• We are Knauf
  • Knauf Divisions
  • Knauf Worldwide
  • Career
  • Privacy Policy

    I. Name and address of the controller

    The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

    Knauf Digital GmbH

    Landshuter Allee 10

    80637 Munich, Germany

    +49  (0) 9323 / 31-0

    info@knauf.digital

    https://www.knauf.com

    Data protection officer Knauf Group

    Am Bahnhof 7

    97346 Iphofen

    Germany

    Phone: + 49 9323 / 31-0

    Email: data-protection@knauf.com

    II. General information on data processing

    Scope of processing of personal data

    We process the personal data of our users in principle only insofar as this is required to ensure a functional website and to provide our contents and services. The personal data of our users is only processed regularly with the consent of the user. An exception applies in those cases where consent cannot be obtained beforehand for genuine reasons and the data has to be processed in accordance with legal regulations.

    Legal basis for processing personal data

    Insofar as we obtain the consent of the data subject for processing personal data, Article 6 (1), sentence 1 (a) GDPR shall serve as the legal basis.

    For processing personal data, which is required for the performance of a contract to which the data subject is party, Article 6 (1), sentence 1 (b) GDPR shall serve as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

    If processing of personal data is necessary for compliance with a legal obligation, Article 6 (1), sentence 1 (c) GDPR shall serve as the legal basis.

    If processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 (1), sentence 1 (d) GDPR shall serve as the legal basis.

    If processing is necessary for protecting the legitimate interests of our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Article 6 (1), sentence 1 (f) GDPR shall serve as the legal basis.

    Data deletion and period of storage

    The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage is also permissible if this has been provided for under European or national law in EU ordinances, laws, or other regulations to which the controller is subject. Blocking or deletion of the data takes place even when a retention period prescribed by the mentioned norms expires unless further retention of the data is necessary for the closing of a contract or for fulfilling a contractual obligation.

    III. Rights of the data subject

    If your personal data is processed, you are the data subject within the meaning of the GDPR and may invoke the following rights with respect to the controller:

    Right to information

    You may demand confirmation from the controller, as to whether personal data that pertains to you is being processed by it.

    Should this be the case, you can demand the following information from the controller:

    The purposes for which the personal data is processed;

    The categories of personal data that are being processed;

    The recipient, or rather the categories of recipients, to whom the relevant personal data pertaining to you has been disclosed or is yet to be disclosed;

    The planned period of storage of the personal data pertaining to you or, in case specific statements are not possible in this respect, criteria for determining the storage period;

    The existence of a right to rectification or deletion of the data pertaining to you, a right to restriction of processing by the controller, or a right to object to this processing;

    The existence of a right to complain to a supervisory body;

    All available information about the origin of the data, if the personal data is not acquired from the data subject;

    The existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the scope and the pursued consequences of such processing for the data subject.

    You have the right to demand information as to whether the personal data pertaining to you has been transmitted to a third country or to an international organization. In this regard, you can demand to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

    This right to information may be limited to the extent that it is likely to render impossible or seriously impair the achievement of research and statistical purposes and the restriction is necessary for fulfilling research or statistical purposes.

    Right to rectification

    You have a right to rectification and/or completion with respect to the controller, insofar as the processed personal data pertaining to you is incorrect or incomplete. The controller must make the rectification without undue delay.

    Your right to rectification may be limited to the extent that it is likely to render impossible or seriously impair the achievement of research and statistical purposes and the restriction is necessary for fulfilling research or statistical purposes.

    Right to restriction of processing

    You can demand restriction of processing of personal data pertaining to you where one of the following prerequisites applies:

    If you contest the accuracy of the personal data pertaining to you for a period enabling the controller to verify the accuracy of the personal data;

    The processing is unlawful and you oppose the erasure of the personal data and request the restriction of use of the personal data instead;

    The controller no longer needs the personal data for the purposes of the processing, but you still require the data for the assertion, exercise, or defense of legal claims;

    If you objected to processing pursuant to Article 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override yours.

    Where processing of the personal data pertaining to you has been restricted, such personal data shall, with the exception of its storage, only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

    If you have obtained restriction of processing pursuant to the prerequisites listed above, you shall be informed by the controller before the restriction of processing is lifted.

    Your right to restriction of processing may be limited to the extent that it is likely to render impossible or seriously impair the achievement of research and statistical purposes and the restriction is necessary for fulfilling research or statistical purposes.

    Right to erasure

    a) Obligation to delete

    You can demand erasure of personal data pertaining to you by the controller without undue delay, and the controller shall have the obligation to erase this data without undue delay where one of the following grounds applies:

    The personal data pertaining to you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

    You withdraw your consent on which the processing is based according to Article 6 (1), sentence 1 (a) GDPR or Article 9 (2) (a) GDPR, and where there is no other legal ground for the processing.

    You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.

    The personal data pertaining to you has been unlawfully processed.

    The personal data pertaining to you has to be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject.

    The personal data pertaining to you has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

    b) Information for third parties

    Where the controller has made the personal data pertaining to you public and is obliged pursuant to Article 17 (1) GDPR to erase the personal data, the controller shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers involved in processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

    c) Exceptions

    The right to erasure shall not apply to the extent that processing is necessary

    for exercising the right of freedom of expression and information,

    for compliance with a legal obligation, which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,

    for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) as well as Article 9 (3) GDPR,

    for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR insofar as the right referred to in a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or

    for the assertion, exercise, or defense of legal claims.

    Right to notification

    If you have asserted your right to rectification, erasure, or restriction of processing with respect to the controller, the controller is obliged to communicate this rectification or erasure of personal data or restriction of processing to each recipient to whom personal data pertaining to you has been disclosed, unless this proves impossible or involves disproportionate effort.

