Privacy policy

Introduction and general information

Thank you for your interest in our website. The protection of your personal data is very important to us. Below you will find information on the handling of your data that is collected through your use of our website. Your data will be processed in accordance with the statutory data protection regulations.

Controller within the meaning of the GDPR

VIA optronics AG
Sieboldstr. 18
90411 Nuremberg

Tel:        0911 597 575-0
Fax:       0911 597 575-110

E-Mail:   info@via-optronics.com
URL:      www.via-optronics.com

Contact details of the data protection officer

Proliance GmbH / www.datenschutzexperte.de
Datenschutzbeauftragter
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de

When contacting the data protection officer, please state the company to which your request relates. Please refrain from enclosing sensitive information, such as a copy of your ID, with your request.

Definitions

Our privacy policy should be simple and understandable for everyone. As a rule, the official terms of the General Data Protection Regulation (GDPR) are used in this privacy policy. The official definitions are explained in Art. 4 GDPR.

Accessing and storing information in terminal equipment

By using our website, information (e.g. IP address) may be accessed or information (e.g. cookies) may be stored in your end devices. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases in which such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of § 25 para. 1 sentence 1, para. 2 no. 2 TTDSG.

In cases in which such a process serves other purposes (e.g. the needs-based design of our website), this is only carried out on the basis of Section 25 (1) TTDSG with your consent in accordance with Art. 6 (1) lit. a GDPR. Consent can be revoked at any time for the future. The provisions of the GDPR and the German Federal Data Protection Act (BDSG) apply to the processing of your personal data.

Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our website.

Webhosting

This website is hosted by an external service provider (IONOS SE). This website is hosted in Germany. Personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, website access and other data generated via a website.

We collect the data listed in order to ensure a smooth connection to the website and the technically error-free provision of our services. The processing of this data is absolutely necessary in order to make the website available to you. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

We have concluded an order processing contract with the provider in accordance with the requirements of Art. 28 GDPR, in which we oblige the provider to protect our customers' data and not to pass it on to third parties

Server-Logfiles

When you visit our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:

• Date and time of the request
• Name of the requested file
• Page from which the file was requested
• Access status
• Web browser and operating system used
• (Full) IP address of the requesting computer
• Amount of data transferred

We collect the data listed in order to ensure a smooth connection to the website and the technically error-free provision of our services. The processing of this data is absolutely necessary in order to make the website available to you. The log files are used to evaluate system security and stability as well as for administrative purposes. The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for 8 weeks. Due to data protection guidelines on personal data, the IP addresses of the callers are immediately anonymized in the log files.

The data may also be processed in anonymized form for statistical purposes. At no time will this data be stored together with other personal data of the user, compared with other databases or passed on to third parties.

Cookies

Our website uses so-called "cookies". Cookies are small text files that are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or to display advertising.

The processing of data through the use of strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the technically error-free provision of our services. For details on the processing purposes and legitimate interests, please refer to the information on the specific data processing.

The processing of personal data through the use of other cookies is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time for the future. Insofar as such cookies are used for analysis and optimization purposes, we will inform you about this separately in the context of this data protection declaration and obtain consent in accordance with Art. 6 Para. 1 lit. a GDPR.

You can set your browser so that you

• be informed about the setting of cookies,
• allow cookies only in individual cases,
• exclude the acceptance of cookies for certain cases or in general,
• activate the automatic deletion of cookies when closing the browser.

The cookie settings can be managed for the respective browsers under the following links

• Google Chrome
• Mozilla Firefox
• Edge (Microsoft)
• Safari
• Opera  

You can also manage cookies from many companies and functions that are used for advertising individually. To do this, use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called "do-not-track function". If this function is activated, the respective browser informs advertising networks, websites and applications that you do not wish to be "tracked" for the purpose of behavior-based advertising and the like.

Information and instructions on how to edit this function can be found under the following links, depending on your browser provider:

• Google Chrome
• Mozilla Firefox  
• Edge (Microsoft)   
• Safari
• Opera

You can also prevent scripts from being loaded by default. "NoScript" only allows the execution of JavaScripts, Java and other plug-ins on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

Please note that the functionality of our website may be restricted if cookies are deactivated.

