Data protection

Forewords

We at Peter-Lacke GmbH and our subsidiaries (hereinafter jointly referred to as "the company", "we" or "us") take the protection of your personal data seriously and would like to inform you about data protection at this point.

As part of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR") in order to ensure the protection of personal data of the person affected by processing (we also refer to you as the data subject as "customer", "user", "you", "you" or "data subject"). Our privacy policy has a modular structure.

I General

1. definitions

In accordance with Art. 4 GDPR, this privacy policy is based on the following definitions:

"Personal data" (Art. 4 No. 1 GDPR) are all

Information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or information relating to their physical, physiological, genetic, mental, economic, cultural or social identity. Identifiability can also be achieved by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photos, video or sound recordings can also contain personal data).

a) "Processing" (Art. 4 No. 2 GDPR) means any operation which is performed on personal data, whether or not by automated means (i.e. using technical specifications). This includes, in particular, the collection (i.e. acquisition), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data, or alteration of the purposes for which they were originally processed.

b) "Controller" (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

c) "Third party" (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other legal entities belonging to the group.

e) "Processor" (Art. 4 No. 8 GDPR) is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.

f) "Consent" (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2) Name and address of the controller

The controller within the meaning of the GDPR is the:

Peter-Lacke GmbH
Herforder Straße 80, 32120 Hiddenhausen, Germany

Phone: +49 5221 96250
Fax: +49 5221 962599

E-mail: info@peter-lacke.com

Representative of the person responsible: David N. Peter, Michael Boes

3) Contact details of the data protection officer

The externally appointed data protection officer for Peter-Lacke GmbH is Mr. Karl-Uwe Lüllemann. The data protection officer can be contacted as follows:

E-mail: datenschutz@sk-consulting.com
Tel. 05731/ 49064-30

or by post:

Peter-Lacke GmbH
For the attention of Data Protection
Herforder Straße 80
32120 Hiddenhausen

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4) Competent data protection supervisory authority

State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf

Tel.: 0211/38424-0
Fax: 0211/38424-10
E-mail: poststelle@ldi.nrw.de

5) Legal basis for the processing of personal data

According to the provisions of the GDPR, any processing of personal data is prohibited in principle and is only permitted if the data processing falls under at least one of the following legal bases:

a) "Consent" pursuant to Art. 6 para. 1 lit. a GDPR: If the data subject has voluntarily, in an informed and unambiguous manner, by means of a statement or other unambiguous confirmatory act, indicated that they consent to the processing of their personal data for one or more specific purposes;

b) "Performance of a contract" pursuant to Art. 6 para. 1 lit. b GDPR: If the processing

is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c) "Compliance with a legal obligation" pursuant to Art. 6 para. 1 lit. c GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data);

c) "Legitimate interest" pursuant to Art. 6 para. 1 lit. f GDPR: If processing is necessary for the purposes of the legitimate interests (in particular legal or economic interests) pursued by the controller or by a third party, except where such interests are overridden by the interests or rights of the data subject which require protection of personal data.

The applicable legal basis for the processing operations carried out by us is specified below. It should be noted that processing can also be based on several legal bases.

6) Legal basis for storage in the user's terminal device

The storage of information in the end user's terminal equipment or access to information already access to information that is already stored in the terminal equipment is only permitted if they are covered by one of the following justifications:

a)25 para. 1 TDDDG: If the end user has consented on the basis of clear and comprehensive information. Consent must be given in accordance with Art. 6 para. 1 lit. a GDPR;

b) 25 para. 2 no. 1 TDDDG: If the sole purpose is to carry out the transmission of a communication via a public telecommunications network or

c) 25 para. 2 no. 2 TDDDG: If the storage or access is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user.

The applicable legal basis for the processing operations carried out by us is specified below. It should be noted that processing can also be based on several legal bases.