    You have the right to be informed by the controller about those recipients.

    Right to data portability

    You have the right to receive the personal data pertaining to you, which you provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

    the processing is based on consent pursuant to Article 6 (1) sentence 1 (a) GDPR or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) sentence 1 (b) GDPR, and

    the processing is carried out by automated means.

    In exercising this right to data portability, you also have the right to have the personal data pertaining to you transmitted directly from one controller to another, where technically feasible. The right referred to shall not adversely affect the rights and freedoms of others.

    The right to data portability shall not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    Right to object

    You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data pertaining to you, which is based on Article 6 (1) sentence 1 (e) or (f) GDPR, including profiling based on these provisions.

    The controller shall no longer process the personal data pertaining to you unless the controller demonstrates compelling legitimate grounds for the processing, which override your interests, rights, and freedoms, or if the processing is for the assertion, exercise, or defense of legal claims.

    Where personal data pertaining to you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data pertaining to you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

    Where you object to processing for direct marketing purposes, the personal data pertaining to you shall no longer be processed for such purposes.

    In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

    Where personal data pertaining to you is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, you have the right, on grounds relating to your particular situation, to object to processing of personal data pertaining to you.

    Your right to object may be limited to the extent that it is likely to render impossible or seriously impair the achievement of research and statistical purposes and the restriction is necessary for fulfilling research or statistical purposes.

    Right to withdrawal of data protection consent

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent.

    Automated individual decision-making, including profiling

    You have the right to not be subject to a decision that is based solely on automated processing, including profiling, which has a legal effect on you or significantly impairs you in a similar manner. This does not apply where the decision

    is necessary for entering into, or performance of, a contract between you and the controller;

    is authorized under Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or is made with your explicit consent.

    These decisions may, however, not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless Article 9 (2) (a) or (b) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

    In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your own point of view, and to contest the decision.

    Right to complain to a supervisory body

    Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory body, especially in the Member State where you are located, your workplace, or the location of the alleged offense, if you are of the opinion that the processing of personal data pertaining to you violates the GDPR.

    The supervisory authority to which the complaint was submitted informs the complainant of the status and findings of the complaint, including the possibility for legal remedy pursuant to Article 78 GDPR.

    IV. Provision of the website and creation of log files

    Description and scope of data processing

    Every time our website is accessed, our system automatically records information transmitted to us by the computer system of the accessing computer.

    The following data is collected:

    • Information about the browser type and version used

    • The user’s operating system

    • The user’s Internet Service Provider (ISP)

    • The user’s IP address

    • Date and time the website was accessed

    • Websites from which the user’s system accesses our website

    • Websites accessed by the user’s system via our website

    This data is saved in log files on our system. It is not saved together with other personal data of the user.

    Purpose of data processing

    The temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user’s computer. The user’s IP address must remain saved for the duration of the session.

    The data is stored in log files in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not evaluated in this context for marketing purposes.

    Such purposes also constitute our legitimate interest in the processing of data pursuant to Article 6 (1) sentence 1 (f) GDPR.

    Legal basis for data processing

    Article 6 (1) sentence 1 (f) GDPR represents the legal basis for the temporary storage of data and log files.

    Period of storage

    The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Where the data is recorded for the purpose of providing the website, this is the case when the respective session has ended.

    Where the data is stored in log files, this is the case after at most seven days. Storage beyond this period is possible, in which case the user’s IP addresses are deleted or manipulated, so that an assignment of the accessing client is no longer possible. 

    Possibility for objection and removal

    The recording of the data for the purpose of providing the website and storing the data in log files is essential for operation of the website. Consequently, there is no possibility for objection on the part of the user.

    V. Use of cookies

    Description and scope of data processing

    Our website uses cookies. Cookies are text files that are saved in or by the web browser on the user’s computer system. When a user accesses our website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic sequence of characters, which enables unique identification of the browser when the website is accessed again.

    We use cookies to make our website more user friendly. Some elements of our website require that the accessing browser can still be identified after switching to a different page.

    The following data is saved and transmitted in the cookies:

    • Language settings

    • Login information

    We also use cookies on our website that allow us to analyze the surfing behavior of the user.

    The following data may be transmitted in this way:

    • Search words entered

    • Frequency of page views

    • Use of website functions

    The user’s data obtained in this manner is pseudonymized using technical precautionary measures. This ensures that the data can no longer be assigned to the accessing user. The data is not saved together with other personal data of the user.

    Purpose of data processing

    The purpose of using technically necessary cookies is to simplify use of websites for the user. Some functions of our website cannot be offered without the use of cookies. For these, it is essential that the browser is recognized again even after a change of page.

    We require cookies for the following applications:

    • Adoption of language settings

    The user data collected by technically necessary cookies is not used to create user profiles.

    The use of analysis cookies aims to improve the quality of our website and its contents. The analysis cookies help us to understand how the website is used and thus allow us to constantly improve our offer.

    Marketing & analytics

    Legal basis for data processing

    Article 6 (1) sentence 1 (a) GDPR serves as the legal basis for processing personal data using cookies that are not technically necessary.

    Article 6 (1) sentence 1 (f) GDPR serves as the legal basis for processing personal data using technically necessary cookies.

    Period of storage, possibility for objection and removal

    Cookies are saved on the user’s computer and transferred from there to our website. As a user, this means that you also have full control of the use of cookies. By changing the settings in your web browser, you can deactivate or limit the transfer of cookies. Previously saved cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, there is a possibility that not all functions of the website can continue to be used fully.

    If you are using a Safari browser, V12.1 or later, cookies will be deleted automatically after seven days. This also affects opt-out cookies that are set to prevent tracking measures.

