CDH-AG

CDH AG PRIVACY POLICY

Thank you for visiting the CDH AG website and for your interest in our range of services.

The following statement provides an overview of the type of data that is processed, the scope of such processing and the purpose for which it is carried out, and we would like to inform you of your rights in this regard.

I. Name and address of the controller

The controller within the meaning of the GDPR and other national data protection laws of the Member States as well as other data protection regulations is:

CDH AG
Despag-Straße 3
85055 Ingolstadt
Germany

Tel: +49 (0) 8 41 9 74 81-0
Fax: +49 (0) 8 41 9 74 81-17
Email: cdh@cdh-ag.com
Website: www.cdh-ag.com 

II. Data protection officer

Following legal review by a commissioned solicitor and regulatory assessment of the situation by the Bavarian State Office for Data Protection Supervision (BayLDA), the appointment of a data protection officer is not required for CDH AG under the GDPR, as the specific requirements of Art. 37(1) GDPR are not met and there are no circumstances under § 38(1) BDSG (new).

If you have any questions about how we handle your personal data and how to exercise your rights as a data subject, you can contact us at any time using the contact details above.

III. General information on data processing

1. Scope of personal data processinging

We collect and use your personal data as a visitor to our website only to the extent necessary to provide a functional website and our content and services. The collection and use of your personal data is generally only carried out with your consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR serves as the legal basis ( ). This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • Information about the browser type and version used
  • The user’s operating system
  • The user’s Internet service provider
  • The user’s IP address
  • Date and time of access
  • Websites from which the user’s system accesses our website
  • Websites accessed by the user’s system via our website

The data is also stored in our system’s log files. This data is not stored together with other personal data relating to the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address

must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6(1)(f) GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.

In the case of data storage in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of users are deleted or anonymised so that it is no longer possible to identify the accessing client.

5. Right to object and right to erasure

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.

V. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the browser used to access the site can be identified even after a page change.

The following data is stored and transmitted in the cookies:

  • Language settings
  • Login information

We also use cookies on our website that enable us to analyse the surfing behaviour of users.

This allows the following data to be transmitted:

  • Search terms entered
  • Frequency of page views
  • Use of website functions

The user data collected in this way is pseudonymised by technical means. This means that it is no longer possible to assign the data to the user who accessed the site. The data is not stored together with other personal data relating to the user.

When visiting our website, users are informed about the use of cookies for analysis purposes via an information banner and referred to this privacy policy. In this context, there is also a note on how to prevent cookies from being stored in the browser settings.

2. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies within the meaning of Section 25 (2) No. 2 TTDSG is Article 6 (1) sentence 1 lit. f) GDPR. The legal basis for the use of technically non-necessary cookies, e.g. for analysis purposes within the meaning of Section 25 (1) TTDSG, is Art. 6 (1) sentence 1 lit. a) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

We require cookies for the following applications:

  • Transfer of language settings
  • Remembering search terms

The user data collected by technically necessary cookies is not used to create user profiles.

Analytical cookies are used for the purpose of improving the quality of our website and its content. Analytical cookies tell us how the website is used, enabling us to continuously optimise our offering.

These purposes also constitute our legitimate interest in processing personal data in accordance with Art. 6(1)(f) GDPR.

4. Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

5. Cookie Policy

You can change your cookie preferences at any time using our consent tool (see Chapter V, Section 5. „Usercentrics“) by accessing the consent settings and changing your selection there. When you visit our website, a cookie consent banner will inform you about the use of cookies for analysis purposes and obtain your consent to the processing of personal data used in this context.

You can configure your browser settings according to your preferences using the cookie consent banner we use and, for example, refuse to accept all cookies (except those that are technically necessary). You can deactivate or restrict the storage of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. Please note that in such cases you may not be able to use all the functions of this website.

VI. Input forms for trial Installation and applications

1. Description and scope of data processing

On our website, we offer you the opportunity to register by providing personal data in order to receive test versions or to apply online for a vacancy in our company. The data is entered into an input mask, transmitted to us and stored. The data is not passed on to third parties.

The following data is collected during the registration process:

  • Selection of the desired product* for the trial installation or job vacancies* to which an application is being made
  • Company* (in the case of a request for a trial installation)
  • Salutation
  • Title
  • First name*
  • Surname*
  • Street*
  • Address supplement
  • Postcode*
  • Town*
  • Country*
  • Telephone number*
  • E-mail address*
  • Application documents* (if applying for a job)
  • Your message* (if applying for a job)

The data fields marked with * are mandatory; without this information, a trial placement or application cannot be processed.

