Privacy

Privacy Policy

1 Preamble

The following information provides details on how we handle personal data when you visit our website.

The use of our website is generally possible without providing personal data. If personal data is collected when visiting our website, we process it exclusively in accordance with the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications and Telemedia Data Protection Act (TDDDG). The processing of personal data is carried out solely in accordance with this Privacy Policy.

This Privacy Policy applies to the use of the website at https://www.vogtland.com. For linked content from other providers, the privacy policy on the respective linked website applies.

Please note that data transmission over the Internet may be subject to security vulnerabilities that cannot be entirely prevented by the technical design of this website. Complete protection of personal data against third-party access is not possible when using the Internet.

2 Data Controller - Art.13 1 a GDPR

The controller responsible for the processing of personal data in connection with this website is:

VOGTLAND Autosport GmbH
Alemannenweg 25–27
58119 Hagen
Phone: +49 2334 801-0
Email: feedback@vogtland.com

3 Data Protection Officer

Our appointed Data Protection Officer is:

Mr. Dipl.-Inform. Olaf Tenti
GDI Gesellschaft für Datenschutz und Informationssicherheit mbH
Körnerstraße 45
58095 Hagen (NRW), Germany
Phone: +49 (0)2331/356832-0
Email: datenschutz@gdi-mbh.eu
Website: www.gdi-mbh.eu

4 Hosting

Our website is operated on servers provided by Timme Hosting GmbH & Co. KG, Ovelgönner Weg 43, 21335 Lüneburg, Germany.

We have concluded a data processing agreement with Timme Hosting GmbH & Co. KG in accordance with Article 28 GDPR.

When accessing our website, data is automatically collected and stored in log files on the server of our hosting provider. This data may be personally identifiable. The collected data includes:

IP address of the requesting computer (in anonymized form)
Optional user ID
Date and time of access to our website
Time zone of the requesting computer
Submitted input values (e.g. email addresses)
Name and URL of the requested page on our website
URL from which the request was made or the action was triggered
Transferred data volume
Notification of successful retrieval
Internet service provider of the accessing system
Files requested on our website
Connections to links outside of our website (outbound links)
Access protocol
Primary language of the browser used by the requesting computer
Time required to render the requested content on the requesting device (page generation time, transfer rate, and page speed)
Time needed for the server to generate and transmit the website content to the user
User’s location (country, region, city, latitude and longitude – geolocation)
Browser types and versions used
Operating system of the requesting computer (referrer)
Device type, brand, and model of the requesting computer (e.g. desktop, mobile, TV, car, console, etc.)
Last visited page on our website
Other similar data and information that serve the purpose of defending against threats in the event of attacks on our IT systems

The hosting provider uses the collected data to ensure the trouble-free operation of the website, to maintain IT security, and to improve our services. In the event of concrete indications of misuse, the log data may be analyzed retrospectively.

Temporary storage of the IP address by the hosting provider is necessary to deliver the website to the user's device. For this purpose, your IP address must remain stored for the duration of the session.

No combination of this data with other data sources takes place.

The legal basis for data processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest in data processing results from the purposes mentioned above.

The data is deleted by the hosting provider as soon as it is no longer required to fulfill the purpose for which it was collected. In the case of data collected for the provision of the website, this occurs when the session ends. If data is stored in log files, it is deleted or anonymized after no more than seven days.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Therefore, there is no possibility for users to object.

5 Cookies

When visiting our website, cookies may be stored on your device. Upon your first visit, you will be asked whether you consent to the use of cookies and, if so, which categories.

Cookies are small text files stored by your browser on your device that retain specific information. They improve your experience on our website or serve analytical purposes. Most of the cookies we use are “session cookies,” which are necessary for technical functionality and are deleted after your session ends. Other cookies remain on your device so that we can recognize it during your next visit (“persistent cookies”). These are automatically deleted after a pre-set period.

On subsequent visits using the same device, your browser sends back stored cookies to our website ("first-party cookies") or another website ("third-party cookies"). This enables recognition and adapts the website based on your preferences. Cookies do not store personal data unless you have given explicit consent or it is required to provide a specific service.

This website uses the following types of cookies:

Essential Cookies: Required for basic website functionality. They ensure that logged-in users stay logged in while browsing. Legal basis: legitimate interest under Art. 6(1)(f) GDPR.
Functional Cookies: Store user inputs to offer enhanced features. Legal basis: your consent under Art. 6(1)(a) GDPR.
Marketing or Tracking Cookies: Collect user behavior to enable targeted advertising or make the website more user-friendly. These are only set with your consent. Legal basis: Art. 6(1)(a) GDPR.

