We welcome your interest in our website www.zeppelin.com/de-en/cat (“website”) and would like to make your visit as enjoyable as possible. The operator of this Website and the controller for the processing of your personal data through this Website is Zeppelin Baumaschinen GmbH, Graf-Zeppelin-Platz 1, 85748 Garching near Munich, Germany, Phone: +49 89 32 000-0, Email: firstname.lastname@example.org
Alongside easy, efficient operability, we consider the protection of your personal data to be a top priority. The protection of your privacy is a key concern for us when processing personal data and we take this into account in all our business processes.
Therefore our processing of personal data collected during a visit to our Website always takes place in line with the respective provisions governing data protection.
This data protection statement will tell you which of your personal data are collected and retained when you visit our Website or use our services offered through the Website. You will also receive information on how and on what legal basis your data are used, what rights you have with regard to the use of your data, and which contact methods are available to you.
1. Processing of personal data and purposes of the processing
When visiting our Website
You can visit our Website without disclosing information regarding your identity. When you open our Website, your browser information will however be automatically sent to our Website servers, and temporarily stored in a log file. Your identity is not disclosed by this information.
The following information is recorded without your consent, and is retained until it is automatically erased after six months:
The IP address of the requesting computer,
- the date and time of the visit,
- the name and URL of the accessed file,
- the browser that you have used and if applicable, your computer’s operating system,
- websites from which the user’s system has reached our Website (referrer),
- websites which are opened through our Website from the user’s system.
These data are collected and processed to enable use of our Website (connecting). These data are retained exclusively for technical reasons, and at no point are they attributed to a specific person. The collection of these data serves to ensure system security and stability, as well as technical administration of the network infrastructure. The legal basis to this extent is point (f) of Article 6 (1) GDPR. Our legitimate interest in data processing lies in ensuring that our Website functions properly, and that communication through the Website is properly handled. In relation to the foregoing, we cannot attribute this information to you personally.
When using the contact form
If you have any questions, we provide the option of contacting us via a form provided on the Website. The following information is required to allow us to answer your questions:
- First name and surname,
- valid email address,
- valid phone number (optional, for if you require a callback).
We store this information for verification purposes for a period of up to 2 years. The purpose of collecting the data provided in the contact form is to identify the requester, and to be able to reply to the request properly and via the requested communication channel. This is also our legitimate interest. The legal basis for data processing is point (f) of Article 6 (1) GDPR.
When using your data for advertising purposes
Zeppelin generally has a legitimate interest in using the data collected from you (e.g. as part of entering into a contractual relationship or for creation of a customer account) for advertising purposes. For this purpose, we use your first name, surname, the company if applicable, and the postal address to send you postal advertising for a period of 2 years. Insofar as Zeppelin has collected further personal data for marketing purposes (e.g. purchased products or services), these will also be stored in compliance with statutory provisions. This enables Zeppelin to send you advertising that is aligned as closely as possible with your needs.
The legal basis for this is the legitimate interest of Zeppelin, in accordance with Point (f) of Article 6 (1) GDPR, in the promotion of its products and services. You may revoke your consent to this use of your personal data at any time with immediate effect. To do so, you can use the Zeppelin contact details (mail / e-mail / telephone) stated in this Data Protection Statement.
When conducting surveys
We may ask you questions about your use or personal opinion of our products or our company on our website. These surveys were generally conducted in anonymized form. If the survey is not conducted in anonymized form, we will save your answers in connection with your personal data. Anonymization is subsequently carried out as part of the evaluation of the data, so that only aggregated statistical evaluation data is available. This anonymization will take place no later than 2 months after the survey has been completed. In the case of a survey associated with your personal data, we ask you in advance whether you would like to participate in the survey.
The legal basis for the processing of your data is point (a) Article 6 (1) GDPR. You may revoke your consent at any time with future effect. To do so, please contact us using the contact details provided in this data protection statement. The withdrawal of consent does not affect the legality of any processing based on consent which took place previously.
2. Cookies and social plugins
Cookies are used to make your visit to our Website easier and more enjoyable. This is why we use session cookies to detect that you have already visited individual pages on our Website, or that you have already signed into your customer account. They are automatically deleted after you leave our Website.
