Login
Demo
try for free
Demo

ZEP privacy policy

With the following privacy policy, we would like to inform you about how we process your personal data in accordance with the European General Data Protection Regulation (GDPR). The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer").

Contents

1. responsible person

Responsible within the meaning of the GDPR is         

ZEP GmbH 
Stuttgarter Str. 41

71254 Ditzingen

Phone: +49 7156 / 43623-0

E-mail: support@zep.de

2. data protection officer

You can reach our data protection officer as follows

secjur GmbH

Steinhöft 9

20459 Hamburg

Phone: +49 40 228 599 520

E-mail: dsb@secjur.com

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection and the exercise of your rights.

3. definition of terms

This privacy policy is based on the terminology of the GDPR. To simplify matters, we would like to explain some important terms in this context in more detail:

  • Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Person concerned is any identified or identifiable natural person whose personal data is processed by the controller.
  • Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Receiver is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.
  • Third is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

4. data for the provision of the website and the creation of log files

If you use this website for purely informational purposes without transmitting data to us in any other way (e.g. by registering or using the contact form), we collect technically necessary data via server log files, which are automatically transmitted to our server, e.g:

  • Date and time of access
  • IP address
  • Host name of the accessing computer
  • Website from which the website was accessed; websites that were accessed via the website
  • Visited page on our website; amount of data transferred - information about the browser type and version used
  • Operating system
  • Access status (e.g. whether the website could be accessed without any problems or whether you received an error message)
  • Use of website functions
  • search terms entered
  • Access frequency of the individual website
  • Amount of data transferred
  • other websites that you visit from this website, either by clicking on a link on this website or by entering the domain directly in the input bar in the same window of your browser

The temporary storage of the data is necessary for the course of a website visit in order to be able to display our website to you. This processing is technically necessary to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is therefore Art. 6 para. 1 sentence 1 lit. f GDPR in order to guarantee the provision, security and stability of our website.

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored for a maximum of 24 hours directly and only accessible to administrators. After that, they are only available indirectly via the reconstruction of backup tapes and are permanently deleted after a maximum of four weeks.

For the provision of our online services, we use storage space, computing capacity and software provided by the server provider Amazon Web Services Emea Sàrl, 38, avenue John F. Kennedy, 1855 Luxembourg, Luxembourg (Web host) or obtain it in any other way. It cannot be ruled out that personal data will be transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organisations based in the USA that are certified accordingly are permitted. Amazon.com, Inc. is certified under the EU-U.S. Data Privacy Framework. For more information and a copy of the security, please contact support@zep.de.

5. e-mail dispatch and web hosting

The web hosting services we use from Amazon Web Services Emea Sàrl also include the sending, receiving and storage of e-mails, e.g. for the provision of our Contact form or newsletter registrations]. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of recognising SPAM. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, emails are encrypted in transit, but not on the servers from which they are sent and received (unless an end-to-end encryption method is used). We can therefore accept no responsibility for the transmission path of the emails between the sender and receipt on our server. The legal basis for the provision of these services is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR to ensure the provision, security and stability of the email service.

6. content delivery network (CDN)

We use a "content delivery network" (CDN). A CDN is a service that enables the content of an online offering, in particular large media files such as graphics or programme scripts, to be delivered faster and more securely with the help of regionally distributed servers connected via the Internet. This means that the website is not hosted on a single server, but is delivered via a network of geographically distributed servers that may be connected to each other. The server closest to you as the user is used in each case. As a result, the CDN processes all the aforementioned personal data required to provide the website.

The legal basis for the use of a CDN is our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in order to guarantee you the best and fastest connection, from which you as a user also benefit.

We use the provider Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA, as our CDN. The personal data is transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organisations based in the USA that are certified accordingly are permitted. Cloudflare Inc. is certified under the EU-U.S. Data Privacy Framework. For more information and a copy of the security, please contact support@zep.de.

7. test account and agreement of a demo

If you wish, you can create a ZEP trial version or arrange a demo. When creating a test account under "Test for free" or arranging a demo under "Request demo", the personal data you provide, such as your first name, surname, e-mail address, telephone number and other communication data, will be processed. As part of the registration process and subsequent logins and use of the test account, we also store your IP address along with the access times in order to be able to prove the registration and prevent any misuse of the customer account.

The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR, as the aforementioned processing operations are necessary either to provide you with your test account, in which you can test modules, for example, or to initiate a contract with you by means of the demo. The data processing is limited to such personal data that is necessary to fulfil the scope of services agreed in our General Terms and Conditions - in particular the provision of the test account.