7) Your rights

You can assert your rights as a data subject with regard to your processed personal data at any time using the contact details provided at the beginning under "I( 2 or 3). As the data subject, you have the right to

a) to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

b)in accordance with Art. 16 GDPR, to immediately request the correction of incorrect data or the completion of your data stored by us;

c) to demand the deletion of your data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to fulfill a legal obligation or to assert, exercise or defend legal claims;

d) in accordance with Art. 18 GDPR, to demand the restriction of the processing of your data if the accuracy of the data is disputed by you or the processing is unlawful;

e) in accordance with Art. 20 GDPR, to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller ("data portability")

f) in accordance with Art. 21 GDPR, an objection to the processing can be lodged if the processing is based on Art. 6 para. 1 lit. f GDPR. If the objection is not to direct marketing, the exercise of such an objection requires an explanation of the particular reasons why we should not process the data. In such a case, the situation will be examined, after which either the data processing will be adjusted if the reasons you have given are justified, or the data processing will continue.

g) in accordance with Art. 77 GDPR, you can complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us, see Section I No. 6

The rights described apply to all processing listed in this privacy policy. They are not mentioned again in the other sections.

8) Changes to privacy policy

As part of the further development of data protection law as well as technological or organizational changes, our privacy policy will be reviewed to determine whether it needs to be adapted or supplemented. You will be informed of any changes on our website (https://www.peter-lacke.com/datenschutz/).

This privacy policy has the status 07. 2024

II Website

1) External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include, for example, IP addresses, meta and communication data, website access and other data generated via a website.

The use of the hoster is based on our legitimate interest. As a company, we have an interest in the secure, fast and efficient provision of our online services by a professional provider (Art. 6 (1) (f) GDPR).

Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.

Conclusion of a contract for order processing

In order to guarantee data protection-compliant processing, we have concluded an order processing contract with our hoster.

2) Processing when visiting the website

We require the following data to provide our website. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR, as our company has a legitimate interest in a website.

a) Web server

When you visit our website, your browser automatically transmits the following data to the web server on which our website is operated (hosted):

IP address in anonymized form is used to determine the location of access
Referrer (previously visited website)
Requested web page or file
Browser type and browser version
Operating system used
Device type used
Time of access

b) Statistics

Our website provider provides us with the following anonymized statistics. We do not use or evaluate the statistics and cannot currently deactivate the creation of statistics:

Visitor numbers: Visitors, sessions, page views and search engine robots.

Visitor behavior: Duration per session, page views per session and bounce rate.

Page analysis: entry pages, exit pages, error pages, most visited pages, pages with a high bounce rate and search terms.

Pages of origin: All source pages and referring pages.

Visitor locations

Browsers & systems: Browsers, browser versions, operating systems and operating system versions.

3) Cookies

We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard disk by means of a characteristic string of characters and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer more user-friendly and effective overall, i.e. more pleasant for you. Cookies may contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. However, cookies cannot directly identify a user. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

The legal basis for cookies that are absolutely necessary to provide you with the expressly requested service is Section 25 (2) No. 2 TDDDG. Any use of cookies that is not absolutely technically necessary for this purpose constitutes data processing that is only permitted with your express and active consent in accordance with Section 25 (1) TDDDG in conjunction with Art. 6 (1) (a) GDPR. This applies in particular to the use of performance, advertising, targeting or sharing cookies. In addition, we will only pass on your personal data processed by cookies to third parties if you have given your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Cookie consent with Borlabs Cookie (Consent Management Tool)

We use the "Borlabs Cookie" consent tool from Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany, to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents.

Borlabs Cookie uses cookies to collect data generated by end users who use our website. When an end user gives consent, the following data is automatically logged, among others:

Cookie runtime,
Cookie Version,
Domain and path of the WordPress site,
Selection in the cookie banner,
UID (a randomly generated ID),

The consent status is also stored in the end user's browser so that the website can automatically read and follow the end user's consent in all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular limitation period pursuant to Section 195 of the German Civil Code (BGB). The data will then be deleted immediately

"The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. c) GDPR and Art. 6 para. 1 lit. f) GDPR. The processing is carried out on the one hand to fulfill legal obligations, in particular for the legally required documentation of the consents given or refused, and on the other hand on the basis of our legitimate interest in the management of the cookies and similar technologies used."

4) Cookies used

WooCommerce
We use the WooCommerce plugin from Automattic Inc, 132 Hawthorne Street, San Francisco, CA 94107, USA, on our website. We use WooCommerce to operate our online store and enable functions such as product creation, shopping cart management, vouchers, shipping and payment settings and the creation of customer accounts.

WooCommerce uses cookies, in particular so-called shopping cart cookies, which are necessary to save your actions in the store and to offer you a smooth shopping experience. These cookies are technically necessary and are set automatically when you visit our website.

