1. Introduction

With the following information, we would like to give you as the “data subject” an overview of the processing of your personal data by us and your rights under data protection laws. It is generally possible to use our websites without entering personal data. However, if you wish to use special services of our company via our website, processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent. The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to “anic GmbH”. By means of this privacy policy, we would like to inform you about the scope and purpose of the personal data we collect, use and process. As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by telephone or post. You can also take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. Therefore, we would like to give you some tips on how to handle your data safely:

• Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.
• Only you should have access to the passwords.
• Ensure that you only use your passwords for one account (login, user or customer account).
• Do not use a password for different websites, applications or online services.
• Especially when using publicly accessible IT systems or IT systems shared with other people: You should always log out after each login on a website, application or online service.

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name or names of relatives, but should include upper and lower case letters, numbers and special characters.

2. Controller

The controller within the meaning of the GDPR is: anic GmbH Am Mühlberg 46, 64372 Ober-Ramstadt, Germany Phone: +49 6154 575796 Fax: +49 6154 575795 Email: service@anic-gmbh.de Representatives of the controller: Andreas Nicklas, Denis Nicklas

3. Data Protection Officer

We would like to inform you that no data protection officer needs to be appointed. The contact person for data protection: Timur Hatipoglu Phone: +49 6154 575796 Fax: +49 6154 575795 Email: datenschutzbeauftragter@anic-gmbh.de Our services are primarily intended for adults. Persons under 16 years of age may not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and adolescents, do not collect such data, and do not pass it on to third parties.

4. Transfer of Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only share your personal data with third parties if:

1. You have given your express consent to this pursuant to Art. 6(1)(a) GDPR,
2. The disclosure is permissible pursuant to Art. 6(1)(f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
3. In the event that there is a legal obligation to disclose pursuant to Art. 6(1)(c) GDPR, and
4. This is legally permissible and necessary pursuant to Art. 6(1)(b) GDPR for the processing of contractual relationships with you.

In order to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49(1)(a) GDPR can serve as the legal basis for the transfer to third countries. This does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

5. Technology

5.1 SSL/TLS Encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. We use this technology to protect your transmitted data.

5.2 Data Collection when Visiting the Website

When using our website for information purposes only, i.e., if you do not register or otherwise provide information to us, we only collect data that your browser transmits to our server (in so-called “server log files”). Our website collects a series of general data and information each time a page is accessed by you or by an automated system. These general data and information are stored in the log files of the server. The following may be collected:

1. Browser types and versions used,
2. Operating system used by the accessing system,
3. Website from which an accessing system reaches our website (so-called referrer),
4. Sub-websites that are accessed via an accessing system on our website,
5. Date and time of access to the website,
6. An Internet protocol address (IP address), and
7. The Internet service provider of the accessing system.

When using these general data and information, we do not draw any conclusions about your person. This information is rather needed to:

1. Deliver the content of our website correctly,
2. Optimize the content of our website as well as its advertisement,
3. Ensure the long-term functionality of our IT systems and the technology of our website, and
4. Provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack.

Therefore, we analyze these anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our company, and to ultimately ensure an optimal level of protection for the personal data we process. The server log files are stored separately from all personal data provided by a data subject. The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes for data collection listed above.

5.3 Hosting by Timme Hosting

We host our website with Timme Hosting GmbH & Co. KG, Ovelgönner Weg 43, 21335 Lüneburg (hereinafter referred to as Timme Hosting). When you visit our website, your personal data (e.g., IP addresses in log files) are processed on Timme Hosting’s servers. The use of Timme Hosting is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation, provision, and security of our website. We have concluded a data processing agreement (DPA) with Timme Hosting pursuant to Art. 28 GDPR. This is a contract required by data protection law, which ensures that Timme Hosting only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. For more information on Timme Hosting’s privacy policy, please visit: https://timmehosting.de/datenschutz

6. Cookies

6.1 General Information about Cookies

Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. Information is stored in the cookie that results from the specific context with the specific device used. However, this does not mean that we obtain direct knowledge of your identity. The use of cookies serves to make the use of our offer more pleasant for you. For example, we use session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site. In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what inputs and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies allow us to automatically recognize when you visit our website again that you have already visited us before. These cookies are automatically deleted after a defined period of time. The respective storage duration of the cookies can be found in the settings of the consent tool used.

6.2 Legal Basis for the Use of Cookies

The data processed by cookies, which are required for the proper functioning of the website, are thus necessary to protect our legitimate interests and those of third parties pursuant to Art. 6(1)(f) GDPR. For all other cookies, you have given your consent to this through our opt-in cookie banner in accordance with Art. 6(1)(a) GDPR.

