Privacy Policy

We have appointed an external data protection officer for our company. You can reach him under the following contact details:

TÜV Rheinland i-sec GmbH
External data protection officer of the ALHO Group
Am Grauen Stein 1
51105 Köln
Telefon: +49 221 56783 504
E-Mail: datenschutzbeauftragternoSpam@procontain.com

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies.” These are text files that are stored on your computer and that allow for your use of the website to be analyzed. The information generated by cookies about your use of this website is in general transferred to a server by Google in the U.S. and stored there.

The storage of Google Analytics cookies is done in compliance with Art. 6 Par. 1 let. f DSGVO. The website operator has an authorized interest in the analysis of user behavior so as to optimize its web offerings as well as its advertising.

Browser Plug-in

You can prevent the storage of cookies through a corresponding setting in your browser software; we nevertheless indicate that, in this case, it is possible that not all functions of this website can be used in full. Moreover, you can prevent the recording of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data recording

You can prevent your data from being recorded by Google Analytics by clicking on the following link. An opt-out cookie is placed, preventing the recording of your data in future visits to this website: Deactivate Google Analytics.

You can find more information on the procedure with user data by Google Analytics in Google's data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de.

Order data processing

We have concluded a contract on order data processing with Google, and fully implement the strict specifications of the German data protection authorities in the use of Google Analytics.

Demographic features with Google Analytics

This website uses the function “demographic features” from Google Analytics. Thus, reports can be created that contain statements on the age, sex, and interests of visitors to the site. This data comes from interest-related advertising on Google as well as from visitor data from third-party providers. This data cannot be attributed to any one person. You can deactivate this function at any time via the display settings in your Google account, or you can prohibit the recording of your data by Google Analytics as presented generally in the point “Objection to data recording.”

Google Analytics Remarketing

Our websites use the functions of Google Analytics Remarketing in connection with the multi-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This function makes it possible to connect the advertising target groups created with Google Analytics Remarketing with the multi-device functions of Google AdWords and Google DoubleClick. In this way, interest-related, personalized advertising offers, which depending on your earlier usage and surfing behavior have been adjusted to and end device (e.g. cellphone) for you, can also be displayed on another of your end devices (e.g. tablet or PC).

If you have given a corresponding permission, for this purpose, Google connects your web and app browser activity with your Google account. In this way, for each device on which you log in with your Google account, the same personalized advertising messages will be activated.

To support this function, Google Analytics records Google-authenticated IDs of the user, which are largely connected with our Google Analytics data in order to define and create target groups for the multi-device display advertising.

You can prohibit multi-device remarketing/targeting in the long-term by deactivating personalized advertising in your Google account; for this, follow this link: https://www.google.com/settings/ads/onweb/.

The summary of the data recorded in your Google account is done exclusively with your permission, which you can give or revoke with Google (Art. 6 Par. 1 let. a DSGVO). In data recording processes that are not merged into your Google account (e.g. because you don’t have a Google account or have forbidden the compilation), the recording of the data is done in compliance with Art. 6 Par. 1 let. f DSGVO. The authorized interest comes from the fact that the website operator has an interest in the anonymized analysis of visitors to the website for advertising purposes.

You can find further information and data protection determinations in Google’s data protection declaration under: https://www.google.com/policies/technologies/ads/.

Google AdWords and Google Conversion-Tracking

This website uses Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).

Under Google Adwords, we use so-called conversion tracking. When you click on a display placed by Google, a cookie is placed for the conversion tracking. Cookies are small text files which the internet browser deposits on the user’s computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain sites on this website and the cookie has not yet expired, Google and we can recognize that the user has clicked on the display and been forwarded to this site.

Each Google AdWords customer receives a different cookie. The cookies cannot keep track of the websites of AdWords customers. The information gathered with the help of conversion cookies serves to create conversion statistics for AdWords customers who have opted into conversion tracking. Customers learn the overall number of users who have clicked on the display and who were forwarded to a site provided with a conversion-tracking tag. But, they do not receive any information with which users can be personally identified. If you would not like to participate in the tracking, you can prevent this use by deactivating the Google conversion-tracking cookie on your internet browser under user settings. You will then not be recorded in the conversion-tracking statistics.