Opt-out for Marketing Cookies

You may manage cookies used for online advertising via tools such as:

You may withdraw your cookie consent at any time for the future.

Your browser settings also allow:

Notification of cookie placement
Acceptance on a case-by-case basis
General cookie blocking (including third-party cookies)
Automatic deletion of cookies upon browser closure
Manual deletion of cookies

Note: Disabling cookies may limit the functionality of this website.

6 Local Storage / Session Storage Cookies

We also use technologies known as Local Storage and Session Storage (also referred to as "local data," "local storage," or "session storage"), which means we utilize your browser’s storage capabilities.

With Local Storage, data is stored locally in your browser’s cache and can still be accessed after closing the browser window or ending the program, unless you actively delete the cache. Local Storage enables your preferences when using our websites to be saved on your device and made available to you during future visits. Session Storage works similarly to Local Storage, with the difference that the stored data is automatically deleted from your browser’s cache immediately after the browser session ends. Data stored in Local Storage or Session Storage is not accessible to third parties, is not shared with third parties, and is not used for advertising purposes. This technology is primarily used to present our content in a visually appealing manner (e.g. pop-up windows) and to personalize our services and navigation based on your preferences.There is no linkage of this data with other data sources (e.g. tracking tool information that may also be stored separately in Local Storage). In some cases, specific information and input may be stored in Local Storage for transmission to and evaluation by analytics tools. These data are used solely to analyze and evaluate visitors' browsing behavior and are not used for advertising purposes.

Where the use of this technology is necessary for the operation of the website, processing is based on our legitimate interest in providing you with a fully functional and attractive offering, pursuant to Art. 6 (1) sentence 1 lit. f GDPR. In all other cases, processing takes place based on your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR.

7 SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content—such as orders or inquiries you send to us as the website operator—this site uses SSL or TLS encryption.
You can recognize an encrypted connection by the change in the address bar of your browser from “http://” to “https://” and by the padlock icon displayed in your browser’s address bar. When SSL or TLS encryption is enabled, any data you transmit to us cannot be read by third parties (end-to-end encryption). The protocols also authenticate the communication partner and ensure the integrity of the transmitted data.

8 Data Retention

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted, provided that we have no other legally permissible reasons to retain your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will occur after these reasons cease to apply.

9 Contact Options

Our website offers the option to contact us via email or through a contact form.

In this context, the information you provide in the form and/or in the email, including the contact details you submit, will be stored and processed by us for the purpose of handling your inquiry and in case of follow-up questions. This may include personal data such as your name, address, phone number, or email address. We do not share this data with third parties without your consent.

There is no merging of this data with other data collected on this website.

If you are already a customer of our company, the data may be stored within the framework of our Customer Relationship Management (CRM) system.

The contact form is transmitted using TLS encryption. This encryption prevents unauthorized third parties from accessing your personal data.

The processing of your data is based on Art. 6 (1) sentence 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for carrying out pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling the inquiries addressed to us (Art. 6 (1) sentence 1 lit. f GDPR).

The data you provide via the contact form or email will remain with us until you request its deletion, object to the processing, or the purpose for data storage no longer applies (e.g., after your inquiry has been fully resolved). Mandatory statutory provisions – in particular legal retention periods – remain unaffected.

9.1 Applications

You have the opportunity to apply for a position at our company via our website.
We accept digital applications, whether you are applying for a specific job posting or submitting a speculative application.
Specific privacy information for applicants can be found at the following link:
www.vdf-federn.de/karriere.de

10 Transfer of Data to Third Countries

On our website, we use various service providers who provide us with different technologies and tools. Some of these service providers transfer personal data to countries outside the European Union or the European Economic Area (e.g., to the USA), where there may not be an adequate or essentially equivalent level of data protection according to European data protection law. The transfer of personal data must be permissible under Articles 44 et seq. of the GDPR.
For the USA, an adequacy decision exists according to Article 45 (3) GDPR. Companies and organizations in the USA that are certified under the EU-U.S. Data Privacy Framework can therefore receive personal data from the EU without further protective measures being necessary. This adequacy decision thus serves as the basis for data transfers to the service providers we use in the USA.
If no adequacy decision according to Article 45 (3) GDPR exists, or if the company or organization in the USA is not certified under the EU-U.S. Data Privacy Framework, we conclude standard contractual clauses issued by the European Commission according to Article 46 (2) (c) GDPR with the respective service providers/providers to protect your data. Where possible, we also agree on additional guarantees to ensure sufficient data protection in the USA or other third countries.
If a service provider has so-called approved binding corporate rules (BCR) that ensure compliance with European data protection standards within the company, we do not agree on separate standard contractual clauses with the respective BCR-bound service providers.
Nevertheless, it can happen that despite contractual and technical protective measures, the level of data protection in the third country does not correspond to that of the EU. For these cases, we ask you, within the scope of cookie consent, in (contact) forms, or in other registrations and sign-ups, for your consent pursuant to Article 49 (1) (a) GDPR for the transfer of personal data to a third country.