The following data is also stored at the time of registration:

  • The user’s IP address
  • Date and time of registration

As part of the registration process, the user’s consent to the processing of this data is obtained and reference is made to this privacy policy.

2. Legal basis for data processing

The legal basis for data processing is Art. 6 para. 1 lit. a GDPR if the user has given their consent.

If the registration serves to fulfil a contract to which the user is a party or to implement pre-contractual measures, the additional legal basis for the processing of the data is Article 6(1)(b) GDPR.

3. Purpose of data processing

User registration is necessary for the provision of certain content and services on our website (e.g. trial version) or for the implementation of pre-contractual measures (e.g. application).

In the event of a request for a trial version, we require the requested data in order to identify you as the person requesting the trial version and to contact you to provide the desired trial version.

In the event of an application, we require the requested data in order to identify you as an applicant, to make an initial pre-selection regarding your suitability for the vacancy based on the documents submitted, and to contact you during the application process.

The data and information you provide as an applicant will be used exclusively for the application process and will only be stored in our personalised database if you give us your consent in accordance with Art. 6(1)(a) GDPR.

Your personal data will not be passed on to third parties. Exceptions to this are (potential) customers who may receive the applicant’s data in anonymised form during the application process, insofar as this is necessary to assess the applicant’s suitability for the customer. However, under no circumstances will we disclose data that could reveal the identity of the applicant without first obtaining your consent in accordance with Art. 6 (1) (a) GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

At your request, an application can also be added to our applicant pool so that it can be considered for future vacancies. You can request the deletion or blocking of your data at any time. In such a case, however, your application can no longer be considered for positions within our company.

Instead of deleting the applicant’s personal data, we reserve the right to restrict the data for further use only if we have a legitimate interest in doing so, in particular to comply with statutory retention periods or to document the non-discriminatory nature of our application procedures. The usual restriction period for application documents is three months after sending notification of our decision to reject an application.

5. Right to object and right to erasure

As a user, you can cancel your registration at any time. You can change the data stored about you at any time by simply notifying us using the contact details provided in Section I or by re-entering the data fields. In the event of re-entry, we will use the form last sent to us and the documents last submitted.

If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations preventing deletion.

VII. Contact form

1. Description and scope of data processing

Our website features a contact form that can be used to contact us electronically. If a user chooses to do so, the data entered in the input mask will be transmitted to us and stored. This data includes:

  • Company
  • Salutation
  • Title
  • First name*
  • Surname*
  • Street*
  • Additional address
  • Postcode*
  • Town*
  • Country*
  • Telephone number*
  • E-mail address*
  • Your message*

When the message is sent, the following data is also stored:

  • The user’s IP address
  • Date and time of registration

Your consent will be obtained for the processing of data during the sending process and reference will be made to this privacy policy.

Alternatively, you can contact us via the e-mail address provided. In this case, your personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

We endeavour to store your personal data in such a way that it is not accessible to third parties by taking all technical and organisational measures possible. However, we cannot guarantee complete data security when communicating by e-mail, so we recommend that you send confidential information by post.

2. Legal basis for data processing

The legal basis for processing the data is Art. 6 para. 1 lit. a GDPR if the user has given their consent.

The legal basis for processing data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

The processing of personal data from the input mask serves us solely for the purpose of processing the contact request. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Right to object and right to erasure

The user has the option of revoking their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

Withdrawal of consent and objection to storage can be submitted to us by simple text message, letter, fax or e-mail.

In this case, all personal data stored in the course of contacting us will be deleted.

VIII. Web analysis by Google Analytics 4

1. Scope of processing of personal data

If you have given your consent, Google Analytics 4, a web analytics service provided by Google LLC, is used on this website. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

2. Nature and purpose of processing

Google Analytics uses cookies that enable an analysis of your use of our website. In particular, the cookies “_ga” and “ga<container ID>” are used to recognise you as a user and identify your session; they are stored for a period of 2 years. If Google Analytics is linked to other Google services (e.g. Google Ads) and the advertising functions are active (Google signals), the advertising cookie “IDE” may also be set; this third-party cookie has a storage period of approximately 13 months in the EU. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

In Google Analytics 4, IP address anonymisation is enabled by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. Google Analytics 4 is also configured so that optimised analytics (automatic collection of predefined standard events) are enabled. During your visit to the website, your user behaviour is recorded in the form of “events”. Events can include, among other things:

  • Page views
  • First visit to the website
  • Start of session
  • Websites visited
  • Your “click path”, interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Ads viewed/clicked
  • Language settings

The following is also recorded:

  • Your approximate location (region)
  • Date and time of visit
  • Your IP address (in abbreviated form)
  • Technical information about your browser and the devices you use (e.g. language setting, screen resolution)
  • Your internet service provider
  • the referrer URL (the website/advertisement through which you arrived at our website)

3. Purposes of processing

On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website. In addition, the activation of Google signals enables a cross-device evaluation of user behaviour and the creation of pseudonymous usage profiles [NEW]. This allows us to assign visitors to our website to specific target groups and then to address them again via Google advertising networks with individually tailored advertising (“remarketing”).