We use the services of HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA to provide the forms for setting up a test account or registering for a demo. The personal data is transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organisations based in the USA that are certified accordingly are permitted. Hubspot Inc. is certified under the EU-U.S. Data Privacy Framework. For more information and a copy of the security, please contact support@zep.de.

8. contact form

You have the option of contacting us via our website using the "Contact form". We process the following personal data from you when you contact us and respond to your enquiry:

  • First name and surname
  • E-mail address
  • Telephone number
  • Date and time of the enquiry
  • IP address
  • Communication content

If you contact us as part of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the personal data you provide will be processed for the purpose of processing and responding to your contact enquiry in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. Otherwise to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the purpose of responding appropriately to customer/contact enquiries.

We delete your personal data as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of contact enquiries, this is generally the case when it is clear from the circumstances that the specific matter in question has been conclusively dealt with.

To provide the contact form, we use the services of HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA. The personal data is transmitted to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organisations based in the USA that are certified accordingly are permitted. Hubspot Inc. is certified under the EU-U.S. Data Privacy Framework. For more information and a copy of the security, please contact support@zep.de.

9. newsletters and electronic notifications

If you would like to receive information about our new products and services, you can subscribe to our newsletter. We process the following personal data, among others, as part of sending the newsletter:

  • E-mail address
  • First name and surname
  • Metadata (e.g. device information, IP address, date and time of login)]

The advertised goods and services are named in the declaration of consent. We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you are the owner of the e-mail address provided and that you wish to receive the notifications. If you do not confirm your registration within 90 days, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

The legal basis for sending our newsletter is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent to receive our newsletter at any time by clicking on the unsubscribe link in the emails or by sending your revocation by email to our email address or by post to the contact details given in the legal notice. Your personal data will then be removed from the mailing list.

In addition, you can also give your consent for us to analyse your user behaviour when sending the newsletter. Our newsletters contain so-called tracking links, which enable us to analyse the behaviour of newsletter recipients. For example, we can analyse how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. This enables us to statistically analyse the success or failure of online marketing campaigns. The personal data collected through the tracking links is stored and evaluated by us in order to optimise the newsletter dispatch and to adapt the content of future newsletters even better to your interests.

You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact method as described above and withdrawing your consent. The information will be stored for as long as you have subscribed to the newsletter. After cancellation, we store the data purely statistically and anonymously.

We use an external provider, HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA, to send our newsletter. This service provider receives your email address and other necessary data in order to send the newsletter on our behalf. The personal data is transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 para. 3 GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organisations based in the USA that are certified accordingly are permitted. HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework. For more information and a copy of the security, please contact support@zep.de.

10th ZEP Blog

In our ZEP blog, we publish various articles on topics related to our activities. You can read the blog without having to register. You can comment on the blog posts by sending an e-mail to our Content Marketing Manager. We will process your e-mail address in connection with your e-mail.

If you comment on a ZEP blog post as part of an existing contractual relationship, the personal data you provide will be processed for the purpose of processing and responding to your comment via email in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. In addition, we process your data to protect our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the appropriate processing of comments.

11. online webinars

We organise online webinars for our customers and interested parties. The processing of personal data (name, e-mail address) is required for registration.

The processing of the data provided is carried out for the purpose of providing the service and is based on the legal basis of Art. 6 para. 1 sentence 1 lit. b GDPR.

We use the provider Microsoft Teams, Microsoft Ireland Operations Limited, Carmanhall Road, Sandyford Industrial Estate, Dublin 18, Ireland, to broadcast our online webinars. It cannot be ruled out that personal data will be transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organisations based in the USA that are certified accordingly are permitted. Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework. For more information and a copy of the security, please contact support@zep.de.

12. application procedure via Join

If you apply to us electronically via our web form on our recruiting page join.com/companies/zep If you apply for a job, we will collect and process your personal data for the purpose of handling the application process and implementing pre-contractual measures.

By submitting an application on our recruiting page, you express your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application. In particular, the following data will be collected:

  • First name and surname
  • E-mail address
  • Place of residence
  • Salary expectations
  • Availability
  • Telephone number
  • Language level

 

You also have the option of uploading informative documents such as a cover letter, your CV and references. These may contain further personal data such as date of birth, address, etc.

Only authorised employees from the HR department or employees involved in the application process have access to your data.

