Data protection website
1. General information
1.1 Personal data (Art. 4 (1) GDPR)
The subject for data protection is personal data (subsequently also referred to as data). This means any information relating to an identified or identifiable natural person. Examples of such information include details such as the name, address, profession, e-mail address, health, income, marital status, genetic characteristics, phone number and if applicable also user data such as IP address.
1.2 Controller (Art. 4 (7) GDPR)
The controller responsible for processing your personal data as part of the process of using this website www.progroup.ag (subsequently referred to as the website) is Progroup AG (subsequently referred to as the operator or controller). The contact details are:
Progroup AG
Horstring 12
76829 Landau in der Pfalz
Represented by the Board
Phone: +49 (0) 6341 / 5576-0
Fax: +49 (0) 6341 / 5576-109
E-mail: info@progroup.ag
1.3 Data protection officer
The controller has appointed a data protection officer. This person can be reached by e-mailing datenschutz@progroup.ag.
MORGENSTERN consecom GmbH
Große Himmelsgasse 1
67346 Speyer
Telefon: +49 (0) 6232 100 119 44
1.4 Opportunity to object
If you want to object to the processing of your data by the operator in accordance with this privacy statement overall or for individual measures, you can do this by using the contact details which are specified above. Please note that, if you do object in this way, in some circumstances use of the website and access to the services which are offered on it may only be limited or may not be possible at all.
2. Scope and purposes of data processing
2.1 Accessing and using the website
Each time that the website and its subpages are accessed, use data is transferred by the respective internet browser and saved in server log files. The data records which are stored as part of this process contain the following data:
- Date and time of access
- Name of the subpage which is accessed
- IP address
- Referrer URL (original URL from which you have accessed the website)
- Amount of data transferred
- Product and version information for the browser used
The log files are evaluated by the operator in anonymised form in order to further improve the website and make it more user-friendly, find and rectify faults more quickly and manage server capacities. For example, this makes it possible to understand at which time use of the website is particularly popular and the operator can then make an appropriate volume of data available.
The admissibility of this processing is based on Art. 6 (1. (f)) GDPR, which states that the processing is lawful if it is necessary for the purpose of preserving the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The legitimate interest of the operator lies in providing a website containing information and offering services to its customers and optimising the operation of the website.
The data which is processed by the operator is required by it to enable you to access and make optimum use of the website. This data is data which necessarily needs to be processed while using any form of telemedia. You are not obliged to provide this data. However, the consequence of not providing it is that you will not be able to access the website or will not be able to access it in full.
Your IP address will be deleted or anonymised after you finish using the website. In the case of anonymisation, the IP addresses are amended in such a way that they can no longer be assigned to an identified or identifiable natural person or can only be assigned with a disproportionately large amount of time, costs and effort.
2.2 Contact form and e-mail at a click
If you wish to contact the operator, you can make use of a contact form to do so. As part of the process of completing this form, you need to specify the following details:
- First name
- Last name
- E-mail address
- Topic
In addition, you can voluntarily specify the following details:
- Phone number
- Message
In addition, at a number of places on the website you have the option with just one click to open an e-mail to be sent to the operator. The sender used here is automatically the e-mail address which is linked to your e-mail program. If you do not wish your e-mail address to be called up in this way, you can change this in the settings of your particular e-mail program.
The admissibility of this processing is based on Art. 6 (1. (b)) GDPR, which states that the processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. You are not obliged to provide this data. However, the consequence of not providing it is that you will not be able to send a message to the operator.
The personal data which is processed will be deleted after the expiry of the statutory retention obligations if the controller does not have a legitimate interest in continuing to retain this data. In any event, only the data which is really also absolutely needed for the purpose of achieving the corresponding purpose will continue to be stored. Where possible, the personal data will be anonymised.
2.3 Advertising
The operator uses your data for advertising purposes. The admissibility of this processing is based on Art. 6 (1. (f)) GDPR, which states that the processing is lawful if it is necessary for the purpose of preserving the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The use of data for advertising purposes represents a legitimate interest of the operator. The operator relies on actively presenting its services to new and existing customers.
As a customer of the operator, you will also regularly receive product recommendations by e-mail which are based on the products or services which you have already ordered. By doing this, the operator wishes to send you information about its services which you might be interested in, based on your last order or booking. If you no longer wish to receive such recommendations, you can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to the operator is sufficient for this. In addition, each e-mail contains a link to unsubscribe. The admissibility of this processing is based, beyond Art. 6 (1. (f)) GDPR, on Section 7 (3) of the German Unfair Competition Act.
The personal data which is stored for advertising purposes is saved by the operator and used in accordance with the statutory provisions unless you object to this. This data is deleted if the controller does not have a legitimate interest in continuing to retain it or statutory retention periods do not oppose such deletion. In any event, only the data which is really also absolutely needed for the purpose of achieving the corresponding purpose will continue to be stored.
2.4 Newsletter
To receive further information about the operator’s services, you can also subscribe to an e-mail newsletter. The newsletter is sent out using what is known as the double opt-in method, i.e. you will only receive a newsletter by e-mail if you have previously explicitly confirmed that the newsletter service should be activated. Once you have activated the newsletter, you will receive a notification e-mail containing a link for activation. You will only receive the newsletter once you click on this link.
You can deactivate the newsletter at any time. You can contact the operator to do this (contact details above) or use the unsubscribe link which is provided in each newsletter.