Insofar as you have given us your consent to this, We use temporary cookies to enhance user-friendliness. These are stored on your terminal for a specific period. If you visit our site again to use our services, the system automatically detects that you have visited us previously, as well as your input and settings so that you do not need to enter them again. the legal basis for this is point (a) of Article 6 (1) GDPR. You may revoke your consent at any time using our cookie settings.
Most browsers automatically accept cookies. You can configure your browser in such a way that no cookies are stored on your computer, or so that a prompt appears before a new cookie is created. Completely disabling cookies may, however, lead to some of the functions of our Website being lost.
We use OneTrust (a tool from OneTrust Technology Limited, 82 St. John Street
Farringdon, London EC1M 4JN, UK) as a cookie and consent management tool.
With the help of the OneTrust Cookie Compliance Tool, you can consent to the storage of cookies in a legally compliant manner or declare your withdrawal of consent. At the same time, your consent is documented, and the setting of cookies is technically controlled. Cookies are used to store your cookie settings on our websites. This means that your cookie settings can be retained when you visit our platforms again, as long as you do not delete the cookies beforehand. You can adjust your settings at any time.
We also use the OneTrust Consent Manager, which allows you to give your consent on our website and manage it in the Preference Center at any time. Your consent will also be documented in a legally compliant manner.
The legal basis for the aforementioned processing of personal data is Article 6 (1) (f) GDPR. Our legitimate interest is to obtain legally required consent automatically and document it in a legally compliant manner.
In order to tailor our Website to your needs and for continuous optimization of the site, we use Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (https://www.google.de/contact/impressum.html). Pseudonymized user profiles are created and cookies used in this context. The information generated by the cookie through your use of the Website, e.g.
- browser type/version,
- operating system used,
- referrer URL (previously visited site),
- hostname of the accessing computer (IP address),
- time of server request,
is transferred to a Google server in the USA and stored there. The information is used to analyze use of the Website. This information may also be sent to third parties, insofar as this is a statutory requirement. Your IP address is never combined with other Google data. IP addresses are rendered anonymous to prevent attribution (IP masking).
The transfer of personal data to the USA will only take place with your express prior consent. The legal basis for the storage of cookies and further analysis of the data over a period of two months is the consent that is granted (point (a) of Article 6 (1) GDPR). You can withdraw your consent at any time in the cookie settings.
Showing videos (YouTube)
In several places on our Website, we have embedded videos which are provided by a third party. This concerns videos from the “YouTube” platform. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (https://www.google.de/contact/impressum.html).
The video content is visualized exclusively through the provider’s use of “enhanced data protection mode”. As a result, only by clicking on a video can a cookie be stored on your computer to collect data for YouTube, and this data may be collected and processed further. We have no influence over this data collection and processing.
If you have a YouTube account and are signed in to it when you open YouTube on our Website, information can be attributed to your YouTube account in relation to the visit to our Website and clicking on videos. If you wish to prevent this, you must sign out of your YouTube account before using our Website and watching the videos.
YouTube videos are integrated on the basis of your consent in accordance with point (a) of Article 6 (1) GDPR. You can withdraw your consent at any time in the cookies settings.
If you do not wish to transfer data to YouTube, do not click on the videos embedded on our Website.
On this website, we use the remarketing function or “similar audiences” function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://www.google.de/contact/impressum.html). The purpose of this function is to present you, as a visitor to our website, with interest-based advertising as part of the Google network. When you visit the website, your browser stores cookies, which are small text files, on your computer; these make it possible to recognize you when you access websites that belong to the Google advertising network. On these websites you can then be presented with advertisements based on content you have previously accessed on websites that use the Google remarketing function. According to its own statements, Google does not combine the data collected as part of remarketing with any of your personal data that may be stored by Google. In particular, according to Google, pseudonymization is used for remarketing. Your data will also be processed by Google in the USA. Your data will only be transferred to the USA with your express consent.
The use of the remarketing function or “similar target groups” function is based on the consent you have given. The legal basis is point (a) of Article 6 (1) GDPR. You can withdraw your consent at any time in the cookies settings.