The storage of “conversion cookies” is done on the basis of Art. 6 Par. 1 let. f DSGVO. The website operator has an authorized interest in the analysis of user behavior in order to optimize its web offer as well as its advertising.

You can find more information on Google AdWords and Google Conversion-Tracking in Google’s data protection provisions: https://www.google.de/policies/privacy/.

You can adjust your browser so that you are informed about the placing of cookies and can allow cookies only in individual cases, can exclude the acceptance of cookies for certain cases or in general, and can activate the automatic deletion of cookies when the browser is closed. In deactivating cookies, the functionality of this website can be limited.

Bing Ads

This is an advertising provider.

Data processor
Microsoft Corporation
One Microsoft Way, Redmond, WA 98052-6399, United States of America

Purposes of data processing
This list represents the purposes of data collection and processing. Consent is valid only for the purposes indicated. The data collected cannot be used or stored for purposes other than those listed below.

• Advertising
• Conversion tracking

Technologies used

• Cookies

Data collected
This list contains all (personal) data collected by or through the use of this service.

• Employment metrics
• Number of visits
• Bounce rates
• Microsoft Click ID
• Digital signature
• UET ID tag
• URLs
• Referrer URL
• Page title
• Conversions
• Screen height
• Screen width
• Browser language setting
• Visit duration
• Screen colour depth
• Page response times
• Ads clicked on

Legal basis
The legal basis for the processing of personal data under Art. 6 I 1 GDPR is set out below.

• Art. 6 para. 1 s. 1 lit. a GDPR

Place of processing
European Union

Retention period
The retention period is the period during which the data collected are stored for processing. The data must be deleted as soon as they are no longer necessary for the specified processing purposes. The data must be deleted as soon as they are no longer necessary for processing.

Data recipients
Data Recipients Infotext

• Microsoft Corporation

Data Protection Officer of the data processor
The email address of the Data Protection Officer of the data processor is given below.
https://aka.ms/privacyresponse

Disclosure to third countries
Some services transfer the collected data to another country. A list of the countries to which the data is transferred is provided below. This may be for various purposes, such as storage or processing.

Click here to read the privacy policy of the data processor https://privacy.microsoft.com/en-us/PrivacyStatement
Click here to revoke on all domains of the data processor https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings

LinkedIn ads

This is an advertising service.

Data processor
LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland

Purposes of data processing
This list represents the purposes of data collection and processing. Consent only applies for the purposes indicated. The data collected cannot be used or stored for purposes other than those listed below.

• Conversion tracking
• Advertising
• Remarketing
• Optimisation

Technologies used

• Cookies
• Pixels
• Ad tags

Data collected
This list contains all (personal) data collected by or through the use of this service.

• IP address
• User agent data
• Device ID
• Search terms
• Viewed articles
• Visited pages
• Ads viewed
• Trailers
• Links
• Videos viewed
• Profile information
• Advertising ID
• Information about the operating system
• Device information

Legal basis
The legal basis for the processing of personal data under Art. 6 I 1 GDPR is set out below.

• Art. 6 para. 1 p. 1 lit. a GDPR

Place of processing
European Union

Retention period
The retention period is the period during which the data collected are stored for processing. The data must be deleted as soon as they are no longer necessary for the processing purposes mentioned. The data must be deleted as soon as they are no longer necessary for processing.

Data recipients
Data Recipients Infotext

• LinkedIn Ireland Unlimited Company
• LinkedIn Inc.

Data Protection Officer of the data processor
The email address of the Data Protection Officer of the data processor is given below.
https://www.linkedin.com/help/linkedin/ask/TSO-DPO

Disclosure to third countries
Some services transfer the collected data to another country. A list of the countries to which the data is transferred is given below. This may be for various purposes, such as storage or processing.

