We process the personal data of our users, in principle, only to the extent of what is necessary to provide a functional website as well as our contents and services.

Moreover, we will collect personal data (e.g. e-mail address, name, phone number and company) within the operation of our websites only if you make such data available (e.g. if you register for a newsletter on our homepage, use our contact form, register on one of our Portals, register on our ticket system PARTconcept for support enquiries or provide contact details in the settings of our apps) and if we have the authorization to do so with your consent or on the basis of a legal basis for processing. Information required to render a service is indicated accordingly, any other information is voluntary. We basically use such data for the purpose of which you provided us the data, e.g. to answer your inquiry, to process your inquiry or to provide you with access to certain information or offers.

Insofar as consent has been obtained by the data subject to process personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data is necessary to perform a contract with the data subject as the other contracting party, Art. 6(1)(b) of the GDPR serves as the legal basis.  This also applies to processing required for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary to meet a legal obligation which our company is subject to, Art. 6(1)(c) of the GDPR serves as the legal basis.

In case the protection of the vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6(1)(d) of the GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and this interest is not outweighed by the interests, fundamental rights and freedoms of the data subject, then Art. 6(1)(f) GDPR serves as the legal basis for the processing.

The personal data of the data subject will be erased as soon as there is no longer a purpose for the storage. Further retention of the relevant data may take place if provided for by European or national legislators in regulations, laws or other legal provisions the controller is subject to. Erasure of the data shall then take place when the mandatory storage period by the aforementioned requirements expires, unless processing the relevant data is necessary for another legitimate purpose (including the necessity to perform a contract or to establish, exercise or defend legal claims).

We may also anonymize your personal data, i.e. change it so that it can no longer be related to you and no longer qualifies as personal data. The processing of anonymized data is not subject to data protection law.

CADENAS uses data centers in Germany and Canada. Please see also the respective sections in this data privacy policy for more information about data transfers.

Whenever our website is called up, our system records data and information automatically from the system of the calling computer.

The following data is collected:

• IP address
• date and time of the request  
• time zone difference to Greenwich Mean Time
• content of the request
• access Status/https-status code
• the transferred data volume
• website from which the request comes
• browser,
• the operating system and its interface
• language and version

The data is also stored in the log files of our system. The information is stored in the log files of our system. This data will not be stored together with other personal data of the user.

The legal basis for the temporary storage and processing of this personal data is Art. 6(1)(f) GDPR.

The processing of the IP address and the associated abovementioned data is to enable delivery of the website and to ensure its proper technical administration, including to detect and resolve any technical issues, and to prevent and, if necessary, prosecute any misuse of our website.

The data also serves to optimize the website and to ensure the security of our information system. An evaluation of the data for marketing purposes does not take place in this regard.

We have a legitimate interest in pursuing the abovementioned purposes, the legal basis is Art. 6(1)(f) GDPR.

The data will be deleted as soon as the processing of the data is no longer necessary. The processing of data necessary to provide the website will end with each session.   

In case IP addresses are stored in log files, this will be for the duration of seven days at the most, unless further storage is necessary for the establishment, exercise or defense of legal claims. Log files may be stored for longer but in that case the IP addresses of the users are deleted or distorted to prevent attribution to the requesting client.

The processing of personal data for the secure operation of the website and the storing of data in log files are essential to operate the website, which constitutes a compelling legitimate ground on our end. Therefore, the user has no right to object.

We use Friendly Captcha on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.

Friendly Captcha is used to verify whether the entry of data into our website (e.g., into a contact form) is being performed by a person or an automated program. For this purpose, Friendly Captcha analyzes the behavior patterns of website visitors based on numerous characteristics. For the analysis, Friendly Captcha examines a wide range of information (e.g., anonymized IP address, referrer, time of the visit, etc.). For more related information please visit: https://friendlycaptcha.com/legal/privacy-end-users/.

The storage and analysis of the data occurs on the basis of Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in protecting the operator’s web presentations against abusive automatic spying and SPAM.

If personal data is stored, this data will be deleted within 30 days.

We have integrated OneDrive on this website. The provider is the Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (hereinafter “Microsoft”).

OneDrive enables us to include an upload area on our website where you can upload content. When you upload content, it is stored on the OneDrive servers of Microsoft. When you access our website, a connection to those servers is also established so that OneDrive can determine that you have visited our website.

The use of OneDrive is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a reliable upload area on its website.

Microsoft Corporation is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/6474.

Consent with ConsentManager

Our website uses the ConsentManager consent technology to obtain your consent to the storage of certain cookies on your device or for the use of certain technologies and for the data protection law-compliant documentation of the former. The party providing this technology is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de (hereinafter referred to as “ConsentManager”).

Whenever you visit our website, a connection to ConsentManager’s servers will be established to obtain your consent and other declarations regarding the use of cookies.

Moreover, ConsentManager shall store a cookie in your browser to be able to allocate your declaration(s) of consent or any withdrawal of the former. The data that are recorded in this manner shall be stored until you ask us to erase them, delete the ConsentManager cookie or until the purpose for processing the data no longer exists. This shall be without prejudice to any mandatory legal retention periods.

ConsentManager uses cookies to obtain the declarations of consent in a documented manner as mandated by law. The legal basis for the related processing of personal data is Art. 6(1)(c) GDPR.

On various occasions, cookies are used on our apps and websites in order to provide you with targeted information and to store your search settings. Cookies are small text files sent to your PC or end device from our web and normally stored on your hard drive for the browser you use. Cookies cannot run any programs nor transfer viruses onto your computer, but serve to provide us the information needed to make your visit to our website easier and more effective.  A cookie contains a character string which enables the clear identification of the browser whenever the website is visited again. If you have an account on any of our websites, we use cookies to identify you for subsequent visits, otherwise you would have to make a new login with each visit. The stored information is saved separately from any other data that might have been provided to us. In particular, the data of cookies will not be linked with any of your additional data.