6.3 CCM19 (Consent Management Tool)

We use the consent management tool “CCM19” from Papoo Software & Media GmbH – Agentur Auguststr. 4, 53229 Bonn, Germany. This service allows us to obtain and manage website users’ consent for data processing. CCM19 collects data using cookies that are generated by end users who use our website. When an end user gives consent, the following data, among others, are automatically logged:

• Cookie duration
• Cookie version
• IP address
• Selection in the cookie banner
• Browser used
• Processor ID and Controller ID

The consent status is also stored in the end user’s browser so that the website can automatically read and follow the end user’s consent on all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) are stored for three years. The retention period corresponds to the regular limitation period according to § 195 BGB (German Civil Code). The data are then immediately deleted. The software is operated on the server of the controller. Data protection-sensitive log files are stored exclusively on this server. The functionality of the website is not guaranteed without the described processing. There is no possibility for the user to object as long as there is a legal obligation to obtain the user’s consent for certain data processing operations, Art. 7(1), 6(1)(c) GDPR.

7. Content of our Website

7.1 Contact/Contact Form

When contacting us (e.g., via contact form or email), personal data are collected. Which data are collected in the case of using a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter has been conclusively clarified and provided that there are no legal storage obligations to the contrary.

8. Our Activities on Social Networks

So that we can also communicate with you on social networks and inform you about our services, we are represented there with our own pages. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform, within the meaning of Art. 26 GDPR, for the processing operations triggered by this. We are not the original provider of these pages, but only use them within the framework of the options offered to us by the respective providers. Therefore, we would like to point out as a precaution that your data may also be processed outside the European Union or the European Economic Area. Use may therefore involve data protection risks for you, as it may be difficult to safeguard your rights, e.g., to information, deletion, objection, etc., and processing by the social networks is often carried out directly for advertising purposes or for the analysis of user behavior by the providers, without this being influenced by us. If usage profiles are created by the provider, cookies are often used or the usage behavior is assigned to your own member profile of the social networks that you have created. The described processing operations of personal data are carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a contemporary way or to inform you about our services. If you have to give consent to data processing as a user with the respective providers, the legal basis refers to Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR. Since we do not have access to the providers’ databases, we would like to point out that it is best to assert your rights (e.g., to information, correction, deletion, etc.) directly with the respective provider. More information about the processing of your data in the social networks and the option to exercise your right to object or revocation (opt out) can be found below for the respective social network provider we use:

8.1 LinkedIn

(Joint) Controller for data processing in Europe: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland Privacy Policy: https://www.linkedin.com/legal/privacy-policy

8.2 YouTube

(Joint) Controller for data processing in Europe: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Privacy Policy: https://policies.google.com/privacy

9. Web Analysis

9.1 Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform independent analyses. It only serves to manage and play out the tools integrated through it. However, the Google Tag Manager does capture your IP address, which may also be transmitted to Google’s parent company in the United States. The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If corresponding consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time. The company has a certification according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to comply with these data protection standards. For more information, please visit the provider’s website at: https://www.dataprivacyframework.gov/participant/5780.

9.2 Google Analytics 4 (GA4)

On our websites we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). In this context, pseudonymized user profiles are created and cookies (see section “Cookies”) are used. The information generated by the cookie about your use of this website may include:

• A short-term collection of the IP address without permanent storage
• Location data
• Browser type/version
• Operating system used
• Referrer URL (previously visited page)
• Time of server request

The pseudonymized data may be transferred to and stored on a Google server in the USA. The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website use and internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties process this data on behalf. These processing operations are carried out exclusively when express consent is given pursuant to Art. 6(1)(a) GDPR. The default data storage period set by Google is 14 months. Otherwise, personal data will be kept for as long as necessary to fulfill the purpose of the processing. The data will be deleted as soon as they are no longer required for the achievement of the purpose. The parent company Google LLC is certified under the EU-US Data Privacy Framework as a US company. This means that there is an adequacy decision pursuant to Art. 45 GDPR in place, so that personal data may be transferred without further guarantees or additional measures. For more information about data protection when using GA4, please visit: https://support.google.com/analytics/answer/12017362?hl=de.

9.2.1 Google Analytics 4 (GA4) – Additional Information on Consent Mode, Simple Implementation

According to the Digital Markets Act, Google is obliged to obtain user consent before user data is processed by Google for personalized advertising. Google meets this requirement with the “Consent Mode”. Users are required to implement this and thus prove that they have obtained the consent of website visitors. Google offers two implementation modes, the simple and the advanced implementation. We use the simple implementation method of the Google Consent Mode. Only if you give your consent to the use of Google Analytics (see above), a connection to Google is established, a Google code is executed, and the processing described above is carried out. If you refuse consent, Google only receives information that consent has not been given. The Google code is not executed and no Google Analytics cookies are set.

