugins, some of your personal data is sent to the USA or other third countries outside the EU. To ensure suitable guarantees for the protection of the transfer and processing of personal data outside the EU, data is transferred to and processed by our plugin operators on the basis of suitable guarantees in accordance with Art. 46 et seq. GDPR, in particular through the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. A copy of the standard data protection clauses can be requested by sending us an informal email.

We use plugins for various purposes.

The plugins used are listed below:

Implementation of Google Consent Mode v2

As part of the Digital Market Act (DMA), the EU Commission has imposed various obligations on the gatekeepers (Alphabet, Amazon, Apple, ByteDance, Meta and Microsoft). The gatekeepers are obliged to ensure compliance with all legal requirements of the Digital Market Act. Google has therefore introduced Google Consent Mode V2.

We use the BASIC Google Consent Mode V2.

Based on your consent, Consent Mode v2 decides whether or not Google tags may be loaded or executed. If you consent to the use of cookies, Google tags and trackers for Google services will be loaded and your personal data will be processed in accordance with our website settings.

If you do not give your consent, the Google tags will be delayed or not loaded at all. This prevents your personal data from being forwarded to Google.

1. Duration of storage

Your personal information will be stored for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.

2. Transfer to third countries

When using the plugins labelled with third country transfer or USA, personal data may be transferred to servers in the USA. The legal basis for this transfer is consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The United States of America does not offer an adequate level of data protection on the basis of a decision by the European Union. The main risk of the transfer lies in the obligation of the plug-in providers to make user data accessible to US authorities under certain circumstances. An order processing agreement with standard contractual clauses is currently in place with all providers in order to make the transfer to third countries as data protection-friendly and secure as possible. We are currently striving to make adjustments to the ECJ ruling of 16 July 2020 (Schrems II, ref. C-311/18), including additional security precautions.

3. Revocation and removal option

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can prevent the collection and processing of your personal data by the respective providers by preventing the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, deactivating
the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

Obligation to provide information

Information obligations when collecting data in accordance with Art. 13 and 14 GDPR for processing supplier data

Information obligations when collecting data in accordance with Art. 13 GDPR for the collection and processing of applicant data

Information obligations when collecting data in accordance with Art. 13 and 14 GDPR for processing customer and prospective customer data

This privacy policy was created with the support of DataGuard.