In this privacy notice, we inform you about the processing of your personal data when you use our website.
Personal data means any information relating to an identified or identifiable person. In particular, this includes information that enables us to draw conclusions about your identity, such as your name, your telephone number, your address, or your email address. Statistical data which we collect, for example when you visit our website and which cannot be linked to you personally, is not covered by the term ‘personal data’.
Contents of this privacy notice
1. Contact person
The point of contact and so-called controller responsible for the processing of your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is
If you have any questions about data protection in connection with our services or the use of our website, you can also contact our data protection officer at any time. The data protection officer can be contacted at the above postal address or by sending an email to the address provided (please mark all correspondence with: “F.A.O. data protection officer”). We expressly point out that emails sent to this address will not be read solely by our data protection officer. If you wish to share confidential information, please first use this email address to request direct contact.
2. Data processing on our website
2.1 Visiting our website / Access data
Every time you use our website, we collect the access data automatically transmitted by your browser in order to make visiting the website possible. This access data includes in particular:
IP address of the requesting computer
Date and time of access
Name and URL of the accessed file
Website from which the access is made (referrer URL)
The browser used and, if applicable, the operating system of your computer and the name of your access provider.
It is necessary to process this access data to make it possible to visit the website and to guarantee the long-term functionality and security of our systems. For the purposes described above, the access data specified is also temporarily stored in internal log files in order to generate statistical data on the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices with which the pages are accessed increases) and for the general administrative maintenance of our website.
The legal basis is Art. 6(1) Sentence 1(b) GDPR, insofar as the page view occurs in the course of the initiation or performance of a contract, and otherwise Art. 6(1) Sentence 1(f) GDPR due to our legitimate interest in the long-term functionality and security of our systems.
The data will be erased as soon as it is no longer required for the purpose for which it was collected. In the case of data collected in order to provide the website, this is the case when the respective session has ended.
2.2 Making contact
There are a number of ways for you to contact us. This includes contacting us using the email addresses mentioned in the legal notice, and the contact form. In this context, we process data exclusively for the purpose of communicating with you.
The legal basis is Art. 6(1) Sentence 1(b) GDPR, insofar as we need your details in order to respond to your enquiry or to initiate or perform a contract, and otherwise Art. 6(1) Sentence 1(f) GDPR due to our legitimate interest in your contacting us and our ability to respond to your enquiry. The legal basis in such cases is Art. 6(1) Sentence 1(a) GDPR.
The data we collect when you use the contact form will be erased once we have finished processing your enquiry, unless we still require your enquiry to fulfill contractual or legal obligations (see Section 7 “Storage period”).
A cookie is a small text file stored on your device by your browser. Cookies are not used to execute programs or download viruses onto your computer. Comparable technologies include but are not limited to web storage (local/session storage), fingerprints, tags and pixels. Most browsers are set to automatically accept cookies and comparable technologies by default. However, you can usually adjust your browser settings in such a way that cookies or comparable technologies are rejected or stored only with prior consent. If you disable cookies or comparable technologies, this may affect your ability to fully use all of our services.
In the following, we list the tools we use by category, informing you in particular about the providers of the tools, how long the cookies are stored, and data transfers to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can withdraw it.
3.1 Legal basis and withdrawal
3.1.1 Legal basis
We use tools that are necessary to operate this website based on our legitimate interest under Art. 6(1) Sentence (1)(f) GDPR, in order to make your use of our website more convenient and more personalised, and to make using it as time-saving as possible. In certain cases, these tools may also be necessary for the performance of a contract or to take steps prior to entering into a contract, in which case the processing is carried out in accordance with Art. 6(1) Sentence 1(b) GDPR.
We use other tools, in particular those for marketing purposes, on the basis of your consent pursuant to Art. 6(1) Sentence 1(a) GDPR and pursuant to Art. 15(3) Sentence 1 of the German Telemedia Act (TMG), insofar as usage profiles are created for marketing or market research purposes. Data processing using these tools will only take place if we have received your prior consent.
For cases involving the transfer of personal data to third countries, we refer you to Section 6 (“Data transfers to third countries”), which also explains the possible associated risks. We will tell you when we have concluded standard contractual clauses or put in place other safeguards with the providers of certain tools. If you have given your consent to the use of certain tools, then, based in part on this consent, we will transfer the data processed when using the tools to third countries.