The personal data collected by WooCommerce is processed on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR to provide you with a functional online store. Cookies that are not absolutely necessary are only set with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

As Automattic is based in the USA, personal data is transferred to a third country when WooCommerce is used. The USA is not classified by the European Commission as a country with an adequate level of data protection. However, Automattic has submitted to the EU-US Data Privacy Framework, which has been recognized by the European Commission as suitable for ensuring an adequate level of data protection. The data transfer therefore takes place on the basis of this adequacy decision (Art. 45 GDPR)

Further information on data protection at WooCommerce can be found at: https://de.wordpress.org/plugins/woocommerce/ and in Automattic's privacy policy at: https://automattic.com/privacy/.

Google Analytics Universal

On our websites, we use Google Analytics, a web analysis service provided by Google Ireland Limited (https://www.google.de/intl/de/about/), Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). In this context, pseudonymised user profiles are created and cookies (see "Cookies") are used. The information generated by the cookie about your use of this website, such as

the browser type/version,
the operating system used,
the referrer URL (the previously visited page),
the host name of the accessing computer (IP address) and
Time of the server request,

are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website activity and internet use for the purposes of market research and needs-based design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be merged with other data held by Google. The IP addresses are anonymized so that assignment is not possible (IP masking).

You can prevent the installation of cookies by setting the browser software accordingly; however, we would like to point out that in this case it may not be possible to use all functions of this website to their full extent.

These processing operations are carried out exclusively upon the granting of explicit consent in accordance with Art. 6 (1) (a) GDPR.

You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This is an adequacy decision in accordance with Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.

WordPress Stats - Jetpack

This website uses the WordPress tool "WordPress Stats" provided by Jetpack to statistically evaluate visitor access. The provider is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA. The operating company uses the tracking technology of Quantcast Inc., 201 Third Street, San Francisco, CA 94103, USA.

Jetpack uses cookies, which are stored on your computer and allow an analysis of the use of the website by WordPress Stats. The information generated by the cookies about the use of our website is stored on servers in the USA. Your IP address will be anonymized after processing and before storage.

The cookies remain on your device until you delete them.

These processing operations are carried out exclusively upon the granting of explicit consent in accordance with Art. 6 (1) (a) GDPR.

This US company is certified under the EU-US Data Privacy Framework. This is an adequacy decision in accordance with Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.

Jetpack's privacy policy can be viewed at: https://jetpack.com/support/privacy/.

You can view the data protection provisions of Google Analytics at: https://support.google.com/analytics/answer/6004245?hl=de.

Google Tag Manager

On this website we use the Google Tag Manager service. Google Tag Manager is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Through this tool, "website tags" (i.e. keywords that are integrated into HTML elements) can be implemented and managed via an interface. By using the Google Tag Manager, we can automatically track which button, link or personalized image you have actively clicked on and can then record which content of our website is of particular interest to you.

The tool also triggers other tags, which in turn may collect data. Google Tag Manager doesn't access this data. If you have opted out at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.

These processing operations are carried out exclusively upon the granting of explicit consent in accordance with Art. 6 (1) (a) GDPR.

Further information on Google Tag Manager and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.

Matterport

We have created a virtual tour using the Matterport tool and integrated it into our website via an iFrame. The operator of the platform is Matterport, Inc, 352 E.Java Dr., Sunnyvale, CA 94089, USA.

When a corresponding page is accessed, a connection to the Matterport servers is established. Among other things, the following information is transmitted and processed:
- the page you visited,
- your IP address,
- technical connection data (e.g. browser and device information),
- usage data such as click paths, length of stay or interactions.

In addition, Matterport places cookies on your end device when loading the iFrame, which can be used for technical provision, analysis and tracking purposes.

If you are logged in to Matterport, your surfing behavior can be assigned to your personal profile. You can prevent this by logging out of your Matterport account before visiting our website.

The processing of personal data and the setting of cookies is carried out exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deleting the cookie on your end device.

As Matterport is based in the USA, personal data is transferred to a third country. Matterport is currently not certified under the EU-U.S. Data Privacy Framework. The data transfer therefore also takes place on the basis of your express consent in accordance with Art. 49 para. 1 lit. a GDPR.

Further information on data processing by Matterport can be found at: https://matterport.com/privacy-policy.

5) Application management / job exchange

We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also be carried out by electronic means. This is particularly the case if an applicant submits relevant application documents to us electronically, for example by e-mail or via a web form on the website. If we conclude an employment or service contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude a contract with the applicant, the application documents will be automatically deleted two months after the announcement of the rejection decision, provided that deletion does not conflict with any other legitimate interests on our part. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis for the processing of your data is Art. 6 (1) (b), 88 GDPR in conjunction with Section 26 (1) BDSG.