11 Online Shop
11.1 Creating a user account and using the webshop

On our website, you can register for our online shop and create a personal customer account. You register by providing your email address and a password of your choice.
This allows for fast shopping, user data and settings can be saved, order tracking and shipping information are available, and the newsletter subscription can be managed.
The data collected for the purpose of registration includes (partly optional):

Title
Last name, first name
Address, if applicable delivery address
Email address
Telephone number / fax number
Business registration
Company name
Legal form
VAT ID
Goods
IP address (This is used exclusively to the extent necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail (e.g., for the enforcement of legal claims or the investigation of criminal offenses).)
Bank / payment data
If applicable, further information in the case of business customers, such as your business registration number (this can be sent by email or submitted directly during registration).

We process the above-mentioned data (except for your IP address) in connection with fulfilling and processing contracts (including payment processing and, if necessary, credit checks), customer inquiries, and for our own advertising purposes. The data is also used to fulfill our legal obligations towards state and federal authorities (e.g., tax office, customs authorities).
At a minimum, your first and last name and address are required to identify you; for purchases in the online shop, you must additionally provide your email address for the order confirmation and your delivery address for shipping, and depending on the payment method, your bank details.
We store the data processed for this purpose in connection with your registration in the password-protected area until you cancel your access, unless other retention periods apply.
You can close your online account at any time by sending us a short message via email or post: feedback@vogtland.com.
The legal basis for the processing of customer data is Art. 6 para. 1 sentence 1 lit. b GDPR.

11.3 Online Shop Orders With or Without a Customer Account

We only collect personal data that you voluntarily provide to us in the course of placing an order or through other voluntary entries in the order forms on our website. This includes, in particular, the data you provide voluntarily when making inquiries, as well as all information necessary to process and fulfill your order (e.g., first name, last name, address, email address, payment details, phone number, and, if applicable, an alternative delivery address).

When placing an order, you have the option to create a customer account.
If you open a customer account, we will store your data until you delete your account, unless other retention periods apply.
You may close your customer account at any time by sending us a short message via email or post: feedback@vogtland.com

The legal basis for the data processing is Article 6(1)(b) GDPR.
Providing your personal data is necessary for the conclusion of a contract. You are not legally obliged to provide your personal data; however, if you do not, we will not be able to process your order.

Providing your phone number serves our legitimate interest (Article 6(1)(f) GDPR) in facilitating communication in case of questions regarding your order.
The provision of any other data is entirely voluntary.

To prevent unauthorized access by third parties to your personal data—particularly your financial information—the ordering process is encrypted using TLS technology.

In accordance with commercial and tax law requirements, we are obligated to retain your address, payment, and order data (as well as any data you provide for the production of customized products) for up to ten years.
Your data will be deleted following the fulfillment of the contract and after the expiry of the statutory retention periods in accordance with the provisions of the German Commercial Code (HGB) and the Fiscal Code (AO).

11.4 Involved Service Providers

In order to fulfill our contractual obligations, we work with external shipping partners. We transmit your name and delivery address (and additional information if necessary) exclusively for the purpose of delivering the ordered goods to a shipping partner selected by us, in accordance with Article 6(1)(b) GDPR.

For payment processing, we forward your data to the authorized credit institution as required. If we use payment service providers, you will also be informed about them below.

The legal basis for the disclosure of your data is Article 6(1)(b) GDPR.

The following service providers may be involved:

11.4.1 DPD (Shipping Service Provider)

If delivery of the goods is carried out by the shipping service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany), we will transmit only the recipient's name and delivery address to DPD for the purpose of delivery and to the extent necessary in accordance with Article 6(1)(b) GDPR.

If you have expressly consented during the ordering process, we will also transmit your email address to DPD in accordance with Article 6(1)(a) GDPR prior to delivery, so that DPD can coordinate a delivery date with you or provide delivery notifications.

You may revoke your consent at any time with effect for the future, either with the data controller named above or directly with DPD.