3.1.2 Obtaining your consent
To obtain your consent and manage consents given by you, we use a cookie banner informing you about the data processing on our website and giving you the opportunity to consent to all, some or no data processing by optional tools. This banner appears the first time you visit our website. If you have disabled cookies or the Wix cookie has been deleted or has expired, the banner will also appear on subsequent visits to our website.
Your consents or withdrawals, your IP address, information about your browser, your device and the time of your visit are transmitted to the tool as part of your website visit. In addition, the tool uses a necessary cookie to store the consents and withdrawals you have issued. If you delete your cookies, we will ask you again for your consent when you visit the website at a later date.
This data processing by the tool is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for using the banner is Art. 6(1) Sentence 1(f) GDPR, justified by our interest in fulfilling the legal requirements for cookie consent management.
3.1.3 Withdrawing your consent or changing your selection
You can withdraw your consent for certain tools at any time. To this end, certain tools allow you to exercise your withdrawal directly with the provider.
3.2 Essential tools
We use certain tools to enable the basic functionality of our website (“essential tools”). We would not be able to provide our service without these tools. For this reason, we use necessary tools without consent based on our legitimate interests pursuant to Art. 6(1) Sentence 1(f) GDPR or for the performance of a contract or to take steps prior to entering into a contract, in accordance with Art. 6(1) Sentence 1(b) GDPR.
3.2.1 Google Tag Manager
Our website uses the Google Tag Manager service, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for users from the European Economic Area and Switzerland, and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US for all other users (collectively referred to as “Google”).
Google Tag Manager serves to manage tracking tools and other services, so-called website tags. A tag is an element that is stored in the source code of our website in order to record, for example, predefined usage data. Google Tag Manager ensures that the usage data required by our partners is forwarded to them.
The legal basis is Art. 6(1) Sentence 1(f) GDPR, based on our legitimate interest in being able to integrate and manage multiple tags on our website in an uncomplicated manner.
We have concluded a data processing agreement with Google. In some cases, data is processed on a Google server in the US. In the event that personal data is transferred to the US or other third countries, we have concluded standard contractual clauses with Google in accordance with Art. 46(2)(c) GDPR. For further information, please see Section 6 (“Data transfers to third countries”).
For more details, please refer to the information provided by Google about Google Tag Manager.
3.2.2 Google reCAPTCHA
Our website uses Google reCAPTCHA, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for users from the European Economic Area and Switzerland, and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US for all other users (collectively referred to as “Google”).
Google reCAPTCHA prevents automated software (so-called bots) from carrying out abusive activities on the website, i.e. it checks whether entries made actually come from a human. To determine this, it processes the following data:
Referrer URL (address of the page from which the visitor came)
Cookies placed by Google
Snapshot of the browser window
The user’s input behaviour (e.g. answering the Google reCAPTCHA question, input speed in form fields, order in which the user selects input fields, number of mouse clicks)
Furthermore, Google reads the cookies from other Google services such as Gmail, Search and Analytics. If you do not want this information to be associated with your Google Account, you must log out of Google before visiting a page on which we have integrated Google reCAPTCHA.
The above data is sent to Google in encrypted form. Google’s evaluation decides in which form the captcha is displayed on the page. Google performs statistical analyses of how reCAPTCHA is used. According to Google, your data will not be used for personalised advertising.
The legal basis is the need to perform a contract or to take steps prior to entering into a contract according to Art. 6(1) Sentence 1(b) GDPR, for example in the context of registering a user account, using a contact form or subscribing to a newsletter. Google reCAPTCHA is used to protect IT security, ensure the stability of our website and prevent misuse.
In some cases, the data may also be processed on servers in the US. In the event that personal data is transferred to the US or other third countries, this is done on the basis of Art. 49(1) Sentence 1(b) GDPR in order to enable the performance of a contract with you or the implementation of pre-contractual measures. For further information, please see Section 6 (“Data transfers to third countries”).
3.3 Functional tools
- We do not currently use functional tools -
4. Online presence on social networks
We maintain online presences on social networks in order, among other things, to communicate with customers and other interested parties and share the latest news from Circulix.