4. Recipients

The recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

5. Third country transfer

The European Commission adopted an adequacy decision for the United States on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and transfer to third countries (e.g. Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

6. Storage period

The user and event data we send and link to cookies is automatically deleted after 2 months at the latest. Google Analytics 4 offers a choice of 2 months or a maximum of 14 months for the storage of this data; we have opted for the shortest possible duration. The maximum lifetime of Google Analytics cookies is 2 years. Data whose retention period has expired is automatically deleted once a month.

7. Legal basis

The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) (1) TTDSG.

8. Revocation

You can withdraw your consent at any time with future effect by accessing the cookie settings via our consent tool and changing your selection there. The lawfulness of the processing carried out on the basis of your consent until withdrawal remains unaffected.

You can also prevent cookies from being stored in the first place by adjusting your browser software settings accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by cookies and relating to your use of the website (including your IP address) by either not giving your consent to the setting of cookies in the first place or by downloading and installing the browser add-on to deactivate Google Analytics. For more information on the terms of use of Google Analytics and data protection at Google, please visit
https://marketingplatform.google.com/about/analytics/terms/de/ and
https://policies.google.com/?hl=de.

IX. Use of additional tools and integrated third-party services on our website

1. OpenStreetMap

Our website uses the OpenStreetMap map service to display geographical information interactively. The provider is the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom (“OpenStreetMap”). When you visit a website that includes an OpenStreetMap map, your consent is first obtained. Only after you have given your consent will your browser establish a connection to the OpenStreetMap servers to load the map. In doing so, personal data is transmitted to OpenStreetMap – in particular your IP address (to deliver the map data to your device) and technical usage data (e.g. browser type, operating system and the website you are coming from). To the best of our knowledge, OpenStreetMap does not set any cookies for the provision of the maps. OpenStreetMap uses the transmitted data exclusively for the display of the map and for the temporary storage of settings (e.g. selected map section).

The recipient of the data is the OpenStreetMap Foundation in the United Kingdom. The United Kingdom is considered a third country outside the EU for data protection purposes. However, the European Commission has issued an adequacy decision for the United Kingdom in accordance with Art. 45 GDPR, ensuring an adequate level of data protection. The legal basis for the data processing described is your consent in accordance with Art. 6 (1) (a) GDPR. Since OpenStreetMap does not store any information on your device, the scope of application of § 25 TTDSG is not affected here. You can revoke your consent at any time with future effect by adjusting the corresponding cookie/privacy settings on our website; in this case, the OpenStreetMap map will no longer be loaded. Further information on data processing by OpenStreetMap can be found in the OpenStreetMap privacy policy.

2. Adobe Fonts

Our website uses Adobe Fonts (formerly Adobe Typekit), a service for providing web fonts, to display our content in a uniform and appealing manner. The provider is Adobe Systems Software Ireland Ltd., 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (EU) or Adobe Inc., 345 Park Avenue, San Jose, CA 95110, USA (collectively “Adobe”). When you visit a page, your browser loads the required fonts directly from Adobe servers. This establishes a connection to Adobe and gives Adobe access to certain data from your browser. In particular, Adobe learns that our website has been accessed via your IP address. In addition, technical information (such as the browser type used, the font requested and the host name of our site) is transmitted for the purpose of processing the font delivery. According to Adobe, no cookies are set for the provision of Adobe Fonts and your IP address is not permanently stored by Adobe, but only used temporarily to enable font transmission. The information collected by Adobe is primarily used for licence billing and technical provision of the fonts; we have no access to or influence on this data processing. Further details can be found in Adobe’s privacy policy.

