In order to fulfill our information obligation towards our clients as per Art. 12, 13 of the General Data Protection Regulation (GDPR), we subsequently present you our information on data protection:

The responsible entity as per data privacy law is

Chicago, IL 60603

If we have received data from you, we basically process them only for the purposes for which we have collected them.

As a rule, these purposes are:

The data are in general:

And other personal data you may provide to us in the course of our mutual (pre)contractual relation.

Please note that we cannot enumerate all potential data. We do, however, collect only data which you actively provide to us, or which are publicly available.

Data processing for other purposes is considered only if the required legal specifications according to Art. 6 Section 4 of the GDPR apply. In such a case, we will naturally fulfill possible information obligations according to Art. 13 Section 3 of the GDPR and Art. 14 Section 4 of the GDPR.

• Data processing for the performance of a contract (Art. 6 Section 1 lit. b of the GDPR)

• Data processing based on the consideration of interests (Art. 6 Section 1 lit. f of the GDPR)

• Data protection for compliance with a legal obligation (Art. 6 Section 1 lit. c of the GDPR)

If personal data is processed based on your consent, you have the right to withdraw your consent at any time, with effect for the future. You can send your withdrawal to the attention of our data protection officer mentioned further below.

We base our legitimate interest on the communication with contract relevant contact persons, retention of records beyond possible retention times, in order to provide you a consistent documentation, on claims management, and on the possibility of direct advertising according to §7 Section 3 of the UWG as per Recital 47 of the GDPR; we have a legitimate interest in informing our clients about our products and services via communication channels. As the affected person, you have the right to object to the processing of your personal data for these purposes, taking into account the provisions of Art. 21 of the GDPR.

We process the data for as long as necessary for the respective purpose.

If legal retention obligations apply – e.g. in commercial law or fiscal law – personal data are stored for the duration of the obligation. Once the retention period has elapsed, we will verify whether the necessity for processing persists. If it no longer applies, the data will be deleted.

Depending on the country and the competent authority where we have performed a registration, different retention times apply. These are usually between ten and fifteen years.

In principle, we disclose your personal data to third parties (referred to as recipients) only if it is required for the performance of the mutual contract with you, if disclosure is permitted based on a consideration of interests as per Art. 6 Section 1 lit. f of the GDPR, if we are obliged to disclose them, or if you have given your consent.

Such recipients are for example connected companies – including laboratories –, which provide support with fulfilling the contract, as well as external certification bodies (trade supervision or others, depending on the certification country) which receive data for registration in accordance with the legal provisions.

Within the scope of the requirements of the fiscal and commercial law, we may also disclose data to consultants such as tax consultants, banks or other tax authorities.

Third persons in our case do not include service providers and affiliated companies obliged to adhere to our requirements on data protection. For this purpose, we have concluded data processing contracts, and we ensure thereby that you can exercise your rights towards them as well. Such entities are e.g. IT service providers or software system companies for IT applications (e.g. external IT administrators, ERP system producers etc.) and qualified service providers in the area of document destruction.

Any data requested by us for the purpose of the registration process are necessary to ensure the performance of the registration. In each of these cases, collection, processing and use of personal data of the affected persons is based on a contractual relationship or the initiation of a contractual relationship, or on legal provisions. Data in excess thereof, such as contract person data, may not always be necessary, they could, however, fulfill our legitimate interest. You do not necessarily need to provide them to us and can oppose to their processing.

In order to process your inquiries, we are dependent on your information. When processing your inquiries, the processing of the personal data of the data subjects relates to a corresponding contractual relationship or to legal regulations.

You do not necessarily have to provide us with data that is not required by a legal regulation and you can object to the processing. When collecting the data, we will draw your attention to which data is required.

Your personal data is processed by us in data centers in the European Union and the General Data Protection Regulation therefore applies to processing. Since this is a European legal requirement, no data will be passed on to authorities outside the European Union.

Manufacturers of the products may, however, be located outside the European Union. The data transfer is subject to Art. 49 Section 1 of the GDPR as an individual case.

If you have registered for our newsletter, the data provided during registration (e-mail address, name, company and country) will only be used for sending the newsletter.

For existing customers, we send the newsletter based on a balance of interests. In doing so, we pursue the legitimate interest of informing our customers about our services and related developments, as stipulated in the contract.

For sending we use the following provider: mailchimp.

Details on the data protection of mailchimp can be found at: https://mailchimp.com/de/legal/

You can unsubscribe at any time by using the unsubscribe option contained in the newsletter.

The service provider “mailchimp” has its servers in the USA, therefore the data processing is performed in the USA (a third country). An adequate level of data protection is guaranteed on the one hand by Mailchimp’s compliance with the so-called EU standard contractual clauses. In addition, “mailchimp” provides further information on data protection at https://mailchimp.com/de/legal/data-processing-addendum/.

Purpose of data processing: Provision of up-to-date information

Legal provision is based on: Art. 6 para. 1 lit. a GDPR und Art. 6 para. 1 lit. f GDPR

When you enter our website, you will be asked by a banner for your consent to data processing through cookies. The consent refers to the listed cookies and represents a consent according to Art. 6 (1) lit. a GDPR.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent on the site, operating systems used and the user’s origin. This data is assigned to the respective user’s device. It is not assigned to a user ID.

Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

This service is used on the basis of your consent in accordance with Art. 6 (1) point a GDPR. Consent may be revoked at any time.

We also want our website to display information, that we share on social networks on this website and give you the possibility to share out information on your social media accounts. For this we use plugins of the providers of the respective services. If you click on the plugin to share a post over the network, a connection will be established with the respective service. This contribution is then made visible in your user account according to your privacy settings for the service – e.g. only to a certain group of people in the network or publicly.

We have a profile on Linkedin. The provider is LinkedIn Ireland Unlimited Company („LinkedIn Ireland“). For details on how they handle your personal data, please refer to the their privacy policy under LinkedIn Datenschutzrichtlinie.

Data transfers to non-secure third countries are based on the standard contractual clauses of the EU Commission.

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google’s servers does not take place.

For more information about Google Fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy policy.

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to determine whether data entry on this website (e.g. in a contact form) is done by a human or by an automated program. To do this, the behavior of the website visitor is analyzed based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. Various information from (e.g. IP address, time spent on the website or mouse movements made by the user) is evaluated for the analysis. The data collected during the analysis will be forwarded to Google.

The analyzes run completely in the background. Website visitors are not advised that an analysis is taking place.

The data is stored and analyzed on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its site from abusive automated crawling and from SPAM.

You have the right to obtain information on the personal data processed by us, as per Art. 15 GDPR. If a request for information is not submitted in writing, please understand that we may request documentation proving your identity.

Furthermore, you have the right of rectification, erasure or restriction of processing, whenever legally permitted according to Art. 16, 17 and 18 of the GDPR.

An automated individual decision-making as per Art. 22 of the GDPR does not apply.

Furthermore, you have the right of objection to processing within the scope of the legal provisions. The same applies to the right of data portability. In particular, you have the right of objection according to Art. 21 Section 1 and 2 of the GDPR against processing of your data in connection with Art. 6 Section 1 lit. f of the GDPR. You can file the objection informally to the attention of our data protection officer at the following addresses:

You have the right to complain about the processing of your personal data by our company to a supervisory authority in charge of data protection.

This document will be updated regularly as necessary. The current version can be found on our website.