Our websites use cookies to the following extent:

(1) Session IDs

(2) persistent Cookies

(3) Third-Party-Cookies

Session IDs allow the various requests by your browser to be assigned to a common session, so that your computer will be recognized when you return to the website.

Especially, the following data can be stored and transferred via cookies:

(1) Language settings

(2) Log-in Information: User Name, Password encrypted if user selects Option "remember my Login data"

(3) Session IDs

With the user’s consent, we also use cookies on our websites to enable an analysis of the user's surfing behavior, in case that you have given your consent via the ConsentManager. In this respect, especially the following data can be transferred:

(1) Search terms entered

(2) Frequency of page views

(3) Utilization of website functions

See section VI. of this data privacy policy for more details.

With the user’s consent, we also use cookies our websites to embed third-party content such as maps or videos.

User data collected in this manner are pseudonymized through technical precautions. Therefore the user visiting the website cannot be directly associated with the data. The data will not be stored together with other personal data.

When calling up our website, an info banner lets the users know that cookies are used for necessary technical purposes. We also ask for consent for the placement of cookies and processing of personal data purpose of analyzing website users’ behavior. The users are referred to this data privacy policy and informed of the right to withdraw their consent. It is also pointed out that the storing of cookies can be prevented in the browser settings.

The legal basis for the processing of personal data with the use of cookies is Art.6(1)(f) GDPR for technical necessary cookies and your consent (Art. 6(1)(a) GDPR) for the analysis cookies and for cookies used for embedding third-party content.

The reason for using technically necessary cookies is to ensure that the website can be provided in a secure and lawful manner. Some of the functions of our website cannot be offered without the use of cookies. For those, it is necessary that the browser can also be recognized after a page change.

The user data collected by technically necessary cookies will not be used to create user profiles.

The use of analysis cookies serves the purpose of improving the quality of our website and its contents. The analysis cookies show us how our website is used and help us to constantly optimize our offer.

Cookies are stored on the user's computer and from there transferred to our page. It follows that you as the user have the complete control over the use of cookies. By changing your settings in your Internet browser, you can deactivate or limit the transfer of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. The deactivating of cookies for our website can possibly lead to a restricted use of the website's functions.

The session IDs are then deleted when you log out or close the browser. Persistent cookies will be deleted automatically after a specified time, which can vary depending on the cookie.

Cadenas GmbH

More detailed information on cookies, including their providers, the legal basis and retention periods, can be accessed via the cookie banner on the respective website.

BootstrapCDN

CADENAS GmbH Marketing

CADENAS GmbH

consentmanager

Google Ads

Google Analytics

Google Maps

Google Tag Manager

jsdelivr.com

Revolvermaps - Karma Implementor

YouTube

3Dfindit

CADENAS GmbH Marketing

CADENAS GmbH

CHARGEBEE B.V.

consentmanager

Freshworks

Friendly Captcha GmbH

Google Ads

Google Analytics

Google Tag Manager

LinkedIn Ireland Unlimited Company

Links from/to manufacturer catalogs

Links to price search engines

Mailingwork GmbH

Microsoft Clarity

Microsoft

Wikimedia Foundation Inc.

YouTube

PARTcommunity

CADENAS GmbH Marketing

CADENAS GmbH

CHARGEBEE B.V.

consentmanager

Freshworks

Friendly Captcha GmbH

Google Maps Street Validation

Google Maps

Revolvermaps - Karma Implementor

Supplier Welcome Portal

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website.

Google is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780

With your consent, this website uses functions of the web analysis service Google Analytics. The provider of this service is Google.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is summarized in a user-ID and assigned to the respective end device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website usage information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG (German Telecommunications, Digital Services, Data Protection Act). You may withdraw your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780

IP anonymization
Google Analytics IP anonymization is active. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

With your consent, this website uses Google Conversion Tracking. The provider of this service is Google.

With the assistance of Google Conversion Tracking, we are in a position to recognize whether the user has completed certain actions. For instance, we can analyze how frequently which buttons on our website have been clicked and which products are reviewed or purchased with particular frequency. The purpose of this information is to compile conversion statistics. We learn how many users have clicked on our ads and which actions they have completed. We do not receive any information that would allow us to personally identify the users. Google as such uses cookies or comparable recognition technologies for identification purposes.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG (German Telecommunications, Digital Services, Data Protection Act). You may withdraw your consent at any time.

For more information about Google Conversion Tracking, please review Google’s data protection policy at: https://policies.google.com/privacy?hl=en

Google is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

With your consent, the website operator uses Google Ads. Google Ads is an online promotional program of Google.

Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG (German Telecommunications, Digital Services, Data Protection Act). You may withdraw your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

Google is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780

With your consent, this website uses the Insight tag from LinkedIn. This service is provided by LinkedIn.

Data processing by LinkedIn Insight tag
We use the LinkedIn Insight tag to obtain information about visitors to our website. Once a website visitor is registered with LinkedIn, we can analyze the key occupational data (e.g., career level, company size, country, location, industry, job title) of our website visitors to help us better target our site to the relevant audience. We can also use LinkedIn Insight tags to measure whether visitors to our websites make a purchase or perform other actions (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also features a retargeting function that allows us to display targeted advertising to visitors to our website outside of the website. According to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser characteristics and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data will then be deleted within 180 days.

The data collected by LinkedIn cannot be assigned by us as a website operator to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own promotional activities. For details, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis
The legal basis is your consent on the basis of Art. 6(1)(a) GDPR and § 25 TDDDG (German Telecommunications, Digital Services, Data Protection Act). Such consent may be withdrawn at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

LinkedIn Corporation is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5448.