The admissibility of this processing is based on Art. 6 (1. (a)) GDPR, which states that the processing is lawful if the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
The provision of your data is optional but is required to be able to receive the newsletter.
If you withdraw your consent or unsubscribe from the newsletter, your data will be deleted unless the controller has a legitimate interest in continuing to retain it. This may be the case if the operator needs to continue to store your data as a result of a contract with you. In addition, statutory retention periods may also oppose such deletion. In any event, only the data which is really also absolutely needed for the purpose of achieving the corresponding purpose will continue to be stored.
2.5 Investor Relations
Under the menu item Investor Relations, interested investors can gain access to the protected investor section. The following details need to be provided to do this:
- E-mail address
- Password
- Title
- First name
- Last name
- Company
- Street
- Postcode
- City Country
Registration takes place using what is known as the double opt-in method, i.e. activation can only take place if you have previously explicitly confirmed this. For this purpose, you will receive an e-mail containing a confirmation link. Only once you click on this link can activation take place. After this, the registered investors are able to log in using their e-mail address and their password. This gives them access to the investor website, where the investors are provided with relevant information such as quarterly reports and annual management reports.
The admissibility of the data processing associated with this is based on Art. 6 (1. (b)) GDPR, which states that the processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The operator requires the data which you provide in order to complete the registration process and grant you access to the investor section. You are not obliged to provide this data. However, if you do not provide this data, it is not possible to access the investor section.
The data which is collected as part of investor relations will be deleted by the operator, unless there is a legitimate interest in continuing to store it or statutory retention periods oppose such deletion.
2.6 e-box
Customers who have already registered have the option to log in via the e-box using their user name and password. The log-in details are assigned by the respective sales manager. Customer master data such as name and address are stored in the customer section. In this section, customers can then submit orders and track the production dates and delivery dates for these orders. To make an order, the order details and possible delivery dates need to be entered. Existing orders can also be amended by entering the order details. The order status can be tracked using the existing order details. In addition, it is possible to view the route planning and keep a track on the precise delivery time. Delayed orders are likewise displayed to customers. Customers also have the opportunity to view the stock movements and the production planning.
The operator uses the data which you provide so that it can assign them to your customer profile and enable you to perform the abovementioned activities (such as placing an order). The admissibility of this processing is based on Art. 6 (1. (b)) GDPR, which states that the processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
The provision of your data is voluntary. However, without this data it is not possible to log into and use the e-box section of the website. The data which is collected as part of e-box will be deleted by the operator, unless there is a legitimate interest in continuing to store it or statutory retention periods oppose such deletion.
2.7 Use of cookies
The operator uses what are known as cookies. These are small data packages which normally consist of letters and numbers and are stored on a browser when you visit certain websites. The cookies enable the website to recognise your browser, track your activity as you browse various sections of the website and identify you when you return to the website. Cookies do not contain any data that identifies you personally, but the information about you which is stored by the operator may be assigned to the data which is obtained from the cookies and is stored in them.
Information which the operator obtains from you through the use of cookies may be used for the following purposes:
- Recognising the user’s computer when visiting the website
- Tracking the user’s browsing activities on the website
- Improving the user-friendliness of the website
- Evaluating the use of the website
- Operating the website
- Preventing fraud and improving the security of the website
- Individual configuration of the website, taking account of the needs of users
Cookies do not cause any damage on a browser. They do not contain any viruses and also do not allow the operator to spy on you. Two types of cookies are used:
- Temporary cookies are automatically deleted when your browser is closed (session cook-ies).
- By contrast, persistent cookies have a longer lifespan. This type of cookie makes it pos-sible for you to be recognised the next time you visit a website after you have left it. The-se cookies are deleted after no more than 30 days.
The cookies enable the operator to understand your user behaviour for the abovementioned purposes and to an appropriate extent. They are also designed to enable you to enjoy optimised browsing of the operator’s website. The operator also only ever collects this data in anonymised form.
The admissibility of this processing is based on Art. 6 (1. (a)) GDPR, which states that the processing is lawful if the user user gives his consent. The operator’s legitimate interest lies in presenting its website in an optimised way. You are not obliged to provide this data. However, the data needs to be provided to be able to access the operator’s website without any problems (technically necessary cookies). If you do not accept cookies or delete cookies that have already been set, this may result in restrictions to the way the website works.
2.8 Cookie consent management
The operator uses the CCM19 cookie consent technology of Papoo Software & Media GmbH, Auguststrasse 4, 53229 Bonn to obtain your consent to save certain cookies on your terminal and to record these as required by data protection legislation.
When you visit our website, a CCM19 cookie in which your various consents or the revocation of your consents is saved on your browser. At this time the following information, amongst others, is captured: the data and time the website was accessed, a random ID and consent status. This information is not passed to the CCM19 provider.
You can revoke the consents you have given via CCM19 at any time by using of the following link: Revoke cookie settings
The data that is captured is saved until you ask us to delete it or you delete the CCM19 cookie yourself, or the purpose for saving the data no longer applies. Mandatory statutory retention periods are not affected.
CCM19 cookie consent technology is used to collect the legally required consents for the use of cookies. The legal basis for this is Article 6(1c) of the GDPR in conjunction with § 25(1) of the German Telecommunications Digital Services Data Protection Act (Teledienstedatenschutzgesetz (TDDDG)).
