We welcome your interest in our website https://www.zeppelin.com (“Website”) and would like to make your visit as enjoyable as possible. The operator of this Website and the controller for the processing of your personal data through this Website is Zeppelin GmbH, Graf-Zeppelin-Platz 1, 85748 Garching near Munich, phone: +49 89 32 000-0, e-mail: datenschutz@zeppelin.com
Alongside easy, efficient operability, we consider the protection of your personal data to be a top priority. The protection of your privacy is a key concern for us when processing personal data and we take this into account in all our business processes.
Therefore our processing of personal data collected during a visit to our Website always takes place in line with the respective provisions governing data protection.
This data protection statement will tell you which of your personal data are collected and retained when you visit our Website or use our services offered through the Website. You will also receive information on how and on what legal basis your data are used, what rights you have with regard to the use of your data, and which contact methods are available to you.
1. Processing of personal data and purposes of the processing
When visiting our Website
You can visit our Website without disclosing information regarding your identity. When you open our Website, your browser information will however be automatically sent to our Website servers, and temporarily stored in a log file. Your identity is not disclosed by this information.
The following information is recorded without your consent, and is retained until it is automatically erased after six months:
- The IP address of the requesting computer,
- the date and time of the visit,
- the name and URL of the accessed file,
- the browser that you have used and if applicable, your computer’s operating system,
- websites from which the user’s system has reached our Website (referrer),
- websites which are opened through our Website from the user’s system.
These data are collected and processed to enable use of our Website (connecting). These data are retained exclusively for technical reasons, and at no point are they attributed to a specific person. The collection of these data serves to ensure system security and stability, as well as technical administration of the network infrastructure. The legal basis to this extent is point (f) of Article 6 (1) GDPR. Our legitimate interest in data processing lies in ensuring that our Website functions properly, and that communication through the Website is properly handled. In relation to the foregoing, we cannot attribute this information to you personally.
We also use cookies and web analysis services for our Website (see clause 2).
When using the contact form
If you have any questions, we provide the option of contacting us via a form provided on the Website. The following information is required to allow us to answer your questions:
- First name and surname,
- valid email address,
- subject
- location (optional)
- valid phone number (optional, for if you require a callback).
We store this information for verification purposes for a period of up to 10 years. The purpose of collecting the data provided in the contact form is to identify the requester, and to be able to reply to the request properly and via the requested communication channel. This is also our legitimate interest. The legal basis for data processing is point (f) of Article 6 (1) GDPR.
2. Cookies and social plugins
Cookies
We use cookies on our Website. These are small files which your browser automatically creates and which are stored on your terminal (PC, laptop, tablet, smartphone, etc.) when you visit our Website.
Cookies are used to make your visit to our Website easier and more enjoyable. This is why we use session cookies to detect that you have already visited individual pages on our Website, or that you have already signed into your customer account. They are automatically deleted after you leave our Website.
Insofar as you have given us your consent to this, We use temporary cookies to enhance user-friendliness. These are stored on your terminal for a specific period. If you visit our site again to use our services, the system automatically detects that you have visited us previously, as well as your input and settings so that you do not need to enter them again. the legal basis for this is point (a) of Article 6 (1) GDPR. You may revoke your consent at any time using our cookie settings.
We also use cookies to record statistics regarding the use of our Website, and to analyze these for the purposes of optimizing our Website to meet your needs, and to show information which is specifically tailored to your interests. If you visit our Website again, these cookies allow us to automatically see that you have visited the Website previously. These cookies are automatically deleted after a defined period.
Most browsers automatically accept cookies. You can configure your browser in such a way that no cookies are stored on your computer, or so that a prompt appears before a new cookie is created. Completely disabling cookies may, however, lead to some of the functions of our Website being lost.
OneTrust
We use OneTrust (a tool from OneTrust Technology Limited, 82 St. John Street
Farringdon, London EC1M 4JN, UK) as a cookie and consent management tool.