11.2 Order Processing

We process our customers’ data in the context of order transactions in our online shop to enable them to select and order the chosen products and services, as well as to handle payment and delivery or execution.

The data processed includes inventory data, communication data, contract data, and payment data. The persons affected by this processing are our customers, interested parties, and other business partners. The processing is carried out for the purpose of providing contractual services within the operation of the online shop, billing, delivery, and customer service. We use session cookies to store the contents of the shopping cart and persistent cookies to store login status.

The personal data collected by us for the processing of your order will be stored until the expiration of statutory retention obligations and then deleted, unless we are required to retain it for a longer period pursuant to Article 6(1)(c) GDPR due to tax or commercial law retention and documentation obligations (e.g. under the German Commercial Code, Criminal Code, or Fiscal Code), or you have consented to further storage in accordance with Article 6(1)(a) GDPR.

We process your payment information for the purpose of payment processing, e.g., when you purchase a product and/or service through our services. Depending on the payment method used, we may forward your payment information to third parties (e.g., to your credit card provider for credit card payments).

The processing is based on Article 6(1)(b) GDPR (performance of order processes) and Article 6(1)(c) GDPR (statutory archiving requirements). The data marked as required is necessary for the formation and performance of the contract. Data will only be disclosed to third parties as necessary for delivery, payment, or as legally permitted or required, for example, to legal advisors or public authorities. Data will only be processed in third countries if necessary for contractual fulfillment (e.g., at the customer’s request for delivery or payment).

Your personal data may be passed on to the following categories of recipients in the course of order processing:

Customer service centers
Freight carriers, drop-shipping suppliers
Payment service providers
If necessary, debt collection service providers

Where required under data protection law, we have concluded data processing agreements pursuant to Article 28 GDPR with the respective service providers.

12 Payment Providers

12.1 Use of PayPal Payment Options (Credit Card: VISA, Mastercard, American Express; Invoice; Direct Debit)

You can choose to pay via credit card or other options through PayPal. The provider is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (“PayPal”). PayPal accounts are linked to an email address (not a traditional account number) and allow online transactions and buyer protection. If you choose a PayPal payment method during checkout, your data will be transmitted to PayPal to complete the transaction.

This typically includes:

Name
Address
Company
Email address
Telephone and mobile number
IP address
Other necessary data for the payment process

Data is transmitted securely using SSL. The payment also requires order-related data (e.g., item count, order number, invoice amount, tax, and other invoice details).

Legal basis: Art. 6(1)(b) GDPR.
The transmission is necessary for payment processing and identity verification, fraud prevention, and the execution of the payment.

PayPal may share your data with affiliates or subcontractors as needed to fulfill the contract or process the data. To determine your eligibility for specific payment options, PayPal may perform credit checks using statistical methods and receive credit data from affiliates (e.g., Klarna) or credit agencies. If you do not provide the required data, the contract using your chosen payment method cannot be concluded.

PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

12.2 Advance Payment

If you choose advance payment, you will receive a confirmation email after placing your order. This email contains the necessary payment details such as the invoice amount, order number, and bank account information. Please include the exact reference code provided in the email when making your payment.

13 Google Maps

We use the "Google Maps" service on this website, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or, if your company or residence is located within the EU, by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Maps is integrated via the Google API in order to visualize and display location information in the form of an interactive map. The required files for this purpose are requested from the Google domains maps.googleapis.com, maps.gstatic.com, fonts.googleapis.com, and/or fonts.gstatic.com.Gstatic is a domain used by Google to load static content under a different domain name, aiming to reduce bandwidth usage and improve network performance for end users.For the map to be displayed, processing of your IP address by Google Maps is technically necessary. With regard to other web services integrated via Google APIs, please refer to the corresponding section of this privacy policy.The legal basis for the use of Google Maps is your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR, provided you have granted us your consent upon first accessing our website.When you visit a page on our website that includes Google Maps, Google receives information that you have accessed the corresponding subpage of our site. The following data is also transmitted:

your IP address,
date and time of the request,
time zone difference from Greenwich Mean Time (GMT),
content of the request (specific page),
access status/HTTP status code,
the amount of data transferred,
the website from which the request originates (so-called referrer),
the browser type and version including language settings,
the operating system and its interface.

This information (including your IP address) is transmitted by your browser directly to a Google server in the USA and stored there.For data transfers to the USA, Google is certified under the EU-U.S. Data Privacy Framework. Based on the European Commission's adequacy decision, this ensures an appropriate level of data protection equivalent to that in the EU.