Click here to read the privacy policy of the data processor https://www.linkedin.com/legal/privacy-policy
Click here to revoke on all domains of the data processor https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences?lang=en
Click here to read the cookie policy of the data processor https://www.linkedin.com/legal/cookie_policy

Google reCAPTCHA Privacy Policy

What is reCAPTCHA?

Our overarching objective is to secure and protect our site for you and for us as well as we possibly can. To ensure this, we use Google reCAPTCHA from Google Inc. For the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA we can determine whether you are really a flesh and blood human being and not a robot or other spam software. By spam we mean any unsolicited information sent to us electronically. With classic CAPTCHAS, you usually had to solve text or picture puzzles to verify the information. With reCAPTCHA from Google, we usually don't have to bother you with such puzzles. Here, in most cases, it is enough to simply tick a box and thus confirm that you are not a bot. With the new Invisible reCAPTCHA version, you don't even have to make a tick anymore. We will tell you exactly how this works and, above all, what data is used for this purpose in the course of this privacy policy.

reCAPTCHA is a free captcha service from Google that protects websites from spam software and abuse by non-human visitors. The most common use of this service is when you fill out forms on the web. A CAPTCHA service is a type of automatic Turing test that is designed to ensure that an action on the web is being performed by a human and not a bot. In the classic Turing test (named after the computer scientist Alan Turing), a human determines the distinction between a bot and a human. With CAPTCHAS, this is also done by the computer or a software programme. Classic CAPTCHAS work with small tasks that are easy for humans to solve, but present considerable difficulties for machines. With reCAPTCHA, you no longer have to actively solve puzzles. The tool uses modern risk techniques to distinguish humans from bots. All you have to do is tick the text field "I am not a robot" or with Invisible reCAPTCHA even that is no longer necessary. With reCAPTCHA, a JavaScript element is integrated into the source code and then the tool runs in the background and analyses your user behaviour. From these user actions, the software calculates a so-called CAPTCHA score. Google uses this score to calculate how likely it is that you are a human even before you enter the CAPTCHA. reCAPTCHA or CAPTCHAS in general are always used when bots could manipulate or abuse specific actions (such as registrations, surveys, etc.).

Why do we use reCAPTCHA on our site?

We only want to welcome flesh-and-blood people on our site. Bots or spam software of any kind can safely stay at home. That's why we pull out all the stops to protect ourselves and offer you the best possible user experience. For this reason, we use Google reCAPTCHA from Google. This way we can be pretty sure that we will remain a "bot-free" site. By using reCAPTCHA, data is transmitted to Google to determine whether you are actually a human being. reCAPTCHA accordingly raises the security of our site and, by extension, your security. For example, without reCAPTCHA, it could happen that a bot registers as many email addresses as possible during registration in order to "spam" forums or blogs with unwanted advertising content. With reCAPTCHA, we can avoid such bot attacks.

What data is stored by reCAPTCHA?

reCAPTCHA collects personal data from users in order to determine whether the actions on our site actually originate from people. The IP address and other data required by Google for the reCAPTCHA service may accordingly be sent to Google. IP addresses are almost always abbreviated in advance within the member states of the EU or other contracting states to the Agreement on the European Economic Area before the data ends up on a server in the USA. The IP address is not combined with other data from Google unless you are logged in with your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are already on your browser. Then, reCAPTCHA sets an additional cookie in your browser and captures a snapshot of your browser window.

The following list of collected browser and user data does not claim to be complete. Rather, they are examples of data that, to our knowledge, are processed by Google.

• Referrer URL (the address of the page from which the visitor comes)
• IP address (e.g. 256.123.123.1)
• Info about the operating system (the software that enables your computer to run. Known operating systems are Windows, Mac OS X or Linux)
• Cookies (small text files that store data in your browser)
• Mouse and keyboard behaviour (every action you perform with the mouse or keyboard is saved)
• Date and language settings (which language or date you have preset on your PC will be saved)
• All JavaScript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
• Screen resolution (shows how many pixels the image display consists of)

There is no doubt that Google uses and analyses this data even before you click on the "I am not a robot" checkbox. With the Invisible reCAPTCHA version, even the ticking is omitted and the entire recognition process runs in the background. Google does not tell you in detail how much and which data it stores.