With the help of the OneTrust Cookie Compliance Tool, you can consent to the storage of cookies in a legally compliant manner or declare your withdrawal of consent. At the same time, your consent is documented, and the setting of cookies is technically controlled. Cookies are used to store your cookie settings on our websites. This means that your cookie settings can be retained when you visit our platforms again, as long as you do not delete the cookies beforehand. You can adjust your settings at any time.
We also use the OneTrust Consent Manager, which allows you to give your consent on our website and manage it in the Preference Center at any time. Your consent will also be documented in a legally compliant manner.
The legal basis for the aforementioned processing of personal data is Article 6 (1) (f) GDPR. Our legitimate interest is to obtain legally required consent automatically and document it in a legally compliant manner.
Google Analytics
In order to tailor our Website to your needs and for continuous optimization of the site, we use Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (https://www.google.de/contact/impressum.html). Pseudonymized user profiles are created and cookies used in this context. The information generated by the cookie through your use of the Website, e.g.
- browser type/version,
- operating system used,
- referrer URL (previously visited site),
- hostname of the accessing computer (IP address),
- time of server request,
is transferred to a Google server in the USA and stored there. The information is used to analyze use of the Website. This information may also be sent to third parties, insofar as this is a statutory requirement. Your IP address is never combined with other Google data. IP addresses are rendered anonymous to prevent attribution (IP masking).
The transfer of personal data to the USA will only take place with your express prior consent. The legal basis for the storage of cookies and further analysis of the data over a period of two months is the consent that is granted (point (a) of Article 6 (1) GDPR). You can withdraw your consent at any time in the cookie settings.
Showing videos (YouTube)
In several places on our Website, we have embedded videos which are provided by a third party. This concerns videos from the “YouTube” platform. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (https://www.google.de/contact/impressum.html).
The video content is visualized exclusively through the provider’s use of “enhanced data protection mode”. As a result, only by clicking on a video can a cookie be stored on your computer to collect data for YouTube, and this data may be collected and processed further. We have no influence over this data collection and processing.
If you have a YouTube account and are signed in to it when you open YouTube on our Website, information can be attributed to your YouTube account in relation to the visit to our Website and clicking on videos. If you wish to prevent this, you must sign out of your YouTube account before using our Website and watching the videos.
More information is provided in the Google privacy policy, available at https://www.google.com/intl/en/policies/privacy/.
YouTube videos are integrated on the basis of your consent in accordance with point (a) of Article 6 (1) GDPR. You can withdraw your consent at any time in the cookies settings.
If you do not wish to transfer data to YouTube, do not click on the videos embedded on our Website.
Google Retargeting/Remarketing
On this website, we use the remarketing function or “similar audiences” function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://www.google.de/contact/impressum.html). The purpose of this function is to present you, as a visitor to our website, with interest-based advertising as part of the Google network. When you visit the website, your browser stores cookies, which are small text files, on your computer; these make it possible to recognize you when you access websites that belong to the Google advertising network. On these websites you can then be presented with advertisements based on content you have previously accessed on websites that use the Google remarketing function. According to its own statements, Google does not combine the data collected as part of remarketing with any of your personal data that may be stored by Google. In particular, according to Google, pseudonymization is used for remarketing. Your data will also be processed by Google in the USA. Your data will only be transferred to the USA with your express consent.
The use of the remarketing function or “similar target groups” function is based on the consent you have given. The legal basis is point (a) of Article 6 (1) GDPR. You can withdraw your consent at any time in the cookies settings.
