Data Protection Notice of
Primobius GmbH

In this data protection notice Primobius GmbH, Wiesenstraße 30, 57271 Hilchenbach, Germany, dataprotection@primobius.com, (hereinafter “we”, “us” or “Primobius GmbH”) wish to inform you as the controller pursuant to data protection law of how we process your personal data during your visit to our website www.primobius.com.

1. Which personal data about you do we collect?

Personal data covers all information about a specific or specifiable natural person which you notify to us or which is generated or collected by us. On our website, this includes in particular:

1.1 Data on business partners

For the proper execution of business transactions with customers and suppliers or other business partners (“business partners”), we process personal data on our business partners or on our contact persons working for our business partners, based on the relevant circumstances and as and when required. Such data include contact details (name, gender, title, job title and professional qualification, role and position, professional experience, address, telephone number, and e-mail address), and, where applicable, payment details (bank accounts, cards, and payments), communication data (all e-mails, letters, or other forms of correspondence from and to you, including the circumstances of said communication), and all other data and documents containing data about you (e.g., contracts, purchase orders, invoices, and delivery notes) which are required to maintain the business relationship.

1.2 Enquiry data

We provide different options for enquiries on our website, where you can opt to seek to get in contact with us, and, when using our form, will provide data entered by you or collected about you in this context. In particular, this may include:

  • If you send general or specific enquiries to us using the contact form or email addresses provided on our website, we will process the data specified therein to answer your enquiry.
  • If you register for our newsletter using the respective form, we will process your email address for sending our newsletter, provided that you have expressly consented to our newsletter being sent to the email address specified by you.
  • If you represent a supplier (i.e. another company) and seek to use the supplier portal function to register a supplier, we, in addition to information requested about the company, also ask for certain contact data such as name, function and address of you or another representative in order to get in contact you to finalise the registrations as a supplier.
1.3 Customer Log-in Area

When you are invited or want to apply to get access to our restricted Customer Log-in Area you must enter your name and contact details (e.g. address, function, telephone number, email address) and set a personal password to register. Within the Customer Log-in Area you will find various options and selections to identify your particular expertise and / or interests according to the offerings on the website.

1.4 Usage data

We set up a user profile on your use of our website under a pseudonym, which enables us to understand the manner in which our website is being used. 

1.5 Server log data

When you use our websites, data on your usage (such as the date and time of your visit, pages called up and files requested, type and version of the web browser used by you, type and operating system of the end device you use as well as your IP address) is temporarily stored in a log file on our server. 

1.6 Job Applicant data

With respect to personal data collected for applications via our Career portal, please see the separate data protection notice there.

2. What do we use your personal data for, on what legal basis and for how long?

2.1 Business transactions with business partners

If you are our contact person in your role as the proprietor or agent of a business partner, such as, for example, a (potential) customer, supplier, cooperation partner, service provider, etc., we process the business partner data relating to you for the purpose of a) communicating with you on planned, ongoing, or past business transactions, (b) preparing, implementing and processing business transactions subject to the contractually agreed performance (e.g., fulfillment, delivery, invoicing, postprocessing, customer service, and the assertion of rights and legal claims), c) if you are a (potential) customer in connection with the marketing and sale of our products and services (cf. also 2.5), and (d) the longer-term maintenance of the business relationship in our customer and supplier management systems.

Our contract documents, declarations of consent where applicable, and other information made available to you (e.g. website or general terms and conditions) contain further details and supplementary information on the purposes of personal data processing.

The legal basis of this processing of personal data for a specific purpose is set out in Art. 6 (1) b GDPR (provided that the data are required for the performance of a contract with you, and you yourself are our business partner), in Art. 6 (1) c GDPR (provided that we are subject to legal obligations, such as the Anti-Money Laundering Act, or export control and sanctions legislation), and otherwise in Art. 6 (1) f) GDPR (our legitimate interest in the preparation, execution, administration, and communication as part of our business relationship, or the marketing and direct marketing of our products and services).

You may object to the processing of your data on the basis of Art. 6 (1) f GDPR (in accordance with Art. 21 (1) GDPR). We may then provide evidence of overriding reasons for the processing of your data, in order that we can continue to process it.

We shall process your data for the duration of our business relationship, including the preparation and performance of a contract, and, over and above this, in compliance with statutory storage and limitation periods.