Use of Google AdWords conversion tracking
We use Google AdWords – another offer from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to draw attention to our attractive offers by means of advertising materials (so-called Google AdWords) on external websites. These advertising materials are delivered by Google via so-called “ad servers.” Ad Server cookies are used to evaluate performance parameters such as ad impressions, clicks and conversions. This allows us to determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. If you access our website via a Google ad, a cookie is stored on your PC by Google AdWords. These cookies generally lose their validity after 30 days and are not intended to identify you personally. The following analysis values are generally stored for this cookie, whereby the data is also processed by Google in the USA:
- Unique cookie ID
- Number of ad impressions per placement (frequency)
- Last impression (relevant for post-view conversions)
- Opt-out information (marking that the user no longer wants to be addressed)
These cookies allow Google to recognize your Internet browser. If a user visits certain pages of an AdWords customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user has clicked on the ad and has been forwarded to this page. Each AdWords customer is assigned a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. We do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations made available by Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials; in particular we cannot identify users based on this information. Your data will only be transferred to the USA after granting of your express consent. The legal basis for the storage of cookies by Google is the consent that is granted (point (a) of Article 6 (1) GDPR). You can withdraw your consent at any time in the cookies settings.
On our website, we have integrated a Facebook pixel from Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If you access our website, you will be redirected to Facebook via Re-Direct. The following data can be forwarded:
- Unique cookie ID
- Accessed website
Facebook can mark the end device you are using with a cookie and a unique identifier or access a cookie that may already exist. If you are logged in to Facebook, our targeted advertising may be displayed on the Facebook pages using this data. Facebook also processes the data in the USA. Your data will only be transferred to the USA after granting of your express consent. The legal basis for storage of cookies and transmission of the data to Facebook is the consent that is granted (point (a) of Article 6 (1) GDPR). You can withdraw your consent at any time in our cookie settings. Further evaluation of the collected data is the responsibility of Facebook. You can change your Facebook settings for advertising here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
We integrate into our website a function for recognizing bots, e.g. when users enter data into online forms (“reCAPTCHA”); this function is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The aim of this is that Google reCAPTCHA will be used to prevent the improper input of data into our website (e.g. in a contact form) by automated programs rather than humans. To this end, reCAPTCHA analyses the behavior of website visitors and sends the information required for analysis (including the relevant IP address, mouse movements, and length of stay) to Google.
Data is processed on the basis of point (f) of Article 6 (1) GDPR. Our legitimate interest lies in the fact that we wish to protect our website against improper spying and spam.
Google Tag Manager
This website uses Google Tag Manager, a solution offered by Google Ireland Limited (Gordon House, Barrow St, Dublin 4, Ireland). Google Tag Manager allows various codes and services to be managed and more easily integrated into the website. Google Tag Manager is a cookie-free domain that requires transmission of the IP address to Google and triggers other tags that may collect data under certain circumstances. Google Tag Manager does not access these data. Insofar as a deactivation has been implemented by the user on a domain or cookie level, this applies to all tracking cookies that are implemented with Google Tag Manager. Your IP address can also be processed by Google in the USA. To ensure an adequate level of data protection, we have concluded the so-called standard contractual clauses with Google.
The legal basis for the aforementioned processing of personal data is point (f) of Article 6 (1) GDPR.
On this website, we use Optimizely, a web analytics service provided by Optimizely Inc. (631 Howard Street, Suite 100, San Francisco, CA 94105, United States) to perform A/B testing to optimize and further develop this website. The information generated by a cookie about your use of this website is transmitted anonymously to a server of Optimizely and stored there.
The use of Optimizely is based on the consent you have given. The legal basis is point (a) of Article 6 (1) GDPR. You can withdraw your consent at any time in the cookie settings.
You can deactivate Optimizely tracking directly at any time by following the instructions at https://www.optimizely.com/legal/opt-out/.
We use the Mouseflow analytics service, a web analytics tool by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to improve the usability and customer experience on our website. In addition to mouse clicks, mouse and scroll movements of randomly selected users can be recorded. Likewise, keystrokes performed on this website can be recorded. The recording is not personalized and therefore remains anonymous. Mouseflow does not record this data on pages where the Mouseflow function is not activated. You can deactivate the Mouseflow service at https://mouseflow.com/opt-out/.
The use of Mouseflow is based on the consent you have given. The legal basis is point (a) of Article 6 (1) GDPR. You can withdraw your consent at any time in the cookie settings.
We also use the GetSiteControl tool from the provider GetWebCraft Ltd. on our website.