Use of Google AdWords conversion tracking
We use Google AdWords – another offer from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to draw attention to our attractive offers by means of advertising materials (so-called Google AdWords) on external websites. These advertising materials are delivered by Google via so-called “ad servers.” Ad Server cookies are used to evaluate performance parameters such as ad impressions, clicks and conversions. This allows us to determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. If you access our website via a Google ad, a cookie is stored on your PC by Google AdWords. These cookies generally lose their validity after 30 days and are not intended to identify you personally. The following analysis values are generally stored for this cookie, whereby the data is also processed by Google in the USA:
- Unique cookie ID
- Number of ad impressions per placement (frequency)
- Last impression (relevant for post-view conversions)
- Opt-out information (marking that the user no longer wants to be addressed)
These cookies allow Google to recognize your Internet browser. If a user visits certain pages of an AdWords customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user has clicked on the ad and has been forwarded to this page. Each AdWords customer is assigned a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. We do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations made available by Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials; in particular we cannot identify users based on this information. Your data will only be transferred to the USA after granting of your express consent. The legal basis for the storage of cookies by Google is the consent that is granted (point (a) of Article 6 (1) GDPR). You can withdraw your consent at any time in the cookies settings.
You can find further information and view the Google Privacy Policy at: https://www.google.de/policies/privacy.
Facebook Pixel
On our website, we have integrated a Facebook pixel from Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If you access our website, you will be redirected to Facebook via Re-Direct. The following data can be forwarded:
- Unique cookie ID
- Accessed website
- Date
Facebook can mark the end device you are using with a cookie and a unique identifier or access a cookie that may already exist. If you are logged in to Facebook, our targeted advertising may be displayed on the Facebook pages using this data. Facebook also processes the data in the USA. Your data will only be transferred to the USA after granting of your express consent. The legal basis for storage of cookies and transmission of the data to Facebook is the consent that is granted (point (a) of Article 6 (1) GDPR). You can withdraw your consent at any time in our cookie settings. Further evaluation of the collected data is the responsibility of Facebook. You can change your Facebook settings for advertising here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
You can find further information and view the Google Privacy Policy at: https://de-de.facebook.com/policy.php.
Google reCAPTCHA
We integrate into our website a function for recognizing bots, e.g. when users enter data into online forms (“reCAPTCHA”); this function is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The aim of this is that Google reCAPTCHA will be used to prevent the improper input of data into our website (e.g. in a contact form) by automated programs rather than humans. To this end, reCAPTCHA analyses the behavior of website visitors and sends the information required for analysis (including the relevant IP address, mouse movements, and length of stay) to Google.
Data is processed on the basis of point (f) of Article 6 (1) GDPR. Our legitimate interest lies in the fact that we wish to protect our website against improper spying and spam.
Further information on Google reCAPTCHA is available at https://www.google.com/recaptcha/intro/v3.html as well as in the Google Privacy Policy, which can be accessed at https://www.google.com/policies/privacy
Google Tag Manager
This website uses Google Tag Manager, a solution offered by Google Ireland Limited (Gordon House, Barrow St, Dublin 4, Ireland). Google Tag Manager allows various codes and services to be managed and more easily integrated into the website. Google Tag Manager is a cookie-free domain that requires transmission of the IP address to Google and triggers other tags that may collect data under certain circumstances. Google Tag Manager does not access these data. Insofar as a deactivation has been implemented by the user on a domain or cookie level, this applies to all tracking cookies that are implemented with Google Tag Manager. Your IP address can also be processed by Google in the USA. To ensure an adequate level of data protection, we have concluded the so-called standard contractual clauses with Google.
The legal basis for the aforementioned processing of personal data is point (f) of Article 6 (1) GDPR.
Optimizely
On this website, we use Optimizely, a web analytics service provided by Optimizely Inc. (631 Howard Street, Suite 100, San Francisco, CA 94105, United States) to perform A/B testing to optimize and further develop this website. The information generated by a cookie about your use of this website is transmitted anonymously to a server of Optimizely and stored there.
The use of Optimizely is based on the consent you have given. The legal basis is point (a) of Article 6 (1) GDPR. You can withdraw your consent at any time in the cookie settings.
You can deactivate Optimizely tracking directly at any time by following the instructions at https://www.optimizely.com/legal/opt-out/.