2.9 Meta-pixel
The operator uses what is called a “meta-pixel” of the Facebook social network which is operated by Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, (“Facebook”).
The meta-pixel enables Facebook to identify you, a visitor to our on-line presence, as a target audience for the display of advertisements (so-called “Facebook-ads”). Accordingly, the operator uses the meta-pixel to display the Facebook-ads he screens solely to the Facebook users who have also indicated an interest in the on-line offering or who indicate the specific criteria (e.g. interest in certain subjects or products which are apparent from the websites visited) and which the operator has communicated to Facebook (known as “custom audiences”). By using the meta-pixel, the operator also wishes to ensure that the Facebook-ads correspond to the potential interest of the users and do not inconvenience them. By use of the meta-pixel the operator can also track the effectiveness of the Facebook-ads for statistical and marketing purposes by enabling us to see whether users, after clicking on a Facebook-ad, are transferred to our website (known as “conversion”). The data is processed by Facebook in accordance with Facebook’s data policy. Thus you will find general information on the display of Facebook-ads in Facebook’s Data Policy. You will also find specific information and details on the Face-book pixel and the way it works in Facebook’s Help section.
Use of the meta-pixel and the saving of “conversion cookies” are based on Article 6(1a) of the GDPR (Consent). The lawfulness of access to the terminal is based on § 25(1) of the TDDDG (Consent). You can revoke your consent at any time with effect for the future by changing your cookie settings via the consent management tool.
The personal data collected by the use of tracking tools is deleted provided that the data controller does not have a legitimate interest in continuing to save the data. In any event, only the data which is also absolutely essential for achieving the corresponding purpose will continue to be stored. Where possible, the personal data will be anonymised.
There is no statutory or contractual requirement to provide the data.
This data may, under certain circumstances, be sent to countries outside the EU or EEA. You can learn more about this in Facebook’s Data Policy. Compliance with the standard data protection clauses including appropriate protective measures is guaranteed by Facebook. Facebook is also certified in line with the Data Privacy Framework. The transfer of data is therefore legitimised as required by Article 45 of the GDPR.
2.10 The Trade Desk pixel / cookies
The operator uses a variety of pixels and cookies from the provider “The Trade Desk, Inc.”, 42 N Chestnut St, Ventura, CA 93001, USA (“Trade Desk”).
The operator uses this pixel to track the interaction of the website visitors to the website in order to measure the success rate of advertising campaigns and to undertake re-targeting.
The use of the Trade Desk pixel is based on Article 6(1a) of the GDPR (Consent). The lawfulness of access to the terminal is based on § 25(1) of the TDDDG (Consent). You can revoke your consent at any time with effect for the future by changing your cookie settings via the consent management tool.
The personal data collected by the use of tracking tools is deleted provided that the data controller does not have a legitimate interest in continuing to save the data. In any event, only the data which is also absolutely essential for achieving the corresponding purpose will continue to be stored. Where possible, the personal data will be anonymised.
There is no statutory or contractual requirement to provide the data.
This data may under certain circumstances be sent to countries outside the EU or EEA. In order to guarantee compliance with European regulations on data protection with regard to the transfer of data, Trade Desk is certified in accordance with the Data Privacy Framework in respect of data transfer to the USA. The transfer of data is therefore legitimised as required by Article 45 of the GDPR. It is also possible that data is transferred to their British subsidiary “The UK Trade Desk Ltd.”, One Bartholomew Barts Square, London C1A 7BL, England. Data transfer of this nature is also legitimised in accordance with Article 45 of the GDPR on the basis of an adequacy decision. Further information on the protection of your personal data by Trade Desk can be found at https://www.thetradedesk.com/de/privacy.
2.11 Google maps / Google fonts
The operator uses the map service of Google Maps. This is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The use of this service enables information on the use of the website (for example, the date and time the website is accessed, the IP address etc.) to be sent to Ireland where it is saved. Data may also be sent to the USA, where appropriate. The transfer of data to a third country such as the USA is lawful if the conditions of Article 46 of the GDPR are met and on the basis of the standard and valid contractual clauses included in the contract with Google. These clauses were approved by the European Commission and guarantee appropriate protection of your personal data. You will find further information on this matter by visiting Google itself at https://policies.google.com/privacy/frameworks?hl=de. You can access information on the standard data protection clauses on the European Commission’s website (https://ec.europa.eu/info/index_de). Google is also certified under the Data Privacy Framework with the result that an adequacy decision as required by Article 45 of the GDPR is in place.
Google uses the data for the purposes of promotion, market research and/or to configure its website so that it is appropriate to its needs. At this time it is possible for a link to your user account to be created if you are logged in. If you do not want this to happen, you must log out before using Google Maps and Google Fonts. You can prevent the execution of Google Maps by deactivating or blocking Java Script in your browser settings.
The usage data is saved by Google. Further information on this matter can be found in Google’s Privacy Policy and Terms and Conditions of Use. https://policies.google.com/privacy/frameworks?hl=de.