The legal basis for the storage of cookies by Google is granted consent (point a) of the first sentence of Article 6 (1) GDPR). You can withdraw your consent at any time in the cookies settings.
On our website, we use the Universal Event Tracking (UET) service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
If you access our website via an advertisement from Microsoft Advertising, Microsoft will place a cookie on your computer (storage period: 13 months), which enables us to collect and evaluate data about your use of our website in connection with a UET tag integrated into our website. Among other aspects, these data include your average length of visit to our website, information as to which areas of our website you have accessed and what actions you have performed, and which Microsoft Advertising advert brought you to our website. It is not possible for us to draw direct conclusions relating to you as an individual in this process.
The data captured using the cookie are transferred to a Microsoft server in the USA, and saved there for a maximum of 180 days. Your data will not be disclosed to third parties in this process. To ensure an adequate level of data protection, we have concluded the “standard contractual clauses” with Microsoft.
If you would not like your data to be processed as explained above, you can object to the processing of your data using the following link: http://choice.microsoft.com/de-DE/opt-out. Data capture requires the setting of a cookie; you may also deactivate the setting of this cookie in your browser settings.
The Universal Event Tracking service is used on the basis of your consent (point a) of the first sentence of Article 6(1) GDPR). You can withdraw your consent at any time in the cookies settings.
Other third-party providers
To ensure the technical operation of our site, we use the services of Tideways GmbH, Königswinterer Straße 116, 53227 Bonn, Germany. Tideways enables us to record statistical evaluations of the speed of the website and determine whether the website can be accessed; it also enables the identification and analysis of technical problems with the website. The information provided by the respective browser (e.g. browser, browser version) is collected. In addition, in the event of technical problems, we also collect personal information such as your email address, address information and IP address in order to identify and eliminate the cause of the problem. No personal data are collected for speed measurements and website availability.
The legal basis for the use of Tideways is point f) of the first sentence of Article 6(1) GDPR.
Our legitimate interest in data processing lies in ensuring that our website functions properly, and that communication through the website is properly handled. In relation to the foregoing, we cannot attribute this information to you personally.
Integration of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated into this website to display our Trusted Shops quality mark and any collected reviews, as well as to offer Trusted Shops products to shoppers once they have placed an order.
This serves to safeguard our overriding legitimate interests in optimum marketing within the framework of a balancing of interests, by enabling safe buying in accordance with point f) of the first sentence of Article 6(1) GDPR. The Trustbadge and the services advertised with it are an offering from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. The Trustbadge is provided by a CDN provider (content delivery network) as part of order processing. Trusted Shops GmbH also uses service providers from the USA. An adequate level of data protection is ensured. You can find further information on Trusted Shops GmbH’s data protection at https://www.trustedshops.de/impressum/#datenschutz.
When the Trustbadge is accessed, the web server automatically stores a server log file which also contains your IP address, date and time of access, transferred data volume and the requesting provider (access data), and documents the access. Individual elements of access data are stored in a security database for the analysis of security anomalies. The log files are automatically deleted no later than 90 days after they are created.
Further personal data are transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order, or if you have already registered for use. The contractual agreement concluded between you and Trusted Shops shall apply. Personal data are automatically collected from the order data for this purpose. A neutral parameter – an email address hashed using the cryptological one-way function – is used to automatically verify whether you as a buyer are already registered to use a product. Before it is transmitted, the email address is converted into this hash value that cannot be decoded by Trusted Shops. After checking for a match, the parameter is automatically deleted.
LinkedIn Insight Tag
We also use the LinkedIn Insight Tag tool from LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland). This tool places a cookie in your web browser, which collects data including the following: IP address, device and browser properties and page events (e.g. page views). These data are encrypted, anonymized within seven days, and the anonymized data are deleted within 90 days.
We do not receive any personal data from LinkedIn, but only anonymized reports on the demographics of our target group and the performance of our advertisements. LinkedIn also offers the option of retargeting via the Insight Tag. We may use these data to display targeted advertising outside its website without identifying our website visitors.
LinkedIn Insight Tag is used on the basis of your consent (point a) of the first sentence of Article 6(1) GDPR). You can withdraw your consent at any time in the cookies settings.
3. Data security
All data sent by you personally, including your payment details, are transferred using the generally accepted and secure SSL (Secure Socket Layer) standard. SSL is a reliable and proven standard which is used e.g. in online banking.