Mouseflow
We use the Mouseflow analytics service, a web analytics tool by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to improve the usability and customer experience on our website. In addition to mouse clicks, mouse and scroll movements of randomly selected users can be recorded. Likewise, keystrokes performed on this website can be recorded. The recording is not personalized and therefore remains anonymous. Mouseflow does not record this data on pages where the Mouseflow function is not activated. You can deactivate the Mouseflow service at https://mouseflow.com/opt-out/.
The use of Mouseflow is based on the consent you have given. The legal basis is point (a) of Article 6 (1) GDPR. You can withdraw your consent at any time in the cookie settings.
GetSiteControl Widget
We also use the GetSiteControl tool from the provider GetWebCraft Ltd. on our website.
(Klimentos 41-43, Klimentos Tower, Flat/Office 25, 1061, Nicosia, Cyprus) for the implementation of visual elements (“widgets”). This tool is used to display pop-ups and overlay windows on the website. These can be controlled according to specific rules (e.g. number of page visits), and they use cookies for this purpose. Visitors to our website can start a chat dialog with us using these widgets, for example to ask questions or give feedback. If you visit a webpage on our website that contains a widget of this type, your browser will establish a direct connection with the GetWebCraft Limited servers. The data you enter in the widget are stored directly on GetWebCraft Limited’s servers by GetWebCraft Limited, and processed by us for the purposes of the communication that you initiate (including answering your inquiries and providing advice on product selection).
The legal basis for the storage of cookies by Google is granted consent (point a) of the first sentence of Article 6 (1) GDPR). You can withdraw your consent at any time in the cookies settings.
For information on privacy at GetWebCraft, see the company’s privacy policy at: http://www.getsitecontrol.com/privacy/.
Microsoft Ads
On our website, we use the Universal Event Tracking (UET) service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
If you access our website via an advertisement from Microsoft Advertising, Microsoft will place a cookie on your computer (storage period: 13 months), which enables us to collect and evaluate data about your use of our website in connection with a UET tag integrated into our website. Among other aspects, these data include your average length of visit to our website, information as to which areas of our website you have accessed and what actions you have performed, and which Microsoft Advertising advert brought you to our website. It is not possible for us to draw direct conclusions relating to you as an individual in this process.
The data captured using the cookie are transferred to a Microsoft server in the USA, and saved there for a maximum of 180 days. Your data will not be disclosed to third parties in this process. To ensure an adequate level of data protection, we have concluded the “standard contractual clauses” with Microsoft.
If you would not like your data to be processed as explained above, you can object to the processing of your data using the following link: http://choice.microsoft.com/de-DE/opt-out. Data capture requires the setting of a cookie; you may also deactivate the setting of this cookie in your browser settings.
The Universal Event Tracking service is used on the basis of your consent (point a) of the first sentence of Article 6(1) GDPR). You can withdraw your consent at any time in the cookies settings.
Other third-party providers
Tideways
To ensure the technical operation of our site, we use the services of Tideways GmbH, Königswinterer Straße 116, 53227 Bonn, Germany. Tideways enables us to record statistical evaluations of the speed of the website and determine whether the website can be accessed; it also enables the identification and analysis of technical problems with the website. The information provided by the respective browser (e.g. browser, browser version) is collected. In addition, in the event of technical problems, we also collect personal information such as your email address, address information and IP address in order to identify and eliminate the cause of the problem. No personal data are collected for speed measurements and website availability.
The legal basis for the use of Tideways is point f) of the first sentence of Article 6(1) GDPR.
Our legitimate interest in data processing lies in ensuring that our website functions properly, and that communication through the website is properly handled. In relation to the foregoing, we cannot attribute this information to you personally.
Integration of the Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated into this website to display our Trusted Shops quality mark and any collected reviews, as well as to offer Trusted Shops products to shoppers once they have placed an order.