2.2 Your enquiries

Should you submit enquiries to us via a contact form or per email, we process the information given therein to answer your query as well as the IP address and date/time of the request in order to avoid misuse of the contact form.

The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) letter f GDPR in providing you with the respective service you requested. If your query concerns the initiation or processing (including customer service or warranty) of a contract, the additional legal basis for the processing is Art. 6 (1) letter b GDPR. You may oppose the processing of your data on grounds of Art. 6 (1) letter f GDPR. In this case, upon proving mandatory reasons for the processing we can continue the processing. This can, in such case, be particularly necessary in order to prove past queries and communications with you. If no such mandatory reasons exist, we will cease our communication with you and delete already collected data.

This data will be deleted when our communication with you or the respective relationship established by your enquiry has ended, i.e. when the factual situation at issue has been conclusively clarified and no further legitimate interest exists for the storage, respectively no further statutory obligations exist to store such data.

2.3 Your user of the Customer Log-in Area

When you permitted to register yourself in our Customer Log-in Area, we process the registration data in order to set up and manage your customer account, your log-ins, your selections made by you as well as your activities within that area. As a registered customer, you have access to your personal customer account (via your email address and your chosen password), in which you can, amongst other things, check your data, selections as well as store and change your personal settings (e.g. password settings, newsletter settings, etc).

The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) letter f GDPR in providing you with the aforesaid Customer Log-in Area service, respectively the performance of a user contract with you (Art. 6 (1) letter b GDPR).

This data is deleted when the registration on our website, respectively the customer account, is cancelled or modified.

You can object to a processing of your data on the basis of Art. 6 (1) letter f GDPR (according to Art. 21 (1) GDPR). In such cases we may, in principle, prove mandatory reasons for the processing in order to continue such processing. We will not do so for the use of a customer account, however, and in this case the customer account will have to be deleted and will no longer be available to you. Please note that we may possibly store data about the transactions visible in your customer account for a longer period.

2.4 Job applications

With respect to personal data collected for applications via our Career portal, please see the separate data protection notice there.

2.5 Advertising and product development (user data, newsletters, etc.), right to object

We also wish to use the data entered by you in any event or collected during your use of the websites to inform you about products and services relating to our product range (“Services”) (advertising) or to improve our product offers and services (product development). 

  • 2.5.1 Anonymised usage data
    We use the anonymised and/or aggregated data collected with the aid of analysis tools, to be able to understand the surfing behaviour of all visitors and therewith improve the design of our website and of our product range in general. For details of the analysis tools, see point 4 below.
  • 2.5.2 Personalised and pseudonymised usage data
    Moreover, we use your usage data to understand your surfing behaviour and thereby improve the offers displayed to you and to offer personalised information.
  • 2.5.3 Direct marketing
    On our website, you may subscribe to our newsletter, which is free of charge. The data collected upon subscription will be processed (the data provided in the mandatory fields are indispensable for receipt of the newsletter, data in the voluntary fields only serve the purpose of a more personalised contact and selection of the displayed information). We use the open source software tool Mautic for our e-mail services.
    We will contact you by email with information, offers and promotional offers regarding Services that are personally tailored to you and your interests and use, either on the basis of your express consent, or – if you have previously acquired similar products or services and in this context have provided your email address – also without separate consent. In this context, we will also process data on your user conduct after we have sent you emails (e.g. click behaviour, open). 
    By telephone, we will only contact you with your respective express consent with information, offers and promotional offers regarding Services that are personally tailored to you and your interests and use. Also without consent, we may inform you where appropriate within the legally permissible scope by written mail advertising of Services.

You may at any time wholly or partially object to the creation of pseudonymised data, the use of your personal data for advertising and product-development purposes as well as the ensuing contact for such purposes in a specific form or may revoke any consents you may have granted. Please use the corresponding functions that are already provided for your use (e.g. the unsubscribe function in your personal customer account) or address a corresponding written notification (reference: data protection) or email to the contact details given in clause 6.3.

The legal basis for the processing is your consent (Art. 6 (1) letter a GDPR) and our legitimate interests (Art. 6 (1) letter f GDPR, where applicable in connection with Sec. 7 para. 3 German Unfair Competition Act (UWG).

This data will be deleted by us following your objection, respectively revocation of any consents given, or otherwise upon the end of your use at the latest, respectively it will only be stored in aggregated, anonymised form. To the extent necessary, we will store the fact that you have objected in order to prevent you being contacted further.