    VI. Newsletter

    Description and scope of data processing

    Users are given the opportunity on our website to subscribe to a newsletter free of charge. The data entered on the input screen when registering for the newsletter is transferred to us.

    • Email address

    • Last name

    • First name

    • IP address of the requesting computer

    • Date and time of registration

    • Language and position

    The data processed in relation to dispatching newsletters is not passed on to third parties. The data is used exclusively to dispatch the newsletter.

    Purpose of data processing

    We collect the user’s email address for the purpose of delivering the newsletter.

    Any other personal data that is collected during the registration process is intended to prevent misuse of the services or the email address used.

    Legal basis for data processing

    Article 6 (1) sentence 1 (a) GDPR serves as the legal basis for processing the data after the user has registered for the newsletter, insofar as the user has given his*her consent.

    Period of storage

    The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user’s email address will therefore be saved for as long as the subscription remains active.

    Other personal data collected in the context of the registration process will generally be deleted after a period of seven days.

    Possibility for objection and removal

    The relevant user may cancel his*her subscription to the newsletter at any time. A corresponding link is provided for this purpose in each newsletter.

    Withdrawal of consent to storage of personal data collected during the registration process is likewise enabled in this way.

    VII. Email contact

    Description and scope of data processing

    On our website, contact can be made using the email address provided. The user’s personal data transmitted with the email is saved in this case.

    The data is used exclusively to process the conversation.

    Purpose of data processing

    If contact is made via email, this also constitutes the necessary legitimate interest in the processing of the data.

    Legal basis for data processing

    Article 6 (1) (a) GDPR serves as the legal basis for processing the data, insofar as the user has given his*her consent.

    Article 6 (1) (f) GDPR serves as the legal basis for processing the data transmitted during the course of sending an email. If the aim of the email contact is to conclude a contract, Article 6 (1) (b) GDPR shall serve as an additional legal basis.

    Period of storage

    The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This then applies to personal data sent via email when the respective conversation with the user has ended. The conversation is finished when it is clear from the circumstances that the matter in question has been conclusively clarified.

    The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

    Possibility for objection and removal

    The user has the possibility to revoke his*her consent to the processing of personal data at any time. If the user makes contact with us by email, he*she may object to the storage of his*her personal data at any time. In such cases, the conversation cannot be continued.

    The user can send an email to privacy@knauf.digital to request withdrawal of his*her consent.

    All personal data saved in the course of making contact will be deleted in this case.

    VIII. Contact form

    Description and scope of data processing

    We provide a contact form on our website that can be used for making contact electronically. If a user avails of this option, the data entered in the input screen is sent to and saved by us.

    The following data is saved at the time the message is sent:

    • Email address

    • Last name

    • First name

    • Address

    • Phone/mobile phone number

    • IP address of the requesting computer

    • Date and time contact was made

    In order to process data, your consent is obtained in the context of the sending process, making reference to this privacy policy.

    Alternatively, contact can be made using the email address provided. The user’s personal data transmitted with the email is saved in this case.

    The data is used exclusively to process the conversation.

    Purpose of data processing

    We process personal data entered on the input screen purely for the purpose of processing the contact. If contact is made via email, this also constitutes the necessary legitimate interest in the processing of the data.

    The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

    Legal basis for data processing

    Article 6 (1) sentence 1 (a) GDPR serves as the legal basis for processing the data, insofar as the user has given his*her consent.

    Article 6 (1) sentence 1 (f) GDPR serves as the legal basis for processing the data transmitted during the course of sending an email. If the aim of the email contact is to conclude a contract, Article 6 (1) sentence 1 (b) GDPR shall serve as an additional legal basis.

    Period of storage

    The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This then applies to personal data entered on the input screen of the contact form and to data sent via email when the respective conversation with the user has ended. The conversation is finished when it is clear from the circumstances that the matter in question has been conclusively clarified.

    The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

    Possibility for objection and removal

    The user has the possibility to revoke his*her consent to the processing of personal data at any time. If the user makes contact with us by email, he*she may object to the storage of his*her personal data at any time. In such cases, the conversation cannot be continued.

    The user can send an email to privacy@knauf.digital to request withdrawal of his*her consent.

    All personal data saved in the course of making contact will be deleted in this case.

    IX. Company profiles

    Use of company profiles in social media networks

    Twitter:

    Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland

    We provide information on our company website and offer our Twitter users the possibility of communication. When you perform an action on our Twitter company profile (such as comments, posts, likes, etc.), it is possible that you will make personal data (e.g. your real name or a photo of your user profile) public. However, since we generally or largely have no influence on the processing of your personal data by Twitter, which is jointly responsible for the Knauf Digital GmbH company profile, we cannot make any binding statements about the purpose and scope of the processing of your data.

    Our company profile in social media networks is used for communicating and exchanging information with (potential) customers. In particular, we use the company profile to:

    Offer products and services on the topics of building materials, drywall, insulation, and ceilings.

    The publications relating to the company profile can contain the following:

    • Information on products

    • Information on services

    • Advertising

    • Customer contact

    Each user is free to publish personal data by means of activities.

    Article 6 (1) sentence 1 (a) GDPR serves as the legal basis for data processing.

    The data generated by the company profile is not saved in our own systems.

    You can object at any time to the processing of your personal data, which we collect during your use of our Twitter company profile, and assert your rights as the data subject as outlined in IV. of this Privacy Policy. Please send us a plain email in this regard to privacy@knauf.digital. \n Additional information on the processing of your personal data by Twitter and the relevant possibilities for objection can be found here:

    Twitter: https://twitter.com/de/privacy

    YouTube:

    YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, United States

    We provide information on our company website and offer our YouTube users the possibility of communication. When you perform an action on our YouTube company profile (such as comments, posts, likes, etc.), it is possible that you will make personal data (e.g. your real name or a photo of your user profile) public. However, since we generally or largely have no influence on the processing of your personal data by YouTube, which is jointly responsible for the Knauf Digital GmbH company profile, we cannot make any binding statements about the purpose and scope of the processing of your data.