You can revoke or change your cookie settings at any time. To do this, call up the cookie settings again via this link (Embed hyperlink to cookie settings).

Newsletter

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail address as mandatory information.

Additional data may be provided in order to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you our newsletter by email if you have expressly confirmed to us that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, wish to receive future newsletters. By confirming, you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of sending the desired newsletter.

When you register for the newsletter, in addition to the e-mail address required for sending the newsletter, we store the IP address you used to register for the newsletter as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later date. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

You can unsubscribe from the newsletter at any time using the link provided in every newsletter or by sending an email to the controller named above. Once you have unsubscribed, your email address will be deleted from our newsletter mailing list immediately, unless you have expressly consented to the continued use of the data collected or the continued processing is otherwise permitted by law.

Contact form and contact by e-mail

If you send us inquiries via the contact form or e-mail, your details from the inquiry form or your e-mail, including the personal data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. It is necessary to provide an e-mail address to contact us; providing your first name, surname and telephone number is voluntary. We will never pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time.

Sending applications

If you apply to us via our contact form or by e-mail, we collect personal data. This includes in particular your contact details (such as first and last name, telephone number and e-mail address of the user) as well as other data provided by you about your background (e.g. CV, qualifications, degrees and professional experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. details of a severe disability).

As a rule, your personal data is collected directly from you as part of the application process and encrypted during electronic transmission. The primary legal basis for this is Section 26 (1) BDSG. In addition, consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 26 para. 2 BDSG can be used as a data protection authorization provision. If the processing of your data is based on consent, you have the right to withdraw your consent at any time with effect for the future.

Within our company, only those persons and departments (e.g. Human Resources) have access to your personal data that absolutely need it to carry out the application process or to fulfill our legal obligations. If necessary, your application will be forwarded to the responsible person for review. Under no circumstances will your personal data be passed on to third parties without authorization.

Your data relating to an application for a specific job advertisement will be stored and processed by us during the ongoing application process. After completion of the application process (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after completion of the application process. The data of selected applicants will be securely stored for up to 1 year, provided that the applicants have given their consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with § 26 para. 2 BDSG. You can withdraw your consent at any time with effect for the future. An informal e-mail to the contact details of the controller listed above is sufficient for this purpose. If you are accepted, your application documents will be transferred to your personnel file.

Reports from whistleblowers

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The processing is carried out to fulfill our legal obligation within the meaning of Art. 6 para. 1 lit. c GDPR to receive and process reports in accordance with Directive (EU) 2019/1937 (Whistleblower Directive) and the Whistleblower Protection Act (HinSchG). We process your data insofar as this is necessary and permissible to fulfill these legal obligations.

In addition, processing may be carried out to protect our legitimate interests or those of third parties and to defend and assert legal claims in accordance with Art. 6 para. 1 lit. f GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.

We only process data that is related to the processing of your report. Unless you submit an anonymous report, this may include general personal data (name, contact details, etc.) as well as any other data that you provide to us as part of the report, such as your relationship to us and to the person(s) reported. In addition, we process the further contents of your report (in particular descriptions of the facts and specific allegations of compliance violations) together with any attachments. If you send us your report by voice recording, we will also process this.

If you do not make an anonymous report, your identity will only be disclosed to us by our service provider to ensure the best possible protection of confidentiality if you consent to this or if this is necessary to fulfill a legal obligation or to protect our legitimate interests, such as the assertion or enforcement of legal claims or defense against a legal claim. Otherwise, we will only receive a summarized report of your notification, which does not contain any direct reference to your identity.

If we become aware of your identity or are provided with other personal data in connection with your report, we will only pass this on within our company, while maintaining the necessary confidentiality, to the departments and persons who need this data to fulfill the legal obligation or to implement our legitimate interest.

Reports submitted via our whistleblower system (https://via-optronics.com/en/legal.html) are received and processed confidentially by our service provider Issuer Direct Corporation (One Glenwood Ave, Suite 1001 Raleigh, NC 27603; Privacy Policy: Privacy Policy (issuerdirect.com)). Issuer Direct Corporation acts as our processor and processes the data strictly in accordance with our instructions.