This serves to safeguard our overriding legitimate interests in optimum marketing within the framework of a balancing of interests, by enabling safe buying in accordance with point f) of the first sentence of Article 6(1) GDPR. The Trustbadge and the services advertised with it are an offering from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. The Trustbadge is provided by a CDN provider (content delivery network) as part of order processing. Trusted Shops GmbH also uses service providers from the USA. An adequate level of data protection is ensured. You can find further information on Trusted Shops GmbH’s data protection at https://www.trustedshops.de/impressum/#datenschutz.
When the Trustbadge is accessed, the web server automatically stores a server log file which also contains your IP address, date and time of access, transferred data volume and the requesting provider (access data), and documents the access. Individual elements of access data are stored in a security database for the analysis of security anomalies. The log files are automatically deleted no later than 90 days after they are created.
Further personal data are transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order, or if you have already registered for use. The contractual agreement concluded between you and Trusted Shops shall apply. Personal data are automatically collected from the order data for this purpose. A neutral parameter – an email address hashed using the cryptological one-way function – is used to automatically verify whether you as a buyer are already registered to use a product. Before it is transmitted, the email address is converted into this hash value that cannot be decoded by Trusted Shops. After checking for a match, the parameter is automatically deleted.
This is necessary for the fulfillment of our and Trusted Shops’ overriding legitimate interests in the provision of the buyer protection linked to the specific order and the transactional review services in accordance with point f) of the first sentence of Article 6(1) GDPR. Further details, including about lodging objections, can be found in the Trusted Shops privacy policy linked above and in the Trustbadge.
LinkedIn Insight Tag
We also use the LinkedIn Insight Tag tool from LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland). This tool places a cookie in your web browser, which collects data including the following: IP address, device and browser properties and page events (e.g. page views). These data are encrypted, anonymized within seven days, and the anonymized data are deleted within 90 days.
We do not receive any personal data from LinkedIn, but only anonymized reports on the demographics of our target group and the performance of our advertisements. LinkedIn also offers the option of retargeting via the Insight Tag. We may use these data to display targeted advertising outside its website without identifying our website visitors.
For more information, see LinkedIn’s Privacy Policy. You can find more information on conversion tracking here. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
LinkedIn Insight Tag is used on the basis of your consent (point a) of the first sentence of Article 6(1) GDPR). You can withdraw your consent at any time in the cookies settings.
3. Careers Page
We offer you the possibility to apply online via our careers page.
Your personal data is processed and used exclusively within the application process and for the purposes of recruitment by the Zeppelin company to which you have applied. Further information on data protection can be found in the data protection statement on the careers page, resp. as part of the application process.
We generally prefer applications to be submitted using the online form. This is quick, easy, and saves paper. In exceptional cases we will, however, accept applications by e-mail or post. But note that these applications are also entered immediately into the e-Recruiting System; therefore, the data protection statement for online applications is also relevant in these cases.
In order to submit your application documents, to manage them and to carry out the application process via the Zeppelin e-recruiting system as well as to receive notifications of new position placements in the Zeppelin Group, you may register on our careers page and create a user account. We use the data you provide as part of the registration process exclusively to make the Zeppelin e-recruiting system available to you for the purpose of conducting the application process. The legal basis for the processing of your personal data is the provision of the e-recruiting system to you (Art. 6 para. 1 lit. b) and 88 GDPR in conjunction with the applicable national data protection regulations governing the processing in the context of employment) as well as the fulfillment of our legitimate interests (Art. 6 para. 1 lit. f) GDPR), which consists in providing you with a fast, easy and efficient application process and optimizing our search for suitable candidates. You can find further information in our privacy policy (https://www.zeppelin.com/content/dam/zeppelin/zeppelin-com/career/privacy-notice-for-applicants-en.pdf) and in the imprint.
4. Data security
All data sent by you personally, including your payment details, are transferred using the generally accepted and secure SSL (Secure Socket Layer) standard. SSL is a reliable and proven standard which is used e.g. in online banking.
A secure SSL connection can be identified by the “s” suffixed to the http (i.e. https://...) in the address bar of your browser or by the lock icon in the lower pane of your browser.
