Privacy policy

1. Introduction

We would like to use the information below to provide you "data subject" with an overview of our processing of your personal data and your rights under data protection law. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services offered by our company through our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we will generally obtain your consent.

Personal data, such as your name, address or email address, is always processed in accordance with the EU General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the "eurolaser GmbH". The aim of this Privacy Notice is to inform you about the scope and purpose of the personal data we collect, use and process.

As the data controller, we have implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps so that absolute protection cannot be guaranteed. For this reason, you are free to submit personal data on alternative ways, such as by phone or by post to us.

2. Data controller

The data controller, as defined by the GDPR, is:

eurolaser GmbH
Borsigstraße 18, 21339 Lüneburg, Germany

Phone: +49 4131 9697-0

Fax: +49 4131 9697-111 Email: eurolaser@eurolaser.com

Represented by the Managing Directors:
Kim Dittmer, Nic Kluczinski, Tommi Lee Kluczinski

3. Data protection officer

You can reach the data protection officer as follows:

Matthias Dickmann

Phone: +49 4131 7899559 Email: datenschutz@industrie-kontor.de

You may contact our data protection officer directly at any time if you have any questions or suggestions regarding data protection.

Our offer is inherently aimed at adults. Persons under 16 years of age may not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and adolescents, do not collect it and do not pass it on to third parties.

4. Disclosure of data to third parties

Your personal data will not be conveyed to third parties for purposes other than those listed below.

We will only share/convey your personal data with third parties if:

1. you have given us your express consent to do so in accordance with Art. 6 (1) lit. a) GDPR,
2. the disclosure is permissible in accordance with Art. 6 (1) lit. f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
3. in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) lit. c) GDPR, as well as this is legally permissible and necessary for the processing of contractual relationships with you pursuant to Art. 6 (1) lit. b) GDPR.

In the context of the processing operations described in this privacy statement, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies. We have explicitly mentioned this in the privacy policy for the service providers concerned. In order to protect your data in all other cases, we have concluded commissioned processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent can serve as the legal basis for the transfer to third countries in accordance with Article 49 (1) a) of the GDPR. This sometimes does not apply in the case of a data transfer to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 of the GDPR.

5. Technology

5.1 SSL/TLS-encryption

This site uses SSL or TLS encryption to guarantee the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact enquiries that you send to us as the operator. You can recognise an encrypted connection by the fact that the address bar of the browser contains a "https://" instead of a "http://" and by the lock symbol in your browser bar.

We use this technology to protect your transmitted data.

5.2 Data collection when visiting the website

When you use our website for information purposes only, i.e. if you do not register, otherwise provide us with information, or give consent to processing activities requiring consent, we only collect the data that is technically necessary to provide the service. This generally includes data transmitted by your browser to our server (so-called server log files). Each time you or an automated system accesses a page on our website, our website collects a range of general data and information. This general data and information is stored in the server log files. The following data may be collected:

1. Browser types and versions used,
2. The operating system used by the accessing system,
3. The website from which an accessing system reaches our website (so-called referrer),
4. The subpages accessed on our website via an accessing system,
5. The date and time of access to the website,
6. An Internet Protocol address (IP address), and
7. The internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your identity. Rather, this information is required to:

1. Correctly deliver the content of our website,
2. Optimise the content of our website and its advertising,
3. Ensure the long-term functionality of our IT systems and the technology of our website, and
4. Provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

The collected data and information are therefore analysed by us on the one hand for statistical purposes and, on the other hand, with the aim of enhancing data protection and data security within our company, thereby ensuring an optimal level of protection for the personal data we process. The data contained in the server log files is stored separately from any personal data provided by a data subject.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes for data collection listed above.

6. Cookies

6.1 Usercentrics (Consent Management Tool)

We use the consent management tool "Usercentrics" provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service enables us to obtain and manage the consent of website users for data processing activities.

Usercentrics collects data generated by end users when they use our website. When an end user provides consent, the following data is automatically logged by Usercentrics:

1. Browser information,
2. Date and time of access,
3. Device information,
4. The URL of the visited page,
5. Geographic location,
6. Website page path, and
7. The consent status of the end user, which serves as proof of consent.