Objection to the use of LinkedIn Insight Tag
You can object to LinkedIn’s analysis of user behavior and targeted advertising at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

In addition, LinkedIn members can control the use of their personal information for promotional purposes in the account settings. To prevent LinkedIn from linking information collected on our site to your LinkedIn account, you must log out of your LinkedIn account before you visit our site.

With your consent, this website uses Clarity. The provider is the Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity/ (hereinafter referred to as “Clarity”).

Clarity is a tool to analyze user patterns on this website. Clarity records in particular cursor movements and compiles graphics that show on which parts of the website users are scrolling with great frequency (heatmaps). Clarity can also record sessions so that we can watch the use of the site in the form of videos. Moreover, we receive information on the general user conduct within our website.

Clarity uses technologies that make it possible to recognize users for the purpose of analyzing user patterns (e.g., cookies or use of device fingerprinting). Your personal data will be archived on Microsoft servers (Microsoft Azure Cloud Service) in the United States.

The legal basis is your consent on the basis of Art. 6(1)(a) GDPR and § 25 TDDDG (German Telecommunications, Digital Services, Data Protection Act). Such consent may be revoked at any time.

For more details on Clarity’s data privacy policy, please see: https://docs.microsoft.com/en-us/clarity/faq.

Microsoft Corporation is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active

This website uses the open-source web analysis software Matomo.

Through Matomo, we are able to collect and analyze data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser, and operating sysem used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising.

For analysis with Matomo we use IP anonymization. Your IP address is shortened before the analysis, so that it is no longer clearly assignable to you. 

We host Matomo exclusively on our own servers to that all analysis data remains with us and is not passed on. 

This data privacy policy applies to our websites and their subpages, not to websites provided by third parties. Our websites can contain links to other providers not covered by this data privacy policy. If you leave our websites via a link, it is recommended to carefully read the data privacy policies of each website that collects personal data.

We have integrated buttons with graphics of Facebook, Linkedin and Youtube on our homepage so that you can find CADENAS on those social media platforms with one click. In the interest of the most extensive protection of your data, the buttons are only integrated as a link to the respective services. This ensures that data transfer to any operator of the social network will not take place without previous activation on your part. After clicking the button, you will be forwarded to the provider and can then visit the pages of CADENAS on each of the platforms, find out about activities and topics around CADENAS, leave your comments and exchange ideas with others. Third-party pages are operated exclusively by the respective third party. We neither have any influence on the data collected there and the data processing nor do we have any knowledge about the full extent of data collection, the purpose thereof as well as the storage periods. Information on the handling of your personal data when using those websites is available in the data privacy policies of the third-party provider (see VII 4).

This website embeds videos of the website YouTube. The website operator is Google.

If you visit a page on this website into which a YouTube video has been embedded, the video will not be active at first. Once you activate the YouTube video, a connection with Google’s servers will be established. As a result, the Google server will be notified which of our pages you have visited.

Furthermore, Google will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way Google will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user-friendliness of the site and to prevent attempts to commit fraud. Furthermore, the data collected will be processed in the Google advertising network.

If you are logged into your YouTube account while you visit our site, you enable Google to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.

The use of YouTube is based on your consent, once it has been obtained, on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG (German Telecommunications, Digital Services, Data Protection Act). This consent can be withdrawn at any time.

For more information on how Google handles user data, please consult the Google Data Privacy Policy under: https://policies.google.com/privacy?hl=en.

Google LLC is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

This website uses the mapping service Google Maps. The provider is Google. With the means of this service, we can integrate map material on our website.

To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use Google Fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.

We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. The legal basis for the data processing is your consent, once it has been obtained, on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG (German Telecommunications, Digital Services, Data Protection Act). This consent can be withdrawn at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

Google is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Share function

We offer you the so-called “share function” on our websites. This can be used to share the contents of our websites, such as news or CAD models, with persons who you think would be interested, per e-mail and via Social Media Buttons (Facebook, Tumblr, Xing, Pinterest, LinkedIn, X (formerly Twitter)).

In case you share contents via email, please be aware of the fact that you are responsible for the sent email and deemed to be controller pursuant to  applicable data protection law. In the interest of the fullest protection possible for your data, the Buttons on our websites and in our apps are integrated only as a link to the respective services. This ensures that a data transfer does not take place to the operator of each social network without prior activation performed by you. After clicking onto the button without being logged into the social network, the login window of the selected social network will open in a new browser window and at the same time a cookie will be placed on your hard disk. If you click the button while being already logged into the social network, the network will be able to allocate your visit to your account on the social network. Websites of third parties are solely operated by them. We neither have any influence on the data collected and processed, nor do we know anything about the full extent of the data collection, the purposes as well as the storage limits. Information about the handling of your personal data when using those websites is available in the provider’s data protection policy.

Facebook

We have integrated elements of the social network Facebook on this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland ("Facebook"). According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.

An overview of the Facebook social media elements is available under the following link: https://developers.facebook.com/docs/plugins/.

If the social media element has been activated, a direct connection between your device and the Facebook server will be established. As a result, Facebook will receive information confirming your visit to this website with your IP address. If you click on the Facebook Like button while you are logged into your Facebook account, you can link content of this website to your Facebook profile. Consequently, Facebook will be able to associate your visit to this website with your user account. We have to emphasize that we as the provider of the website do not receive any information on the content of the transferred data and its use by Facebook. For more information, please consult the Data Privacy Policy of Facebook at: https://de-de.facebook.com/privacy/explanation.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG (German Telecommunications, Digital Services, Data Protection Act). Consent can be withdrawn at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

Meta Platforms, Inc. is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/4452.

XING

This website uses elements of the XING network. The provider is the New Work SE, Am Strandkai 1, 20457 Hamburg, Germany ("XING").

Any time one of our sites/pages that contains elements of XING is accessed, the element will not be active at first. Once you active the element by interacting with it, a connection with XING’s servers is established. As far as we know, this does not result in the storage of any personal data. In particular, the service does not store any IP addresses or analyze user patterns.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG (German Telecommunications, Digital Services, Data Protection Act). Consent can be withdrawn at any time.

