Data protection declaration

The Responsible Party in the sense of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection legal provisions is:

igus® GmbH

Spicher Str. 1a

D-51147 Cologne

Tel.: +49 2203 9649 0

Fax: +49 2203 9649 222

Email: info@igus.de

igus GmbH’s Data Protection Officer (DPO) is:

Mr Ingo Wolff

tacticx GmbH

Walbecker Straße 53

47608 Geldern

Email: datenschutz@igus.de

We waive the use of female and male personal pronouns for reasons of better readability.

1. General items on data processing

1.1 Processing of personal data and its purpose

igus GmbH (hereinafter referred to as “igus” or “we”) processes users’ personal data solely when it is needed to provide a functioning website as well as our contents and services. When visiting our web pages, the following data are processed:

Processing and temporary storage of IP addresses is needed in order to deliver the web pages to the user's computer. The user’s IP address is stored for the duration of the session. The logfiles contain IP addresses or other data which make it possible to classify the user. These are stored in logfiles in order to ensure the functional capabilities of the web pages. In addition, the data are used to optimise our web pages, as well as to ensure the security of our IT systems. All processing of personal data is only performed for the named purposes, and in the scope needed to achieve these goals. These data are not used for purposes of advertising, customer advice and market research.

1.2 Legal principles for processing personal data

As a rule, we process our users’ personal data after the user has consented. An exception exists in those cases where obtaining the consent is not possible for factual reasons, and the processing of the data is allowed by statutory rules. Storage of data and logfiles is done on the basis of Art. 6 No. 1, let. f of the GDPR.

1.3 Data erasure and duration of storage

Personal data of those impacted is erased or blocked by us as soon as the purpose of their storage is no longer present. In the case of data processing to provide the web pages, these data are erased when the respective session ends. Storage beyond that period is possible if the user’s IP address has been erased or removed, which prevents assignment of the visiting client.

2. Cookies

We use cookies in many places on our web pages. If a user calls up our web pages, a cookie is stored on the user’s operating system. A cookie contains a characteristic sequence of characters which provides clear identification of the browser when our web pages are visited again. The following data are stored and forwarded in the cookies:

The purpose of using cookies is for user-friendly structuring of our web pages. Processing of personal data using cookies is done on the basis of Art. 6 No. 1, let. f of the GDPR. Cookies are stored on the user’s computer and forwarded from there to our web pages. The user can deactivate or restrict the forwarding of cookies by changing the settings on their Internet browser. Cookies which are already stored can be erased at any time. If cookies for our web pages are deactivated, it is possible that not all functions of our web pages can be completely used.

3. Google Analytics

Our web pages use Google Analytics, a software from Google, Inc., for statistical assessment of user accesses. We use the web analyses to improve the quality of our web pages and their contents. Google Analytics uses cookies (see above) which make it possible to analyse the use of our web pages. The data processing related to this is performed on the basis of Art. 6 No. 1, let. a of the GDPR. The web analysis of the web pages can be technically stopped by the user by deactivating JavaScript and cookies in his web browser. Details about the settings for this can be found in the product descriptions or instructions from the respective browser providers. Data processing by Google can also be prevented by the user adding a browser add-on to deactivate Google Analytics. Further information, as well as the add-on, can be found at https://tools.google.com/dlpage/gaoptout?hl=de. Further information about user provisions and data protection with Google Analytics can be found at https://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/.

4. Hub Spot

Our web pages use HubSpot, a software from HubSpot Inc., USA. We use this software in the area of inbound marketing in order to detect user behaviour using statistical analyses and assessment of logs, to better coordinate and optimise our marketing strategy. We also use HubSpot to create web pages and as a technology to send promotional emails. The data processing related to this is performed on the basis of Art. 6No. 1, let. a of the GDPR. The web analysis of the web pages can be technically stopped by the user by deactivating JavaScript and cookies in his web browser. Details about the settings for this can be found in the product descriptions or instructions from the respective browser providers. More information about user provisions and data protection with Hub Spot can be found at https://legal.hubspot.com/privacy-policy.