2.6 Provision of the website and rendering of services

The processing of the server log data is necessary for technical reasons in order to provide the website and render the services and thereafter to ensure the system security.

The legal basis for the processing is our legitimate interest in providing the website with our services (Art. 6 (1) letter f GDPR). The processing is a mandatory prerequisite for the use of our website; no objection right is hence available.

This data is deleted after 14 days at the latest.

The server log data may then be assessed in anonymised form for statistical purposes and to improve the quality of our internet presence. There is no link between the server log data and your personal data nor is the server log data combined in any way with other personal data sources.

3. Transfer of the data

3.1 Transfer of data to data processors

We partially use service providers, in observance of the statutory requirements, by means of data processor relationships, i.e. processing is performed on the basis of a respective contract, for our account, according to our directions and subject to our control.

Data processors are, in particular

  • technical service providers whose services we retain for the provision of the website, e.g. service providers for software maintenance, data-processing operations and hosting or printing of materials;
  • technical service providers, whose services we retain for the provision of functionalities, e.g. technically required Cookies;
  • service providers for the practical execution of advertising and marketing measures, e.g. service providers for email distribution, online surveys and analysis Cookies. For our e-mail services we use the open source software tool Mautic (see also 2.4.3).

In such cases we remain responsible for the data processing; the transfer and processing of personal data to or by our data processors is made on the legal basis upon which we are permitted to process data in each case. No separate legal basis is required.

3.2 Data transfer to third parties

We partially also transmit your data to third parties, i.e. partners with whom we collaborate outside of a contracted processing. Such partners render their services on their own responsibility; the processing of your data by our partners is exclusively governed by the data protection notices of such third party.

3.2.1 Transmission of data to other companies of Primobius GmbH

Where applicable, we shall transfer the data supplied by you to the relevant branch offices and establishments of Primobius GmbH and in other countries during the preparation or performance of a contract, if this is required to answer your inquiry (e.g. if your inquiry relates to a business transaction or a price quotation from another country). The legal basis for the transmission shall be the rendering of the service for which you have submitted a request for quotation or a service which has been contractually agreed with you, Art. 6 (1) b GDPR, or if we have a legitimate interest in processing your inquiry, Art. 6 (1) f GDPR.

Please note that this may, depending on your enquiry, involve a transfer or your personal data to countries outside the European Economic Area, that do not necessarily provide the same level of data protection. We have ensured an adequate level of protection by signing the EU model clauses (Art. 46 (2) GDPR), and you may get a copy of the relevant parts from the contact person named in clause 6.3.

3.2.2 Logistic enterprises

In order to transport any materials, etc., that you may have ordered, we transmit your address and contact details, to the extent necessary, to parcel transportation enterprises. The legal basis for the transfer is the performance of the contract with you, Art. 6 (1) letter b GDPR.

3.2.3 Social networks

To the extent you want to share one of our websites in a social network (e.g. Facebook or Twitter) and for this purpose click one of the “share” buttons, the respective information will be transferred to the social network. Of course, you have to be logged into the respective social network. The legal basis for the transfer is our legitimate interest to provide you with the opportunity to “share”, Art. 6 (1) letter f GDPR.

4. Cookies and web analysis

4.1 What are Cookies?

We and our partners use so-called “Cookies” to fashion our website in a most user-friendly way and to enhance the relevance of advertisements for the users of our website. Cookies are small files stored on the user’s device. They allow the storage of information for a determinate period of time and the identification of the user’s device. For this purpose, also tracking-pixel might be used that are not stored on the user’s hard drive, but that may in the same way help to recognize a user’s device.When using the term “Cookie”, this refers to Cookies in the technical sense as well as tracking pixel and other technologies.

When you visit our website for the first time, the entry page will show information on privacy and respective wording regarding the consent to the use of Cookies. By actively continuing to use the website and not actively objecting to the use of Cookies, you agree to the use of Cookies and such consent will be stored in your browser (in the form of a Cookie), so that the information does not have to be repeated on every page of our website. Should the consent be missing in your browser (e.g. if you deleted your browser history) the privacy information will appear again the next time you visit our website.