For more information on data protection and the XING share button please consult the Data Protection Declaration of Xing at: https://privacy.xing.com/de/datenschutzerklaerung.

Tumblr

This website uses buttons and other elements provided by Tumblr. The provider of this service is Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA ("Tumblr").

If the social media element has been activated, a direct connection between your device and Tumblr’s server will be established. As a result, Tumblr will receive information on your visit to this website.

The Tumblr buttons enable you to share a report or a page on Tumblr or to follow the provider on Tumblr. If you access one of our websites via the Tumblr button, your browser will establish a direct connection with Tumblr’s servers. We do not have any control over the volume of data Tumblr collects and transfers with the assistance of this plug-in. Based on the current status of the information we have the IP address of the user, and the URL of the respective website are both transferred.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG (German Telecommunications, Digital Services, Data Protection Act). Consent can be withdrawn at any time.

For further information on this subject, please consult Tumblr’s Data Privacy Declaration at: https://www.tumblr.com/privacy/en.

Pinterest 

We use elements of the social network Pinterest on this website. The network is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest").

If you access a site or page that contains such an element, the element will not be active at first. Once you activate the element by interacting with it, your browser will establish a direct connection with Pinterest’s servers. During this process, the social media element transfers log data to Pinterest’s servers in the United States. The log data may possibly include your IP address, the address of the websites you visited, which also contain Pinterest functions. The information also includes the type and settings of your browser, the data and time of the inquiry, how you use Pinterest and cookies.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG (German Telecommunications, Digital Services, Data Protection Act). Consent can be withdrawn at any time.

For more information concerning the purpose, scope and continue processing and use of the data by Pinterest as well as your affiliated rights and options to protect your private information, please consult the data privacy information of Pinterest at: https://about.pinterest.com/en/privacy-policy.

LinkedIn 

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn").

Any time you access a page of this website that contains elements of LinkedIn, the element will not be active at first. Once you activate the element by interacting with it, a connection to LinkedIn’s servers is established. LinkedIn is notified that you have visited this website with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account at the time, LinkedIn will be in a position to allocate your visit to this website to your user account. We have to point out that we as the provider of the websites do not have any knowledge of the content of the transferred data and its use by LinkedIn.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG (German Telecommunications, Digital Services, Data Protection Act). Consent can be withdrawn at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de.

For further information on this subject, please consult LinkedIn’s Data Privacy Declaration at: https://www.linkedin.com/legal/privacy-policy.

LinkedIn Corporation is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5448.

X (formerly Twitter) 

We have integrated functions of the social media platform X (formerly Twitter) into this website. These functions are provided by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“X US”). The branch Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“X EU”, together with X US just “X”), is responsible for the data processing of individuals living outside the United States.

If the social media element has been activated, a direct connection between your device and X’s server will be established. As a result, X (formerly Twitter) will receive information on your visit to this website. While you use X (formerly Twitter) and the “Re-Tweet” or “Repost” function, websites you visit are linked to your X (formerly Twitter) account and disclosed to other users. We must point out, that we, the providers of the website and its pages do not know anything about the content of the data transferred and the use of this information by X (formerly Twitter). For more details, please consult the X (formerly Twitter) Data Privacy Declaration at: https://x.com/en/privacy.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG (German Telecommunications, Digital Services, Data Protection Act). Consent can be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://gdpr.x.com/en/controller-to-controller-transfers.html.

You have the option to reset your data protection settings on X (formerly Twitter) under the account settings at https://x.com/settings/account.

X US is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/2710.

We publically maintain accessible profiles in social networks. The social networks we use are detailed below. Social networks such as Facebook, Google+, etc. can, as a rule, analyse your user behavior comprehensively when you visit their website or a website with integrated social media contents (e.g. like- buttons or banners). When you visit our social media presence, numerous data protection processes are triggered. Specifically: When you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign the visit to your user account. Your personal data might also be collected even if you are not logged in or you do not have an account with the respective social media portal. In this case, data collection can take place via the cookies stored on your end device or by the collecting of your IP address. With the help of such data, the operators of social media portals can create user profiles that contain your preferences and interests. This way, interest-related advertising can be displayed for you in and outside of the respective social media presence. If you have an account with a certain social network, interest-related advertising can be displayed on all devices where you are or were logged in. Moreover, please note that we cannot trace all processing operations on the social media portals. Depending on the provider,  additional processing can be carried out by the operators of the social media portals. For details, see the terms of use and data privacy policy of the respective social media portal.

Our social media accounts’ purpose is to establish a comprehensive presence of our company on the Internet. This is a legitimate interest within the meaning of Art. 6 (1)(f) GDPR. The analyzing processes initiated by the social networks are possibly based on differing legal grounds, which must be stated by the operators of the social networks (e.g. consent according to Art. 6(1)(a) GDPR.

When you visit one of our social media presences (e.g. Facebook), we, together with the operators of the social media platform, are joint controllers for starting the data-processing operations for that visit. You can assert your rights (access, rectification, erasure, limitation of the processing, data portability and complaints) in general against us as well as against the operator of the respective social media portal (e.g. against Facebook). Please note that, even though we are joint controllers with the operators of social media portals, we cannot entirely influence data processing operations of those social media portals. Our options primarily go by the company policy of each provider.

The data we collect directly from the social media presence are deleted as soon as they have served their purpose for being stored, if you request us to do so, if you withdraw your consent to store the data (provided the data processing is based on consent) or there is no longer any reason for the storage of your data. Stored cookies remain on your end device till you delete them. Mandatory statutory provisions – esp. retention periods – remain unaffected. We have no influence on the storage period of your data, which are stored by the operators of the social networks for their own purposes. You can find out the details directly from the operators of the social networks (e.g. in their data privacy policy, see below).  