The consent status is also stored in the end user's browser so that the website can automatically read and apply the user's consent for all subsequent page requests and future user sessions for up to 12 months. Consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the standard limitation period pursuant to Section 195 of the German Civil Code (BGB). The data is then deleted immediately or, upon request, provided to the responsible person in the form of a data export.

The functionality of the website cannot be guaranteed without the processing described above. Users do not have the option to object for as long as there is a legal obligation to obtain user consent for certain data processing activities (Art. 7(1) and Art. 6(1)(c) GDPR).

Usercentrics is the recipient of your personal data and acts as our data processor.

Detailed information on the use of Usercentrics can be found at: https://usercentrics.com/privacy-policy/.

7. Contents of our website

7.1 Contact support / Contact form

Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of the use of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b) GDPR. Your data will be deleted after final processing of your request; this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and the deletion does not conflict with any legal obligations to retain data.

7.2 Application Management / job exchange

We collect and process applicants' personal data for the purpose of handling the recruitment process. Processing may also be carried out electronically. This is particularly the case where an applicant submits relevant application documents to us electronically, for example by email or via a web form available on our website. If we conclude an employment or service contract with an applicant, the submitted data will be stored for the purpose of managing the employment relationship in compliance with the applicable legal provisions. If no contract is concluded with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests on our part prevent such deletion. Such a legitimate interest may exist, for example, where there is an obligation to provide evidence in proceedings under the German General Equal Treatment Act (AGG). The transmission of applications and application documents by email is generally not secure and may be read or altered by unauthorised third parties. We therefore recommend using our contact form and the secure option provided there for the transmission of your documents.

The legal basis for the processing of your data is Art. 6(1)(b) and Art. 88 GDPR in conjunction with Section 26(1) of the German Federal Data Protection Act (Bundesdatenschutzgesetz [BDSG]).

8. Newsletters

8.1 Newsletter for regular customers (without registration)

If you have provided us with your email address when purchasing goods or services, we may periodically email you offers for similar goods or services to those you have already purchased from our range. In accordance with § 7 (3) of the German Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb, UWG), we do not need to obtain your separate consent for this. In this respect, the data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 (1) lit. f) GDPR. If you have initially objected to the use of your e-mail address for this purpose, no e-mails will be sent by us. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible person named at the beginning. For this, you will only incur transmission costs according to the prime rates. Upon receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately.

8.2 Marketing newsletter (double opt-in)

On our website you are given the opportunity to subscribe to our company newsletter. What personal data is transmitted to us when ordering the newsletter, is determined by the input mask used for this purpose.

We use our newsletter to regularly communicate our offers to our customers and business partners. You can, therefore, only receive our company’s newsletter if

1. You have a valid e-mail address and
2. You have registered for newsletter delivery.

For legal reasons, a confirmation e-mail will be sent to the e-mail address that you entered for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation e-mail is used to verify that you, as the owner of the e-mail address, have authorized the receipt of the newsletter.

When you register for the newsletter, we also store the IP address assigned by your Internet service provider (ISP) of the IT system used by you at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of your e-mail address at a later date and therefore serves our legal protection.

The personal data collected in the context of a registration for the newsletter will be used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes in technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties. The subscription to our newsletter can be cancelled by you at any time. The consent to the storage of personal data that you have given us for the newsletter dispatch can be revoked at any time. For the purpose of revoking the consent, you will find a corresponding link in each newsletter. Furthermore, it is also possible to inform us of this in another way.

The legal basis for data processing for the purpose of sending newsletters is Art. 6 (1) lit. a) GDPR.

8.3 CleverElements

This website uses CleverElements to send newsletters. Provider is CleverElements GmbH, Lohmühlenstr. 65, 12435 Berlin (Germany).

CleverElements is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of receiving newsletters is stored on CleverElements' servers in Germany.

If you do not want CleverElements to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

You can revoke the consent you have given at any time. You can also prevent the processing at any time by unsubscribing from the newsletter. You can also prevent the storage of cookies by setting your web browser accordingly. We would like to point out that these measures may mean that not all functions of our website are available.

