Privacy notice

We process the following personal data:

The processing of personal data is based on the legal bases listed in the tables below depending on your role in your interaction with us.

We use cookies and identifiers on our website to ensure its optimal functioning and the correct display of content. A cookie is a text file that is stored in your browser or on your device. We use cookies to personalise the content and advertisements we offer, to support social media features and to analyse our site traffic.

Please see our website's cookie banner for more information about the cookies we use. The cookie banner allows you to give your consent to the use of non-essential cookies or to withdraw your previously given consent.

You can change your browser's cookie settings at any time. However, please note, that blocking cookies may impair the functionality of the website and not all content may be displayed correctly.

We mainly collect your personal data directly from you or the organisation you represent. You can provide us with your personal data, for example, via our website or email, in telephone conversations or meetings, or in documents you send us.

We may collect and update personal data from publicly available sources or from the registers of authorities and companies providing personal data services.

We may collect personal data automatically using cookies when you visit our website.

We will retain personal data only for as long as is necessary to fulfil the purpose for which it is processed or to comply with legal obligations. The data will be deleted or anonymised when it is no longer necessary to retain it for the purpose of the law or the exercise of the rights or obligations of either party.

The personal data of website visitors is mainly processed for the duration of their visit to the website. The exact retention periods for cookies can be found in the cookie banner. If you contact us via our website, your enquiry will mainly be stored for two (2) years, unless we have an additional obligation or right to process the personal data in the communication for a longer period. Personal data collected for direct marketing purposes will be retained for two (2) years after the end of the marketing campaign.

For representatives, personal data will mainly be retained for as long as our customer or business relationship with the organisation you represent lasts, and for two (2) years after the end of that customer or business relationship. We may be required to retain some data for longer periods, for example due to mandatory accounting legislation.

Personal data processed on the basis of your consent will be retained until you withdraw your consent or until there is no longer a need to process the personal data in question, whichever occurs first.

We may disclose your personal data to third parties that we use as service providers or subcontractors, such as providers of services for maintaining personal data. We use trusted contractual partners with whom we have agreed on terms that comply with the requirements of data protection legislation.

We may disclose your information to authorities where we are required by law to do so, for example to prevent or investigate fraud or other illegal activities. We may disclose your personal data to other parties upon the order of a competent court or if required by mandatory legislation. In addition, we may disclose your data in connection with a potential sale of a business or other business reorganisation to a purchaser of a business or other relevant party in connection with a reorganisation.

When transferring data, we will ensure a high level of data security and data protection in accordance with the EU General Data Protection Regulation. Third parties and their subcontractors may transfer personal data outside the EU or the European Economic Area. In these situations, we comply with applicable legislation and its requirements, such as the standard contractual clauses (SCCs) approved by the European Commission. The SCCs can be found here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en 

We or our sub-processors may transfer your personal data outside the EU or the European Economic Area if this is necessary for the performance of our services, for example when using global cloud services. In connection with these services, personal data is mainly retained within the EU, but in certain situations personal data may be transferred to countries where the service providers or their sub-processors operate. You can request further information about the service providers we use at a given time, by contacting us at the email address provided at the beginning of this privacy notice.

The security of personal data is important to us. We have put in place appropriate technical and organisational measures to protect personal data:

• Access to data is limited to those persons who need it for their job duties.
• Information systems and equipment are protected by technical measures, including firewalls and passwords.
• Our staff are trained to handle data appropriately and in accordance with the instructions given by the controller.
• Electronic files are regularly backed up.
• The destruction of material containing personal data is carried out in a secure manner.
• If, despite our security measures, a data breach occurs that is likely to have a negative impact on the data subject’s data protection, we will notify the competent authorities and the data subjects concerned as soon as possible, if required by applicable data protection legislation.

Below we have summarised the rights you have as a data subject under mandatory data protection legislation. The legislation regarding some of the rights is complex in nature and the regulated rights are subject to a number of exceptions. To keep this privacy notice concise, not all of the details of the legislation have been included in the summary.