The legal basis for the processing of your data is the initiation of a contract in accordance with Art. 6 Para. 1 S.1 lit. b GDPR, which takes place at your request. After completion of the application process, the data will be stored for up to six months. Your data will be deleted or anonymised after six months at the latest. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical analyses (e.g. proportion of women or men in applications, number of applications per period, etc.).

If you receive an offer of employment with us during the application process and accept it, we will store the personal data collected during the application process for at least the duration of the employment relationship.

In the event of a legal obligation, the data will be stored within the framework of the applicable provisions. Longer storage is only possible if we include the personal data in our applicant pool after obtaining your consent as described.

Your data will be passed on to the service provider JOIN Solutions GmbH, Schönhauser Allee 36, 10435 Berlin, to the extent necessary.

13. presence in social networks (social media)

We maintain publicly accessible profiles on various social networks. Your visit to these profiles triggers a variety of data processing operations. Below we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles.

When you visit our profiles, your personal data is not only collected, used and stored by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile on the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable by us. For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the operator of the respective social network, please refer to the following explanations.  

13.1 Facebook and Instagram

When you visit our Facebook/Instagram page, certain information about you is processed. We can only view the information stored in your public Facebook/Instagram profile (such as your profile picture or information that you share on a Facebook profile or on a public Instagram profile), and only if you have such a profile and are logged into it while you visit our Facebook/Instagram page.

In addition, the operator of the platform, Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4 Ireland (Meta) for our Facebook/Instagram page in anonymised form to provide statistics and insights that help us understand the types of actions people take on our page (Page Insights). These page insights are created on the basis of certain information about people who have visited our site.

The processing of your personal data in connection with the operation of our Facebook/Instagram company profile is based on a balancing of interests in accordance with Art. 6 para. 1, sentence 1 lit. f GDPR in order to offer you a contemporary and supportive information and interaction opportunity with and about us. Furthermore, the processing serves our legitimate interest in analysing the types of actions taken on our Facebook/Instagram company profile and improving our company profile based on these findings. The legal basis for this processing is therefore Art. 6 para. 1, sentence 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1, sentence 1 lit. b GDPR.

Page Insights are processed by Meta and us as joint controllers. We cannot attribute the information obtained via the Page Insights to individual Facebook/Instagram profiles that interact with our Facebook/Instagram page. We have entered into a joint controller agreement with Meta, which sets out the allocation of data protection obligations between us and Meta. Details about the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta can be found at here. With regard to this data processing, you have the option of asserting your rights as a data subject (see "Your rights as a data subject") against Meta. Further information on this can be found in the Meta's privacy policy. Meta offers the option of objecting to certain data processing; you will find information and opt-out options in this regard here in your account.

Please note that user data is also processed in the USA or other third countries in accordance with the meta data protection provisions. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organisations based in the USA that are certified accordingly are permitted. Meta is certified under the EU-U.S. Data Privacy Framework.

13.2 Linkedin

When you visit our LinkedIn company profile, certain information about you is processed. In the case of direct messages to us or comments on our LinkedIn company profile or under our posts, we receive the message, the comments and your user name.

In addition, LinkedIn processes LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn), as the operator, collects personal data when you visit our LinkedIn company profile, follow this page or engage with the page in order to provide us with statistics and insights in anonymised form. This provides us with insights into the types of actions that people take on our site (Page Insights). For this purpose, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company profile, e.g. whether you are a follower of our LinkedIn company page. With the Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarised Page Insights. It is also not possible for us to draw conclusions about individual members from the information in the Page Insights.

The processing of your personal data in connection with the operation of our LinkedIn company profile is based on a balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in order to offer you a contemporary and supportive information and interaction opportunity with and about us. The processing serves our legitimate interest in analysing the types of actions taken on our LinkedIn company profile and improving our company profile based on these findings.

In addition, LinkedIn processes your data as a user for the provision of services, communication, further development of services and research as well as for advertising, customer support, analysis and security purposes. In principle, LinkedIn is solely responsible for the processing of personal data when you visit our LinkedIn company profile. The categories of personal data that LinkedIn processes in this context are listed in the LinkedIn data policy described. Further information about the processing of personal data by LinkedIn can be found at here.

Please note that in accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries.

13.3 Xing

When visiting our XING profile with the operator New Work SE, Dammtorstraße 30, 20354 Hamburg (XING), certain information about you will be processed. If you contact us via our XING profile, e.g. by commenting on a post on the XING profile or writing us a direct message via the XING platform, we process your personal data (e.g. your name, the communication content job title, company name, industry, education, contact options, photo (Profile data)) in order to process your request. The names of the registered XING users who have visited our XING profile are visible to us. The processing is carried out on the basis of a balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in order to offer you a contemporary and supportive information and interaction opportunity with and about us.