With the help of CleverElements, it is possible for us to analyze our newsletter campaigns. Among other things, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often.

CleverElements also allows us to divide newsletter recipients into different recipient categories (e.g. by place of residence). In this way, the newsletters can be better adapted to the respective target groups.

For detailed information about the features of CleverElements, see the following link: https://cleverelements.com/product.

The data processing is based on your consent (Art. 6 (1) lit. a) GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverElements after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remains unaffected by this.

You can view CleverElements' privacy policy at: https://www.cleverelements.com/privacy/.

8.4 Newslettertracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such e-mails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. By means of the embedded tracking pixel, the company can see if and when an e-mail was opened by you and which, in the e-mail located links were called by you.

Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by us in order to optimize the newsletter dispatch and to better adapt the content of future newsletters to your interests. This personal data will not be passed on to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given in this regard via the double opt-in procedure. After a revocation, this personal data will be deleted by us. We automatically interpret a withdrawal from the receipt of the newsletter as a revocation.

Such an evaluation is carried out in particular in accordance with Art. 6 (1) lit. f) GDPR on the basis of our legitimate interests in the insertion of personalized advertising, market research and/or needs-based design of our website.

9. Our activities in social networks

To allow us to communicate with you on social networks and inform you about our services, we run our own pages on these social networks. If you visit one of our social media pages, we and the provider of the social media network are joint controllers (Art. 26 GDPR) regarding to the processing operations triggered thereby, which concern personal data.

We are not the original provider of these pages, but only use them within the scope of the options offered to us by the respective providers. We would therefore like to point out as a precautionary measure that your data may also be processed outside of the European Union or the European Economic Area. Use of these networks may therefore involve data protection risks for you since the protection of your rights may be difficult, e.g. your rights to information, erasure, objection, etc. Processing on social networks frequently takes place directly for advertising purposes or for the analysis of user behaviour by network providers, and we have no control over this. If the provider creates user profiles, cookies are often used or user behaviour may be assigned directly to your own member profile on the respective social network (if you are logged in).

The processing operations of personal data described are carried out in accordance with Art. 6 (1) lit. f) GDPR on the basis of our legitimate interests and the legitimate interests of the respective provider in order to communicate with you in a timely manner or to inform you about our services. If you have to grant your consent to the respective providers to process your data as a user, the legal basis for this processing is Art. 6 (1) lit. a) GDPR in conjunction with Art. 7 GDPR.

Since we have no access to these providers’ databases, we would like to point out that you would be best placed to exercise your rights (e.g. to information, rectification, erasure, etc.) directly with the respective provider. More information on the processing of your data on social networks and your options for exercising your right to object or your right of revocation (opt out) is listed below for each of the social network providers we use:

9.1 Facebook

(Joint) controller for data processing in Europe:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Meta (Facebook) may, unless an objection is raised, process content from adult users in the EU, such as photos, posts or comments, for the purpose of training its own AI models. The legal basis for this is a legitimate interest pursuant to Art. 6(1)(f) GDPR. As a company, we have no influence over this specific data processing carried out by Meta. Users may object to this processing via an online form on the Meta platforms.

Privacy Policy (Data Policy):

https://www.facebook.com/about/privacy

9.2 Instagram

(Joint) Data controller responsible for data processing in Europe: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland

Meta (Instagram) may, unless an objection is raised, process content from adult users in the EU, such as photos, posts or comments, for the purpose of training its own AI models. As a company, we have no influence over this specific data processing carried out by Meta. The legal basis for this is a legitimate interest pursuant to Art. 6(1)(f) GDPR. Users may object to this processing via an online form on the Meta platforms.

Privacy Notice (Data Policy): https://instagram.com/legal/privacy/

9.3 LinkedIn

(Joint) Data controller responsible for data processing in Europe: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy Notice:<br/>https://www.linkedin.com/legal/privacy-policy

9.4 YouTube

(Joint) Controller responsible for data processing in Europe: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy Notice:<br/>https://policies.google.com/privacy

9.5 XING (New Work SE)

(Joint) Data controller responsible for data processing in Germany: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Privacy Notice: https://privacy.xing.com/de/datenschutzerklaerung

Requests for information for XING members: https://www.xing.com/settings/privacy/data/disclosure

10. Web analytics

10.1 LinkedIn Pixel (Insight Tag)

This website uses LinkedIn Insights provided by LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA (LinkedIn). If express consent is given, this may be used to track user behaviour.