5. Google Remarketing

Our web pages use Google Remarketing, a software that serves to present users our advertising related to users’ interests. Google Remarketing uses cookies for this (see above). The data processing related to this is performed on the basis of Art. 6 No. 1, let. a of the GDPR. This function can be technically stopped by the user by deactivating JavaScript and cookies in their web browser. Details about the settings for this can be found in the product descriptions or instructions from the respective browser providers. Data processing by Google can also be prevented by the user adding a browser add-on to deactivate Google Analytics. More information about user provisions and data protection from Google Remarketing can be found at https://policies.google.com/technologies/ads?hl=de.

6. Live Chat

Our web pages use a live chat software from LiveChat, Inc. The software serves to provide personal conversation to the user in the form of a real-time chat. Live Chat uses cookies (see above) which make it possible to analyse the use of our web pages. The data processing related to this is performed on the basis of Art. 6 No. 1, let. a of the GDPR. The web analysis of the web pages can be technically stopped by the user by deactivating JavaScript and cookies in their web browser. Details about the settings for this can be found in the product descriptions or instructions from the respective browser providers. More information about user provisions and data protection with Live Chat can be found at https://www.livechatinc.com/privacy-policy/.

7 Additional Tools

7.1 Mouseflow

Our web pages use Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. Mouseflow uses cookies (see above) which make it possible to analyse the use of our web pages. The data processing related to this is performed on the basis of Art. 6 No. 1, let. a of the GDPR. The web analysis of the web pages can be technically stopped by the user by deactivating JavaScript and cookies in their web browser. Details about the settings for this can be found in the product descriptions or instructions from the respective browser providers. More information about user provisions and data protection with Mouseflow can be found at https://mouseflow.de/privacy/. If you don’t want this to be recorded, you can deploy this on all Mouseflow web pages by deactivating using the following link: https://www.mouseflow.de/opt-out.

7.2 SurveyMonkey

Our web pages use SurveyMonkey, a web analysis tool of SurveyMonkey Inc., SurveyMonkey Europe UC, SurveyMonkey Brasil Internet Ltda. and their affiliates (collectively “SurveyMonkey”), except where otherwise noted. SurveyMonkey uses cookies (see above), which enable us to analyse of the use of our website. In this context, data processing is carried out according to Article 6 (1) (a) GDPR. Web analysis can be prevented by the user of the web pages by deactivating JavaScript and cookies in his web browser. Details of the settings required for this can be found in the product descriptions and instructions of various browser providers. Further information on SurveyMonkey's Terms and Conditions and Data Privacy can be found at https://www.surveymonkey.com/mp/legal/privacy-policy/. If you do not want to be recorded, you can disable recording on all web pages that use SurveyMonkey by clicking on the following link: https://help.surveymonkey.com/articles/en_US/kb/opt-out.

8. Promotional Emails (igus® News Newsletter)

One can subscribe to a free-of-charge promotional email on our web pages. If you decide to subscribe, the following personal data will be processed by us:

The user's consent will be obtained to process the data in the context of the subscription process, and the user will be referred to this data protection declaration. The data in connection with the data processing to send the promotional emails will not be forwarded to third parties. The data will solely be used to send the newsletter. The legal basis for processing the personal data after subscribing to the promotional email is Art. 6 No. 1, let. a of the GDPR. We will store the user’s email address as long as the subscription to the promotional email remains active. The subscription can be terminated at any time by selecting the relevant link contained in each promotional email. With that, personal data will be erased after 30 days.

9. Promotional Email Tracking

The igus® GmbH newsletter contains the so-called “counting pixels”. A counting pixel is a miniature graphic which is embedded in such emails, which is sent in HTML format in order to enable logfile recording and logfile analysis. This allows us to perform a statistical assessment of the success or failure of on-line marketing campaigns. Using these embedded counting pixels, igus can recognise whether and when an email was opened by an impacted person, and which links found in the email were called up by the impacted person.