9.3 Matomo

We have integrated the Matomo component from the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, on this website. Matomo is a software tool for web analysis, i.e., for collecting, gathering, and evaluating data about the behavior of visitors to websites. Among other things, data about which website a data subject came from (so-called referrer), which subpages of the website were accessed, or how often and for what length of time a subpage was viewed are collected. This is used to optimize the website and for cost-benefit analysis of internet advertising. The software is operated on the server of the controller. Data protection-sensitive log files are stored exclusively on this server. Matomo places a cookie on your IT system. By setting the cookie, we are enabled to analyze the usage of our website. With each call of one of the individual pages of this website, the internet browser on your IT system is automatically caused by the Matomo component to transmit data to our server for the purpose of online analysis. In the context of this technical procedure, we gain knowledge of personal data, such as your IP address, which serves, among other things, to trace the origin of visitors and clicks. By means of the cookie, personal information, for example the access time, the location from which an access originated, and the frequency of visits to our website, are stored. Each time you visit our website, this personal data, including the IP address of the internet connection you use, is transferred to our server. This personal data is stored by us. We do not pass on this personal data to third parties. These processing operations are carried out exclusively when express consent is given pursuant to Art. 6(1)(a) GDPR. The privacy policy of Matomo can be viewed at: https://matomo.org/privacy/.

10. Advertising

10.1 Google Ads with Conversion Tracking

We have integrated Google Ads on this website. The operating company of Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an internet advertising service that allows advertisers to place ads in both Google’s search engine results and the Google advertising network. Google Ads allows an advertiser to pre-define specific keywords that will display an ad in Google’s search results only when the user retrieves a keyword-relevant search result with the search engine. In the Google advertising network, the ads are distributed on relevant websites using an automatic algorithm and in accordance with the previously defined keywords. The purpose of Google Ads is to promote our website by displaying interest-relevant advertising on third-party company websites and in the search engine results of the Google search engine and to display third-party advertising on our website. If you reach our website via a Google advertisement, a so-called conversion cookie is stored on your IT system by Google. A conversion cookie loses its validity after thirty days and is not used to identify you. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, such as the shopping cart from an online shop system, were accessed on our website. Through the conversion cookie, both we and Google can track whether a user who arrived at our website via an Ads advertisement generated revenue, i.e., completed or cancelled a purchase of goods. The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via Ads advertisements, i.e., to determine the success or failure of the respective Ads advertisement and to optimize our Ads advertisements for the future. Neither our company nor other Google Ads advertisers receive information from Google that could identify you. Personal information, such as the websites you visit, is stored via the conversion cookie. Each time you visit our website, personal data, including the IP address of the internet connection you use, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected through the technical procedure to third parties. These processing operations are carried out exclusively when express consent is given pursuant to Art. 6(1)(a) GDPR. The parent company Google LLC is certified under the EU-US Data Privacy Framework as a US company. This means that there is an adequacy decision pursuant to Art. 45 GDPR in place, so that personal data may be transferred without further guarantees or additional measures. Google AdSense’s privacy policy and additional information can be viewed at: https://www.google.de/intl/de/policies/privacy/.

10.2 Google Ads – Additional Information on Consent Mode, Simple Implementation

According to the Digital Markets Act, Google is obliged to obtain user consent before user data is processed by Google for personalized advertising. Google meets this requirement with the “Consent Mode”. Users are required to implement this and thus prove that they have obtained the consent of website visitors. Google offers two implementation modes, the simple and the advanced implementation. We use the simple implementation method of the Google Consent Mode. Only if you give your consent to the use of Google Ads (see above), a connection to Google is established, a Google code is executed, and the processing described above is carried out. If you refuse consent, Google only receives information that consent has not been given. The Google code is not executed and no Google Ads cookies are set.

11. Your Rights as a Data Subject

11.1 Right to Confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

11.2 Right to Information Art. 15 GDPR

You have the right to obtain free information about the personal data stored about you at any time, as well as a copy of this data in accordance with the statutory provisions.

11.3 Right to Rectification Art. 16 GDPR

You have the right to request the correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data.

11.4 Deletion Art. 17 GDPR

You have the right to request that personal data concerning you be deleted immediately, provided that one of the legally stipulated reasons applies and insofar as the processing or storage is not required.

11.5 Restriction of Processing Art. 18 GDPR

You have the right to request the restriction of processing from us if one of the legal requirements is met.

11.6 Data Portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to whom the personal data has been provided, where the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Furthermore, when exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.

11.7 Right to Object Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balancing of interests) GDPR. This also applies to profiling based on these provisions within the meaning of Art. 4(4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. In individual cases, we process personal data for direct marketing purposes. You may object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes. In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest. You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

11.8 Withdrawal of Consent under Data Protection Law

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

11.9 Complaint to a Supervisory Authority

You have the right to complain to a data protection supervisory authority about our processing of personal data.

12. Routine Storage, Deletion and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the purpose of storage or as required by the legal regulations to which our company is subject. If the purpose of storage ceases to apply or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

13. Duration of Storage of Personal Data

The criterion for the duration of storage of personal data is the respective statutory retention period. After the period expires, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of a contract. This privacy policy was created with the support of the data protection software: audatis MANAGER.