The operator uses external fonts via the Google Fonts service for the integration of Google Maps. This service is also operated by Google (see above). The use of this service enables information on the use of the website (for example, the date and time the website is accessed, the IP address etc.) to be sent to Ireland where it is saved. Data may also be sent to the USA where appropriate. The transfer of data to a third country such as the USA is lawful if the conditions of Article 46 of the GDPR are met and on the basis of the standard and valid contractual clauses included in the contract with Google. These clauses were approved by the European Commission and guarantee appropriate protection of your personal data. You will find further information on this matter by directly accessing the following page on Google’s website https://policies.google.com/privacy/frameworks?hl=de. You can access information on the standard data protection clauses on the European Commission’s website (https://ec.europa.eu/info/index_de).
The operator uses Google Fonts to enable you to use external fonts to improve the presentation of the Google Maps map function.
The operator does not save any personal information about the incorporation of Google Fonts. The data is saved by Google in accordance with its own Privacy Policy. Further information on this matter can be found in Google’s Privacy Policy and Terms and Conditions of Use. https://policies.google.com/privacy/frameworks?hl=de.
The operator uses Google Maps to enable you to use the interactive maps for selecting a route. As cookies are also set when you use Google Maps, the lawfulness of this in the first instance is determined by § 25(1) TDDDG (Consent).
The lawfulness of further processing is based on Article 6(1a) of the GDPR (Consent. You can give your consent to the use of Google Maps by enabling the use of Google Maps by clicking on “Display Google Maps content” in the overlay window in the map field. The use of data for the purpose of the provision of the maps in order to select a route is therefore voluntary. However, this use makes it easier to find the way to the operator’s sites.
You can reset your cookie settings or revoke your consent at any time by means of the consent management tool.
There is no statutory requirement to provide the data, nor is it necessary for the conclusion of a contract. The consequence of failing to provide the data is that you cannot make use of the function.
2.12 YouTube
The operator uses YouTube videos on the website. YouTube is a service of
YouTube LLC (“YouTube”), 901 Cherry Ave., San Bruno, CA 94066, USA and is provided by this company. YouTube LLC is a subsidiary of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you watch a YouTube video, personal data is sent to YouTube’s servers as a Google service headquartered in the USA. By visiting the website, YouTube receives information that you have accessed the corresponding sub-page of our website. In addition, it is possible that additional information on the use of the website (for example the date and time of the access, the IP address etc.) is sent to Google servers (possibly in a third country such as the USA) where it is saved. This occurs irrespective of whether YouTube provides a user account that you have used to log in, or whether no user account exists. The transfer of data to a third country such as the USA is lawful if the conditions of Article 46 of the GDPR are met and on the basis of the standard and valid contractual clauses included in the contract with Google. These clauses were approved by the European Commission and guarantee appropriate protection of your personal data. You will find further information on this matter by visiting Google itself at https://policies.google.com/privacy/frameworks?hl=de. You can access information on the standard data protection clauses on the European Commission’s website (https://ec.europa.eu/info/index_de).
Google uses the data for the purposes of promotion, market research and/or to configure its website so that it is appropriate to its needs. At this time it is also possible for a link to your user account to be created if you are logged in. If you do not want this to happen, you must log out before using Google Maps and Google Fonts. Google’s Terms and Conditions of Use and Data Protection Policy apply (cf. above).
The operator uses YouTube videos to make videos on a range of subjects available to you. The lawfulness of access to the terminal is based on § 25(1) of the TDDDG (Consent). The lawfulness of further processing is based on Article 6(1a) of the GDPR (Consent. You can consent to the use of YouTube by clicking on “Show the YouTube Video” in the overlay window. The use of YouTube is therefore voluntary.
You can reset your cookie settings or revoke your consent at any time by means of the consent management tool.
There is no statutory requirement to provide the data, nor is it necessary for the conclusion of a contract. The consequence of failure to provide the data is that you cannot use our website or cannot make full use of it.
2.13 Web presence on social media (YouTube, Vimeo, Xing, LinkedIn)
As well as this website, we also maintain a presence on social networks (YouTube, Facebook, Vimeo, Xing; LinkedIn) which you can access via corresponding buttons on our website (link set up). As soon as you visit such a presence, these services store and process users’ personal data in accordance with the terms of use that apply in each case. We wish to point out that we do not have any influence over the way that the data is collected and used further by the social networks.
If while visiting our website you follow the links and are logged in via your personal user account, the information that you have visited our website will be passed on to the respective social network and stored there. The visit to this website can then be assigned to your user account. To prevent this, you must log out of your account before clicking on the link.
For details of the purpose and scope of data collection by the respective service and the further processing of your data which takes place there as well as your rights in this regard, please consult the respective privacy policies of these providers:
- YouTube: https://policies.google.com/privacy?hl=de&gl=de
- Vimeo: https://vimeo.com/de/features/video-privacy
- Xing: https://privacy.xing.com/de/datenschutzerklaerung
- LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
2.14 Application
(1) Application via the website and by e-mail
On the website you have the opportunity to apply for our job vacancies. To do this, you need to specify a range of information. These mandatory details are highlighted. Other details that you may specify are voluntary, such as providing the link to your personal LinkedIn profile. We offer you the opportunity to import the curriculum vitae that is required for the application from your LinkedIn profile. In addition, you have the opportunity to apply to us via e-mail.
The controller processes your data for the purpose of conducting the application procedure. The admissibility of this processing is based on Section 26 of the German Data Protection Act (new), which states that personal data of employees may be processed for employment-related purposes where this is necessary for making a decision on hiring a person.