The transmission occurs regardless of whether Google provides a user account through which you are logged in or whether no such account exists. If you are logged into your Google account, your data will be directly associated with it. If you do not wish your data to be associated with your Google profile, you must log out before using our website.

Google stores your data as user profiles and uses it for purposes of advertising, market research, and/or the personalized design of its website. Such evaluation is carried out in particular (even for users not logged in) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such user profiles; to exercise this right, please contact Google directly.You may revoke your consent to the processing and transfer of your data at any time without stating reasons by deleting the cookies in your browser or by clicking the following link:

Consent-Einstellungen aufrufen

The lawfulness of data processing carried out until the revocation remains unaffected.We have concluded a joint controller agreement with Google regarding the use of Google Maps. You can view its content here:

https://privacy.google.com/intl/de/businesses/mapscontrollerterms/

Further information on the purpose and scope of data collection and its processing by Google can be found in Google’s privacy policy. There, you will also find additional information about your rights and settings options to protect your privacy:
http://www.google.de/intl/en/policies/privacy

14 Google Fonts

By embedding “Google Maps,” Google Fonts are also loaded. These are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or—if your business or residence is located within the EU—by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We have no influence over this process.

The necessary files for this purpose may be requested via the Google domains fonts.googleapis.com, maps.gstatic.com, maps.googleapis.com, and/or fonts.gstatic.com.

“Gstatic” is a domain used by Google to load static content under a different domain name in order to reduce bandwidth usage and improve network performance for the end user.

When visiting our website, Google receives information that you have accessed the corresponding subpage of our website. In addition, the following data is transmitted directly from your browser to a Google server:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status / HTTP status code
Amount of data transferred
Website from which the request originated (so-called referrer)
Type and version of the browser including language settings
Type and version of the operating system including interface

According to Google, this data is not stored and is only used to deliver the requested fonts and to detect and possibly prevent attacks on the IT system. If you have given your consent to allow these tools to be activated—thereby allowing Google Fonts to be loaded—the legal basis for processing this data is your consent in accordance with Art. 6(1)(a) GDPR.For data transfers to the USA, Google participates in the EU-U.S. Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures an adequate level of data protection.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in Google’s privacy policy. There you will also find further information about your rights in this regard and settings to protect your privacy:
https://policies.google.com/privacy?hl=en&gl=en

15 Social Media Profiles

Our presences on social networks and video platforms, which we list below, serve the purpose of active and contemporary communication with our customers and interested parties. There, we provide information about our services, products, and interesting special promotions related to our company and our services.
Further information about us as the provider of the social media channel can be found in our legal notice (Impressum).

Below we provide the data protection information pursuant to Article 13 of the General Data Protection Regulation (GDPR) regarding the social media presences we operate:

15.1 Fan page on Facebook / Facebook presence

The social network Facebook is operated by Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or—if your company or residence is located in the EU—by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). When visiting our online presences on social media, your data may be automatically collected and stored for market research and advertising purposes. Usage profiles, so-called pseudonymous profiles, may be created from this data. These can be used, for example, to place advertisements inside and outside the platforms that presumably correspond to your interests. For this purpose, cookies are generally used on your device. The function of cookies is explained in our privacy policy, so please refer to the corresponding notes there. These cookies store user behavior and interests. This serves to protect our legitimate interests in an optimized presentation of our services and offers, as well as effective communication with customers and interested parties, which prevail in the context of a balancing of interests. The legal basis for this processing is therefore Article 6 (1) sentence 1 lit. f GDPR.

The legal basis for the collection and processing of data is your consent pursuant to Article 6 (1) sentence 1 lit. a GDPR, which you may have given to Facebook when accessing their website. You can revoke your consent to data processing at any time with effect for the future; to do so, please contact Facebook directly. The revocation of consent does not affect the legality of the data processing carried out until the revocation.

Detailed information on the processing and use of data by the provider on their pages, as well as a contact option and your rights and settings options to protect your privacy—including opt-out options—can be found in Facebook’s privacy policy:
https://www.facebook.com/about/privacy/

You can find the opt-out option here:
https://www.facebook.com/settings?tab=ads

Data processing is based on an agreement between joint controllers pursuant to Article 26 GDPR, which you can view here:
https://www.facebook.com/legal/terms/page_controller_addendum

For data transfers to the USA, the provider has joined the EU-U.S. Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision by the European Commission.

15.2 Instagram account

The social network Instagram is operated by Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or—if your company or residence is located in the EU—by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).