Should counting pixels in the newsletter collect personal data, these will be stored by the Responsible Party responsible for processing and assessed in order to optimise newsletter sending, and to adapt the contents in future newsletters better to the interest of the impacted person. These personal data will not be forwarded to third parties. Impacted persons have the right at any time to withdraw their agreement which they had granted using the special double opt-in agreement. After withdrawal, these personal data will be erased by the Responsible Party for further processing. Unsubscribing from the newsletter automatically means a withdrawal to igus® GmbH.

10. Artegic

The igus® promotional email is sent using Artegic’s platform: Artegic AG, Zanderstraße 7, 53177 Bonn. If you have consented to receiving our igus® Newsletter and promotional emails, we will use your email address to send this email with information about products, news, trade fairs and events. We store reaction data to each mailing by receiver. This remains available for 30 days. In addition, we determine receiver-related, automated interests by measuring click behaviour to categorised links, compressing recipient-related reaction numbers, such as for an activity score, and measure recipient-related click behaviour on the linked target page. You can withdraw your consent at any time by unsubscribing the igus® news on our website, or by using the unsubscribe link in the respective email.

11. Contact form and email contact

Various contact forms are present on our web pages which can be used to contact us electronically. If the user takes this opportunity, the data which is recorded on the input mask will be sent to us and stored:

Depending on the respective contact form, further data can also be entered in the input mask. As an alternative, one can contact us at the provided email address. In this case, we will store the personal data of the user which is contained in the email. The legal basis for processing the personal data is Art. 6 No. 1, let. a of the GDPR. The legal basis to fulfil goal of contacting to conclude a contract is Art. 6 No. 1 let. B of the GDPR. The data will solely be used to process the contact and for subsequent communication. The associated data will not be disclosed to third parties. If the data are to be used for other purposes, we will first obtain the user’s consent. The personal data from the contact form’s input mask and sent by email will be erased if the respective communication with the user has been completed; that is, as soon as the circumstances dictate that the relevant facts have been finally clarified.

12. Request for catalogues and samples

A contact form is available on our web pages which can be used to order catalogues and samples electronically. If the user takes this opportunity, the data which are recorded on the input mask will be sent to us and stored:

The legal basis for processing the data is Art. 6 No. 1, let. b of the GDPR. The data will only be used to implement the order. We forward the user data to our partner companies within the framework of statutory approvals. These partners assist us in proper fulfilment of orders. These companies are obligated on their side to comply with valid data protection provisions, in particular, these companies may only process these data to fulfil their tasks within our order and under our instructions. We erase the personal data from the contact form’s input mask when the catalogue order implementation is completed.

13. Customer surveys

A contact form is present on our web pages which is used to conduct customer surveys. If the user takes the opportunity to participate in the customer survey, the data which is recorded on the input mask will be sent to us and stored:

The legal basis for processing the data is Art. 6 No. 1, let. a of the GDPR. The data will solely be used to assess the customer survey and for subsequent communication, if any. The associated data will not be disclosed to third parties. The personal data from the input mask and sent by email will be erased if the respective communication with the user has been completed; that is, as soon as the circumstances dictate that the relevant facts have been finally clarified. The additionally collected personal data during the sending process will be erased after seven days at the latest.

14. Application form

We give the opportunity to candidates to apply for advertised jobs through our web pages by providing their personal data. The data are entered in an input mask and sent to us, then stored. The following data are collected:

We use the personal data given in the context of an application exclusively for the purposes of selecting candidates. We limit our processing of applications to the information directly given to us by the candidate. This can also include information which the candidates have filed in on-line networks or job sites. If we request the gender of the candidate by requesting the form of their desired Salutation, the sole reason for this is that we want to speak or write to the candidate in the proper way. Processing personal data is done on the basis of Art. 6 No. 1 let. a of the GDPR and Art. 88 No. 1 of the GDPR in conjunction with § 26 of the BDSG [Federal Data Protection Act]. We erase the data six months after refusing a candidate unless the candidate has consented to our recording their personal data in our candidate pool.

Candidates who have applied for a specific job description and have provided us with their documents and, in examining their documents we determine that they cannot be considered for this position, we offer to file their application in our pool of candidates and search for suitable candidates for other positions with igus. Before this, we contact the candidates so that they can decide whether they are interested in taking part in this process. Processing personal data is done on the basis of Art. 6 No. 1 let. a of the GDPR and Art. 88 No. 1, let. a of the GDPR in conjunction with § 26 of the BDSG.