- Facebook – We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter Meta). According to Meta’s statement the collected data will also be transferred to the USA and to other third-party countries.

You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.

Meta Platforms, Inc. is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/4452

- X (formerly Twitter) We use the short message service X (formerly Twitter). The provider is the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Responsible for the data processing of individuals living outside the United States is the branch Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can customize your X (formerly Twitter) privacy settings in your user account. Click on the following link and log in: https://x.com/settings/account/personalization.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://gdpr.x.com/en/controller-to-controller-transfers.html.

For details, see the X (formerly Twitter) Privacy Policy: https://twitter.com/en/privacy.

- XING – We have a profile on XING. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

- LinkedIn – We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

LinkedIn Corporation is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5448

- YouTube - We have a profile on YouTube. The provider is Google. Details on how they handle your personal data can be found in the YouTube privacy policy: https://policies.google.com/privacy?hl=en.

Google LLC is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780

It is possible to subscribe to a free newsletter on our website. Data will be transferred to us from the input mask when registering for the newsletter. The administration takes place through CADENAS GmbH.

The e-mail address and language are mandatory for newsletter subscription. The use of a personal user profile is optional as well as the indication of first name, surname and company. For the processing of this personal data, your consent will be obtained and this data protection declaration will be referred to during registration. Your consent is the relevant legal basis (Art. 6(1)(a) GDPR). This data will also be completely deleted upon withdrawal of consent (see under section IX 6).

In addition, the following data is collected at subscription;

(1) IP address of the requesting computer

(2) Date and time of registration

This data is necessary for validating proper subscription to the newsletter, which is a legitimate interest. The legal basis for the data processing is Art. 6(1)(f) GDPR. We use Mailingwork to send news, letters, invitations, statistics and system notifications. The provider is Mailingwork GmbH, Schönherrstraße 8, 09113 Chemnitz, Germany.

Mailingwork is a service that can be used to organize the sending of newsletters, among other things. Your data will be stored on Mailingwork GmbH's servers in Germany. If you send a withdrawal of your consent directly to Mailingwork GmbH at datenschutz@fsf.de the data will also be deleted at Mailingwork GmbH.

To ensure the protection of your data, we have concluded an order processing contract with Mailingwork GmbH in accordance with Art. 28(3) GDPR. This contract ensures that your personal data, which we pass on to Mailingwork GmbH for processing, is processed only according to our instructions, as required by the GDPR.

For more details, please refer to Mailingwork GmbH's privacy policy: https://mailingwork.de/datenschutz

1.1 Receipt of newsletter by registration

The legal basis for the processing of data of users who have subscribed to our newsletter for the purpose of sending the newsletter is the user's consent, Art. 6(1)(a) GDPR. The legal basis for storing the meta-data on the newsletter subscription is Art. 6(1)(f) GDPR because the data is necessary to validate the subscription and ensure that the company can demonstrate that consent has been obtained lawfully.

1.2 Receiving the newsletter due to the sale of goods or services

Newsletters may also be sent to persons whose contact details we have acquired in connection with the sale of goods or services, provided the newsletter relates to our own similar goods or services, the person has been informed of their right to object but has not exercised it. The legal basis for sending the newsletter in such cases is Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG (German Act on Unfair Competition).

The collection of the e-mail address and the language serves to deliver the newsletter and to provide the newsletter text in an appropriate language. The voluntary use of the personal user profile and the voluntary indication of first name, surname and company name serves the purpose of creating a customized newsletter that is adapted to the interests of the customer.

The collecting of any other personal data during registration serves to prevent the misuse of services or the e-mail address used and to demonstrate that consent has been obtained lawfully.

If you consent to the optional use of the personal user profile when registering for the newsletter, your data will be processed automatically. The aim is to create a personal newsletter based on your interests (click behavior within the newsletter; profiling). The legal basis for this data processing is your consent, Art. 6(1)(a) GDPR.

The data will be deleted as soon as the data processing is no longer necessary for the pursued purpose. The user's e-mail address will be stored for as long as the newsletter is subscribed to, i.e. until the user withdraws consent.

We use the so-called double-opt in when registering for our newsletter. This means we will send you a confirmation e-mail to the e-mail address obtained from you, where you confirm your wish to receive the newsletter. If this is not confirmed within 14 days, your registration will be automatically deleted. If you confirm your subscription to the newsletter, we will store your data until you unsubscribe from the newsletter.

The subscription to the newsletter can be cancelled by the user at any time. A link for this purpose is in every newsletter.

In the same way it is also possible to withdraw your consent to the processing of your personal data for the purpose of the newsletter.

On some of our websites, such as 3Dfindit.com, (the “CADENAS Portals”) we offer the option of registering by providing personal data in order to use exclusive functions, such as downloading CAD models. The data is entered into a form and transmitted to CADENAS and processed further.

We use the so-called double opt-in procedure for registration, i.e. your registration is only complete once you have confirmed your registration via an activation e-mail sent to you for this purpose. If you do not confirm your registration within 30 days, your registration will be automatically deleted from our database. The following data is collected as part of the registration process for standard CADENAS portals such as 3Dfindit:

Business contact information

(1) Business e-mail address
(2) Password
(3) Title
(4) First name
(5) Last name
(6) Job title        
(7) Business telephone number 

Company information
(8) Company name
(9) Sector
(10) Number of employees
(11) Street (company)
(12) Postal code (company)
(13) City (company)
(14) Country (company)

Usage information
Information on the use of the CADENAS Portal, e.g. date, time and number of downloads of CAD models, IP address, log-in/log-of time/date.

Every access to our portal and every retrieval of CAD models is logged. Logged are: search queries, name of the retrieved file, date and time of retrieval, format, notification of successful retrieval, web browser, browser language, country, requesting domain and IP. If the user was registered and logged in to the portal at the time of access, the data required for registration will also be logged.