Sometimes it may be necessary for us to process your data for the purpose of enforcing, exercising or defending legal claims. This is based on Art. 6 (1 (f)) GDPR. The same legal basis applies to the use of this data for internal analyses for the purpose of optimising the work processes taking place.
If you do not provide the necessary details and documents to the controller, the controller will not be able to consider you in the application procedure. This means that this data must be provided to be able to enter into a contract.
(2) Future job advertisements
If you have given consent to your data being stored for a longer period of time, the controller will contact you when suitable vacancies arise.
The admissibility of this processing is based on Art. 6 (1 (a)) GDPR (consent).
Your data will be deleted after you withdraw your consent, unless the controller has a legitimate interest in continuing to retain it. This may be the case if the controller needs to continue to store your data as a result of a contract with you.
You can withdraw your consent to this processing at any time.
(3) Duration of storage
Your data is first stored when the application is received. The duration of this storage is determined primarily by the legal retention obligations and by our legitimate interest in continuing to retain it. If you are rejected for a job, your application documents and data will be retained for six months, unless you have given your consent to a longer period of retention.
A longer period of retention may arise in a specific case if we have a legitimate interest in this and your legitimate interests do not oppose it.
If an appointment is made, your data will be stored for the purpose of conducting an employment relationship and processed as employee data.
2.15 Use of Matomo Analytics
The operator uses the Matomo web analysis service. Matomo generates statistics about your user data by means of session cookies and with the aid of Javascript when you access and use the website. The statistics include, amongst other items, the data and time of your visit to the website, your browsing habits on the website and the browser you use.
The operator will use this information for the statistical assessment of the website use and, based on the assessments, for the continual improvement of the user experience.
The lawfulness of this processing is based on Article 6(1a) of the GDPR and, for setting the session cookies, § 25(1) of the TDDDG. The provision of your personal data is voluntary and is not necessary for the use of the website.
The personal data collected by the use of Matomo is retained for 26 months. Where possible, the personal data is anonymised.
You can revoke your consent at any time via the Content Management Tool.
3. RIGHT TO INFORMATION, RECTIFICATION, ERASURE, RESTRICTION, OBJECTION AND DATA PORTABILITY
If your personal data is processed, you are a data subject within the meaning of the GDPR and you enjoy the following rights within the framework of the statutory regulations:
3.1 Right to information
On request, the operator will provide you with information on whether it processes data about you. The operator will endeavour to deal with requests for information swiftly.
3.2 Right to erasure
You have the right to demand that the operator erases personal data concerning you without undue delay, and the operator is obliged to erase personal data concerning you without undue delay if one of the grounds specified in Art. 17 (1 (a)-(f)) GDPR applies.
3.3 Right to restriction
You have the right to demand that the operator restricts the processing if one of the requirements of Art. 18 (1 (a)-(d)) GDPR is met.
3.4 Right to object
You have the right to object at any time, for reasons appertaining to your particular situation, to the processing of personal data concerning you which takes place on the basis of Art. 6 (1 (e)) GDPR; this also applies to profiling based on these provisions. The operator will no longer process your personal data, unless it can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing is used for the purpose of enforcing, exercising or defending legal claims.
If your personal data is processed to engage in direct advertising, you have the right at any time to object to the processing of personal data concerning you for the purpose of such advertising; this also applies to the profiling if it is associated with such direct advertising.
Please use the contact address which is specified above for your notification.
3.5 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the operator, in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from the operator to which the personal data was provided, where the processing is based on consent pursuant to Art. 6 (1 (a)) GDPR, Art. 9 (2 (a)) GDPR or on a contract pursuant to Art. 6 (1 (b)) GDPR and the processing is carried out by automated means.
4. WITHDRAWING YOUR CONSENT
If you have given your consent to the processing of your personal data and withdraw it, the processing which took place up to the withdrawal date remains unaffected by this.
5. RIGHT TO COMPLAIN
You have the right to lodge a complaint with a supervisory authority at any time (Art. 77 GDPR).
6. RECIPIENTS
The data collected when you access and use the website and the details which you specify will be transferred to the operator’s server and stored there. Apart from this, your data may be passed on to the following categories of recipients:
- People working for the controller who are engaged in the processing (e.g. marketing department, personnel management, customer service, secretariat)
- Affiliated companies
- Processors (e.g. computer centre, IT service provider, software support)
- The operator’s contractual partners (e.g. shipping providers, banks, tax advisers, banks in the case of the reimbursement of travel expenses)
7. LINKS TO THIRD-PARTY WEBSITES
When you visit the website, content which is linked to third-party websites may be displayed. The operator has no access to the cookies or other functions that are used by third-party websites, nor can the operator control them. Such third-party websites are not subject to the operator’s privacy policy.
8. MISCELLANEOUS
To make it easier to understand, the operator also makes this privacy statement available to you in English, French, Czech, Polish and Italian. However, if there is any doubt, the provisions of the German privacy statement shall be authoritative.
Last updated: May 2019
Information about data protection for business partners
Privacy Policy for the Profiles on Facebook and Instagram
1. General and scope
This data protection information applies to the processing of personal data in the context of accessing and using the profiles of Progroup AG on Facebook and Instagram (hereinafter jointly referred to as “fan page”).
This fan page is a user account of our company provided to us by Meta Ireland Limited (hereinafter “Meta”). Through this platform, we can present ourselves to the users of the Meta services and other people who visit the fan page and contact you.