When visiting our online presences on social media, your data may be automatically collected and stored for market research and advertising purposes. Usage profiles, so-called pseudonymous profiles, may be created from this data. These can be used, for example, to place advertisements inside and outside the platforms that presumably correspond to your interests. For this purpose, cookies are generally used on your device. The function of cookies is explained in our privacy policy, so please refer to the corresponding notes there. These cookies store user behavior and interests. This serves to protect our legitimate interests in an optimized presentation of our services and offers, as well as effective communication with customers and interested parties, which prevail in the context of a balancing of interests. The legal basis for this processing is therefore Article 6 (1) sentence 1 lit. f GDPR.

Detailed information on the processing and use of data by the provider on their pages, as well as a contact option and your rights and settings options to protect your privacy—including opt-out options—can be found in the Instagram privacy policy:
https://help.instagram.com/519522125107875

You can find the opt-out option in the privacy settings of your Instagram account at:
https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/

15.3 TikTok profile

We operate a TikTok account at https://www.tiktok.com/@ (hereinafter referred to as “TikTok profile”).

Insofar as we process your personal data received from TikTok solely by ourselves, we, [specify the responsible party], are the data controller. Insofar as your personal data received from TikTok is also or exclusively processed by TikTok, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, One London Wall, 6th floor, London EC2Y 5EB, United Kingdom (hereinafter collectively referred to as “TikTok”), are joint controllers for the data processing within the meaning of the GDPR.

We would like to point out that you use our TikTok profile and its offered functions under your own responsibility. This applies in particular to the use of functions such as following, commenting, sharing, liking, etc. We have no influence on the data collected by TikTok. We also have no knowledge of the extent, location, and duration of data storage by TikTok, whether TikTok complies with existing deletion obligations, what evaluations and connections are made with the data, and to whom the data is disclosed.

If TikTok transfers personal data to countries outside the European Union, this may involve various risks concerning the legality and security of the data processing. TikTok bases its data transfers on the EU Standard Contractual Clauses. When you visit our TikTok page and its content, TikTok stores, among other things, your IP address and information about your devices (e.g., advertising ID). If you are also logged into TikTok as a user, TikTok stores a cookie with your TikTok ID on your device. This enables TikTok to track that you visited this page and how you used it, and it can access this information when you visit the TikTok platform.

More information about the purpose of the cookies used can be found in TikTok’s cookie policy at:
https://www.tiktok.com/legal/cookie-policy?lang=de

If, as a registered user, you follow or like our TikTok profile, TikTok adds your profile to the list of all followers of this profile. As a result, our posts and videos will appear in your newsfeed. TikTok provides us with a list of our subscribers. TikTok collects personal data to analyze user behavior and provides us with certain parts of this data, such as the number of views of our videos, as well as the number of likes, comments, and shares. This includes an anonymized and aggregated presentation of the number of new followers and demographic data such as gender and country. We also receive anonymized statistical data (so-called insights). We cannot identify any visitors to the TikTok profile using this data.

The data contained in the statistics is used solely to analyze user behavior. It serves the purpose of aligning our TikTok profile and our offering more closely with the needs and interests of our visitors. Data processing is carried out in the interest of communicating with you. We aim to provide you with a platform where we can share current information and through which you can quickly get in touch with us. The use of the aforementioned data in the context of data analysis serves to optimize our offering. The legal basis for data processing is Article 6 (1) sentence 1 lit. f GDPR. If consent has been requested, Article 6 (1) sentence 1 lit. a GDPR is the legal basis for data processing; consent can be revoked at any time.

Further information on TikTok’s data processing can be found in TikTok’s privacy policy at:
https://www.tiktok.com/legal/privacy-policy-eea?lang=de

15.4 YouTube

The video platform YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or, if your company or residence is located in the EU, by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

The following information does not refer to any possible direct embedding of YouTube videos on our website. When visiting our channel on YouTube, your data may be automatically collected and stored for market research and advertising purposes. From this data, so-called usage profiles are created using pseudonyms. These may be used to place advertisements both within and outside of the video platform that presumably correspond to your interests. For this purpose, cookies are generally placed on your device. For information on how cookies function, please refer to the relevant information provided in Google's privacy policy. These cookies store user behavior and interests.

