Welcome to our website. The protection of your data is very important to us which is why, we are detailing below how we process your personal data.
Contact details of the responsible person
Falk&Ross Group Europe GmbH
Managing Directors authorized to represent:
Lothar Hiese, Didier Collignon
Ross-Straße 6, 67681 Sembach, Germany
Telephone: +49(0) 6303 800270
Fax: +49(0) 6303 800271
Contact details of the data protection officer
You can reach our external data protection officer at the following e-mail address: email@example.com
General processing of visitor data
The use of our website is generally possible without providing personal data, however, we would like to point out that access data is also collected in this case and stored in the server log files. In particular, this involves the following data:
- - Browser type / your browser version,
- - Date and time of the visit,
- - your IP address.
As a matter of principle, we evaluate this information in anonymized form to defend against attacks and to improve our offer (processing of personal data in the context of a balancing of interests pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR) and subsequently delete it. The data is regularly not traceable to you and is not merged with any other data.
However, in the event of specific indications of unlawful use, we reserve the right to subsequently evaluate the data.
Data categories; data sources
In principle, we process the personal data that is transmitted by you in connection with the use of our website or which you communicate to us in the context of an inquiry, a pre-contractual legal relationship or a contractual relationship. In individual cases and, insofar as this is necessary for the performance of the contract, we also process personal data that has been permissibly taken from publicly accessible sources (e.g. commercial registers, debtor directories, Internet) or permissibly transmitted to us by third parties (e.g. credit agencies).
This may include technical data relating to you (IP address, browser type), personal data (name, date of birth, legal representative), address data (address, e-mail address, contact person), financial data (name of account holder, IBAN, BIC), contract data (contract term, purchased services, cancellations), communication data (correspondence, e-mail traffic), advertising data (advertising letters) and other comparable categories of personal data.
In order to carry out creditworthiness checks, we use the services of the Verband der Vereine Creditreform e.V., Hammfelddamm 13, 41460 Neuss, Germany, and may obtain personal data from them in the event of a query.
Processing of personal data after consent (Art. 6 para. 1 p. 1 lit. a) GDPR)
We obtain consent from you in individual cases for specific purposes expressly designated in connection with the collection of data.
In these cases, data processing is carried out exclusively on the basis of your consent. It may be that the processing of your request is not possible without your consent and must therefore be made dependent on it. The data will be processed exclusively for the purpose(s) expressly stated.
You can revoke the consent you have given at any time with effect for the future. The revocation has no influence on the lawfulness of the processing until the time of revocation.
Processing of personal data for contract execution or contract initiation (Art. 6 para. 1 p. 1 lit. b) GDPR)
Insofar as a contract is concluded with us, we use personal data insofar as this is necessary, for the performance of the contract or for the implementation of pre-contractual measures. The purposes of the data processing depend on the specific contents of the contract, which you can find in the contract documents.
If a contract already exists with us, we process your data in order to verify that you are our contractual partner and in order to properly provide the contractual service owed.
Processing of personal data in the context of a balancing of interests (Art. 6 para. 1 p. 1 lit. f) GDPR)
We process personal data after balancing interests, insofar as this is necessary to protect our interests or the interests of third parties.
Examples of such purposes are:
- - Ensuring the IT security and integrity of our systems
- - Prevention or investigation of criminal offences
- - Assertion of or defense against legal claims
Cross-border data transfer (Art. 49 para. 1 p. 1 lit. a) GDPR)
If personal data is transferred to a third country for which there is no EU adequacy decision, we comply with the data protection requirements for this by basing the data transfer on standard contractual clauses and/or obtaining your consent to this in accordance with Art. 49 (1) sentence 1 lit. a) GDPR.
A data transfer takes place, for example, in connection with the use of Google services. Due to the use of these services, data is transmitted to the United States of America.
In principle, the data transfer only takes place if you give us your consent.
The specific details of the recipient, the personal data transferred and the purpose of the data transfer can be found in the notes on the respective processing below.