When our fan page is accessed, so-called Insights Data (Facebook Insights or Page Insights) are collected. These are anonymised data, which enable us as the Operator to view statistical evaluations of the use of our fan page.
When collecting such Insights Data, personal data are also processed. This processing is the joint responsibility of Meta and us within the meaning of Art. 26 GDPR. The essential content of the agreement concluded between Meta and us is explained below.
1.1 Personal data (Art. 4 No. 1 GDPR)
The subject of privacy are personal data (hereinafter also referred to as “data“). This means all information relating to an identified or identifiable natural person, for example, information such as name, address, profession, e-mail address, state of health, income, marital status, genetic characteristics, phone number and, where applicable, user data such as the IP address.
1.2 Controllers (Art. 4 No. 7 GDPR, Art. 26 GDPR)
We (also referred to as “Progroup AG” or “Operator”) and Meta are jointly responsible for the processing of your personal data in the context of using the fan page.
Our contact details are:
Progroup AG
represented by the Board: Maximilian Heindl, Beate Flamm, Dr. Volker Metz, Dr. Marc Sesterhenn
Horstring 12
76829 Landau in der Pfalz
Phone: +49 (0) 6341 - 5576 0
Fax: +49 (0) 6341 - 5576 109
E-mail: info@progroup.ag
The contact details of Meta are:
Meta Ireland Limited
Board: Gareth Lambe, Shane Crehan
4 Grand Canal Square
Dublin 2, Ireland
1.3 Data Protection Officer
The Controller has appointed an external Data Protection Officer, who can be contacted under the following contact details:
MORGENSTERN consecom GmbH
Große Himmelsgasse 1
67346 Speyer
Phone: +49 (0) 6232 – 100 119 44
E-mail: datenschutz@progroup.ag
Meta has also appointed a Data Protection Officer, who can be contacted under the following link.
1.4 Level of responsibility
Meta takes primary responsibility for the processing of the Insights Data on the fan page since there is a legal basis for its processing.
1.5 Option to object
If you would like to object to the processing of your data by us on the fan page in general or for specific measures, you can do so using the contact details provided above.
You can also object to the processing of Insights Data against Meta.
You can also object to data processing by Meta by contacting us. We will forward your objection without delay.
Please note that in the event of such an objection, the use of the fan page and the retrieval of the services and information offered may only be possible to a limited extent or even not at all.
2. Access and use of the fan page, purposes and legal basis
2.1 Page Insights
When accessing and using the fan page, we process statistics about access to our fan page using the “Page-Insights-Data” function. We are not able to identify you personally or assign you to your account.
This function is an integral part of the user agreement with Meta that we cannot exclude. This means that we cannot solely decide whether the “Page Insights Data” are collected or not.
You can find more information about “Page Insights Data” and the use of cookies as well as the settings options here.
Please note that the Page-Insights-Data function can also be used to collect personal data from people who do not have a profile on Facebook or Instagram.
You can also restrict or completely prevent the setting of cookies in your browser settings. Furthermore, you can also arrange for the automatic deletion of cookies when closing the browser window here.
If you use the Facebook app or Instagram app, you can change settings for setting cookies by apps in the settings of your mobile device.
Information on the legal basis and the purpose of the processing on the part of Meta as well as the respective storage period can be found here.
Insofar as we process your personal data by visiting the fan page, the lawfulness of this processing for us is based on Art. 6 para. 1 f) GDPR (legitimate interest). We would like to use the analysis of the anonymised Insights Data to optimise the content of the fan page and thus attract additional users. In order to market our services in the best possible way, many fan page views are needed. The Page Insights Data help to do so.
The Insights Data collected via the fan page are processed anonymously. This means that the personal data collected are modified in such a way that they can no longer be attributed to an identified or identifiable natural person or can only be attributed to an identified or identifiable natural person with a disproportionate amount of time, cost and effort.
If you are registered with Facebook and Instagram, the provision of your personal data by Meta is contractually required. Otherwise, you cannot create an account. For non-registered users, the processing of Insights Data is voluntary. However, objecting to the processing or deactivating certain settings will result in not being able to access the fan page.
2.2 Communications via the fan page
Through the fan page, it is also possible for you to contact us via direct messages, like function or comments.
In the context of contacting us, the name that is stored in your profile as a username is displayed to the Operator.
The lawfulness of this processing is based on Art. 6 para. 1 f) GDPR (legitimate interest). The use of data for purposes of communication as part of using the fan page with the users of the fan page constitutes a legitimate interest of the Operator according to Art. 6 para. 1 f) GDPR.
The provision of your data is neither legally nor contractually required. However, it is necessary so that you can contact the Operator as described above.
The processed personal data will be deleted after communication unless the Operator has a legitimate interest in further storage. In any case, only those data will continue to be stored that are necessary to achieve the corresponding purpose. As far as possible, personal data will be anonymised.
3. Right of access, rectification, erasure, restriction, objection and data portability
In the context of using the fan page, you have the right to assert all the rights described in this Section both against Meta and against us. As part of the agreement that exists between us as the Operator of the fan page and Meta, we will, insofar as Meta is solely required to comply with your data subject rights, immediately forward your request to Meta.
You have the following rights: You have a right of access (Art. 15 GDPR), rectification (Art. 16 DS-GVO), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) as well as data portability (Art. 20 GDPR). We make every effort to process requests quickly.