As personal data may be transferred by Google to affiliated companies and sub-processors in countries outside the EU and the EEA, further safeguards are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link

https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Issuer Direct integrates the "Google reCAPTCHA" service (hereinafter "reCAPTCHA"). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The purpose of reCAPTCHA is to check whether the data entry in the whistleblower form is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information, e.g.

• IP address
• Time spent by the website visitor on the website
• Mouse movements made by the user

The data collected during the analysis is forwarded to Google. Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in protecting ourselves from unwanted, automated mailings (spam).

We do not store any personal data from the use of reCAPTCHA. In general, personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies.

Further information on Google reCAPTCHA and Google's privacy policy can be found under the following links:

https://www.google.com/intl/de/policies/privacy/ and

https://www.google.com/recaptcha/intro/v3beta.html

Otherwise, data will only be passed on to recipients outside our company if this is permitted or required by law, if the transfer is necessary to process your report, if you have given your consent or if we are authorized or obliged to provide information. Under these conditions, recipients of personal data may be, for example

• Tax consultants or lawyers
• Public bodies and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax office) if there is a legal or official obligation,
• Recipients to whom the disclosure is directly necessary to process your report,
• Other data recipients for whom you may give us your consent to transfer data

YouTube

On our website, we embed videos from "YouTube", a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). The legal basis for the processing of your personal data is the consent you have given in accordance with Art. 6 para. 1 lit. a GDPR.

If the playback of embedded YouTube videos is started by your consent, the provider "YouTube" uses cookies to collect information about user behavior. According to information from "YouTube", these are used, among other things, to collect video statistics, improve user-friendliness and prevent abusive behavior. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. Google stores this data as usage profiles and uses it for the purposes of advertising, market research and/or the needs-based design of its websites. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly for this purpose.

As it is possible for Google to transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link

https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information on data protection and data use by Google can be found on the Google website below:

https://policies.google.com/privacy

Google Fonts

We use "Google Fonts" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: "Google"). Google Fonts enables us to use external fonts. For this purpose, the required Google Fonts are loaded into your browser cache by your web browser when you access our website. This is necessary so that your browser can also display a visually improved presentation of our texts. If your browser does not support this function, a standard font from your computer will be used for display. These Google fonts are integrated by a server call, usually a Google server in the USA. This tells the server which page of our website you have visited. The IP address of the browser of the visitor's end device is also stored by Google.

We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of the consent you have given. This consent can be revoked at any time with effect for the future.

Since personal data is transferred to the USA, further protective mechanisms are required to ensure the data protection level of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and assurances from the recipient in the USA.

Further information on data protection can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy
Further information on Google Fonts can be found at https://fonts.google.com/

External links

Social networks (LinkedIn, YouTube, Xing (incl. Kununu)) are only integrated on our website as links to the corresponding services. After clicking on the integrated text/image link, you will be redirected to the page of the respective provider. User information is only transferred to the respective provider after you have been forwarded. For information on the handling of your personal data when using these websites, please refer to the respective privacy policies of the providers you use.

1. introduction and general information on data processing

The protection of your personal data is very important to us. Below you will find information on the handling of your data that is collected through your use of our social media presence on social networks and platforms. Your data is processed in accordance with the statutory regulations.

1.1 General information on the controller

The controller named at the beginning of this privacy policy (hereinafter referred to as "we/us") operates websites or "fan pages" on various social media platforms. We are jointly responsible with the operator named under 1. 1. 1. for the processing of your personal data in connection with your visit to our presence or our "fan page", insofar as they provide us with aggregated information about visitors to our fan page or our presence ("insights"). Detailed information on the scope of processing under joint responsibility in relation to the respective providers can be found in the second section of this privacy policy.

1.1.1 Shared responsibility

The operator of the LinkedIn platform is: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W Maude Ave Sunnyvale, CA, 94085-2810 USA.

We have concluded an agreement with the operator in accordance with Art. 26 GDPR on joint responsibility for the processing of your personal data (Controller Addendum). This agreement specifies which data processing operations we or the respective operator are responsible for when you visit our fan page or our presence on the operator's platform. You can view this agreement at the following link

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

1.1.2. Own responsibility of the platform providers

If your personal data is processed by one of the providers of social media platforms listed below, this processing is the responsibility of the platform operator within the meaning of Art. 7 No. 4 GDPR. For the assertion of your rights as a data subject, we would like to point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. If you still need help, please contact us at any time.

• YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• XING incl. kununu (New Work SE), Am Strandkai 1, 20457 Hamburg, Germany

1.1.3. Own responsibility of VIA optronics AG

We are solely responsible for the processing of your personal data in the cases mentioned under 1.4. to 1.7. which is not carried out by the operators mentioned under 1.1.2.

1.2. Data transfer and recipients, data transfer to third countries

If we pass on personal data to the providers of social media platforms, the latter are recipients of the data within the meaning of Art. 4 No. 9 GDPR. Since personal data is transferred to countries outside the EU and the EEA (including the USA) when visiting and interacting with the social media platforms we use, further protective mechanisms are required to ensure the level of data protection under the GDPR.

• LinkedIn: according to the privacy policy, takes appropriate measures for third country transfers, including in particular standard data protection clauses, to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: https://www.linkedin.com/help/linkedin/answer/a1343190?trk=microsites-frontend_legal_privacy-policy&lang=de

In cases where providers process your personal data under their own responsibility (1.1.2.), we have no influence on the processing of this data by the provider and their handling of this data (at least after transmission of the data). For further information, please check the privacy policy of the respective provider and, if necessary, use the opt-out / personalization options with regard to data processing by the provider:

• YouTube/Google

Privacy policy: https://policies.google.com/privacy

• Opt-out: https://adssettings.google.com/authenticated
• Google (Google LLC) is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:https://www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, the provider states that it uses standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe, see here https://policies.google.com/privacy

• XING incl. kununu (New Work SE)
  • Privacy Policy: https://privacy.xing.com/en/privacy-policy
  • Opt-Out: https://nats.xing.com/optout.html?locale=en_US
  • According to the privacy policy, XING uses appropriate measures for third country transfers, in particular standard data protection clauses, to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: https://privacy.xing.com/en/privacy-policy/who-may-receive-information-about-you

1.3. Access to and storage of information in terminal equipment (cookies)

When you visit our social media sites, one or more cookies are placed on your device by the platform provider. Cookies are small text files that are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or display advertising.

Interaction with our social media sites may result in access to information (e.g. your IP address) or the storage of information (e.g. cookies) in your end devices. This access or storage may involve further processing of personal data within the meaning of the GDPR.

The period of activity or validity of cookies can vary greatly, but you can delete them manually at any time using your web browser settings. If you have any technical questions, please contact the manufacturer of your web browser. Further information on the use of cookies and their legal basis can be found in the provider's privacy policy. You can find links to the respective data protection declarations above under "Data transfer and recipients". If you have any further questions, please contact the provider of the respective social media platform directly.

1.4. Data processing for market research and advertising purposes

As a rule, personal data is processed on the company page for market research and advertising purposes of the provider of the social media platform. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. The provider also carries out a comprehensive analysis of your interactions on the social media platform. The data collected can be used to create user profiles. These are used to place advertisements within and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the usage profiles independently of the devices you use. This is regularly the case if you are a member of the respective platforms and are logged in to them. Further information on this can be found in the data protection information of the respective provider.

When you visit or interact with our social media presence, we may receive personal data from you, which we process on our own responsibility in addition to the provider, unlike in the cases mentioned in section 2 of this privacy policy. This may be information that you actively provide (comments, likes and information that you make publicly available, such as your profile picture or name).

Depending on the provider and your settings on the provider's platform, we may also be informed about who has accessed our website or page within the platform. The provider LinkedIn provides us with information about which LinkedIn user has visited our LinkedIn page. This information is provided to us permanently by LinkedIn without any time limit.

Our access to the aforementioned data results from the operation of our social media presence; any further processing of this data by us does not take place except in the cases mentioned in this privacy policy. We have a legitimate interest in the operation of our social media presence and the associated processing of personal data that you actively publish or make available to us within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the advertising approach as well as in the provision of an effective communication and interaction option with our company.

1.5. Data processing when contacting us

We collect personal data ourselves if you contact us, for example, via a contact form or a messenger service of the respective platform. Which data is collected depends on the information you provide and the contact details you provide or share. This data is stored by us for the purpose of processing the request and in the event of follow-up questions. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. We assume that processing is complete if it can be inferred from the circumstances that the matter in question has been conclusively clarified.