4.2 What Cookies do we use on what legal basis and for how long?

On this website we use three types of Cookies: (1) Cookies required for technical purposes, without which the functionality of our website would be reduced, (2) optional Cookies for analytics, and (3) optional Cookies for targeting and advertising purposes, generally set by third-party providers:

4.2.1 Cookies required for technical purposes

These Cookies are indispensable if we want to ensure proper functioning and easy navigation of our website. They allow, e.g., the storage of your language selections, your log-in, offer you the opportunity to search for local retailers selling our products (e.g. by showing a map of your neighbourhood), or store your consent/non-consent to the use of Cookies and your selected Cookie settings. Such Cookies do not collect any information about you for marketing purposes and do not record the sites you visit when surfing the internet. A deactivation of this type of Cookies would reduce all or part of the functions of the website.

The legal basis for this processing is our legitimate interest (Art. 6 (1) lit f GDPR).

These Cookies are specifically set for individual sessions and expire when you leave the website and end the session.

4.2.2 Cookies for analytics / Google Analytics

Analytics Cookies gather general information on how users use a website, e.g. which pages they visit most frequently and whether they receive any error messages from websites. These Cookies do not collect any data that may lead to an identification of the user. The data collected with these Cookies will not be merged with any other information on the visitors of our website.

All information collected with the aid of such Cookies exclusively serves the purpose to comprehend and improve the functionality and services of the website. This website uses the open-source web analysis service Matomo (formerly PIWIK) in order to analyse how users browse our website. This service places a Cookie on the user’s device. When surfing to websites, the following data will be collected:

  1. two Bytes of the IP-address of the device the user uses to connect
  2. the visited website
  3. the website the user visited before (referrer)
  4. the subpages browsed from this website
  5. the duration of surfing this website 
  6. the frequency of visiting this website

We operate this service solely on our servers and the user data is only stored there. Data are not transferred to third parties.

We have selected settings to ensure that no full IP-addresses are stored, but 2 bytes of the IP-address will be masked (e.g.: 192.168.xxx.xxx). This ensures that we cannot re-connect the masked IP-address with your device.

The processing of the data about our users enables to analyze the usage of our online offer by users. We are able to compile reports on the activities regarding the use of the components of our online offer. This helps us to improve the website and its use. These purposes are also representing our legitimate interest to process that data in accordance with Art. 6 (1) lit. f GDPR (the legal basis for the processing). By anonymizing IP-addresses we take into account the justified interest of data subjects regarding the protection of their personal data.

The data will be deleted if no longer required for these purposes.

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). The information regarding your usage of this website generated by the use of Google Analytics is transmitted to and stored on a Google server in the US. However, due to the activated IP anonymisation on this website, Google will previously abbreviate your IP address within the member states of the European Union and in other contracting states under the Agreement on the European Economic Area. Only in exceptional cases will a full IP address be transmitted to a Google server in the U.S., where it will then be shortened. The IP address transmitted by the browser of the user will not be merged with any other Google data.

Google will use this information on our behalf to analyse the usage of our online offer by users, to compile reports on the activities regarding the use of the online offer, and to render further services to us in connection with the use of our online offer and internet usage. In this context, pseudonymous user profiles may be created from the processed data.

Users can prevent the storage of Cookies by adjusting the setting of their browser accordingly; moreover, users can prevent that the data generated by the Cookie on their use of the online offer is transmitted to and processed by Google by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=de.

The legal basis for this processing is our legitimate interest (Art. 6 (1) lit f GDPR).

The data collected by the use of such Cookies will be anonymised prior to analysis. You can deactivate or delete Cookies and the information stored therein at any time (cf. 4.3).

4.2.3 Targeting and advertising Cookies

Targeting and advertising Cookies are used to better customise advertisements to your interests. They limit the number of times the same advertisement is shown to you, evaluate the efficacy of an advertising campaign, and analyse how the viewing of a certain advertisement influences the conduct of individual users. Such Cookies are usually placed by advertising networks with the consent of the respective website operator (in this case us). They register a user’s visit of the website and either pass such information on to other entities, e.g. advertising companies, or directly adapt advertisements accordingly. Frequently, they are linked to certain website functions provided by such third companies. We also use these Cookies to create a link to social networks, which in turn may use the information on your use of the website to customise advertisements on other websites to your interests, and also to provide the advertising networks used by us with information about your visit so that, based on your browsing behaviour, you will be shown exactly such advertisements as may potentially interest you.

Also in these cases the data collected via such Cookies will not be merged with any other information on the visitors of our website.