The recipient of the data is Adobe. Processing may also take place on servers in the USA. The USA is a third country without an adequate level of data protection within the meaning of the GDPR (Schrems II ruling). We have concluded standard contractual clauses with Adobe in accordance with Art. 46 GDPR in order to establish a level of data protection that complies with EU law. Nevertheless, we would like to point out that when personal data is transferred to the USA, security authorities may access this data without you having any effective legal remedies. Insofar as Adobe Fonts is technically necessary for the display of our website and no information is stored on your end device, Section 25 (2) No. 2 TTDSG applies. The legal basis for the described data processing is our legitimate interest in a uniform and efficient website design in accordance with Art. 6 (1) (f) GDPR. A balancing of interests has shown that your fundamental rights and freedoms do not outweigh this, as the integration of fonts only slightly interferes with your privacy and Adobe, according to its own statement, does not create usage profiles. If you wish to deactivate Adobe Fonts in your browser or object to its use, you can do so by adjusting your settings or using add-ons; in this case, your display will use standard fonts.

3. unpkg (content delivery network)

We use the content delivery network “unpkg” on our website to provide certain JavaScript and CSS libraries quickly and reliably. This allows page content to be loaded efficiently from a network of distributed servers, which improves loading times and reduces the load on our servers. unpkg is technically operated via the network of the provider Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. When you visit our website, your browser connects to the unpkg/Cloudflare servers to retrieve the necessary files (e.g. scripts). In doing so, your personal data is transmitted to Cloudflare, in particular your IP address and, if applicable, device-related information (e.g. browser type, operating system and time of request). This transfer is technically necessary so that your browser can load the latest version of the required libraries. To our knowledge, unpkg and Cloudflare do not set any tracking cookies for this purpose; any caching in the browser is only done to make the service efficient and is one of the technically necessary processes.

The recipient of the data is Cloudflare in the USA. Your data may be transported via servers worldwide and processed there; this may also involve storage on US servers. As a third country without a recognised level of data protection, the USA is subject to particular risks (e.g. access by US authorities). We have agreed standard data protection clauses with Cloudflare in accordance with Art. 46 GDPR in order to provide appropriate guarantees for data protection. Nevertheless, a level of protection that is completely equivalent to that in the EU cannot be guaranteed. However, the use of unpkg is necessary in order to be able to technically provide you with the website you have accessed. In this respect, processing is absolutely necessary for the provision of our online services within the meaning of Section 25 (2) No. 2 TTDSG. The legal basis is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in the secure and high-performance delivery of website content. This legitimate interest outweighs any data protection risks, especially since processing by unpkg is limited to the minimum necessary (IP transmission for retrieving files) and no further profiling takes place. If you still do not wish to use unpkg, you can deactivate JavaScript in your browser; however, please note that our website may not be fully functional in this case.

4. Usercentrics Consent Management Platform

Our website uses the consent management platform “Usercentrics” from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This tool enables us to obtain, manage and legally document the necessary user consent for non-essential services (Art. 7 (1), Art. 5 (2) GDPR). When you visit our website, Usercentrics is integrated to display the cookie consent banner and save your preferences. In this context, the following personal data is transferred to Usercentrics or collected by Usercentrics:

  • Consent data: Which consents you give or revoke (for individual categories/services).
  • Device and browser information: e.g. IP address (anonymised or truncated, if possible), information about your browser, your device and your operating system.
  • Timestamp: Time of your selection/consent on our consent banner.

In addition, Usercentrics stores a necessary cookie in your browser to retain your data protection settings and consent preferences (cookie duration: 1 year). This cookie is technically necessary to store your selection and is therefore set without separate consent in accordance with Section 25 (2) No. 2 TTDSG. Usercentrics acts as a processor for us within the meaning of Art. 28 GDPR. We have concluded a corresponding contract for order processing with Usercentrics. The processing of the aforementioned data is carried out exclusively for the purpose of managing your consents and providing evidence to supervisory authorities of consents granted or refused. Usercentrics stores the data on European servers (currently Google Cloud data centres in the EU, e.g. in Frankfurt/Main and Belgium). However, it cannot be ruled out that, in the event of maintenance or support, data may be transferred to the USA or that US authorities may gain access to the data due to American laws. In this case, we have also concluded EU standard contractual clauses with Usercentrics and its subcontractors to ensure an adequate level of data protection.