1.6. Data processing for contract processing

If your contact via a social network or other platform is aimed at concluding a contract for the delivery of goods or the provision of services with us, we process your data to fulfill the contract or to carry out pre-contractual measures or to provide the desired services. The legal basis for the processing of your data in this case is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if it is no longer required for the performance of the contract or if it is clear that the pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of the contact. Please note, however, that it may be necessary to store personal data of our contractual partners even after conclusion of the contract in order to comply with contractual or legal obligations.

1.7. Data processing based on consent

If you are asked by the respective providers of the platforms for consent to processing for a specific purpose, the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR. Any consent given can be revoked at any time with effect for the future.

2. Processing in joint responsibility with the operator of the social media platform

LinkedIn presence

Data processing with regard to "Page Insights" when visiting our LinkedIn presence

When you visit our LinkedIn site, your personal data will be processed by LinkedIn as the operator of the platform and by us as the operator of our site within the platform. Insofar as this data processing takes place in connection with the Insights functionality of LinkedIn (LinkedIn Ireland Unlimited Company. or LinkedIn Corporation.), we are jointly responsible with LinkedIn (Art. 26 para. 1 GDPR).

LinkedIn Page Insights (https://legal.linkedin.com/pages-joint-controller-addendum) is a function provided by LinkedIn that allows the operator of a LinkedIn site (us) to receive summarized data about the interaction of visitors.

As part of the Page Insights function, LinkedIn analyzes your interaction with our LinkedIn presence and also uses the personal information you provide (professional activity, industry, country, etc.). The evaluated data is made available to us by LinkedIn, but only in aggregated form (i.e. LinkedIn does not provide us with specific information about individual users as part of this function, but only summarized information). We use this aggregated data for the target group-oriented presentation of our LinkedIn presence and generally for its optimization with regard to the above-mentioned advertising purposes.

We have a legitimate interest in these advertising purposes; the processing of your data is based on Art. 6 para. 1 lit. f GDPR.

For information on the purposes that LinkedIn pursues with the processing of your personal data and on the legal basis of this data processing, please refer to LinkedIn's privacy policy.

Please note that we have no influence on the data collection and further processing under LinkedIn's responsibility. As a result, we cannot provide any information about the extent to which, where and for how long the data is stored by LinkedIn. Furthermore, we cannot make any statements about the extent to which Instagram complies with existing deletion obligations, which evaluations and links are made with the data by LinkedIn and to whom the data is passed on by LinkedIn.

Your rights as a data subject of data processing

If, as a visitor to the site, you would like to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both LinkedIn and us. You can (also) restrict the visibility of your LinkedIn account to us via the LinkedIn settings.

For more information on data processing by LinkedIn, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

Data protection officer of LinkedIn

To contact LinkedIn's data protection officer, you can use the contact form under the link https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

Data transfer and recipients

Your personal data will not be transferred to third parties unless

• if we have explicitly indicated this in the description of the respective data processing
• if you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR,
• the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
• in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c GDPR and
• insofar as this is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b GDPR.

We also use external service providers for the processing of our services, which we have carefully selected, commissioned in writing and with whom we have concluded order processing contracts in accordance with Art. 28 GDPR if necessary. These service providers are bound by our instructions and are regularly monitored by us. These include service providers for hosting, sending emails, maintenance and servicing of our IT systems, etc. The service providers will not pass this data on to third parties.

Data security

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

Duration of storage of personal data

The duration of the storage of personal data is based on the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for contract fulfillment or contract initiation or if we have a legitimate interest in further storage, the data will be deleted if it is no longer required for these purposes or if you have exercised your right of revocation or objection.

Your rights

Below you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

The right, in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us.

The right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

The right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller in accordance with Art. 20 GDPR

The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.

The right to withdraw consent granted in accordance with Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right of objection

If your personal data is processed by us on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object without the requirement to specify a particular situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to marketing@via-optronics.com

Legal obligations

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision within the framework of contractual measures if you provide such personal data that is necessary for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

Automated decision making

Automated decision-making or profiling in accordance with Art. 22 GDPR does not take place.

Subject to change

We reserve the right to adapt or update this privacy policy if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The current version applies to your visit.

Status of this privacy policy: 12-22-2023