    Our company profile in social media networks is used for communicating and exchanging information with (potential) customers. In particular, we use the company profile to:

    Offer products and services on the topics of building materials, drywall, insulation, and ceilings.

    The publications relating to the company profile can contain the following:

    • Information on products

    • Information on services

    • Advertising

    • Customer contact

    Each user is free to publish personal data by means of activities.

    Article 6 (1) sentence 1 (a) GDPR serves as the legal basis for data processing.

    The data generated by the company profile is not saved in our own systems.

    You can object at any time to the processing of your personal data, which we collect during your use of our YouTube company profile, and assert your rights as the data subject as outlined in IV. of this Privacy Policy. Please send us a plain email in this regard to privacy@knauf.digital. \n Additional information on the processing of your personal data by YouTube and the relevant possibilities for objection can be found here:

    YouTube: https://policies.google.com/privacy?gl=DE&hl=de

    X. Use of company profiles in professional networks

    Scope of data processing

    We use the option of company profiles in professional networks. We maintain a company profile on the following professional networks:

    LinkedIn:

    LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland

    XING:

    XING SE, Dammtorstraße 30, 20354 Hamburg, Germany

    We provide information on our website and offer our users the possibility of communication.

    The company profile is used for advertising, information/PR, and active sourcing.

    We do not have any information on the processing of your personal data by the company with joint responsibility for the company profile. Further information in this regard can be found in the Privacy Policy of:

    LinkedIn:

    https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

    XING:

    https://privacy.xing.com/de/datenschutzerklaerung

    When you perform an action on our company profile (such as comments, posts, likes, etc.), it is possible that you will make personal data (e.g. your real name or a photo of your user profile) public.

    Legal basis for data processing

    Article 6 (1) sentence 1 (f) GDPR serves as the legal basis for processing your data in relation to the use of our company profile.

    Purpose of data processing

    We use our company profile to inform users about our services. Each user is free to publish personal data by means of activities.

    Period of storage

    We save your activities and personal data published via our company profile until you withdraw your consent. Furthermore, we comply with the statutory retention periods.

    Possibility for objection and removal

    You can object at any time to the processing of your personal data, which we collect during your use of our company profile, and assert your rights as the data subject as outlined in IV. of this Privacy Policy. Please send us a plain email in this regard to the email address specified in this Privacy Policy.

    For more information on possibilities for objection and removal, click here.

    LinkedIn:

    https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

    XING:

    https://privacy.xing.com/de/datenschutzerklaerung

    XI. Hosting

    The website is hosted on servers by a service provider appointed by us.

    Our service provider is:

    Microsoft Azure

    The servers collect and save information automatically in server log files, which your browser transmits automatically when you visit the website. The saved information includes:

    • Browser type and version

    • Operating system used

    • Referrer URL

    • Host name of accessing computer

    • Date and time of server request

    • IP address

    This data shall not be merged with other data sources. This data is recorded on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically correct representation and optimization of its website – the server log files have to be recorded for this purpose.

    The website server is located geographically in the European Union or the European Economic Area (EEA).

    XII. Geotargeting

    We use the IP address and other information provided by the user (especially ZIP code in the context of the registration or order) for addressing target groups on a regional basis (“geotargeting”).

    Regional target group addressing is used, for example, to automatically show you regional offers and advertising, which often have a higher relevance for users. Article 6 (1) (f) GDPR serves as the legal basis for use of the IP address and any other information provided by the user (especially ZIP code) based on our interest to ensure precise target group addressing and therefore provide offers and advertising of higher relevance for the user.

    Part of the IP address and the information provided additionally by the user (especially the ZIP code) is only read and not saved separately.

    You can prevent geotargeting, for example, by using a VPN or proxy server, which prevents precise localization. Depending on the browser used, you can also deactivate position determination in the relevant browser settings (assuming the relevant browser supports this).

    We use geotargeting for the following purposes on our website:

    • Geoblocking

    • Customer contact

    • Advertising purposes

    XIII. Registration

    Description and scope of data processing

    We offers users the possibility on our website to register by providing personal data. The data is entered in an input screen, transmitted to and stored by us. We will not pass on your data to third parties. The following data is collected during the registration process:

    • Email address

    • Last name

    • First name

    • Phone/mobile phone number

    • IP address of the requesting computer

    • Date and time of registration

    • Language

    The user’s consent to process this data is obtained during the registration process.

    Purpose of data processing

    Users have to register in order for us to provide certain content and services on our website.

    Access to our digital services.

    Legal basis for data processing

    Article 6 (1) sentence 1 (a) GDPR serves as the legal basis for processing the data, insofar as the user has given his*her consent.

    Period of storage

    The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

    This is the case for the data collected during the registration process if the registration on our website is canceled or changed.

    Possibility for objection and removal

    As a user, you have the possibility to cancel your registration at any time. You can always request alteration of the data we store about you.

    Visitors can send an email to privacy@knauf.digital to request deletion of data.