Due to the data transfer, there is a risk to your personal data. In the United States of America, there is no level of data protection comparable to EU law (GDPR) and / or national regulations (e.g. BDSG) or sufficient guarantees to ensure that an adequate level of data protection is maintained. Any deficits cannot, moreover, be fully compensated for by other specific guarantees due to the U.S. legal situation. Nevertheless, depending on the service, standard contractual clauses are used in some cases to achieve the greatest possible protection for your data. You can find out whether standard contractual clauses are used in the explanations for the respective services.
You can revoke your consent at any time with effect for the future. The revocation has no influence on the lawfulness of the processing until the time of the revocation.
If you contact us by e-mail or telephone, we process the personal data you provide in order to respond to your inquiry. The legal basis for this is generally Art. 6 (1) p. 1 lit. b) GDPR, but exceptionally, if there is no contractual reference, Art. 6 (1) p. 1 lit. f) GDPR, whereby the legitimate interest lies in the proper response to your inquiry. We delete the data after the final processing of your request, unless there is a contractual or legal obligation to retain the data.
If you send us an inquiry via our contact form, we process the data you provide based on your consent pursuant to Art. 6 (1) p. 1 lit. a) GDPR in order to process your inquiry. In principle, your data will be deleted after processing the request, unless there is a contractual or legal obligation to retain it. If you provide us with contractually relevant information, we will transfer it to our inventory system.
You can revoke your consent at any time with effect for the future using any of the contact details provided.
When an order is placed via our website, we require the personal data necessary to process the order in order to conclude the contract. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. a) GDPR as well as Art. 6 para. 1 p. 1 lit. b) GDPR, as these are pre-contractual measures.
Insofar as a contract is concluded with us, further data processing is based on Art. 6 para. 1 p. 1 lit. b) GDPR.
Our General Terms and Conditions can be found at: https://www.falk-ross.eu/en/General-terms-conditions-oxid/
Insofar as you contact us within the framework of an existing contractual relationship for a purpose that is necessary for the execution of the contract, we also process this data on the basis of Art. 6 para. 1 p. 1 lit. b) GDPR.
We use a storage system of the service provider OXID ESALES AG, Bertoldstraße 48, 79098 Freiburg, Germany ("OXID"). We operate this storage system on our own server infrastructure. No personal data is transmitted to OXID in the process.
If you are a business customer, you have the option of voluntarily opening a customer account, through which your data will be stored within the framework of the contractual relationship with us. The data processing is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR. When registering, the data entered will be stored revocably. You can delete the data you entered as well as the entire account at any time.
Payment service provider
For payment processing, you will be forwarded to the following payment service providers. Your payment data will be transmitted accordingly to the respective payment service provider.
The use of payment service providers is based on Art. 6 para. 1 p. 1 lit. b) GDPR (contract processing) and in the interest of a smooth, convenient and secure payment process (Art. 6 para. 1 p. 1 lit. f) GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 p. 1 lit. a) GDPR is the legal basis for data processing; consents can be revoked at any time with effect for the future.
The data transfer always takes place on the basis of a legal norm or an appropriate contract according to Art. 26 or 28 GDPR, which ensures compliance with all data protection requirements.
As a means of payment, you can choose PayPal, a payment service of PayPal Europe S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (hereinafter: PayPal).
Your data will be transmitted directly to PayPal for the purpose of payment processing or we receive data about your payment from this service provider. Payments are processed via virtual accounts or via a virtual credit card. The data transmitted is that which is required for proper payment and contract processing.
It is not excluded that PayPal forwards your data to third parties for credit and identity checks - as far as this becomes necessary for the fulfillment of contractual obligations. You can find more information about data protection at PayPal under this link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
PayPal may pass on personal data to affiliated companies and other service providers, insofar as this is necessary for the fulfillment of the contract. Insofar as data is transferred to third countries, such as the USA in particular, this is necessary for the performance of your contract with PayPal in accordance with Art. 49 para. 1 p. 1 lit. b) GDPR. In addition, PayPal uses Binding Corporate Rules (Binding Internal Rules), see: https://cnpd.public.lu/en/actualites/national/2018/02/bcr-paypal.html, so that data transfer within the PayPal Group is data protection compliant. For more information on how your data is handled within the PayPal Group, see this link: https://www.paypal.com/de/webapps/mpp/ua/bcr.