If you send us an application via our Xing profile, we will process your application data (such as name, e-mail address, date of birth, postal address and telephone number), the documents you send us (such as CV, certificates, cover letter, including the information contained therein about your person and qualifications) and additional information and messages you provide (such as desired start date and employment, salary expectations, your notice period or your motivation as to why you would like to work for us). The processing is carried out for the purposes of processing the application, including the preparation and conduct of interviews and recruitment tests and the evaluation of the results and as otherwise required as part of the application process. We will contact you during the application process to inform you of the progress of your application or to invite you to an interview or recruitment test. As part of the application process, the documents are initially processed by the HR department. If suitable, the personal data and documents will be forwarded to the relevant specialist department. The legal basis for the data processing described above is Art. 6 para. 1 sentence 1 lit. b GDPR. The data processing is necessary to process the application and to establish a possible employment relationship.

If you register for an event organised by us via our XING profile, we will process your profile data to enable you to participate in the event. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR to enable you to register and participate easily.

When you visit our XING profile, XING also collects so-called usage data. XING also uses certain data that it has collected from users of the XING platform (e.g. whether a post has been marked with "Like") to create aggregated usage statistics and make them available to the respective operators of the XING profile (so-called "employer branding performance measurement"). We receive such aggregated usage statistics. The aggregated statistics do not allow any conclusions to be drawn about individual users. In particular, we have no access to personal data that XING processes for employer branding performance measurement. XING alone determines which data is processed for employer branding performance measurement and how. We have no legal or actual influence on the processing by XING. XING provides information on this in the XING privacy policy (

In addition, XING processes your data as a user to ensure security, to provide the service and to measure and optimise advertising. XING is solely responsible for the processing of personal data when you visit our XING profile. The categories of personal data that XING processes in this context are listed in the Privacy policy of XING described.

13.4 X

If you use our X profile or profiles within the X platform of Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX 07 Ireland (X), personal data from your X profile will also be processed. If you contact us via the X profile, e.g. by commenting on a tweet or sending us a message via X direct messages, we will process your data (e.g. your name and the content of the communication) in order to deal with your request. If necessary, we also process your data for the assertion of legal claims and defence in legal disputes as well as for the prevention and investigation of criminal offences. The processing is carried out on the basis of a balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in order to offer you a contemporary and supportive information and interaction opportunity with and about us. If the contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1, sentence 1 lit. b GDPR.

In addition, X collects so-called usage data when you visit our X profile. This includes your IP address, the application used, information about your end device (including device ID and application ID), information about websites accessed, your location and your mobile phone provider. This data is assigned to your X profile.

X also uses certain data that it has collected from users of the X platform (e.g. "re-tweets") to compile aggregated usage statistics and make them available to the respective operators of the X profile (X-Analytics). We also receive aggregated usage statistics. The information we receive from X-Analytics does not allow any conclusions to be drawn about individual users. We ourselves have no access to personal data that X processes for X-Analytics. X determines which data is processed for X-Analytics and how. We have no legal or actual influence on the processing by X. X provides information on this in its privacy policy (

This processing serves our legitimate interest in analysing the types of actions taken on our X company profile and improving our company profile based on these findings. The legal basis for this processing is therefore Art. 6 para. 1, sentence 1 lit. f GDPR.

Please note that, in accordance with the X Privacy Policy, personal data is also processed by X in the USA or other third countries.

14th YouTube channel

We operate a "YouTube channel" to draw attention to our services and service offerings and to communicate with our customers and visitors to the YouTube channel (Users) to interact. The operator of the video platform is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland (Google Ireland). Google Ireland is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; (Google)) affiliated company.

If you contact us via our YouTube channel, e.g. by commenting on one of our videos, we will process your data (e.g. your name and the content of the communication) in order to deal with your request. If necessary, we also process your data for the assertion of legal claims and defence in the event of legal disputes in connection with your contributions. The legal basis for the processing of the data that we collect in connection with the use of our company website is our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in order to offer you a contemporary and supportive information and interaction opportunity with and about us and to better present our services and service offerings. If the contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

When you visit our YouTube channel or other pages on the YouTube platform, Google Ireland collects so-called usage data. Google Ireland also uses certain data that it has collected from users of the YouTube platform (e.g. which videos users watch) to compile aggregated usage statistics and make them available to the respective operators of the YouTube channel (YouTube analytics). We also receive such aggregated usage statistics. The information we receive from YouTube Analytics does not allow any conclusions to be drawn about individual users. We ourselves do not have access to personal data that Google Ireland processes for YouTube Analytics. Google Ireland determines which data is processed for YouTube Analytics and how. Google Ireland provides information on this in the

The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organisations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework.