    XIV. Content delivery networks

    Microsoft Azure CDN

    Description and scope of data processing

    On our website, we use functions of the content delivery network Microsoft Azure CDN from Microsoft Corporation, One Microsoft Way, Redmond, WA 8052-6399, USA (hereinafter referred to as: Microsoft Azure CDN). A content delivery network (CDN) is a network of regionally distributed servers connected over the Internet, which are used to deliver content – especially large media files such as videos. Microsoft Azure CDN offers web optimization and security services, which we use to improve the loading times of our website and to protect it from misuse. When you visit our website, a connection is established to the Microsoft Azure CDN servers in order, for example, to retrieve content. Personal data may be stored in server log files and evaluated as a consequence, in particular the activity of the user (especially which pages were visited) as well as device and browser information (especially the IP address and the operating system). For more information on the collection and storage of data by Microsoft Azure CDN, click here: https://www.microsoft.com/de-de/TrustCenter/Privacy/default.aspx

    Purpose of data processing

    Microsoft Azure CDN functions are used to deliver and accelerate online applications and content.

    Legal basis for data processing

    This data is recorded on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically correct representation and optimization of its website – the server log files have to be recorded for this purpose.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law.

    Possibility for objection and removal

    For information on the possibilities for objection and removal with respect to Microsoft Azure CDN, click here: https://www.microsoft.com/de-de/TrustCenter/Privacy/default.aspx

    XV. Plugins used

    We use plugins for different purposes. The plugins used are listed below:

    Using Adobe Analytics

    1. Scope of processing of personal data

    We use the analytics service Adobe Analytics from Adobe Inc, 345 Park Avenue, San Jose, CA 95110-2704, USA and its representative in the EU, Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland (hereinafter referred to as: Adobe). Adobe places a cookie on your computer for this purpose. Personal data may be stored and evaluated as a consequence, in particular the activity of the user (especially which pages were visited and which elements were clicked) as well as device and browser information (especially the IP address and the operating system). For more information on the processing of data by Adobe, click here: https://www.adobe.com/de/privacy.html

    Purpose of data processing

    The processing of the personal data of users by Adobe Analytics allows us to analyze the surfing behavior of our users. By evaluating the data obtained, we can compile information on the use of individual components of our offer. This helps us to continually enhance our website and also increase user friendliness in this context.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law, for example, for tax and accounting purposes.

    Possibility for objection and removal

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by Adobe by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. You can deactivate use of your personal data by Adobe by following this link: https://www.adobe.com/de/privacy/opt-out.html For more information on possibilities for objection and removal with respect to Adobe, click here: https://www.adobe.com/de/privacy.html

    Using the Facebook pixel

    1. Scope of processing of personal data

    On our website, we use the Facebook pixel from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA and its representative in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as: Facebook). It allows us to track the actions of users after they have viewed or clicked a Facebook advertisement. Personal data may be saved and evaluated as a consequence, above all the activity of the user (especially which pages were visited and which elements were clicked), as well as device and browser information (especially the IP address and the operating system), data on the advertisements displayed (especially which advertisements were displayed and whether the user clicked these), and also data from advertising partners (especially pseudonymized user IDs). This lets us capture the effectiveness of Facebook advertisements for statistical and market research purposes. Data can be transferred to Facebook servers in the US in the process. The data collected in this way is anonymous for us, in other words we do not see the personal data of individual users. However, this data is saved and processed by Facebook. Facebook can connect this data with your Facebook account and also use it for own advertising purposes in accordance with Facebook’s Data Use Policy. For more information on the processing of data by Facebook, click here: https://de-de.facebook.com/policy.php

    Purpose of data processing

    The Facebook pixel is used to analyze and optimize advertising measures.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law, for example, for tax and accounting purposes.

    Possibility for objection and removal

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by Facebook by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. For more information on possibilities for objection and removal with respect to Facebook, click here: https://www.adobe.com/de/privacy.html https://de-de.facebook.com/policy.php

    Using Google AdWords

    1. Scope of processing of personal data

    We use Google AdWords from Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google). This service allows us to place advertisements. Google places a cookie on your computer for this purpose. Personal data may be saved and evaluated as a consequence, above all the activity of the user (especially which pages were visited and which elements were clicked), as well as device and browser information (especially the IP address and the operating system), data on the advertisements displayed (especially which advertisements were displayed and whether the user clicked these), and also data from advertising partners (especially pseudonymized user IDs). For more information on the processing of data by Google, click here: https://policies.google.com/privacy?gl=DE&hl=de

    Purpose of data processing

    We only receive information about the total number of users who have reacted to our advertisement. No information is passed on that would allow us to identify you. Usage is not for the purpose of tracking.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law, for example, for tax and accounting purposes.

    Possibility for objection and removal

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by Google by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. You can deactivate use of your personal data by Google by following this link: https://adssettings.google.de For more information on possibilities for objection and removal with respect to Google, click here: https://policies.google.com/privacy?gl=DE&hl=de

    Using Google Analytics 1. Scope of processing of personal data

    We use Google Analytics, a web analytics service from Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google). Google Analytics examines, among other things, the origin of the visitors, the length of time they spend on individual pages, and the use of search engines, and thus allows better control of the success of advertising campaigns. Google places a cookie on your computer for this purpose. Personal data may be saved and evaluated as a consequence, above all the activity of the user (especially which pages were visited and which elements were clicked), as well as device and browser information (especially the IP address and the operating system), data on the advertisements displayed (especially which advertisements were displayed and whether the user clicked these), and also data from advertising partners (especially pseudonymized user IDs). The information generated by the cookie on your use of this website is transferred to a Google server in the US and stored there. If the option of IP anonymization is activated on this website, your IP address will first be abbreviated, however, by Google within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and abbreviated there. Google will use this information at the behest of the operator of this website in order to evaluate your use of the website, to compile reports on the activities of the website, and to provide additional services associated with the use of the website and Internet usage for the operator of the website. The IP address transferred from your browser in the context of Google Analytics will not be merged with other data from Google. You can prevent storage of cookies by making the appropriate setting in your browser software; however, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. For more information on the processing of data by Google, click here: https://policies.google.com/privacy?gl=DE&hl=de

    Purpose of data processing

    The purpose of data processing is the targeted addressing of a target group, which has already signaled an initial interest by visiting the page.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law. Advertising data in server protocols will be anonymized in that Google by its own account deletes parts of the IP address and cookie information after nine or eighteen months.