You may choose Mastercard, a payment service provided by Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter Mastercard), as your payment method.
Mastercard may transfer data to its parent company in the USA. The data transfer to the USA is based on Mastercard's Binding Corporate Rules (Binding Internal Data Protection Rules) according to Art. 47 GDPR. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
As a means of payment, you may choose Visa, a payment service provided by Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter VISA).
VISA may transfer data to its parent company in the USA. The data transfer to the USA is based on the standard contractual clauses according to Article 46 (2) (c) GDPR of the EU Commission. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.
For credit assessment purposes, we transmit the personal data required for the information request to the Verband der Vereine Creditreform e.V., Hammfelddamm 13, 41460 Neuss ("Creditreform"). The processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to ensure the solvency and willingness to pay of our customers, as well as to assess compliance with contractual obligations on the part of the customer and to ensure economic efficiency in the processing of orders.
For more information on how Creditreform handles your data, please visit: https://www.creditreform.de/datenschutz.
We process your data, in particular name, contact information, curriculum vitae, evidence of academic, professional and vocational achievements and content data that you provide in your cover letter, for the purpose of concluding an employment contract. The legal basis for this data processing is § 26 BDSG. We store your data, should the application not be successful, for 6 months after the end of the application process. Should your application lead to employment, your data will be stored for the duration of the employment relationship.
We ask you not to provide any particularly sensitive data with your application. This concerns data on racial or ethnic origin, political opinion, religious or ideological beliefs or trade union membership, genetic data, biometric data for the unique identification of a natural person, health data, data on sex life or sexual orientation, cf. Art. 9 (1) GDPR.
Various cookies may be used during your visit to our website. These are text files that are placed on your computer and, among other things, enable a smooth visit to our website.
In some cases, cookies are necessary to ensure the functionality or IT security of our website. The use of such function cookies is based on a legitimate interest in enabling the use of our website including its functions according to Art. 6 para. 1 p. 1 lit. f) GDPR.
We may use other non-essential cookies on the basis of Art. 6 para. 1 p. 1 lit. a) GDPR and thus on the basis of your consent. The purposes of the cookies used in each case may include the following:
- - The enabling of the use of special functions,
- - The (pseudonymized) analysis of user behavior in order to optimize our website,
- - Increasing the attractiveness as well as the user experience of our website,
- - Improvement and demand-oriented design of our offer,
Most of the cookies we use are deleted from your computer again after closing the browser (session cookies). Other types of cookies can remain on your computer and allow us to recognize your computer by means of the created usage profile the next time you visit our site (persistent cookies).
You can declare your consent by confirming our cookie banner when you visit our website. Once you have given your consent, you can revoke it at any time with effect for the future.
We use the following cookies:
Is set when you have confirmed the notice about cookies
Session Selected language
Session current URL
unique Session Key
Web analytics and marketing
We use the following services for the purpose of web analysis.
In the context of web analysis, cookies may be used on various pages. These are text files that are placed on your computer and, among other things, enable a smooth visit to our website.
If you consent to the processing of your data within the scope of the opt-in procedure (confirmation of the cookie banner), the lawfulness of the processing of your data is based on consent pursuant to Art. 6 (1) p. 1 lit. a) GDPR, so that we use your data to the extent of the consent you have given for the purposes of marketing and the evaluation of your usage behavior.
The information generated by the cookie about your use of this website is usually transmitted to a Google LLC server in the USA and stored there. If applicable, information about the use of this website and your IP address will be transmitted to a Google server in the USA and also stored on this server. The data transfer is permissible based on your consent according to Art. 49 para. 1 p. 1 lit. a) GDPR. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google, unless you have configured the web and app activity settings in the settings of a Google account to allow Google to merge.
On our website, Google Analytics has been extended by the code "anonymizeIp" in order to be able to record IP addresses anonymously (so-called IP masking).
Please note that if you delete your cookies, the opt-out cookie will also be deleted and may need to be reactivated by you.