Other information

Acceptance of the CADENAS Terms of Use
Subscription to CADENAS newsletter, if applicable
Subscription to marketing information from third parties, if applicable

Generally, the personal data is processed to provide the CADENAS Portal to you in a secure manner and in accordance with the relevant Terms of Use, including to detect and enforce violations of the Terms of Use. The legal basis for this processing is Art. 6(1)(b) GDPR when the Terms of Use are concluded with the user directly, and Art. 6(1)(f) GDPR if the Terms of Use are concluded with your employer or the company to which you belong. Providing the CADENAS Portal and performing the Terms of Use is in the legitimate interest of CADENAS.If the user downloads CAD models provided by third parties (e.g., parts manufacturers, hereinafter “CADENAS Partner”), what file was downloaded, the date/time of the download, the business contact information and the company information of the user will be shared with the respective third party. This serves to allow CADENAS to comply with its contractual obligations with the CADENAS Partners and to allow the CADENAS Partners to contact the user in case of relevant information about the downloaded model (e.g., relevant updates, detected faults; see in more detail under section 3.1, 3.2 below). The legal basis for this data processing is Art. 6(1)(f) GDPR. CADENAS has a legitimate interest in meeting its contractual obligations vis-à-vis third parties and there is also a legitimate interest in keeping people who have downloaded certain CAD models informed of relevant developments.

Additional features may allow users to directly contact CADENAS Partners. The legal basis of the respective data processing is Art. 6(1)(f) GDPR, as providing such a feature is in CADENAS’ legitimate interest.

Usage information is also processed for IT security and statistical purposes and additional business purposes (see section 3.4 below). The legal basis is Art. 6(1)(f) GDPR. To ensure appropriate security of the CADENAS platform and to obtain statistical information on its use is in CADENAS’ legitimate interest.

Personal data may also be processed in a different manner, for example to send the user marketing information on CADENAS’ or CADENAS Partners’ products and/or services, if the user has given their consent, which is then the legal basis (Art. 6(1)(a) GDPR).

3.1 To provide certain content and services on our portals 

CADENAS generates the product information (CAD models, PDF data sheets, etc.) offered for download or e-mail dispatch on an ad hoc basis, which results in costs for CADENAS for each generation. In order to protect the portals from misuse, a generation process is only possible after a one-time successful registration. For data to be sent by e-mail, the e-mail address must also be verified by double opt-in, which is guaranteed by a successful registration process. We process the data you provide for the duration of your use of the portal, unless you delete it beforehand. You can manage and change all details in the protected customer area, with the exception of the business e-mail address. 

3.2 To fulfill a contract with the user and to carry out pre-contractual measures

We require and process in particular your business e-mail address verified by double opt-in as the intended shipping address for the delivery of the ordered CAD models and as proof of delivery for us to the CADENAS Partner of the retrieved product catalog. For this purpose, we are entitled and obligated to the CADENAS Partner to transmit the data you provided during registration (see section X.1) and the CAD models you requested to the respective CADENAS Partner of the requested product catalog, so that they can carry out an invoice check of the delivery order based on this data. In addition, the data will be forwarded to the CADENAS partner for the purpose of contact via e-mail and phone if there are relevant updates regarding the downloaded model, for example possible technical changes or discontinuations. Furthermore, the CADENAS partner receives personal data such as your e-mail address and, if applicable, other contact data from you if you voluntarily provide it to him via additional functions such as Request for Quotation (RFQ) or request catalogs.

An overview of CADENAS partners can be found here (manufacturers and distributors marked with the addition “3Dfindit.com”):
https://available-catalogs.cadenas.de/?sid=5

3.3 Based on your consent 

If you have given us your consent to process personal data for specific purposes (e.g. sending newsletters, advertising or market and opinion research), the lawfulness of this processing is based on your consent. Any consent you have given can be withdrawn at any time. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. The withdrawal of consent is only effective for the future and does not affect the legality of the data processed until the withdrawal.

3.4 As part of the balancing of interests 

Where necessary, we process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. Examples

• Examination and optimization of procedures for needs analysis,
• Enforcement of legal claims and defense in legal disputes,
• Ensuring the IT security and IT operations of the company,
• Prevention and investigation of criminal offenses, measures for business management and further development of services and products,
• Risk management within the company.

The other personal data processed for the retrieval of CAD models is used to prevent misuse of the provision of CAD models (e.g. breach of fair use policy) and to ensure the security of our IT systems.

Within the company, those departments that need your data to perform their respective business functions, and in particular to fulfill our contractual and legal obligations, will have access to your data.

Service providers and vendors engaged by us may also receive data to provide their respective services . These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, consulting, sales and marketing.

We may also pass on your personal data to authorities, courts or similar bodies where this is necessary to avail ourselves of their functions or purpose, or if we are obliged to do so under applicable law.

As described under section X.2., 3. above, CADENAS Partners will receive your personal data if you download CAD models provided by them.

If you register on the CADENAS portal of a specific CADENAS Partner or generate product information from CADENAS Partners, we will pass on personal data that you have provided for this purpose as described above (see section X.3). The CADENAS Partner may also be based outside the EU, in which case we will put in place an appropriate data transfer mechanism to ensure the protection of your personal data.

Furthermore, the CADENAS Partner receives personal data such as your e-mail address and, if applicable, other contact data from you if you voluntarily provide it to him via additional functions such as Request for Quotation (RFQ) or request catalogs.

For the processing of your contact details, we and the respective CADENAS Partner are joint controllers. We have set out our respective responsibilities for complying with applicable data protection law in an agreement with the CADENAS Partner. Under this agreement, the following applies with regard to your rights under data protection law (cf. Section XV below):

• You will receive information about the processing of your personal data in this data privacy policy. If your contact data has been transferred to the CADENAS Partner, the CADENAS Partner will also provide you with information about the processing of your personal data by the CADENAS Partner as required under data protection law applicable to the CADENAS Partner.
  