    Possibility for objection and removal

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by Google by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. You can also prevent transfer of the data generated by the cookie, which relates to your use of the website (incl. your IP address), to Google as well as its processing by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de You can deactivate use of your personal data by Google by following this link: https://adssettings.google.de For more information on possibilities for objection and removal with respect to Google, click here: https://policies.google.com/privacy?gl=DE&hl=de

    Using Google Ads Remarketing 1. Scope of processing of personal data

    We use Google Ads Remarketing from Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google). Google Remarketing is used for retargeting visitors to the website for advertising purposes via Google Ads advertisements. With the help of Google Ads Remarketing, target groups (“similar target groups”) can be created, which have, for example, accessed certain pages. This makes it possible to identify the user on other websites and display targeted advertising. Google places a cookie on the user’s computer for this purpose. Personal data may be saved and evaluated as a consequence, above all the activity of the user (especially which pages were visited and which elements were clicked), as well as device and browser information (especially the IP address and the operating system), data on the advertisements displayed (especially which advertisements were displayed and whether the user clicked these), and also data from advertising partners (especially pseudonymized user IDs). For more information on the processing of data by Google, click here: https://policies.google.com/privacy?gl=DE&hl=de

    Purpose of data processing

    The purpose of processing the personal data is the targeted addressing of a target group. The cookies stored on the devices of users recognize them when they visit a website and can therefore show them interest-based advertising.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law, for example, for tax and accounting purposes.

    Possibility for objection and removal You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by Google by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. You can also prevent transfer of the data generated by the cookie, which relates to your use of the website (incl. your IP address), to Google as well as its processing by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de You can deactivate use of your personal data by Google by following this link: https://adssettings.google.de For more information on possibilities for objection and removal with respect to Google, click here: https://policies.google.com/privacy?gl=DE&hl=de

    Using Google ReCaptcha 1. Scope of processing of personal data

    We use Google ReCaptcha from Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland. This tool is intended to check if data input is compliant and not made by a bot. For this purpose, Google ReCaptcha analyzes and authenticates the behavior of a website visitor with regard to a wide variety of characteristics. Personal data may be stored and evaluated as a consequence, in particular the activity of the user (especially mouse movements and which elements were clicked) as well as device and browser information (especially the time, the IP address, and the operating system). The data is not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. For more information on the processing of data by Google, click here: https://policies.google.com/privacy?gl=DE&hl=de

    Purpose of data processing

    We use Google ReCaptcha to protect our website against misuse.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law, for example, for tax and accounting purposes.

    Possibility for objection and removal You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by Google by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. You can deactivate use of your personal data by Google by following this link: https://adssettings.google.de For more information on possibilities for objection and removal with respect to Google, click here: https://policies.google.com/privacy?gl=DE&hl=de

    Using Hotjar

    1. Scope of processing personal data

    We use the web analytics service Hotjar from Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (hereinafter referred to as: Hotjar). Among other things, Hotjar uses cookies, in other words small text files that are stored locally in the cache of your device’s web browser and that allow an analysis of the use of our website by you. Personal data may be stored and evaluated as a consequence, in particular the activity of the user (especially which pages were visited and which elements were clicked) as well as device and browser information (especially the IP address and the operating system) and a tracking code (pseudonymized user ID). The information collected in this way is transferred to a server in Ireland and stored anonymously there. For more information on the processing of data by Hotjar, click here: https://www.hotjar.com/legal/policies/privacy

    Purpose of data processing

    The Hotjar plugin is used to gain a better understanding of the needs of our users and to optimize the offer on this website.

    Legal basis for processing personal data The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law.

    Possibility for objection and removal

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. You can deactivate use of your personal data by Hotjar by following this link: https://www.hotjar.com/legal/compliance/opt-out For more information on possibilities for objection and removal with respect to Hotjar, click here: https://www.hotjar.com/legal/policies/privacy

    Using HubSpot

    1. Scope of processing of personal data

    We use functions of HubSpot Inc., 2nd Floor, 25 First Street, Cambridge, MA 02141, USA (hereinafter referred to as: HubSpot). HubSpot is an integrated software solution we use to cover various aspects of our online marketing. These include: Email marketing (newsletter and automated mailings, for example for providing downloads), social media publishing & reporting, reporting (especially traffic sources, accesses, etc. …), contact management (especially user segmenting & CRM), landing pages, and contact forms. HubSpot places a cookie on your computer for this purpose. Personal data may be saved and evaluated as a consequence, above all the activity of the user (especially which pages were visited and which elements were clicked), as well as device and browser information (especially the IP address and the operating system), data on the advertisements displayed (especially which advertisements were displayed and whether the user clicked these), and also data from advertising partners (especially pseudonymized user IDs). For more information on the processing of data by HubSpot, click here: https://legal.hubspot.com/de/privacy-policy

    Purpose of data processing We use the HubSpot plugin solely to optimize our marketing.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law, for example, for tax and accounting purposes.

    Possibility for objection and removal

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by HubSpot by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser.