Google Tag Manager
We use the Google Tag Manager on our website. The service allows us to manage tags entered on our website (especially from Google Analytics) in one interface. No cookies are used in this process, nor is any personal data collected. The Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.
On some of our subpages, we use a plugin of the provider Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011, USA ("Vimeo").
Information about the use of this website and your IP address are transmitted to a Vimeo server in the USA and also stored on that server. The data transfer takes place with your consent given according to Art. 49 para. 1 p. 1 lit. a) GDPR.
We have no knowledge of the further use of the data by Vimeo. For more information regarding the data protection standards of Vimeo LLC, please refer to the following link: https://vimeo.com/privacy .
Plugins of the social network YouTube are used on our website. The operator of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube").
We rely on your consent to the collection of data in the context of the use of plugins. If you do not consent to the use of data when you first visit our website, the YouTube plug-in will not be activated, so that data will not be transmitted even if you accidentally interact with a YouTube plug-in.
If you consent to the processing of your data by the YouTube plugin as part of the opt-in procedure, the lawfulness of the processing of your data is based on consent pursuant to Art. 6 (1) p. 1 lit. a) GDPR, so that we use your data to the extent of the consent you have given for purposes of linking to YouTube.
If you are on a page of our website on which such a plugin is provided, your browser will only establish a direct connection with the YouTube servers when the user activates the relevant button by clicking on it ("extended data protection mode"). The content of the plugin is then transmitted by YouTube to your browser and integrated by it into the website. By activating the plugin, YouTube receives the information that you have accessed the corresponding page of our website. Content is then transmitted by YouTube to your browser and included on the page. YouTube thereby receives the message that you are on the corresponding page of our website. This happens even in the event that you do not have a profile on YouTube or are not logged in. Personal data (including your IP address) is then automatically forwarded to a YouTube server located in the USA and stored.
A direct assignment on the part of YouTube only occurs if you are logged in to YouTube. A corresponding interaction takes place even if you actively press the corresponding button. The consequence is a publication on your YouTube account and the display in your contacts. Further details on how YouTube handles your personal data can be found on the following page: https://policies.google.com/privacy?hl=de&gl=de
The transfer of data to the USA is permissible based on your consent in accordance with Art. 49 (1) sentence 1 lit. a) GDPR.
If you have registered for our newsletter, we will process the data you have provided based on your consent pursuant to Art. 6 (1) p. 1 lit. a) GDPR in order to send you our newsletter on a regular basis. To register, it is sufficient to only provide an e-mail address. The other information is provided voluntarily. For legal reasons, we also store the IP address and the date of registration.
Our newsletter is sent using "Maileon" a service of XQueue GmbH, Christian-Pleß-Str. 11.13, 63069 Offenbach am Main, with whom we have concluded an order processing agreement. When registering, we use the so-called double opt-in procedure, which requires you to explicitly confirm your e-mail address again, in a second step after you have agreed to receive the newsletter. Only then will the service be activated. In this context, your data will be stored exclusively in the EU area. The data will be used exclusively for sending the newsletter. There is no independent use of data by the service provider.
You can revoke your consent at any time with effect for the future. A link for revocation can be found at the end of each newsletter e-mail. Of course, you can also revoke your consent via the other contact options offered.
We pass on data to other third parties if, and to the extent that we have delegated the performance of tasks to them. Data is only passed on insofar as this is necessary for the performance of the assigned tasks.
We cooperate with the following companies:
- - OXID ESALES AG, Bertoldstraße 48, 79098 Freiburg, Germany
- - XQueue GmbH, Christian-Pleß-Str. 11.13, 63069 Offenbach am Main, Germany
- - Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011, USA
- - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
- - Verband der Vereine Creditreform e.V., Hammfelddamm 13, 41460 Neuss, Germany
- - PayPal Europe S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg
- - Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, Great Britain
- - Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium
Furthermore, service providers can be entrusted with tasks in the following areas, for example:
- - IT maintenance
- - IT development
- - IT deployment
- - Lawyers
Insofar as necessary, we pass on your personal payment data to a credit institution commissioned with the payment processing (SEPA direct debit or receipt) for the purpose of payment processing.