  
• You can exercise your rights under data protection law against both CADENAS and the respective CADENAS Partner. The party who has received your request will be responsible for communicating further with you.
  
  
• Both parties will appropriately support each other to the extent that this is necessary to comply with their obligations under data protection law to handle your request. In particular, the parties will support each other by providing the information that the party that has received your request requires in order to comply with a data access request or request for data portability. If you have requested the rectification, erasure or limitation of processing of your personal data, objected to the processing of your personal data and/or withdrawn consent to the processing of personal data and the party who has received your request determines that it requires the other party’s support to comply with your request, it will inform the other party. The other party will then take the appropriate measures (or discontinue certain measures, as may be the case) as necessary to comply with data protection law.
  
  
• Neither party will process your personal data for direct marketing purposes if you have objected to such processing or withdrawn your consent to such processing vis-à-vis either party.

The data will be deleted as soon as its processing is no longer necessary.

This is generally the case for the data collected during registration, if registration is withdrawn or amended on our website.

For data collected to perform a contract (e.g. agreement of use to provide and obtain CAD models) or for the implementation of pre-contractual measures, data will generally be erased whenever the data is no longer necessary for the performance of the contract.

We are subject to various retention and documentation obligations from, among other things, the German Commercial Code (Handelsgesetzbuch – HGB) and the German Tax Code (Abgabenordnung – AO).  To comply with these obligations, we will retain the relevant personal data for up to ten years.

Personal data processed in connection with contractual relationships is generally erased after the relationship has expired and the data is no longer necessary to prepare for and/or defend against legal claims associated with it. This is typically the case after the limitation periods have elapsed, usually after three years in accordance to §§ 195 ff. of the German Civil Code (Bürgerliches Gesetzbuch – BGB), but in certain cases only after thirty years.

We may also anonymize your personal data, i.e. change it so that it can no longer be related to you and no longer qualifies as personal data. The processing of anonymized data is not subject to data protection law.

Users have the option to cancel their registration with the CADENAS Portal at any time. You can modify the data stored about you at any time, with the exception of your business e-mail address. To change your business e-mail adress, the existing account must be deleted and a new one created.

You can delete and manage your account and change your information in the protected customer area.

If the data is necessary to perform a contract or to implement pre-contractual measures, a deletion of the data is only possible in limited circumstances, in particular if it is not prevented by contractual or legal obligations (see X 5.).

There is a contact form on our website which can be used for electronic contacting. If the user takes advantage of it, the data entered into the input mask will be transferred to us and further processed. The data consists of:

(1) Title
(2) First name
(3) Surname
(4) Company
(5) Department
(6) E-mail address
(7) Phone number
(8) Country
(10) City
(11) Your inquiry
(12) Selection of the product area to which the request relates

The following data is also stored at the time the request is sent:

(13) Date and time of request 

For the processing of the data, your consent will be obtained and this data protection declaration will be referred to.

As an alternative, contacting is also possible via the e-mail address provided. In this case, the user's personal data submitted with the e-mail will be processed.

To ensure your contact to the nearest CADENAS location, we will also transfer your data, if necessary, to a CADENAS branch office or subsidiary near you.

The legal basis for the processing of data provided via the contact form  is the user's consent, Art. 6(1)(a) GDPR. Meta-data on the consent is processed in order to be able to demonstrate that consent has lawfully been obtained and to prevent abuse of the contact form. The legal basis is Art. 6(1)(f) GDPR. Demonstrating that consent has lawfully been obtained and ensuring the security of the contact form is in CADENAS’ legitimate interest.

The legal basis for the processing of data transferred by e-mail is Art. 6(1)(f) GDPR.  If e-mail contact is aimed at concluding a contract, the legal basis for processing is Art. 6(1)(b) GDPR.

The processing of personal data via the contact form and via e-mail, depending on how we are contacted, serves to handle the respective request appropriately.

Personal data is also processed to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted as soon as the purpose of the data's collection is no longer necessary. This is the case when the conversation with the user is finished, for the personal data from the input mask of the contact form and the data has been sent by e-mail. The conversation is finished when it can be assumed that the matter has finally been clarified.

The additional personal data collected during dispatch will be deleted after a period of seven days.

The user can at any time withdraw his consent to the processing of his personal data. If the user contacts us by e-mail, he has the option to object to the storage of his personal data. In this case, the conversation can no longer continue.

You can  also submit the withdrawal of your consent and the objection to storage anytime in text form (e-mail).

In this case, all personal data that was stored in the course of contacting will be deleted.

If you make use of our apps, we will use your data to provide the product or service that you have selected. Necessary information will be transferred to the app store during the download, in particular

(1)   user name,
(2)   e-mail address 
(3)   customer number of your account,
(4)   time of download
(5)   payment information and  
(6)   the individual device number

We have no influence on this data collection and are not responsible for it. Please see the data privacy policy of the relevant app store provider for more information. We process the data provided insofar as necessary to download the app onto your end device. Beyond that, your data will not be stored by us.

Legal basis for the processing of data while using our apps is Art. 6(1)(b) GDPR if you have entered into the app’s terms of use in your own name, Art. 6(1)(f) GDPR if you have entered into them on behalf of your employer or the company to which you belong. Beyond the performance of the terms of use, the legal basis is Art. 6(1)(f) GDPR.

3.1 Download of CAD files

If you wish to receive the CAD files by e-mail, you can register in the app settings. Information required for downloading CAD models is marked accordingly, all other is voluntary.

If you request CAD models via our app by e-mail, we will store your data that is necessary to comply with your request.

3.2 Use of your photos

Depending on the respective operating system of your end device, we ask for permission in a pop-up to use your photos while downloading or when you begin using the app. If you refuse, we will not use the data. It could be, however, that you then will not be able to use all the functions of the app. Later on, you can always provide or withdraw permission in the settings of your operating system.