The legal basis for the processing of the aforementioned data (with the exception of absolutely necessary cookies) is Art. 6 (1) (f) GDPR. Our legitimate interest lies in fulfilling the legal requirements of the GDPR/TTDSG, namely documented and managed consent control, as well as the overall data protection-compliant design of our website. Processing in accordance with Art. 6 (1) (f) GDPR is justified insofar as it serves to comply with our legal obligations and to safeguard your rights of choice, and without this measure, the use of technologies requiring consent on our part would not be legally permissible. The data collected by Usercentrics is deleted as soon as it is no longer required for the purpose of logging and verification. Your consent history is generally stored for the duration of your website use and retained for as long as we are required by law to provide evidence of consent. You can view and change your privacy settings at any time via the “Cookie settings” link (in the footer of our website) and also revoke any consents you have already given with effect for the future. Further information on data processing by Usercentrics can be found in Usercentrics’ privacy policy.

5. Google reCAPTCHA

We use Google reCAPTCHA on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The service is used to check whether entries in forms are made by a natural person or by automated systems. This security measure protects our technical systems from abusive requests, bots and spam.

When you visit a page that includes reCAPTCHA, you will first be asked for your consent to this service. Once you have given your consent, your browser will load the reCAPTCHA component and establish a connection to Google’s servers. In doing so, personal data will be transmitted that Google needs to evaluate your interaction. This includes, in particular

  • your IP address
  • technical information about your browser and your device
  • information about your operating system
  • the date and time of the page visit
  • referrer URL
  • Mouse and keyboard activities within the reCAPTCHA window
  • Any previously set Google cookies

Google compiles this information for analysis and to prevent misuse. According to its own statements, Google does not use the collected data to display user-related advertising. However, some of the processing is also carried out for training purposes to improve the service’s recognition patterns.

The recipient of the data is Google Ireland Limited as the European branch. Data may be transferred to third countries, in particular to the USA. Google LLC is certified under the EU-US Data Privacy Framework. In addition, standard contractual clauses pursuant to Art. 46 GDPR exist to ensure an adequate level of data protection. Nevertheless, it cannot be completely ruled out that US authorities could access the data without the data subjects having effective legal remedies available to them.

The legal basis for data processing is your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TTDSG, because reCAPTCHA can only be provided technically by accessing functions on your device and transferring personal data. You can revoke your consent at any time with future effect using the consent tool.

Further information on Google’s handling of personal data can be found at https://policies.google.com/privacy and https://www.google.com/recaptcha/.

X. Data security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from access by third parties. These measures are adapted in line with the latest technological developments. Information that you entrust to CDH AG in contact forms is transmitted securely using modern internet technology and used exclusively for the intended purpose. We use a transmission method based on the SSL protocol (Secure Sockets Layer protocol). The latter enables encryption of all data traffic between your browser and our server. This protects your data from manipulation and unauthorised access by third parties during transmission.

XI. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis CDH AG as the controller within the meaning of the GDPR:

  • pursuant to Art. 15 GDPR, to request information on the categories of data processed, the purposes of processing, any recipients of the data and the planned storage period,
  • pursuant to Art. 16 GDPR, to assert the right to rectification and completion of inaccurate or incomplete data,
  • pursuant to Art. 21(1) GDPR, to object to data processing carried out on the basis of a legitimate interest for reasons arising from your particular situation; if the data processing is carried out for the purpose of direct marketing or profiling in connection with direct marketing, you may object to the processing at any time in accordance with Art. 21(2) GDPR and request the deletion of data, provided that the requirements of Art. 17 GDPR are met; This applies in particular if the data is no longer required for the intended purpose or if you have lodged an objection or withdrawn your consent.
  • to request the restriction of data, provided that the conditions set out in Article 18 of the GDPR are met, in particular where erasure is not possible or the obligation to erase is disputed;
  • to receive the data concerning you that you have provided to a controller in a commonly used, machine-readable format in accordance with Article 20 of the GDPR, or to request its transfer to others; if the data processing is based on your consent or within the framework of a contract, you have the right to transfer the data you have provided, provided that this does not affect the rights and freedoms of other persons;
  • to withdraw consent at any time with effect for the future (Art. 7(3) GDPR); processing carried out prior to withdrawal remains unaffected  by the withdrawal. 

To exercise the above rights, please contact cdh@cdh-ag.com.

You also have the right to complain to a supervisory authority about data processing. To do so, you can contact the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany, or your local data protection authority.

XII. Information about your right to object under Article 21 of the GDPR

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing based on a balancing of interests).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection can be made informally and should be addressed to:

CDH AG
Despag-Straße 3
D-85055 Ingolstadt
Germany

E-mail: cdh@cdh-ag.com

XIII. Status and changes to the privacy policy

The privacy policy of CDH AG in its currently valid version applies.

Status: November 2025

We reserve the right to supplement and amend the content of this privacy policy. The updated information shall apply from the date of its validity (see above).