If your personal data are processed on the basis of Art. 6 para. 1 f) GDPR, you have the right to object, provided that there are grounds relating to your particular situation or the objection is directed against direct marketing (Art. 21 GDPR). If you object to direct marketing, we will no longer send you advertising messages.
4. Withdrawal of your consent
If you have given your consent to the processing of your personal data and withdraw this consent, the processing that has been carried out up to the time of this withdrawal remains unaffected.
5. Right of complaint
You have the right to lodge a complaint with the competent supervisory authority at any time.
6. Recipients
The data collected when accessing and using the fan page and the information you provide when contacting us will be transmitted to Meta and stored there. Furthermore, your data may also be forwarded to employees and departments involved in the maintenance of this fan page.
Your personal data collected via the “Page Insights Data” will be transmitted partially to Meta’s servers in the USA and stored there. The transfer of data to a third country, such as the USA, is permitted under the conditions of Art. 46 GDPR and on the basis of the standard data protection clauses effectively included in the contract with Meta. They have been approved by the EU Commission and guarantee an adequate protection of your personal data. You can find more information here.
7. Links to third-party sites
When visiting the fan page, content may be displayed that is linked to third-party websites. The Operator does not have access to the cookies or other features used by third-party websites, nor can the Operator control them. Such third-party websites are not subject to the Operator’s Privacy Policy.
Privacy Policy for the YouTube profile
1. General
This Privacy Policy refers to the profile of Progroup AG on YouTube (hereinafter referred to as “YouTube presence”).
The YouTube profile is provided to Progroup AG by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter “YouTube”). YouTube is a subsidiary of Google Ireland Limited (hereinafter “Google”). Progroup AG manages the YouTube presence with a corresponding user account.
1.1 Personal data (Art. 4 No. 1 GDPR)
The subject of privacy are personal data (hereinafter also referred to as “data”). These are all information that relate to an identified or identifiable natural person, for example, information such as name, address, profession, e-mail address, state of health, income, marital status, genetic characteristics, phone number and, if applicable, user data such as the IP address.
1.2 Controller and Data Protection Officer
The Controller for the processing of your personal data in the context of using the YouTube presence is Progroup AG (hereinafter referred to as the “Operator” or “Controller”), represented by the Board: Dr. Volker Metz and Maximilian Heindl.
The contact details are:
Progroup AG
Horstring 12
76829 Landau in der Pfalz
Phone: +49 (0) 6341 - 5576 0
Fax: +49 (0) 6341 - 5576 109
E-mail: info@progroup.ag
The Controller has appointed an external Data Protection Officer, who can be contacted under the following contact details:
MORGENSTERN consecom GmbH
Große Himmelsgasse 1
67346 Speyer
Phone: +49 (0) 6232 – 100 119 44
E-mail: datenschutz@progroup.ag
2. Data processing details
Interacting with our YouTube account
If you are logged in with your personal YouTube account, you can interact with the Operator of the YouTube presence (e.g. sharing, liking, disliking, commenting). In this case, YouTube collects your data and provides them to the Operator (e.g. your username and profile picture). In this process, the Operator may also store and further process the data. However, the Operator does not store such data on its own systems, nor are these data systematically processed beyond an occasional notice.
The Operator uses these data for the purpose of providing videos to illustrate the services and products offered. This data processing is carried out according to Art. 6 para. 1 f) GDPR (legitimate interest). The legitimate interest results from the purpose of optimising our YouTube presence and the content published there.
For more information about YouTube’s data processing, please refer to Google’s privacy policy at the following link:
https://policies.google.com/privacy
3. Recipients
The data collected when accessing and using the YouTube account are transferred to the YouTube server in the USA and stored there. The transfer of data to a third country, such as the USA, is permitted under the conditions of Art. 46 GDPR and on the basis of the standard data protection clauses effectively included in the contract with Google: https://policies.google.com/privacy/frameworks?hl=de
In addition, your data may be disclosed to employees of the Controller who are involved in the processing.
4. Storage period
The data collected when accessing and using the YouTube account are not stored by the Operator on its own systems. The data are stored by Google in accordance with its own privacy provisions. You can find more information in this regard directly at Google: https://policies.google.com/privacy
5. Your rights
You have the following rights: You have a right of access (Art. 15 GDPR), rectification (Art. 16 DS-GVO), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) as well as data portability (Art. 20 GDPR).
In addition, you have the right to contact a supervisory authority.
If your personal data are processed on the basis of Art. 6 para. 1 f) GDPR, you have the right to object, provided that there are grounds relating to your particular situation or the objection is directed against direct marketing (Art. 21 GDPR). If you object to direct marketing, we will no longer send you advertising messages.
You can withdraw your consent given to the Operator at any time with effect for the future. However, such withdrawal will not affect the data processing based on this consent that has been carried out until then.
For your notification, please use the contact address of the Controller indicated in the legal notice.
Privacy information for external users of Microsoft Office 365 and Microsoft Teams
Privacy Policy for the profile on LinkedIn
1. General and scope
This data protection information applies to the processing of personal data in the context of accessing and using the company profile of Progroup AG (hereinafter “Progroup”) on www.linkedin.com and affiliated sites (hereinafter “LinkedIn profile”).
The LinkedIn profile is made available to Progroup by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”). Progroup administers the LinkedIn profile with a corresponding user account.