    For more information on possibilities for objection and removal with respect to HubSpot, click here: https://legal.hubspot.com/de/privacy-policy

    Use of Twitter

    1. Scope of processing of personal data

    We use the Social Plugins feature of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter referred to as: Twitter). The Social Plugins feature allows us to incorporate Twitter content (especially Tweets or Moments) or links to the Twitter platform (especially the Tweet or Follow button) in our website. Personal data may be stored and evaluated as a consequence, in particular the activity of the user (especially which pages were visited and which elements were clicked) as well as device and browser information (especially the IP address and the operating system). When you use Twitter and the Re-Tweet function, the websites you visit are linked with your Twitter account and made known to third parties. We receive no information about the content of the data transferred and its use by Twitter. For more information on the processing of data by Twitter, click here: https://twitter.com/de/privacy

    Purpose of data processing

    We integrate the Twitter plugin in order to improve user friendliness. Twitter content can be displayed in embedded form and users of the Twitter service can use Twitter features.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law.

    Possibility for objection and removal

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by Twitter by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. For more information on possibilities for objection and removal with respect to Twitter, click here: https://twitter.com/de/privacy

    Using Adobe Fonts

    1. Scope of processing of personal data

    We use Adobe Fonts from Adobe Systems Software Ireland Limited, 6 Riverwalk, Naas Road, Dublin 24, Ireland (hereinafter referred to as: Adobe). The fonts are transferred to the browser cache when the page is accessed in order to be able to use them for enhancing the visual presentation of different information. If the browser does not support Adobe Fonts or prevents access, the text is displayed in a standard font. No cookies are stored on the visitor’s computer when the page is accessed. Data transferred in connection with the page view is sent to resource-specific domains such as use.typekit.net or use.typekit.com. The following data is processed: – Fonts provided – ID of WEBPROJECT – JavaScript version of the WEBPROJECT (string) – Type of WEBPROJECT (string “configurable” or “dynamic”) – Embedding type (whether you use the JavaScript or CSS embedding code) – Account ID (identifies the customer where the WEBPROJECT originates) – Service that provides the fonts (e.g. Adobe Fonts or Edge Web Fonts) – Application that requests the fonts (e.g. Adobe Muse) – Server that provides the fonts (e.g. Adobe Fonts or enterprise CDN) – Host name of page to which the fonts are uploaded – The time the web browser needs to download the fonts – The time from downloading the fonts with the web browser to application of the fonts – Whether an Ad Blocker is installed to determine whether the Ad Blocker impairs the correct tracking of page views – IP address of the website visitor, operating system, and browser version For more information on the processing of data by Adobe, click here: https://www.adobe.com/de/privacy/policies/adobe-fonts.html and https://www.adobe.com/de/privacy/policy.html

    Purpose of data processing We use Adobe Fonts to display our texts in an attractive manner. If your browser does not support this function, a standard font will be used by your computer for display purposes.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law.

    Possibility for objection and removal

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by Adobe by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. You can deactivate use of your personal data by Adobe by following this link: https://www.adobe.com/de/privacy/opt-out.html For more information on possibilities for objection and removal with respect to Adobe, click here: https://www.adobe.com/de/privacy/policies/adobe-fonts.htmland https://www.adobe.com/de/privacy/policy.html

    Using Google Tag Manager 1. Scope of processing of personal data

    We use Google Tag Manager (https://www.google.com/intl/de/tagmanager/) from Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google). Google Tag Manager can be used to manage tags for services from Google and third-party providers and embed them in bundled form on a website. Tags are small code elements on a website that are used, among other reasons, to measure visitor numbers and behavior, record the effect of online advertising and social media channels, use remarketing and target group addressing, and test and optimize websites. When a user visits the website, the current tag configuration is sent to the user’s browser. It contains instructions as to which tags are to be triggered. Google Tag Manager causes other tags to be triggered, which in turn may collect data. Information on this can be found in the sections on the use of the corresponding services in this Privacy Policy. Google Tag Manager does not access this data. Further information on Google Tag Manager can be found at https://www.google.com/intl/de/tagmanager/faq.html and in Google’s Privacy Policy: https://policies.google.com/privacy?hl=de

    Purpose of data processing

    Personal data is processed for the purpose of collective and clear management and efficient integration of services of third-party providers.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law. Advertising data in server protocols will be anonymized in that Google by its own account deletes parts of the IP address and cookie information after nine or eighteen months.

    Possibility for objection and removal

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by Google by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. You can also prevent transfer of the data generated by the cookie, which relates to your use of the website (incl. your IP address), to Google as well as its processing by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de You can deactivate use of your personal data by Google by following this link: https://adssettings.google.de For more information on possibilities for objection and removal with respect to Google, click here: https://policies.google.com/privacy?gl=DE&hl=de

    Use of Twitter

    1. Scope of processing of personal data

    We use the Twitter Analytics tool from Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter referred to as: Twitter). We use Twitter Analytics to measure interaction with Twitter users, learn and track the interests, locations and origins of our followers, such as our Twitter Cards clicks, app installations, and retweets. The following personal data is processed: – IP address (anonymized) – Browser type – Referrer/exit pages – Operating system – Time and date of access – Clickstream data – Views – Clicks – Twitter account data For more information on the processing of personal data by Twitter Analytics, click here: https://twitter.com/de/privacy

    Purpose of data processing

    The processing of users’ personal data by Twitter Analytics allows us to analyze the performance of our advertising on Twitter and interactions with Twitter users. By evaluating the data obtained, we can compile information on the use of individual components of our offer. This helps us to continually enhance our advertising measures and also increase user friendliness in this context.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law.