In addition, we receive statistical evaluations based on the collected data, indicating which audience groups are interested in the individual videos we have uploaded to YouTube. In particular, we are provided with information such as video view counts and play durations. These data are provided in an anonymized form that does not allow conclusions to be drawn about individual persons, and are used solely for statistical analysis. The information includes, for example, approximate geographic location, age group, and other summarized characteristics. The legal basis for the collection and processing of data is your consent in accordance with Article 6(1) sentence 1 lit. a GDPR, which you may have given or may give to Google when visiting its website(s). You may revoke your consent to data processing at any time with effect for the future; please contact Google directly to do so. The revocation of consent does not affect the lawfulness of the data processing carried out up until the point of revocation. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

Detailed information on the processing and use of data by Google on the YouTube website, as well as a contact option and your rights and settings to protect your privacy, can be found in Google’s privacy policy at the following link:
https://policies.google.com/privacy?hl=de&gl=de

15.5 LinkedIn (Company Profile)

For the purpose of recruiting personnel, we use the professional and career network “LinkedIn” and maintain a company profile there. LinkedIn is operated by LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA, or, if your company or residence is located in the EU, by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). There is a data processing agreement in place between us and LinkedIn, which can be accessed here: https://de.linkedin.com/legal/l/dpa?

When you visit our company profile on LinkedIn, your data may be automatically collected and stored by LinkedIn for market research and advertising purposes, as well as for suggesting job offers that may be of interest to you (so-called Page Insights). From this data, pseudonymized usage and interest profiles are created. For this purpose, cookies are generally stored on your device. For information on how cookies function, please refer to LinkedIn’s privacy policy and cookie policy. These cookies store user behavior and interests.

In addition, we receive statistical evaluations based on the collected data, showing which audience groups are interested in our company page. These data are processed in an anonymized form that does not allow any conclusions to be drawn about individual persons and may include information such as approximate geographic location, age group, and other aggregated characteristics. The processing of personal data via Page Insights on LinkedIn is based on an agreement between joint controllers in accordance with Article 26 GDPR, which can be viewed here: https://legal.linkedin.com/pages-joint-controller-addendum

Regardless of the internal responsibilities agreed upon between us and LinkedIn, you may contact either us or LinkedIn directly with any data protection concerns. If LinkedIn requests your consent for data processing, e.g. via a checkbox, the legal basis for the data processing is Article 6(1) sentence 1 lit. a GDPR. You may revoke your consent at any time with effect for the future; to do so, please contact LinkedIn directly. Any data processing carried out before the revocation remains lawful.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Detailed information on the processing and use of data by LinkedIn, as well as contact options and your rights and settings to protect your privacy, can be found in LinkedIn’s privacy policy, available at: https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=de.linkedin.com%7Cli-other

LinkedIn’s cookie policy is available at the following link: https://www.linkedin.com/legal/cookie-policy

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

15.6 XING

We operate online profiles on XING and Kununu to represent our company. The provider of XING and Kununu is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Our XING profile serves as an active and contemporary means of addressing potential employees in a professional environment. On this page, we also share information about our company and present ourselves to the outside world. We use this platform to provide information about our services, products, special promotions, and job opportunities within our company. If XING requests your consent for data processing, e.g. via a checkbox, the legal basis for the data processing is Article 6(1) sentence 1 lit. a GDPR.

You can find detailed information on the processing and use of data by the providers on their respective websites, as well as contact options and your rights and settings for protecting your privacy, in XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

Kununu primarily allows users to submit and view employer reviews. We use our online presence on Kununu to provide information about our company, career opportunities, our products, and services. When visiting our Kununu page or interacting with it, Kununu may collect personal data from users, for example through the use of cookies. Such data collection may also occur for users who are not logged in or registered with Kununu. Information about data collection and further processing by Kununu can be found in Kununu’s privacy notice at: https://privacy.xing.com/de/datenschutzerklaerung/druckversion

The data processing takes place as joint processing. For content that you provide directly on the platform, such as comments, private messages, or similar, New Work SE and we are jointly responsible in accordance with Article 26 GDPR. The legal basis for the processing of data is your consent pursuant to Article 6(1) sentence 1 lit. a GDPR, if given, and the protection of legitimate interests pursuant to Article 6(1) sentence 1 lit. f GDPR. If you contact us, the legal basis may also be Article 6(1) sentence 1 lit. b GDPR (required for the performance of pre-contractual measures).

The legitimate interest mentioned lies in our wish to communicate with you via our Kununu page and to inform you about our company, career opportunities, jobs, products, and services. For information on how XING and Kununu process your data, please refer to the XING privacy policy, which applies to all services of New Work SE: https://privacy.xing.com/de/datenschutzerklaerung/allgemeine-hinweise

Since only New Work SE has access to the actual data collected and its use on the respective platforms, requests for information and the exercise of other data subject rights should be directed to them. However, you may also send such inquiries to us, and we will forward them to the platform provider for further handling. We only process those data via the platforms XING and Kununu that you provide directly to us. These include comments, inquiries, your user profile, reviews, and similar details. These will remain stored for the duration of the existence of the profile.