We also take suitable technical and organizational security measures to protect your retained personal data against destruction, loss, alteration or unauthorized disclosure or access. Our security measures are continuously improved in line with technological development.
5. Rights of data subjects
As a data subject in the sense of the GDPR, you are entitled to the following rights. To assert these rights, please contact us on:
dataprivacy@zeppelin.com or in writing to the above address of Zeppelin GmbH.
Right of access
Pursuant to Article 15 GDPR, we must provide information about your personal data that we process.
Right to rectification
If the information concerning you is no longer correct, you can request a correction in accordance with Article 16 GDPR. If your data is incomplete, you can request completion.
Right to restriction of processing
In accordance with Article 18 GDPR, you have the right to request a restriction of the processing of your personal data.
Right to erasure
In accordance with Article 17 GDPR, you may request the erasure of your personal data.
Right to data portability
Pursuant to Article 20 GDPR, you have the right to receive personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format. Within the limits of Article 20(1) GDPR, you also have the right to transfer those data to another controller nominated by you.
Withdrawal of consent
You also have the right at any time to withdraw the provided declaration of consent with regard to data protection with immediate effect. The withdrawal of consent does not affect the legality of any processing based on the consent which took place up to the withdrawal thereof.
6. Automated individual decision-making or profiling measures
We do not use automated processing methods for decision-making – including profiling.
7. Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data infringes on data protection law, in accordance with Article 77 (1) GDPR you have the right to lodge a complaint with a data protection supervisory authority of your choice. This also includes the data protection supervisory authority responsible for the controller: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Postfach 10 29 32, 70025 Stuttgart. You can use the following email address for email communication with the supervisory authority: poststelle@lfdi.bwl.de.
8. Storage period for personal data/erasure of personal data
In general, we erase or render anonymous your personal data as soon as they are no longer necessary in relation to the purposes for which we have collected or otherwise processed them in accordance with the foregoing clauses, unless continued storage of your personal data is required to fulfill a legal obligation. Further information about the corresponding deletion periods can be found in the description of the individual data processing operations.
9. Disclosure of data to third parties/recipients of data
The personal data that we collect and retain shall never be used by us for sale, trade or loan. We will only pass on your data to third parties if we are legally obliged or to assert a claim, in the exercise or defense of legal claims, to investigate unlawful use of our Website or products, or for prosecution of a claim (insofar as there are reasonable grounds to suspect unlawful or unfair conduct). Data may also be disclosed for the enforcement of Terms and Conditions of Use or other agreements. We are also obliged to grant access to certain public bodies on request. These include law enforcement authorities, authorities which prosecute administrative offenses, and tax authorities. These data are disclosed on the basis of our legitimate interest in combating misuse, the prosecution of offenses, and the securing, assertion and enforcement of claims. The legal basis is point (f) of Article 6 (1) GDPR.
We rely on contractually bound third-party companies and external service providers (“processors”) to supply our range of products and services. In such cases, personal data are disclosed to these processors to enable further processing thereof. These processors are carefully selected and regularly checked to ensure that your privacy remains protected. The processors may only use the data for the specified purposes, and are also contractually obliged to handle your data in compliance with this data protection statement and the German data protection laws.
10. Contact method/data protection officer
You can contact us through our data protection officer as follows with regard to access to your personal data, to have inaccurate data corrected, blocked or erased, or if you have further questions regarding the use of your personal data.
Zeppelin GmbH
Data Protection Officer
Graf-Zeppelin-Platz 1
85748 Garching near Munich
Tel: +49 89 32 000-0
Fax: +49 89 32 000-482
Email: dataprivacy@zeppelin.com
Please note that access can only granted if you give us, in full: your first name and surname, your current and, if necessary, previous address, your date of birth, and your email address. This information is used exclusively for alignment purposes, which in turn ensures that no unauthorized third party can obtain your personal data. Any product, operation, and/or contract numbers which we have sent to you are also useful and helpful, but not necessary, in enabling us to identify the relevant data quicker.
As of: February 2022