The data transfer always takes place on the basis of a legal norm or a suitable contract according to Art. 26 or 28 GDPR, which ensures compliance with all data protection requirements.
Apart from that, data is only passed on in the cases provided for by law, for example in the case of a legal obligation to provide information to law enforcement authorities. In these cases, the data transfer is legitimized according to Art. 6 para. 1 p. 1 lit. c) GDPR.
Data transfer to a third country
A transfer of data to a third country is generally intended. This transfer will take place on the basis of the consent you have given. Recipients of the data provided by you are the following companies:
- - Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011, USA
- - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
It is also possible that companies with which we cooperate may transfer your data to their parent companies in a third country. These are the following parent companies:
- - 2 PayPal Holdings, Inc., 211 North First Street, San Jose, California 95131, USA
- - Visa Global Privacy Office, 900 Metro Center Blvd. Foster City, CA 94404, USA
- - Mastercard International Incorporated, 2000 Purchase Street Purchase, NY 10577 USA
If data is transferred to a third country on the basis of consent without an adequacy decision or other suitable guarantees being in place at the same time, it must be pointed out on the basis of Article 49 (1) sentence 1 a) GDPR that this entails an increased risk of data processing in the context of the transfer. However, we would like to assure you that thanks to careful selection and constant review of the standards of our contractual partners, potential risks are successfully minimized.
Duration of data storage
Your personal data will be deleted by us without delay as soon as the data is no longer required for the fulfillment of contractual and legal obligations or to safeguard our legitimate interests.
Personal data is stored in the case of a contractual relationship at least for as long as is necessary for the fulfillment of contractual obligations and the exercise of contractual rights. This period may extend beyond the actual contractual period, as the data may still be relevant after the end of the contract, within the framework of the limitation periods. In addition, deletion can only take place once any retention periods under tax and commercial law have expired.
The criteria for the duration of the storage of cookies can be found in the corresponding section.
Data subject rights
As a person affected by the processing of personal data, you have the following rights:
You have the right to request confirmation as to whether personal data is being processed. If this is the case, you have a right to information about the personal data and to the information listed in detail in Article 15 of the GDPR.
You have the right to request from the controller without undue delay the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete personal data (Art. 16 GDPR).
You have the right to demand from the controller that personal data concerning you be deleted without undue delay, provided that one of the reasons listed in detail in paragraph 17 of the GDPR applies, e.g. if the data is no longer needed for the purposes pursued (right to erasure).
You have the right to request the controller to restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you have objected to the processing, for the duration of the controller's review.
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing of this data is based on your consent or on a contract and the processing is carried out with the help of automated procedures (Art. 20 GDPR). When exercising the right to data portability, you have the right to obtain that the personal data be transferred directly from us to another controller, insofar as this is technically feasible (right to data portability).
With regard to the exercise of your rights, you can contact us at any time via the contact options provided on our website.
Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you. The controller will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (Article 21 GDPR).
Right to object to direct advertising
As a rule, we do not engage in direct advertising. Should we nevertheless process your personal data in individual cases for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing (Art. 21 GDPR).
If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
Right of complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR (Article 77 GDPR). You may assert this right before a supervisory authority in the Member State of your residence, workplace or the place of the alleged infringement. In Rhineland-Palatinate, the competent supervisory authority is the Rhineland-Palatinate State Commissioner for Data Protection and Freedom of Information, P.O. Box 3040, 55020 Mainz, Germany, who can be reached at the following email: firstname.lastname@example.org.
More information is available at the following link:
Of course, you can also contact us directly if you are dissatisfied or have questions about data protection. The quickest way to reach our internal contact person on the subject of data protection is to use the contact details listed above.
Obligation to provide data
In principle, there is no obligation to provide data. However, the provision of data may be necessary for the use of certain functions or for the conclusion of a contract. If you do not provide the required data, you will not be able to use certain functions or services or a contract cannot be concluded.
Up-to-dateness and changes of this data protection information
This data protection information is up to date as of February 2023.