The minors who have not yet turned 17 years of age must have their parents with custody or their legal representatives submit their consent; in this they declare that they agree to storing the minor candidate in our candidate pool, as well as to the processing of their personal data as per these data protection provisions and the granted consent.

15. Job alert

One can subscribe to a job alert on our web pages. If you decide to receive a job alert, the following personal data will be processed by us:

The user's consent will be obtained to process the data in the context of the subscription process, and the user will be referred to this data protection declaration. The data in connection with the data processing to send the job alerts will not be forwarded to third parties. The data will solely be used to send the job alerts. The legal basis for processing the data is Art. 6 No. 1, let. a of the GDPR. The subscription can be terminated at any time by selecting the relevant link contained in each job alert. With that, personal data will be immediately erased.

16. Social Media

We provide social media plug-ins on our web pages from the social networks Facebook, Google+, Twitter, YouTube, LinkedIn and Xing. These provide a connection to the respective service providers. Data concerning the user's browser behaviour is forwarded with them. When users click on a plug-in, personal data (IP address of the user as well as the web address (URL) of the page being visited at that moment by the user, including time and location) will be forwarded to the respective service provider, and processed by them. Further information about data processing can be found in the data protection notices of the respective service providers:

Facebook: https://de-de.facebook.com/policy.php

Google+: https://policies.google.com/privacy?hl=de&gl=de

Twitter: https://twitter.com/de/privacy#update.

YouTube: https://policies.google.com/privacy?hl=de&gl=de

LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE

Xing: https://privacy.xing.com/de/datenschutzerklaerung.

Users who are members of the above social networks and who do not want the user's data gathered on our web pages collected by the respective social network must log out of their respective social media account before visiting our web pages.

17. Mail advertising and your right to object

In addition, we reserve the right to use your first and last names as well as your postal address for our own advertising purposes, such as to send you interesting offers and information about our products using the mail. This serves to safeguard our legitimate interests, which are primarily justified in the context of weighing interest using a promotional approach to our customers in accordance with Art. 6 No. 1 sent. 1 let. f of the GDPR.

The advertising mails are provided in the context of an order from us through a service provider to whom we send your data.

You may at any time [oppose?] to the storage and use of your data for these purposes by sending a message to our contact shown below.

18. Data protection provisions for the deployment and use of Google AdWords

The Responsible Party has integrated Google AdWords for processing on these web pages. Google AdWords is an Internet advertising service that allows advertisers to run both Google and Google network search engine results. Google AdWords makes it possible for advertisers to previously define key words which are then shown as displays in search engine results from Google if the user calls up a key word-related search result on their search engine. In the Google advertising network, the adverts are distributed using an automatic algorithm and using the previously-defined key words on topic-related web pages.

The advertising company for Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our web pages by inserting interest-related advertising on the web pages of other companies and in Google’s search engine results, and to insert outside advertising on our web pages.

If an impacted person reaches our web page using a Google advertisement, Google will place a so-called ‘conversion cookie’ on the impacted person’s IT system. See above for a definition of cookies. A conversion cookie loses its validity after 30 days, and is not used to identify the impacted person. The conversion cookie can determine, if it has not yet expired, whether specific sub-pages, for example a shopping basket for an on-line shopping system, was called up from our web pages. Using the conversion cookie, we and Google can determine whether an impacted person who has reached our web pages over an AdWords display ad, generates sales, therefore putting into a shopping basket, or has stopped the process.

The data and information collected through the use of conversion cookies are used by Google in order to create visitor statistics for our web pages. We furthermore use these visitor statistics in order to determine the total number of users who were referred to us over the AdWords ads, therefore for the success or failure of the respective AdWords ads, and to optimise our AdWords ads in the future. Neither our company nor other advertising customers of Google AdWords receive information from Google which could be used to identify the impacted person.