If you allow access, the app will access only the said data and transfer to our server, insofar as is necessary to render the functionality that requires processing of photos you have selected.

3.3 Collection of your location data

Our offer also includes so-called Location Based Services, with which we make you special offers tailored to your respective location.To offer you such functions of the app, we will collect your location data by means of GPS and your IP address in anonymized form, with your permission. You can allow or refuse this function at any time in the settings of your operating system. Your location will only be transferred to us whenever you use app functions that require us to know your location.

The data will be deleted as soon as its processing is no longer necessary for the abovementioned purposes and it is not subject to retention obligations.

Users have the option to cancel their registration at any time. You can modify your stored data anytime.

You can delete and manage your account and change your information in the protected customer area.

If your personal data is processed, you are the data subject within the meaning of the GDPR. You have the following rights vis-à-vis the controller:

You can request a confirmation from the controller of whether your personal data is being processed.

If your personal data is being processed, you can request access to it, to the extent provided and allowed for under applicable data protection law.

You have a right of rectification and/or supplementation, insofar as your processed personal data is not correct or incomplete.

You can request a limitation of the processing of your personal data if the relevant statutory requirements are met.

Provided the relevant statutory requirements are met, you can request that the controller erase your personal.

You have the right to receive your personal data which you have provided to the responsible party in a structured, commonly used and machine-readable format. Moreover, you have the right to transfer the data to another controller without hindrance by the controller whom you provided with your personal data, as long as

1. the processing is based on consent according to Art.6(1)(a) GDPR or Art. 9(2)(a) GDPR or in a contract as per Art.6(1)(b) GDPR and
2. the processing is carried out by automated means.

In exercising this right, you also have the right to cause that your personal data be directly transferred from one controller to another, if technically possible.  

The exercise of the right to data portability shall not adversely affect the freedoms and rights of other persons.

You have the right, on grounds relating to your particular situation, to object to the processing of your personal data on the basis of Art. 6(1)(f) GDPR; this also applies to profiling.

If you file an objection, the controller party will no longer process your personal data unless he can prove compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

You have the right to object at any time to the processing of your personal data for direct advertising purposes. If you object to the processing for purposes of direct advertising, we will no longer process your personal data for such purposes.

You have the right to withdraw your consent at any time. After consent has been withdrawn, the legality of the processing done up to the time of the withdrawal remains unaffected.

Automated decision-marking within the meaning of Art. 22 GDPR does not take place.

Irrespective of another administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular with the member state of your residence, your workplace or the place of the presumed infringement, if you are of the opinion that the processing of your personal data is in violation of the GDPR.

The competent supervisory authority for CADENAS GmbH is the Bavarian State Office for Data Protection Supervision (Das Bayerische Landesamt für Datenschutzaufsicht).

If you are in contact with us in connection with a business relationship, i.e. either as a (prospective) vendor or customer, or as such vendor’s or customer’s employee, we will process your personal data to establish, perform and otherwise manage the business relationship, for internal accounting and business optimization purposes and to comply with statutory obligations. Relevant categories of personal data include

(1)  contact information, in particular first and last name, title where applicable, address, telephone number, e-mail address
(2)  professional/company information, in particular company affiliation, professional status/occupation, sector
(3)  information on the business relationship, e.g. customer/vendor ID, information on previous transactions, contractual conditions, payment/billing data.

Legal basis for the processing is Art. 6(1)(b) GDPR if you yourself are the customer or vendor with whom we have a contract or who has requested that we enter into a contract. If you are not yourself the customer/vendor but such customer’s/vendor’s employee or another person that works for such customer or vendor, the legal basis is Art. 6(1)(f) GDPR. CADENAS has a legitimate interest in appropriately establishing, performing and otherwise managing the business relationship.

If there is no contractual relationship established yet, the purpose of the processing will generally be to assess whether the establishment of such a relationship would be beneficial for the business and to prepare such establishment, where appropriate. If a contractual relationship already exists, the purpose will generally be the performance and/or potentially termination of that relationship.

In addition, the purpose of the processing may be an internal business purpose such as accounting and business optimization.

Finally, CADENAS is subject to statutory retention obligations regarding certain types of business correspondence of documentation. The purpose will therefore also be compliance with these retention obligations.

To the extent CADENAS does not collect the personal data directly from the data subjects themselves (e.g. when corresponding with contact persons), the data is usually collected from the employer of the data subject or the company to which the data subject belongs.

See section XII above. Moreover, we use Microsoft Teams to conduct business meetings. The provider is the Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (Microsoft).

To the extent that this is necessary for the purpose of using Microsoft Teams, the following personal data may be transferred to Microsoft:

(1) For meeting participants: information you have entered into your own Microsoft Teams account; technical data necessary for providing Microsoft Teams functions, in particular your IP address, the time and duration of usage, protocol and other usage data; audio and/or video data of participants in audio/video conferences; contact information, in particular first and last name, title where applicable, address, telephone number, e-mail address; information on business or professional activity; other information in connection with the communication or cooperation.

(2) For persons who are subject of communication conducted via teams: the content of such discussions in the form of audio, video or text exchanged in the meeting.

Microsoft is obliged to maintain strict confidentiality in this regard, and only processes the data on our behalf and in accordance with our instructions.

Microsoft Corporation is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/6474.

The data will be deleted as soon as its processing is no longer necessary for the abovementioned purposes. Because of the abovementioned retention obligations under the German Commercial Code (Handelsgesetzbuch – HGB) and the German Tax Code (Abgabenordnung – AO), the personal data will generally be retained for up to ten years.

Audio and video data collected during an audio/video conference or a screen sharing session via Microsoft Teams are processed only for the duration of the conference or session after which they are then immediately deleted. Records stored beyond that will not be created without your consent.