The respective social networks usually process user data for market research and advertising purposes. In this way, usage profiles can be created based on the users’ interests. For this purpose, cookies and other identifiers are stored on users’ computers. Based on these usage profiles, ads are then shown on the social networks, for example, but also on third-party websites.
In connection with operating our online presences, it is possible that we may access information provided by the social networks, such as statistics about how our online presences are used. These statistics are aggregated and may include, in particular, demographic information and data on interactions with our online presences and the posts and content distributed via them. Please refer to the list below for details and links to the social network data that we, as operators of the online presences, can access.
The legal basis for this data processing is Art. 6(1) Sentence 1(f) GDPR, based on our legitimate interest in effectively informing and communicating with users, or Art. 6(1) Sentence 1(b) GDPR, in order to stay in contact with and inform our customers and to take steps prior to entering into contracts with future customers and interested parties.
We would like to point out that the most efficient way to assert data protection requests is with the relevant social network provider, as only these providers have access to the data and can take appropriate measures directly. Below is a list of information about the social networks where we maintain online presences:
5. Disclosure of data
In principle, we will only pass on the data we collect if:
You have given your explicit consent pursuant to Art. 6(1) Sentence 1(a) GDPR;
Disclosure is necessary pursuant to Art. 6(1) Sentence 1(f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
We are legally obliged to do so under Art. 6(1) Sentence 1(c) GDPR; or
This is permitted by law and is required under Art. 6(1) Sentence 1(b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract.
Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy notice, these providers may in particular include data centres that store our website and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies and consultancies. If we pass data on to our service providers, they may use the data exclusively for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects and are carefully monitored by us.
In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.
6. Data transfers to third countries
Where this is not possible, we base the transfer of data on derogations under Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for taking steps prior to entering into a contract.
Where a data transfer to a third country is planned and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the third country in question (e.g. intelligence agencies) may gain access to the transferred data in order to record and analyse it, and that enforceability of your rights as a data subject cannot be guaranteed. You will also be informed of this when we obtain your consent via the cookie banner.
7. Storage period
In principle, we only store personal data for as long as necessary to fulfil the purposes for which we have collected the data. We then erase the data without undue delay, unless we still require the data until the end of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.
For evidence purposes, we must keep contract data for another three years after the end of the year in which the business relationship with you ends. After the standard statutory period of limitation, any claims become statute-barred at this point in time at the earliest.
Even after that, we are still required to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations, which may arise on the basis of the German Commercial Code, the Fiscal Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The periods specified therein for retaining documents range from two to ten years.
8. Your rights, in particular withdrawal and objection
As a data subject, you always have the following rights as set out in Art. 15–21, Art. 77 GDPR:
Right to withdraw your consent
Right to object to the processing of your personal data (Art. 21 GDPR)
Right of access to personal data concerning you which we process (Art. 15 GDPR)
Right to rectification of inaccurate personal data concerning you which we have stored (Art. 16 GDPR)
Right to erasure of your personal data (Art. 17 GDPR)
Right to restriction of the processing of your personal data (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
In order to establish your rights described here, you can contact us at any time using the contact details provided. This also applies if you wish to receive copies of safeguards in order to prove an adequate level of data protection. Subject to the respective legal requirements, we will comply with your data protection request.
We will keep your enquiries regarding the establishment of data protection rights, and our responses to these, for a period of up to three years for documentation purposes and, in individual cases, beyond this period if we need to establish, exercise or defend legal claims. The legal basis is Art. 6(1) Sentence 1(f) GDPR, based on our interest in defending ourselves against any civil-law claims under Art. 82 GDPR, avoiding administrative fines under Art. 83 GDPR and fulfilling our accountability under Art. 5 Sentence 2 GDPR.
You have the right to withdraw the consent you gave us at any time. As a result of this, we will cease the data processing based on this consent with future effect. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.
Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.
If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided above.
Finally, you have the right to lodge a complaint with a data protection supervisory authority. You can assert this right by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The competent supervisory authority in Berlin, where we are headquartered, is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.
9. Changes to this privacy notice
We will update this privacy notice from time to time, for example if we adapt our website or if there are changes to the legal or regulatory requirements.