2. Controller
In principle, Progroup AG (hereinafter also referred to as the “Operator” or “Controller”) is responsible for the processing of your personal data in the context of using the LinkedIn profile.
In addition, LinkedIn processes personal data for its own purposes every time the LinkedIn services are used. Progroup has no control over this data processing and LinkedIn acts as the sole controller.
Progroup is jointly responsible with LinkedIn for the processing of so-called Page Insights data.
You can contact Progroup at:
Progroup AG
represented by the Board: Maximilian Heindl, Beate Flamm, Dr. Volker Metz, Dr. Marc Sesterhenn
Horstring 12
76829 Landau in der Pfalz
Phone: +49 (0) 6341 - 5576 0
Fax: +49 (0) 6341 - 5576 109
E-mail: info@progroup.ag
The contact details of LinkedIn are:
LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2, Ireland
Contact form: https://www.linkedin.com/help/linkedin/solve
3. Data Protection Officer
The Controller has appointed an external Data Protection Officer, who can be contacted at MORGENSTERN consecom GmbH, Große Himmelsgasse 1, 67346 Speyer and privacy@morgenstern-privacy.com.
LinkedIn has also appointed a Data Protection Officer, who can be contacted at at https://www.linkedin.com/help/linkedin/ask/TSO-DPO
4. Details on data processing
4.1 Interaction with the LinkedIn profile
If you are logged in with your personal LinkedIn account, you can interact with the Operator of the LinkedIn profile (e.g., like or comment on a post). In doing so, the associated data are processed by the Operator (e.g., your username and profile picture).
The Operator uses the data to optimise the offered content and its presentation and to adapt them to the respective user interests. This data processing is carried out according to Art. 6 para. 1 f) GDPR (legitimate interest). The legitimate interest of Progroup lies in optimising the LinkedIn profile and the content published there.
4.2 General use of LinkedIn
When you use LinkedIn’s offerings, LinkedIn processes personal data about you, for example, your IP address, location data, time zone settings, advertising IDs, app and browser versions, and data about your device (system, network type, device ID, screen resolution, operating system, audio settings, and connected audio devices). The LinkedIn profiles and pages you access, likes, messages and other usage data are also processed. If you are logged in with your own LinkedIn account, these data are assigned to your account.
For more information on the processing of your data via LinkedIn, please refer to LinkedIn’s Privacy Policy.
4.3 Page Insights
When accessing and using the LinkedIn profile, so-called Page Insights are also processed. These data provide information about how many users have accessed the LinkedIn profile or its posts at what time. The data are provided to the Operator in aggregated form as statistics. There is no possibility for Progroup to identify you personally or to assign you to your account.
You can find more information on Page Insights here.
Please note that Page Insights may also be collected from you if you do not have your own LinkedIn account or are not logged in with one.
The lawfulness of this processing is based on Art. 6 para. 1 f) GDPR (legitimate interest). With the evaluation of the anonymised Page Insights, Progroup would like to optimise the content of the profile and thus attract additional users. The Page Insights help to do so.
4.4 Communications via the profile functions
Via the LinkedIn profile, it is possible to contact the Operator via direct messages, the like function or comments. In the context of this contact, the name that is stored in your profile as a username is displayed.
The lawfulness of this processing is based on Art. 6 para. 1 f) GDPR (legitimate interest). Communication with users is particularly important to Progroup in order to answer questions, respond to criticism, build a relationship and exchange information. Communication via social media is therefore an important part. Comments are stored on the profile for an unlimited period and can be viewed by other users. The same applies to the use of the like function and direct messages.
5. Recipients
The data collected when accessing and using the LinkedIn profile are transmitted to the LinkedIn server and stored there. It cannot completely be avoided that your data are also transmitted to LinkedIn servers in third countries, e.g., the USA, and stored there. The transfer of data to a third country, such as the USA, is permitted under the conditions of Art. 46 GDPR and on the basis of the standard data protection clauses effectively included in the contract with LinkedIn. They have been approved by the EU Commission and guarantee an adequate protection of your personal data. You can find more information here.
Furthermore, your data may be processed by Progroup employees who are involved in maintaining the LinkedIn profile and who respond to your messages.
6. Storage period
The data collected when accessing and using the LinkedIn profile are not stored by the Operator on its own systems. The data are stored by LinkedIn in accordance with its own privacy provisions. You can find more information in this regard directly at LinkedIn: https://www.linkedin.com/legal/privacy-policy.
If you contact Progroup directly via the LinkedIn profile, the associated data may also be stored by Progroup. In such cases, the data are only stored for as long as it is necessary to process your request.
7. Data subject rights
You have the following rights: You have a right of access (Art. 15 GDPR), rectification (Art. 16 DS-GVO), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) as well as data portability (Art. 20 GDPR).
If your personal data are processed on the basis of Art. 6 para. 1 f) GDPR, you have the right to object, provided that there are grounds relating to your particular situation or the objection is directed against direct marketing (Art. 21 GDPR). If you object to direct marketing, we will no longer send you advertising messages.
Consent given to us for the processing of personal data can be withdrawn at any time with effect for the future. However, the lawfulness of the processing until the withdrawal remains unaffected. For your message, please use our contact address given in the legal notice.
You have the right to lodge a complaint with the competent supervisory authority at any time. You can obtain an overview of the competent supervisory authorities by following this link.