6) Social media

We maintain online presences on various social media platforms. If we have included links to our social media platforms on our website, these are pure links and not so-called plugins (requiring consent). When you click on the links, you will be redirected to the websites of the respective social media platforms.

However, as users of the various social media platforms, we have no influence whatsoever on the processing of your data by the providers of the social media platforms. It cannot be ruled out that the providers of the social media platforms may use your data for their own purposes and/or pass it on to third parties. This may concern your habits, personal relationships, preferences and other aspects. We would also like to point out that your data may also be processed outside the European Union, which may make it more difficult or even impossible to enforce your rights. Only access our social media platforms if you are aware of these effects and are willing to accept the risks mentioned

Facebook

Meta (formerly Facebook)

We operate a company page ("Facebook Fanpage") on META Platforms Ireland Ltd (formerly Facebook Ireland Ltd). On our website, a hyperlink to Facebook is indicated by a logo at the bottom of the website. After clicking on the logo, the Facebook website opens in a new browser tab. The joint controllers for the operation of the fan page within the meaning of the GDPR and other data protection regulations are

META Platforms Ireland Ltd (hereinafter "META" or "Facebook")
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

and

PETER/LACKE GmbH
Herforder Str. 80
DE - 32120 Hiddenhausen

The following data is transmitted, among others:

For visitors who are not logged in/registered with Facebook:
IP address: Facebook automatically determines the user's IP address when a fan page is accessed.

Cookies: When you visit our fan page, technically necessary cookies are automatically placed on your IT system by Facebook. We are currently only aware of the so-called datr cookie. According to Facebook, it is used to identify the web browser that establishes the connection to the Facebook page and plays a key role in protecting the social network from "malicious activities". The datr cookie is valid for two years, but can be deleted via the browser settings.

For visitors who are registered and logged in to Facebook:

IP address: Facebook also determines the IP address of the user for logged-in visitors (see above)

Cookies: A datr cookie is also set by Facebook in this case (see above). If you are a member of Facebook and are logged in with your Facebook profile when you visit our fan page, the c_user cookie will also be set. Facebook links the visit to the company page with your personal user account. This enables Facebook to track your user behavior.

The use of cookies for Facebook products is beyond our control. The number and description of the cookies mentioned above reflect our current state of knowledge.

To our knowledge, Facebook currently processes user data for the following purposes:

Advertising, analysis, creation of personalized advertising
Creation of user profiles
Market research
improve their own products
to develop new products

When you visit our Facebook fan page, Facebook automatically stores information in a log file that your browser transmits to Facebook. We expressly point out that we have no knowledge of the scope and content of the data collected by Facebook, nor of its processing and use or, if applicable, transmission to third parties by Facebook.

Facebook also provides fan page operators with the "Facebook Insights" tool, which can be used to retrieve statistical information (= non-personal data) about the use of their pages. This includes, for example, the total number of page views and "likes", page activity, post interactions, video views, post reach, comments, shared content, responses, proportion of men and women, origin in relation to country and city, language and possibly other information.

If you are a Facebook member and do not want Facebook to collect data about you via our fan page and link it to your membership data stored on Facebook, you must:

log out of Facebook before visiting our fan page,
then delete the existing cookies on the device
and close and restart your browser.

In this way, all Facebook information that can be used to identify you will be deleted, according to Facebook.

You can assert your data subject rights under the GDPR primarily with Facebook Ireland or with us. In accordance with the judgment of the ECJ, the fan page is operated under joint responsibility between Facebook and us in accordance with Article 26 GDPR (see Page Controller Addendum at https://www.facebook.com/legal/terms/page_controller_addendum). You must be logged in to Facebook to view the content of the link.

The primary responsibility under the GDPR for the processing of Insights data lies with Facebook and Facebook fulfills all obligations under the GDPR with regard to the processing of Insights data. You can find more information on Insights data at the following link (https://de-de.facebook.com/legal/terms/information_about_page_insights_data).

Only Facebook Ireland makes decisions regarding the processing of Insights data and implements them. We do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 GDPR, including legal basis, identity of the controller and storage duration of cookies on user end devices.