The purpose of this process is to evaluate the effectiveness of advertisements for statistical and market research purposes and may help to optimise future advertising measures. Through the LinkedIn Pixel, we receive enhanced information about prospective clients for our products, including job titles, employers or the industry in which they work.

When visiting the website, the following data, among others, may also be processed by the LinkedIn Pixel:

11.1 Google Ads (AdWords) Remarketing/Retargeting

Our website uses the functions of Google Ads. We use these to advertise this website in Google search results and on third-party websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). For this purpose, Google sets a cookie in the browser of your terminal device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you have visited.

Additional data processing will only take place if you have granted Google permission to link your internet and app browsing history to your Google Account and to use information from your Google Account to personalise the ads you view on the web. In this case, if you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data in order to form said target groups.

These processing operations are only carried out when express consent is given in accordance with Art. 6 (1) lit. a) GDPR.

The parent company, Google LLC, is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is thus in place, meaning that a transfer of personal data may take place without further guarantees or additional measures.

Additional information on the service can be found at the following link: https://www.google.com/policies/technologies/ads/.

11.2 Google Ads with Conversion-Tracking

We have integrated Google Ads on this website. The operating company of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an Internet advertising service that allows advertisers to place ads both in Google's search engine results and in the Google advertising network. Google Ads allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google's search engine results exclusively when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed on topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords.

The purpose of Google Ads is to promote our website by displaying interest-relevant advertisements ads on the websites of third-party companies and in the search engine results of the Google search engine and a display of third-party advertisements on our website.

If you access our website via a Google ad, a so-called conversion cookie is stored on your IT system by Google. A conversion cookie loses its validity after thirty days and is not used to identify you. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, for example the shopping cart of an online store system, have been called up on our website. Through the conversion cookie, both we and Google can track whether a user has reached our website via an AdWords ad, generated a turnover, i.e. completed or cancelled a purchase of goods.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via ads, i.e. to determine the success or failure of the respective Ads ad and to optimize our Ads ads for the future. Neither our company nor other advertisers of Google Ads receive information from Google by means of which you could be identified.

By means of the conversion cookie, personal information, for example the Internet pages visited by you, is stored. Each time you visit our website, personal data, including the IP address of the internet connection you use, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on these personal data collected via the technical procedure to third parties.

These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 (1) lit. a) GDPR.

The parent company, Google LLC, is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is thus in place, meaning that a transfer of personal data may take place without further guarantees or additional measures.

Additional information on the service can be found at the following link: https://www.google.de/intl/de/policies/privacy/.

11.3 Microsoft Advertising Remarketing

With this technology, cookies are set that analyze how you use our website and make it possible to recognize your browser when you visit websites that belong to the Microsoft advertising network. The purposes of data processing are to display interest-based advertisements to you on other websites within the Microsoft advertising network. The advertisements relate to content that you have previously viewed on our websites. The data collected includes Bing Conversion Tracking (“UET”, also referred to as Microsoft Advertising Universal Event Tracking). We use Microsoft Advertising Universal Event Tracking, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). If you reach our websites via Microsoft Ads advertisements, a cookie is set on your computer. In addition, a UET tag is integrated on our websites. This is a code that, in conjunction with the cookie, stores pseudonymized data about the use of the website. The tag, together with the cookie, records pseudonymized data in order to track which actions you perform on our websites after clicking on an advertisement placed via Microsoft Ads. The data collected includes, among other things, the length of time spent on the website, which areas of the website were accessed, and which advertisement led you to the website. In addition, Microsoft may track your usage behavior across multiple electronic devices by means of so-called cross-device tracking. The information collected is transmitted to a Microsoft server in the United States of America. Microsoft is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is thus in place, meaning that a transfer of personal data may take place without further guarantees or additional measures. Bing Webmaster Tools by Microsoft store cookies and so-called beacons on your computer. Beacons or tracking pixels are small invisible graphics that can be used to determine whether a webpage was accessed. The purposes of data processing are as follows: Microsoft Advertising Universal Event Tracking enables us to track your activities on our websites when you reach our websites via Microsoft Ads advertisements and helps us to improve our offering. Cross-device tracking enables Microsoft to display personalized advertising. Bing Webmaster Tools enable Microsoft to provide its Bing services and optimize search results. The legal basis for the use of Microsoft Advertising tracking is your consent. We obtain your consent when you access our websites via the cookie banner at the bottom of the webpages. The data is stored by Microsoft for a maximum period of 180 days. You can prevent the collection and processing of data by disabling cookies. This may restrict the functionality of the websites. You can deactivate cross-device tracking at the following link: https://account.microsoft.com/privacy/ad-settings/signedout?ru=https%3A%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings. Further information about Bing’s analytics services can be found on the Bing Ads website at https://help.ads.microsoft.com/#apex/3/de/53056/2. Further information about data protection at Microsoft can be found in Microsoft’s privacy statement at https://privacy.microsoft.com/de-de/privacystatement.