Personal information, such as the web pages visited by the impacted person, are stored using conversion cookies. With every visit to our web pages, personal data, including the IP address of the web connection used by the impacted person, is forwarded to Google in the USA. These personal data are stored by Google in the USA. Google forwards these data using technical processes under certain circumstances to third parties.

The impacted person can prevent the placement of cookies by our web pages, as presented above, at any time, by stopping the web browser they use, and therefore permanently object to the placement of cookies. Such a stoppage on the web browser used can also prevent that Google places a conversion cookie on the IT system of the impacted person. In addition, any cookie which has already been placed by Google AdWords can be erased at any time on the web browser or other software programs.

Furthermore, the impacted person has the opportunity to object to interest-related advertising by Google. For this, the impacted person must call up from the web browser he uses to the following link: www.google.de/settings/ads and undertake stopping them there.

Further information and the applicable data protection provisions from Google can be found at https://www.google.de/intl/de/policies/privacy/.

19 Data processing when using our on-line shop

When you purchase in our on-line shop, we process the following personal data from you in order to settle your order:

We give the user data to our partner companies within the framework of statutory approvals. These partners assist us in proper fulfilling of orders. These companies are obligated on their side to comply with valid data protection provisions, in particular, these companies may only process these data to fulfil their tasks within our order and under our instructions. Data processing in connection with the ordering process is done on the basis of Art. 6 No. 1, let. b of the GDPR.

Users have the possibility to register for our My igus® program on our web pages in order to simplify the ordering process. The data are entered in an input mask and sent to us, then stored. The following data are collected:

The user receives a registration email at the given email address; they receive a link with which the users can confirm their registration, and complete the registration process. After registering, the users can enter their email address as well as a password to open their user account and purchase in our on-line shop. The legal basis for processing the data is Art. 6 No. 1, let. a of the GDPR. The user has the opportunity at any time to withdraw their consent to processing personal data by cancelling their user account.

We reserve the right to submit user data to credit bureaus for credit checks in order to prevent abusive behaviour. Our goal with this is to receive creditworthiness-related information about the past payment behaviour of the user, information on assessing the risk of failure to pay on the basis of mathematical and statistical procedures using address data (scoring) as well as data to verify the user’s address (checking for deliverability). We work with Bisnode Deutschland GmbH, Robert-Bosch-Straße 11 in 64293 Darmstadt. The legal basis for processing the creditworthiness data is Art. 6 No. 1, let. f of the GDPR. The following data are forwarded to the credit agency:

19.4 Integration of the Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated on our web pages in order to display the Trusted Shops Seal and, if applicable, the collected assessments, as well as the offer of Trusted Shops products for users after an order. This serves to safeguard our legitimate interests which predominate when weighing interests, for the optimal marketing of our offer. Trustbadge and the services offered by it are offers from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. When calling up the Trustbadge, the web server automatically calls up a so-called server logfile, which for example collects the user’s IP address, date and time of the access, transferred data volumes and the querying provider (access data), and documents the access. These access data are not assessed, and are automatically over-written at the latest seven days after the web page visit. Further personal data are only forwarded to Trusted Shops if the user has decided to order Trusted Shops products after completing an order, or has already registered for the use. In this case, the contractual agreement reached between the user and Trusted Shops applies.

20. Google Maps

Our web pages use the Google Maps API in order to visually present geographical information. When using Google Maps, Google also processes data about the user’s use of the maps function on the web pages. You can obtain more information about Google’s data processing in Google’s data protection notices at https://policies.google.com/privacy?hl=de.

21. Security

igus deploys technical and organisational security measures in order to protect the user’s personal data against accidental or intentional manipulation, loss, destruction, or against access by unauthorised persons. Our security measures are continuously improved in accordance with technical developments.

22. Rights of impacted persons

If igus processes your personal data, the impacted person has the following rights against igus as per Art. 4 No. 1 of the GDPR:

22.1 Right to information

You can request a confirmation from us as per Art. 15 of the GDPR whether we are processing personal data related to you. If we process your personal data, you can request the following information from us:

You have the right to request information about whether your personal data have been forwarded to a non-EU country or to an international organisation. In connection with this, you can request that you are notified of the suitable guarantees as per Art. 46 of the GDPR in connection with their forwarding.