    Possibility for objection and removal You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by Twitter by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. You can deactivate use of your personal data by Twitter by following this link: https://twitter.com/personalization For more information on possibilities for objection and removal with respect to Twitter, click here: https://twitter.com/de/privacy

    Using MyFonts webfonts

    1. Scope of processing of personal data

    We use MyFonts webfonts from Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts, 01801, USA (hereinafter referred to as: Monotype). The webfonts are transferred to the browser cache from our servers when the page is accessed in order to be able to use them for enhancing the visual presentation of different information. If the browser does not support webfonts or prevents access, the text is displayed in a standard font. No cookies are stored on the visitor’s computer when the page is accessed. Only licensing data that has to be transferred in connection with the page view is sent to resource-specific domains such as hello.myfonts.net, especially the ID number of the webfont project (anonymized), the URL of the licensed website, which is linked with our customer number to identify the licensee and the licensed web fonts, and the referrer URL. For more information on the processing of data by Monotype, click here: https://www.monotype.com/de/rechtshinweise/datenschutzrichtlinie/datenschutzrichtlinie-zum-tracking-von-webschriften

    Purpose of data processing We use MyFonts webfonts to display our texts in an attractive manner. If your browser does not support this function, a standard font will be used by your computer for display purposes.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage The anonymized webfont project ID number is saved in encrypted log files for 30 days in order to determine the monthly number of page views. The log files are deleted after extracting and storing the number of page views in this way.

    Possibility for objection and removal

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. For more information on possibilities for objection and removal with respect to Monotype, click here: https://www.monotype.com/de/rechtshinweise/datenschutzrichtlinie/datenschutzrichtlinie-zum-tracking-von-webschriften

    Using Facebook retargeting

    1. Scope of processing of personal data

    We use functionalities of the Facebook Retargeting advertising plugin from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as: Facebook Retargeting). Facebook Retargeting is used to conduct advertising campaigns and interact with them. Users are reminded by Facebook Retargeting of products they searched for or viewed, but did not buy. Cookies are saved on your device by Facebook in the process. The following personal data in particular is processed by Facebook as a consequence: – Information on the user’s activities – Website visited – Which products were displayed – Which advertisements were clicked – Device information, especially device type, IP address – Facebook account of users, if users are logged into Facebook Data is processed in this regard on servers of Facebook Inc., Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025 in the US. Other recipients of data include providers and service providers of Facebook Inc., for analysis purposes for example. For more information on the processing of data by Facebook, click here: https://de-de.facebook.com/privacy/explanation

    Purpose of data processing

    We use Facebook Retargeting to place advertisements on various platforms and to analyze how users interact with these advertisements. Our intention here is to be able to display personalized advertising to these users, which is therefore also relevant to them.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    Your personal data will be stored for as long as necessary to fulfill the purposes described in this Privacy Policy or for as long as stipulated in law, for example, for tax and accounting purposes.

    Possibility for objection and removal You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by Facebook by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. Personalized advertising can be disabled here for Facebook users if the users are logged into Facebook: https://www.facebook.com/settings/?tab=ads For more information on possibilities for objection and removal with respect to Facebook, click here: https://de-de.facebook.com/privacy/explanation

    Using LinkedIn Insight Tag 1. Scope of processing of personal data We use functionalities of the LinkedIn Insight Tag marketing plugin from LinkedIn Ireland, Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as: LinkedIn). The plugin allows us to obtain information on the visitors to the website and to keep detailed campaign reports. The following personal data in particular is processed by LinkedIn as a consequence: – URL – Referrer URL – IP address in shortened or hashed form – Device and browser properties (user agent) as well as time stamp Cookies are saved on your device by LinkedIn in the process. For more information on the cookies used, click here. https://www.linkedin.com/legal/cookie-policy LinkedIn does not share personal data with us, rather simply offers aggregated reports on the target group and advertisements. LinkedIn also offers a remarketing function, which allows us to show you targeted and personalized advertising outside of our website without us discovering your identity. For more information on the processing of data by LinkedIn, click here: https://www.linkedin.com/legal/privacy-policy?_l=de_DE

    Purpose of data processing

    We use LinkedIn Insight Tag to collect information on visitors to our website.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Period of storage

    The direct Ids of members are removed within seven days in order to pseudonymize the data. This remaining pseudonymized data is then deleted within 180 days.

    Possibility for objection and removal

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by LinkedIn by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. For more information on possibilities for objection and removal with respect to LinkedIn, click here: https://www.linkedin.com/legal/privacy-policy?_l=de_DE

    Using Okta

    Registration and login

    Knauf Digital GmbH uses the Customer Identity Management platform from Okta, Inc., 101 1st Street, San Francisco, CA 94105, USA (“Okta”) to register for a Knauf account on our websites and to access the other services offered here. Okta manages and stores the data in Germany, but may also use international support teams, for example, in Singapore, Canada, Japan, Australia, and the US, in the event of support requests. If a comparable level of protection of data to the EU does not exist in the above-mentioned countries, and if security authorities in the US, in particular, have the possibility to access the saved personal data, Okta secures this transfer of data based on EU standard contractual clauses. The data collected by Okta is only used for operation and management of Knauf services that are subject to registration and for the execution, establishment, or termination of the underlying contract with the user concerning participation in the service selected by him*her.

    Purpose of data processing

    We use Okta for the purpose of registering for our services and products.

    Legal basis for processing personal data

    The legal basis for processing the personal data of users is the consent of the user pursuant to Article 6 (1) sentence 1 (a) GDPR.

    Possibility for objection and removal

    You have the right to withdraw your consent to the processing of your personal data at any time. The legality of the processing already conducted based on the consent up until the time of withdrawal shall not be affected by the withdrawal of consent. You can prevent the collection and processing of your personal data by Okta by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, disabling execution of script code in your browser, or installing a script blocker, such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com), in your browser. For more information on possibilities for objection and removal with respect to Okta, click here: Okta Privacy Policy | Okta: https://www.okta.com/de/privacy-policy/

    Version dated: October 2021