15. cookie banner

When you visit our website or a sub-website for the first time and it contains cookies, a "cookie banner" will be displayed. There you will be informed about the individual cookies that we use. You can find out the name of each individual cookie, the provider, the purpose of processing and the storage period.

Our cookie banner informs you about the specific cookies we use. In addition, we give you the opportunity to decide whether you want to consent to the setting of non-essential cookies. You can also allow us to use non-essential cookies and cancel this decision at any time. The following are processed:

  • Usage data (e.g. websites visited, time of access)
  • Meta and communication data (e.g. IP address)

 

The legal basis for the use of the cookie banner is Art. 6 para. 1 sentence 1 lit. f GDPR. We have an overriding legitimate interest in using the cookie banner, which enables us to obtain the legally required consent for the use of non-essential cookies and to fulfil our duty to provide information regarding cookies.

The cookie banner stores the preferences until you reset or customise them.

The cookie banner is provided by the provider iubenda s.r.l, Via San Raffaele, 1 - 20121 Milan, Italy.

16. use of cookies

16.1 General information

We use cookies on our website. These are text files that your browser automatically creates and that are stored on your IT system when you visit our website. Through cookies, certain information flows to the location that sets the cookie. By using cookies, it is not possible to execute programmes or transfer viruses to your end device. 
If you do not wish to use cookies, you can switch them off in the settings.

From a legal perspective, a distinction must be made between necessary and non-necessary cookies.

  • Necessary cookies

We use necessary cookies. These are cookies that are technically necessary to provide all the functions of our website. The legal basis for data processing is our legitimate interest within the meaning of Art. 6 para. 1, sentence 1 lit. f GDPR. We have an overriding legitimate interest in being able to offer our website in a technically flawless manner. The legal basis for the use of cookies vis-à-vis our contractual partners who make use of services contractually owed by us via our website is Art. 6 para. I lit. b GDPR, the provision of our contractual services.

  • Non-essential cookies

We also use non-essential cookies (e.g. analysis and marketing cookies). These are cookies that are not technically necessary. We use them to understand your behaviour on our website and to improve our offering. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The cookies are only set after you have given your consent via our "cookie banner".

16.2 Storage period

With regard to the storage period, a distinction is made between the following types of cookies:

  • Temporary cookies (also: Session or session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or favourite content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that they can be stored for up to two years.

 

For more information, please refer to the information we provide in the cookie banner.

17. transmission of personal data

As part of our processing of personal data, personal data may be transmitted to other recipients or disclosed to them. The recipients of this personal data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your personal data that serve to protect your personal data.

18. deletion of data

The personal data processed by us will be deleted in accordance with the legal requirements as soon as the consents permitted for processing are revoked or other authorisations cease to apply (e.g. if the purpose of processing this personal data no longer applies or it is not required for the purpose). If the personal data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted to these purposes. This means that the personal data is blocked and not processed for other purposes. This applies, for example, to personal data that must be stored for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

Our data protection information also contains further information on the storage and deletion of personal data, which take priority for the respective processing.

19 Your rights as a data subject

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR. If you wish to exercise one of your rights, please contact us via the contact addresses given above or our data protection officer.

19.1 Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

19.2 Right to information

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to obtain information about this personal data and further information and a copy of the personal data in accordance with the legal requirements.

19.3 Right to rectification

In accordance with the legal requirements, you have the right to request the completion of personal data concerning you or the correction of incorrect personal data concerning you.

19.4 Right to erasure and restriction of processing

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.

19.5 Restriction of processing

You have the right to demand that we restrict processing if one of the legal requirements is met.

19.6 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request its transmission to another controller.

19.7 Right to withdraw consent

You have the right to withdraw your consent at any time.

19.8 Complaint to supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

20. amendment and updating of the privacy policy

We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we further develop our website and our offers or if legal or official requirements change, it may be necessary to amend this data protection notice. You can access the current data protection information at any time here.

Status: October 2023

ZEP News in your inbox
Newsletter Footer
Direct contact

We answer your questions quickly & competently. Contact us by phone or email.

+49 7156 43623-0 or contact form

ZEP
Products
Resources
Facts
Industries
Legal
About
Cookies

© 2024 ZEP GmbH

Youtube Linkedin Instagram