12. Plugins and other services

12.1 Font Awesome

Our website uses Web Fonts provided by Fonticons, Inc. for the uniform display of fonts and symbols. The legal basis for the processing of your data is your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you give via the cookie consent tool (Usercentrics) when you access our website. Through this integration, data may be transferred to the provider in the USA. The US company Fonticons, Inc. is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, so that a transfer of personal data may also take place without further guarantees or additional measures. Further information can be found in Font Awesome's privacy policy: https://fontawesome.com/privacy.

12.2 Google Tag Manager

On this website we use the Google Tag Manager service. The operating company of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Through this tool, "website tags" (i.e. keywords, which are integrated into HTML elements) can be implemented and managed via an interface. Through the use of Google Tag Manager, we can automatically track which button, link or personalized image you have actively clicked on and can then record which content of our website is of particular interest to you.

The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have made a deactivation at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

These processing operations are carried out exclusively when explicit consent is given in accordance with Art. 6 (1) lit. a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. There is hereby an adequacy decision pursuant to Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.

Additional information on the service can be found at the following link: https://www.google.com/intl/en/policies/privacy/.

12.3 Google Maps

We use Google Maps (API) on our website. The operating company of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive maps in order to visually present geographical information. By using this service, our location can be displayed to you and directions may be provided more easily.

When accessing those subpages into which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transferred to Google servers in the USA and stored there, provided that you have given your consent within the meaning of Art. 6(1)(a) GDPR. In addition, Google Maps loads Google Web Fonts, Google Photos and Google Stats. The provider of these services is also Google Ireland Limited. When accessing a page that integrates Google Maps, your browser loads the web fonts and photos required to display Google Maps into your browser cache. For this purpose, the browser you use also establishes a connection to Google's servers. As a result, Google becomes aware that our website has been accessed via your IP address. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged into Google, your data is assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out of your Google user account. Google stores your data (including data of users who are not logged in) as usage profiles and analyses them. You have the right to object to the creation of these user profiles, whereby you must contact Google in order to exercise this right.

These processing operations are carried out exclusively where express consent has been given pursuant to Art. 6(1)(a) GDPR.

Google's Terms of Use can be viewed at https://www.google.de/intl/en/policies/terms/regional.html, and the additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html.

The parent company Google LLC, as a US company, is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR therefore exists, meaning that personal data may also be transferred without further safeguards or additional measures.

Google Maps' privacy notice ("Google Privacy Policy") can be viewed at: https://www.google.de/intl/en/policies/privacy/.

12.4 Appointment scheduling with Calendly

To make it easier to book appointments, we use the online appointment calendar "Calendly", provided by Calendly LLC, 271 17th St NW, Next 300, Atlanta, GA 30363, USA. When you click the corresponding booking button, you will automatically be connected to our appointment account at Calendly. After choosing your appointment, confirming it and entering your contact details and request, you will receive an email from Calendly confirming your appointment. Your details from the Calendly form, including the data you enter there, will be stored by us for the purpose of processing the request and in the event of follow-up questions. This data remains with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after the appointment has taken place). Mandatory statutory provisions – in particular retention periods – remain unaffected. Calendly also inevitably receives knowledge of your data. We have concluded an order processing contract with Calendly. The US company Calendly LLC is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, so that a transfer of personal data may also take place without further guarantees or additional measures. The legal basis for data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you gave before entering the appointment. Detailed information about Calendly can be found at: https://calendly.com/privacy. As an alternative, appointments can also be made by email or telephone.