To the best of our current knowledge, Insights data is normally anonymized and summarized in statistics so that no natural person can be identified. We do not require a legal basis for processing this type of data. In exceptional cases, however, a person may be directly or indirectly identifiable. We then process the Insights data provided to us by Facebook in accordance with Art. 6 para. 1 lit. f of the GDPR (based on our overriding legitimate interest). The purpose of the processing is to make the Facebook fan page more attractive for our users.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - Privacy Policy: https://www.facebook.com/about/privacy/

Instagram

We operate a public profile on Instagram, also known as a feed. On our website, a hyperlink to Instagram is indicated by a logo at the bottom of the website. After clicking on the logo, the Instagram website opens in a new browser tab.

The Instagram page offers you the opportunity to react to our posts, comment on them and send us private messages. Please check carefully what personal data you share with us via our Instagram page.

Instagram is a product of Meta. We have no influence on the means and purposes of the processing of personal data by Meta, insofar as these are collected in connection with a visit to the Instagram website and on our Instagram profile. Only the

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

is to be named here as the responsible party. You can find the Instagram privacy policy at the following link

https://www.facebook.com/help/instagram/519522125107875.

Inquiries from users about data processing when visiting an Instagram page, which is the sole responsibility of Facebook Ireland, will be forwarded by us to Facebook Ireland. Users can contact Facebook's data protection officer themselves at the following link: https://www.facebook.com/help/contact/540977946302970

Facebook also provides information about privacy-friendly profile settings for Instagram profiles: https://help.instagram.com/811572406418223/?helpref=hc_fnav

Please also note:

Your data may also be transferred to the USA. When personal data is transferred, there are risks under data protection law for the person whose data is transferred to the USA. US authorities (in particular intelligence agencies) are entitled to examination rights (in particular pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA 702) and Executive Order 12 333) without EU citizens being able to object. These US legal bases allow data access to electronic communications services of non-US citizens even without a court order and legal protection.

As far as judicial protection is concerned, EU citizens do not have the same legal options (legal remedies) as American citizens to defend themselves against the processing of personal data by American authorities.

The United States carries out mass data processing without guaranteeing protection equivalent to that guaranteed by Art. 7 (respect for private and family life) and Art. 8 (protection of personal data) of the EU Charter of Fundamental Rights. Since 2018, there has also been the Cloud Act, which allows US authorities to access data stored by American companies (and their subsidiaries in Europe) that is not stored in the USA.

Information on data protection at Meta and other products offered by Meta can be found at www.facebook.com/policy in Meta's data policy.

LinkedIN

We use the "LinkedIn" platform for the purpose of presenting our company there and drawing your attention to current trends, products and services from us via posts and videos. The following information also serves as data protection information for our online presence there.

The services for the EU are provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. The headquarters of LinkedIn Inc. is located in Sunnyvale, California, USA. The company belongs to Microsoft. A hyperlink to LinkedIn is integrated into our website and identified by a logo. Clicking on the logo opens the LinkedIn website.

When you access LinkedIn services, LinkedIn may receive personal data from you. For details, please refer to LinkedIn's privacy policy at the following link:

https://www.linkedin.com/legal/privacy-policy

You can find LinkedIn's cookie policy at the following link:

https://www.linkedin.com/legal/cookie-policy

As part of the maintenance of our basic company profile, we have limited access to statistical evaluations from LinkedIn, e.g. about the number of page views of our online presence. LinkedIn makes this data available in aggregated and anonymized form for certain periods of time, but does not allow any conclusions to be drawn about identifiable visitors to our company page.

We have no influence on the means and purposes of the processing of personal data by LinkedIn, insofar as these are collected in connection with a visit to the LinkedIn website and our LinkedIn online presence. We would like to point out that you use LinkedIn and its functions on your own responsibility. If we process your personal data, this is done on the basis of our legitimate interest Art. 6 para. 1 lit. a) GDPR, as we assume that your fundamental rights to the protection of your personal data do not prevail here.

According to LinkedIn, the data centers for your members (who, like us, are registered with LinkedIn and have an account) are located in the USA. There is a so-called adequacy decision for the transfer to the USA in the form of the Data Privacy Framework. With the adequacy decision, the European Commission has certified that the USA has an adequate level of data protection for personal data compared to the EU.

LinkedIn services require data to be transferred from the European Union (EU) to the United States of America (USA) and back. This also applies to you as a visitor if you use LinkedIn services and certain functions, e.g. if you post a comment on one of our posts.