The processing of data by us takes place exclusively within the territory of the EU or the EEA. We do not transfer any data to third countries.

16 Communication via WhatsApp (WhatsApp Web)

We also offer you the option to submit inquiries via the messaging service WhatsApp and to receive responses to your request through WhatsApp.
This service is operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“WhatsApp”).
We use WhatsApp in the “WhatsApp Business” version.

To contact us via WhatsApp, you must have a user account with WhatsApp and have accepted its privacy policy when setting up the account. Furthermore, communication with us via WhatsApp also requires your consent to the processing of your data by us as part of using our WhatsApp channel. We process your phone number, name, and any other data you provide, along with the content of your message, in order to handle your request and respond to any follow-up questions. By consenting to contact us via WhatsApp, you also agree that your contact data and other personal data may be shared with WhatsApp.

Communication via WhatsApp is protected by end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from accessing the content of communications. However, WhatsApp does have access to metadata generated during communication (e.g., sender, recipient, timestamp).
We also point out that, according to its own statements, WhatsApp shares user data with its parent company Meta, based in the USA.
You can find more information in WhatsApp's privacy policy:
https://www.whatsapp.com/legal/#privacy-policy

We use WhatsApp based on our legitimate interest in providing fast and efficient communication with customers, prospects, and other business and contractual partners (Art. 6(1)(f) GDPR).
If your request relates to the initiation or fulfillment of a contract, the legal basis is Art. 6(1)(b) GDPR.

If we explicitly ask for your consent, data processing is based solely on that consent (Art. 6(1)(a) GDPR), which you can revoke at any time with future effect. To revoke your consent, simply send us a short WhatsApp message with the word "STOP". The contents exchanged via WhatsApp remain stored by us until you request their deletion, revoke your consent for storage, or the purpose for storing the data no longer applies (e.g., once your request has been fully handled).

Mandatory legal obligations—particularly retention periods—remain unaffected.

We have entered into a Data Processing Agreement (DPA) with WhatsApp Ireland Limited:

For data transfers to the USA, WhatsApp participates in the EU-U.S. Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures an appropriate level of data protection.

Of course, you may also contact us via other channels, such as by phone, email, or through our contact form as described earlier.
Additionally, we use a dedicated device exclusively for WhatsApp communication, in which only the contact data of those who actively use WhatsApp to contact us is stored.
This ensures that WhatsApp only receives data from users who voluntarily use the service.

Furthermore, we have configured our WhatsApp accounts so that there is no automatic synchronization with the address book on the devices used.

17 Your Rights and How to Exercise Them

You have the following rights, which you may exercise by contacting us using the contact details provided above or by email at: feedback@vogtland.com

Right of access
(Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed, and, where that is the case, access to this data and to information about its processing.

Right to rectification
(Art. 16 GDPR): You have the right to request the rectification of inaccurate personal data concerning you and to have incomplete data completed.

Right to erasure ("right to be forgotten")
(Art. 17 GDPR): You have the right to request the erasure of your personal data unless processing is necessary for exercising freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

Right to restriction of processing
(Art. 18 GDPR): You have the right to request the restriction of processing if you contest the accuracy of the data, the processing is unlawful and you oppose erasure, we no longer need the data but you require it for legal claims, or you have objected to processing pursuant to Art. 21 GDPR.

Right to data portability
(Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller, where technically feasible.

Right to withdraw consent
(Art. 7(3) GDPR): You have the right to withdraw any previously given consent at any time with future effect. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
Please send your withdrawal to the contact details listed above or via email to: feedback@vogtland.com

Right to object

(Art. 21 GDPR):
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.
We will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing.
If you object to processing for direct marketing purposes, your data will no longer be used for such purposes.
You may exercise your objection rights in connection with the use of information society services—regardless of Directive 2002/58/EC—by automated means using technical specifications.

Automated individual decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or significantly affects you in a similar way.
This does not apply if the decision is necessary for entering into or performing a contract, is authorized by Union or Member State law, or is based on your explicit consent.
These decisions must not be based on special categories of personal data under Art. 9(1) GDPR unless Art. 9(2)(a) or (g) applies and suitable safeguards are in place.

Right to lodge a complaint with a supervisory authority
(Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

18 Status of this Privacy Policy

The continuous development of the internet may require changes to our privacy policy. We reserve the right to make adjustments at any time.

Last updated: June 2025