12.5 wlw (formerly "Wer liefert was?")

eurolaser uses products and services for analysis and marketing purposes, which are provided by Visable GmbH (www.visable.com) in cooperation with them. To that end, pixel tracking technology is used to collect, process, and store data to create at least pseudonymised, and where possible and appropriate, fully anonymised user profiles. The collected data, which may initially include personal data, is transmitted to Visable or collected directly by Visable and used to create the aforementioned user profiles. Visitors to this website are not personally identified, and no other personal data is merged with the user profiles. If IP addresses are identified as personal data, they are immediately deleted. You can object to the processing operations described above at any time with effect for the future:

13. Your rights as a data subject

13.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data relating to you will be processed.

13.2 Right to information (Article 15 GDPR)

You have the right to obtain information about the personal data stored about you at any time, free of charge, as well as the right to access a copy of such data from us, in accordance with the statutory provisions.

13.3 Right to rectification (Article 16 GDPR)

You have the right to request the immediate rectification of incorrect personal data relating to yourself. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

13.4 Erasure (Article 17 GDPR)

You have the right to demand that we erase the personal data relating to you be deleted without delay, provided that one of the reasons provided by law applies and if processing or further storage is not required.

13.5 Restriction to processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your data if one of the legal requirements is met.

13.6 Data transferability (Article 20 GDPR)

You have the right obtain personal data relating to you that you provided us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance by us, to whom the personal data was provided, provided that the processing is based on the consent pursuant to Article 6 Paragraph 1(a) GDPR or Article 9 Paragraph 2(a) GDPR or on a contract pursuant to Article 6 Paragraph 1(b) GDPR, and the data are processed using automated procedures, unless processing is necessary to complete a task, is in the public interest or is carried out in the exercise of an official authority assigned to us.

Furthermore, when exercising your right to data transferability pursuant to Article 20 Paragraph 1 GDPR, you have the right to have personal data transferred directly from one controller to another, provided this is technically feasible and does not impede the rights and freedoms of other persons.

13.7 Objection (Article 21 GDPR)

You have the right to lodge an objection to the processing of personal data relating to you for reasons relating to your particular situation where this is done on the basis of Article 6 Paragraph 1(e) (data processing in the public interest) or (f) (data processing on the basis of the weighing of legitimate interests) GDPR.

This also applies to profiling based on these provisions pursuant to Article 4 Number 4 GDPR.

Should you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling and legitimate reasons for such processing that outweigh your interests, rights and freedoms, or where processing serves the assertion, exercise or defence of legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling where this is connected to this kind of direct marketing. Should you object to the processing of your data for direct marketing purposes, we will no longer process your personal data for this purpose.

In addition, you have the right to object to our processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Article 89 Paragraph 1 GDPR for reasons arising from your particular situation, unless such processing is necessary for the performance of a task in the public interest.

You are free to exercise your right to lodge an objection in relation to the use of information society services, Directive 2002/58/EC notwithstanding, by means of automated procedures using technical specifications.

13.8 Revocation of consent regarding data protection

You have the right to revoke any consent to the processing of personal data at any time with future effect.

13.9 Lodging a complaint with a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

14. Routine storage, erasure and blocking of personal data

We process and store your personal data only for the period of time necessary to meet the storage purpose or as required by the legal provisions to which our company is subject.

If the storage purpose no longer applies or if a required retention period expires, personal data will be routinely blocked or erased in accordance with the statutory provisions.

15. Duration of storage of personal data

The criterion for the duration of the retention of personal data is the respective legal retention period. Once this period expires, the data in question will be routinely erased, provided it is no longer required for the fulfilment or initiation of the contract.

This privacy statement has been prepared with the assistance of the privacy software: audatis MANAGER