The legal basis for this processing is your consent obtained my means of the cookie banner displayed upon access to our website (Art. 6 (1) lit a GDPR).

You can deactivate or delete Cookies and the information stored therein at any time (cf. 4.3).

4.2.4 Deactivation of Cookies for analysis, targeting and advertising

A deactivation of this types of Cookies for analysis, targeting and advertising purposes does not reduce the functionality of our website. The Cookies of this type presently used by us are offered by the following providers, to whom you may refer for information on /description of the respective Cookies or if you wish to object to their use: 

Tool Data protection notice of the provider Possibility to object (Opt-out)
Google Analytics support.google.com/analytics/answer/6004245 tools.google.com/dlpage/gaoptout
youtube policies.google.com/privacy? policies.google.com/technologies/product-privacy
policies.google.com/technologies/managing
matomo matomo.org/docs/privacy/ matomo.org/docs/privacy/

If you would rather receive information about these Cookies directly from us, please contact us via email at: dataprotection@primobius.com.

4.3 How can I deactivate Cookies?

If you wish to generally deactivate analytics, targeting and advertising Cookies, you may deactivate individual Cookies by clicking on one of the links in the above table (opt out). Finally, you may prevent the use of any Cookies whatsoever by adjusting the settings in your browser accordingly. We wish to point out, however, that in such case the functionality of our website will be reduced, if Cookies required for technical purposes are also blocked.

For further information on Cookies and individual providers, you may e.g. refer to www.youronlinechoices.com, where you may also object to usage-based online advertising via certain or any tools. Click here to be forwarded directly to the preferences manager.

5. Personal data

5.1 Your rights to information, correction, blocking or deletion

Every natural person whose personal data we process has, in principle (i.e. depending on the respective preconditions), the following rights vis-à-vis us:

  • Should you have questions regarding our processing of your personal data, we would be pleased to provide you at any time and at no charge with information on the data stored about you (Art. 15 GDPR).
  • You have a right to the correction of incorrect data as well as completion of incomplete data (Art. 16 GDPR).
  • You have a right to the blocking/limitation of the processing or to deletion of personal data concerning you which is no longer required or stored on grounds of legal obligations (Art. 17, 18 GDPR).
  • You have a right to the transfer of the data in a structured, standard and machine-readable format, insofar as you have provided us with the data on grounds of a consent or contract between us and you (Art. 20 GDPR).
  • You have the right to object at any time to the processing of your data for direct marketing purposes (cf. also clause 2.5; Art. 21 para. 2 and 3 GDPR).
  • You have the right to object to a processing on the basis of legitimate interest, in which case we are entitled to demonstrate our compelling reasons (Art. 21 para. 1 GDPR). We have pointed out above (clause 2) in which cases this right applies.
  • Insofar as you have consented to a data processing, you can revoke this consent at any time with effect for the future, i.e. the legality of the data processing remains unaffected until the date of the revocation. After a revocation of consent, you may no longer be able to use our services.

Please address your concerns in writing (reference: data protection) or by email to the contact details given in point 6.3 below. We reserve the right to check your identity to ensure that your personal data is not disclosed to unauthorised persons.

Furthermore, you are entitled to file a complaint with a supervisory authority for data protection.

6. Further information

6.1 Links

We use links to other internet presences of us on websites and services of third parties, e.g. to social media channels such as Facebook, Twitter or Youtube. These third parties are exclusively responsible for the data processing by such other service providers on their websites and their data protection notices apply.

6.2 Security

We and our service providers take technical and organisational security measures to protect your personal data managed by us against accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. Our data processing and our security measures are improved on a constant basis according to the technical developments.

During the transfer of your personal data to us it is encrypted with Secure Socket Layer (SSL). Personal data which is exchanged between you and us or other participating enterprises is fundamentally transmitted via encrypted connections which meet the latest technical standards.

Our employees and our retained service providers are naturally obliged to maintain confidentiality. 

6.3 Data protection officer

We have appointed a data protection officer. Please contact him or send your requests in writing to Primobius GmbH, Wiesenstraße 30, 57271 Hilchenbach, Germany, quoting “Data protection”, or email us at dataprotection@primobius.com.

6.4 Amendments

From time to time, the content of this data protection notice may have to be modified. We therefore reserve the right to amend them at any time. We will also publish the amended version of the data protection notice at this place. When you revisit us, you should therefore reread the data protection notice.

Version: March 28, 2019