A secure SSL connection can be identified by the “s” suffixed to the http (i.e. https://...) in the address bar of your browser or by the lock icon in the lower pane of your browser.
We also take suitable technical and organizational security measures to protect your retained personal data against destruction, loss, alteration or unauthorized disclosure or access. Our security measures are continuously improved in line with technological development.
4. Rights of data subjects
As a data subject in the sense of the GDPR, you are entitled to the following rights. To assert these rights, please contact us on:
email@example.com or in writing to the above address of Zeppelin Baumaschinen GmbH
Right of access
Pursuant to Article 15 GDPR, we must provide information about your personal data that we process.
Right to rectification
If the information concerning you is no longer correct, you can request a correction in accordance with Article 16 GDPR. If your data is incomplete, you can request completion.
Right to restriction of processing
In accordance with Article 18 GDPR, you have the right to request a restriction of the processing of your personal data.
Right to erasure
In accordance with Article 17 GDPR, you may request the erasure of your personal data.
Right to data portability
Pursuant to Article 20 GDPR, you have the right to receive personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format. Within the limits of Article 20(1) GDPR, you also have the right to transfer those data to another controller nominated by you.
Right to object
You may withdraw your consent to having your personal data processed for advertising purposes, including analysis of customer data for advertising purposes, at any time without statement of reasons.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you pursuant to point (e) or (f) of Article 6(1) GDPR, in accordance with Article 21 GDPR. We will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing assists in the establishment, exercise or defense of legal claims.
Withdrawal of consent
You also have the right at any time to withdraw the provided declaration of consent with regard to data protection with immediate effect. The withdrawal of consent does not affect the legality of any processing based on the consent which took place up to the withdrawal thereof.
5. Automated individual decision-making or profiling measures
We do not use automated processing methods for decision-making – including profiling.
6. Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data infringes on data protection law, in accordance with Article 77 (1) GDPR you have the right to lodge a complaint with a data protection supervisory authority of your choice. This also includes the data protection supervisory authority responsible for the controller: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 27, 91522 Ansbach. You can use the following email address for email communication with the supervisory authority: firstname.lastname@example.org
7. Storage period for personal data/erasure of personal data
In general, we erase or render anonymous your personal data as soon as they are no longer necessary in relation to the purposes for which we have collected or otherwise processed them in accordance with the foregoing clauses, unless continued storage of your personal data is required to fulfill a legal obligation. Further information about the corresponding deletion periods can be found in the description of the individual data processing operations.
8. Disclosure of data to third parties/recipients of data
The personal data that we collect and retain shall never be used by us for sale, trade or loan. We will only pass on your data to third parties if we are legally obliged or to assert a claim, in the exercise or defense of legal claims, to investigate unlawful use of our Website or products, or for prosecution of a claim (insofar as there are reasonable grounds to suspect unlawful or unfair conduct). Data may also be disclosed for the enforcement of Terms and Conditions of Use or other agreements. We are also obliged to grant access to certain public bodies on request. These include law enforcement authorities, authorities which prosecute administrative offenses, and tax authorities. These data are disclosed on the basis of our legitimate interest in combating misuse, the prosecution of offenses, and the securing, assertion and enforcement of claims. The legal basis is point (f) of Article 6 (1) GDPR.
We rely on contractually bound third-party companies and external service providers (“processors”) to supply our range of products and services. In such cases, personal data are disclosed to these processors to enable further processing thereof. These processors are carefully selected and regularly checked to ensure that your privacy remains protected. The processors may only use the data for the specified purposes, and are also contractually obliged to handle your data in compliance with this data protection statement and the German data protection laws.
In addition to the aforementioned service providers, we also use the following processors:
Amazon Cloud Hosting (Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States).
9. Contact method/data protection officer
You can contact us through our data protection officer as follows with regard to access to your personal data, to have inaccurate data corrected, blocked or erased, or if you have further questions regarding the use of your personal data.
Please note that access can only granted if you give us, in full: your first name and surname, your current and, if necessary, previous address, your date of birth, and your email address. This information is used exclusively for alignment purposes, which in turn ensures that no unauthorized third party can obtain your personal data. Any product, operation, and/or contract numbers which we have sent to you are also useful and helpful, but not necessary, in enabling us to identify the relevant data quicker.
As of: June 2021