The data transfer to the USA is based on the Data Privacy Framework and standard contractual clauses. Information from LinkedIn can be found at the following link:

https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de

https://de.linkedin.com/legal/l/dpa

The LinkedIn user agreement (applies to members and visitors) can be found at the following link:

https://de.linkedin.com/legal/user-agreement.

Please note the following when using LinkedIn:

Your data will be transferred to the USA. When personal data is transferred, there are risks under data protection law for the person whose data is transferred to the USA. US authorities (in particular intelligence agencies) are entitled to examination rights (in particular pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA 702) and Executive Order 12 333) without EU citizens being able to defend themselves against this. These US legal bases allow data access to electronic communications services of non-US citizens even without a court order and legal protection.

YouTube

We use the video portal "YouTube" for the purpose of drawing your attention to current trends, products and services from us via videos on our channel. The following information also serves as data protection information for our online presence there.

The company providing the service in the European Economic Area and Switzerland is Google Ireland Limited, a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. This is a subsidiary of Google LLC based in the USA, which in turn belongs to the Alphabet Inc. group of companies. The YouTube terms of use can be found at this link:

https://www.youtube.com/static?gl=DE&template=terms&hl=de.

We have no influence on the means and purposes of the processing of personal data by YouTube (= Google), insofar as these are collected in connection with a visit to the YouTube website and our YouTube channel.

We would like to point out that you use YouTube and its functions on your own responsibility. If we process your personal data, this is done on the basis of our legitimate interest Art. 6 para. 1 lit. f) GDPR, as we assume that your fundamental rights to the protection of your personal data do not prevail here.

YouTube videos in extended data protection mode (Youtube-NoCookies)

Some subpages of our website contain links or links to the YouTube offer. In general, we are not responsible for the content of websites to which links are provided. In the event that you follow a link on YouTube, however, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes.

We also directly embed videos stored on YouTube on some subpages of our websites. With this integration, content from the YouTube website is displayed in parts of a browser window. If you call up a (sub-)page of our website on which YouTube videos are integrated, a connection to the YouTube servers is established and the content is displayed on the website by means of a message to your browser.

The integration of YouTube content only takes place in the "extended data protection mode". YouTube provides this itself and thus ensures that YouTube does not initially store any cookies on your device. When the pages in question are accessed, however, the IP address and, if necessary, the IP address. transmit further data and, in particular, inform you which of our websites you have visited. However, this information cannot be assigned to you unless you have logged in to YouTube or another Google service before accessing the page or are permanently logged in. As soon as you start playing an embedded video by clicking on it, YouTube will only store cookies on your device that do not contain any personally identifiable data, unless you are currently logged in to a Google service. These cookies can be prevented by appropriate browser settings and extensions.

The request for the video also represents your consent for the placement of the corresponding cookie (Art. 6 para. 1 sentence 1 lit. a) GDPR).

You can find Google's privacy policy at the following link:

https://policies.google.com/privacy?hl=de.

If you have a Google account yourself, Google may use the data collected when you visit our YouTube channel to display personalized advertising. If you do not want this, please adjust the "Settings for advertising" in your account.

Please also note:

7) Social media plugins

We use social plugins from the social networks Facebook, YouTube, X(formerly Twitter) , Instagram on our website on the basis of Art. 6 para. 1 lit. f) GDPR in order to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation must be guaranteed by the respective provider.

The purpose and scope of the data collection and the further processing and use of the data by the respective provider as well as your rights in this regard and setting options to protect your privacy can be found in the respective data protection information of the provider, which we link to below.

You can prevent social networks from assigning the information collected about you to your user account with the respective social network during your visit to https://www.peter-lacke.com/ by logging out of the social network pages beforehand and deleting cookies that have been set. If you do not want social networks to assign the data collected via our website directly to your profile, you must log out of the relevant social networks before visiting our website.

Facebook

Social plugins from Facebook and YouTube (Google) are used on this website. These are offers from the US companies Facebook and Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google")).

When you visit a page that contains such a plugin, your browser establishes a connection to Facebook or YouTube and the content is loaded from these pages. Your visit to this website may therefore be tracked by Facebook and YouTube, even if you do not actively use the social plugin function. If you have a Facebook or YouTube account, you can use such a social plugin and share information with your friends. XXXX has no influence on the content of the plugins and the transmission of information.