The following cookies are used by reCAPTCHA: Here, we refer to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:

Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-312524436-8
Intended use: This cookie is set by DoubleClick (also owned by Google) to register and report a user's actions on the site when dealing with ads. In this way, advertising effectiveness can be measured and appropriate optimisation measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry date: after one year

Name: 1P_JAR
Value: 2019-5-14-12
Intended use: This cookie collects statistics on site usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant ads to users. Furthermore, the cookie can be used to prevent a user from seeing the same ad more than once.
Expiry date: after one month

Name: ANID
Value: U7j1v3dZa3125244360xgZFmiqWppRWKOr
Intended use: We were not able to find out much information about this cookie. In Google's privacy policy, the cookie is mentioned in connection with "advertising cookies" such as "DSID", "FLC", "AID", "TAID". ANID is stored under the domain google.com.
Expiry date: after 9 months

Name: CONSENT
Value: YES AT.de+20150628-20-0
Intended use: The cookie stores the status of a user's consent to use various Google services. CONSENT is also used for security purposes to verify users, prevent login fraud and protect user data from unauthorised attacks.
Expiry date: after 19 years

Name: NID
Value:  0WmuWqy312524436zILzqV_nmt3sDXwPeM5Q
Intended use: NID is used by Google to customise ads to your Google searches. With the help of the cookie, Google "remembers" your most frequently entered search queries or your previous interaction with ads. This way you always get tailored ads. The cookie contains a unique ID to collect the user's personal settings for advertising purposes.
Expiry date: after 6 months

Name: DV
Value:  gEAABBCjJMXcI0dSAAAANbqc312524436-4
Intended use: Once you have ticked the "I am not a robot" box, this cookie is set. The cookie is used by Google Analytics for personalised advertising. DV collects information in an anonymous form and is also used to make distinctions between users.
Expiry date: after 10 minutes

Comment: This list is not intended to be exhaustive, as experience has shown that Google changes its choice of cookies repeatedly.

How long and where is the data stored?

With the use of reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored, Google does not make clear, even after repeated enquiries. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the site or language settings are stored on Google's European or US servers. The IP address that your browser sends to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. The derogating data protection provisions of Google apply to this.

How can I delete my data or prevent data storage?

If you do not want any data about you and your behaviour to be sent to Google, you must log out of Google completely and delete all Google cookies before you visit our site or use the reCAPTCHA software. In principle, data is automatically sent to Google as soon as you visit our site. To delete this data again, you must contact Google support at https://support.google.com/?hl=de&tid=312524436.

So by using our site you consent to the automatic collection, processing and use of data by Google LLC and its agents.

Please note that when using this tool data from you may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data sent to insecure third countries may accordingly not simply be transferred, stored and processed there unless there are appropriate safeguards (such as EU standard contractual clauses) between us and the non-European service provider.

Legal basis

If you have consented to Google reCAPTCHA being used, the legal basis for the corresponding data processing is this consent. Under Art. 6 para. 1 lit. a GDPR (Consent) it constitutes the legal basis for the processing of personal data that may occur when it is collected by Google reCAPTCHA.

We also have a legitimate interest in using Google reCAPTCHA to optimise our online service and make it more secure. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). Nevertheless, we will only use Google reCAPTCHA if you have given your consent.

Google also processes data from you in the USA, among other places. We would like to point out that under an opinion of the European Court of Justice there is currently no adequate level of protection for the transfer of data to the USA. It may be associated with various risks for the legality and security of the data processing.

Google uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or for data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can learn a little more about reCAPTCHA on Google's web developer page at https://developers.google.com/recaptcha/. Google does go into more detail here about the technical development of reCAPTCHA, and there is also not much precise information about data storage and privacy-related topics there either. A good overview of Google's basic use of data can be found in the company's own privacy policy at https://www.google.com/intl/de/policies/privacy/.