22.2 Right to correction

You have the right to request, as per Art. 16 of the GDPR, that we correct and/or complete any incorrect personal data which we store.

22.3 Right to deletion

You can request from us, as per Art. 17 of the GDPR, that your personal data are immediately deleted. We are obligated to immediately delete your data if one of the following conditions is present:

If we have made your personal data public and we are obligated to their deletion as per Art. 17 No. 1 of the GDPR, then we will undertake suitable measures, with consideration of available technology and implementation costs, also of a technical nature, to inform those Responsible Parties who are responsible for the data processing of your personal data, that you, as the impacted person, have requested the deletion of all links to your personal data or copies or replications of your personal data.

The right to deletion does not exist if the processing is required

22.4 Right to restrict processing

Under the following conditions, you can request restricting processing of your personal data as per Art. 18 of the GDPR:

If processing your personal data is restricted, these data - except for their storage - may only be processed with your consent or for enforcement, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest in the EU or a Member State. If the restriction to processing is restricted under the above conditions, we will report to you before the restriction is lifted.

22.5 Right to information

You have the right to correction, deletion or restriction of processing against us; we are obligated as per Art. 19 of the GDPR to report to all receivers whose personal data was made public by us of these circumstances, unless this proves to be impossible or it requires unreasonable expense. You have the right to be informed about these receivers.

22.6 Right to data portability

You can, as per Art. 20 of the GDPR, request to receive your personal data which you have provided to us in a structured, usual and machine-readable format; In addition, you have the right to have these data sent to another Responsible Party without hindrance by us, if

In exercising this right, you further have the right to request that your personal data are sent directly from us to another Responsible Party, as long as this is technically feasible. Freedoms and rights of other persons may not be impacted by this. The right to data portability does not apply to processing personal data which are used for accomplishing a task which is in the public interest, or in the exercise of official authority which has been entrusted to us.

22.7 Right to opposition

You have the right, as per Art. 21 of the GDPR, to object to the processing of your personal data for reasons which stem from your special situation, which are performed on the basis of Art. 6 No. 1 let. E or 5 of the GDPR; this also applies to profiling based on this provision. We will then no longer process your personal data unless we can demonstrate compelling legitimate reasons for our processing that outweigh your interests, rights and freedoms, or the processing is intended to enforce, exercise or defend legal claims.

22.8 Right to withdraw the data protection legal consent declaration

You have the right to withdraw your data protection consent declaration from us at any time, for example by sending an email to datenschutz@igus.de. The withdrawal of consent does not affect the lawfulness of the processing which took place on the basis of consent until withdrawal.

22.9 Automated decision in individual cases, including profiling

You have the right as per Art. 22 of the GDPR to prohibit exclusively automated processing, including profiling, which has a legal effect on you, or affects you in a significant manner. This does not apply if the decision to

22.10 Right to complain to the authorities

Notwithstanding any other administrative legal or court remedy, you have the right to complain to the authorities, especially in the Member State of your place of residence, your workplace, or the site of the suspected breach if you are of the view that the work which we undertake to process your personal data violates the GDPR.

23. Responsibility for contents and information

Our web pages contain links to web offers of external providers. The contents of the web offers of external providers is checked when we set the links in order to ensure that they do not violate applicable civil legal or criminal legal laws. One cannot exclude, however, that these contents are subsequently changed by the respective providers. Should you consider the linked external pages to violate applicable laws or have otherwise unsuitable contents, please notify us of this. We will examine your notification and remove the external link, if applicable. igus is not responsible for the contents and availability of external web pages.

24. Inclusion and validity of the data protection declaration

You approve the described data processing when you use our web pages. This data protection declaration only pertains to the contents of our web pages. Other data protection and data security provisions apply to linked external contents. You will find who bears the responsibility in their respective impressum.

It could be necessary to change this data protection declaration due to the further development of our web pages or implementation of new technologies. We therefore reserve the right to change the data protection declaration at any time with effect on the future. The version available at the time of your web page visit is always the valid version.

Version: May 2018