Facebook and Google provide detailed information on the scope, type, purpose and further processing of your data on their websites. Here you will also find further information on your rights and settings options to protect your privacy.

Data protection information from Facebook: https://www.facebook.com/about/privacy
Data protection information from Google: https://www.google.com/intl/de/policies/privacy

Instagram

Plugins of the social network Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA ("Instagram") are also integrated on this website. You can recognize the Instagram plugin by the "Instagram button" on our site.

If you click on the "Instagram button" while you are logged into your Instagram account, you can link the content of our pages to your Instagram profile. This allows Instagram to associate your visit to our pages with your user account. We would like to point out that we have no knowledge of the content of the transmitted data or its use by Instagram. Further information can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy

LinkedIn

Plugins of the LinkedIn network of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter: "LinkedIn") are integrated on this website. You can recognize the LinkedIn plugins by the white "in" on a blue background.

When you visit a page on our website, no connection is established with the LinkedIn servers. If you click on the corresponding button, you will be redirected to a LinkedIn website. On this website, you can share our content by clicking again. We have no influence on the processing of personal data on third-party websites.

This information is transmitted directly from your browser to a LinkedIn server in the USA and stored there. LinkedIn observes the data protection provisions of the "US Privacy Shield" and is registered with the "US Privacy Shield" program of the US Department of Commerce.

By accessing the LinkedIn website, LinkedIn receives the information that you have visited their site with your IP address and other log data. This log data includes browser type, operating system, information about the previously accessed website and the pages you visited, location, your mobile phone provider, device information (including device ID and application ID), search terms and cookie information. LinkedIn also uses tracking and targeting tools to optimize the website and adapt it to the needs of users.

If you click on the LinkedIn button while you are logged into your LinkedIn account, you can link the content of our pages to your LinkedIn profile. This allows LinkedIn to associate the content of our pages with your user account.

Further information on this can be found in LinkedIn's privacy policy.

8) Other plugins

Jetpack for WordPress

We have integrated the Jetpack plugin on our website. The operating company of the Jetpack plugin for WordPress is Automattic Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. The operating company, for its part, uses the tracking technology of Quantcast Inc., 201 Third Street, San Francisco, CA 94103, USA.

Jetpack sets a cookie on your IT system. Every time you visit one of the individual pages of this website and on which a Jetpack component has been integrated, the Internet browser on your IT system is automatically prompted by the respective Jetpack component to transmit data to Automattic for analysis purposes. As part of this technical process, Automattic becomes aware of data that is used to create an overview of website visits. They are evaluated with the aim of optimising our website. The data collected through the Jetpack component will not be used to identify you without your prior express consent. The data is also used by Quantcast for the same purposes as Automattic.

These processing operations are carried out exclusively upon the granting of explicit consent in accordance with Art. 6 (1) (a) GDPR.

Automattic's applicable privacy policy is available at https://automattic.com/privacy/. Quantcast's applicable privacy policy is available at https://www.quantcast.com/privacy/.

Weglot

Components from Weglot, 138 rue Pierre Joigneaux, 92270 Bois-Colombes, France, are integrated into our website.

Weglot loads when you enter the website, so you can change the website to another language. This allows a direct connection to be established between your browser and the Weglot server when you visit this website. Weglot thus receives the information that you have visited this website with your IP address. Weglot uses cookies for audience measurement (Google Analytics cookies). These cookies collect browsing data, such as the pages visited, the content viewed or the duration of navigation.

Among other things, the following data is processed:

l IP address
l Location information
l Browser information
l Usage data

Data processing is carried out on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

You can view Weglot's privacy policy at: https://www.weglot.com/de/privacy.

As part of the processing, your data may be transmitted to:

9) Data transmission

Persons within our company who are directly involved in data processing:

Service providers who are contractually bound and obliged to maintain confidentiality and who perform parts of the data processing tasks, e.g. by our website provider

Your data will not be transferred to third parties unless we are legally obliged to do so.

10) KAn obligation to provide personal data

In principle, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data.

11) Data storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies and there is no legal obligation to do so.

12) Profiling

We do not intend to use personal data collected from you for automated decision-making (including profiling).

13) Links on the website

Our website contains links to other websites that are not under our control. We are not responsible for the privacy practices of these other sites. We encourage you to familiarize yourself with the privacy policies of all sites you visit when you leave our site. This privacy policy applies solely to information collected through our website.