Data protection

As the operator of these pages, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection notice.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This data protection notice explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

1. general information
1.1 Provider and responsible body within the meaning of the Data Protection Act

SIMONA AG

Teichweg 16
55606 Kirn
Germany

Phone +49 (0) 67 52 14-0
Fax +49 (0) 67 52 14-211
mail(at)simona-group.com

You can address general inquiries about data protection, such as the enforcement of data subject rights, as well as confidential data protection inquiries to our data protection officer by telephone, post or e-mail:

Ronald Baranowski

SIX DATENSCHUTZ GmbH

Kasseler Str. 30
D – 61118 Bad Vilbel
Tel: +49 6101 982 9422
rb(at)six-datenschutz.de

1.2 Scope of application

This data protection information applies to the following offers:

  • our online offer, available in particular at www.sustainability.simona.de,
  • whenever reference is made to this data protection notice from one of our offers (e.g. websites, subdomains, mobile applications, web services or integrations in third-party sites), regardless of how you access or use it.

All of these offers are also referred to collectively as “services”.

1.3 Integration of third-party services and content

Our offer sometimes includes content, services and benefits from other providers. In order for this data to be accessed and displayed in the user’s browser, the transmission of the IP address is mandatory. The providers (hereinafter referred to as “third-party providers”) therefore perceive the IP address of the respective user.

Even if we endeavor to only use third-party providers who only need the IP address to be able to deliver content, we have no influence on whether the IP address may be stored. In this case, this process is used for statistical purposes, among other things. If we are aware that the IP address is stored, we will inform our users accordingly.

1.4 Transfer of personal data to third countries

If we transfer data to third countries, i.e. countries outside the European Union, then the transfer takes place exclusively in compliance with the legally regulated admissibility requirements.

If the transfer of the data to a third country does not serve to fulfill our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defense of legal claims and no other exception under Art. 49 GDPR applies, we will only transfer your data to a third country if an adequacy decision pursuant to Art. 45 GDPR or suitable guarantees pursuant to Art. 46 GDPR exist.

An adequate level of data protection in the USA was last declared by the “Data Privacy Framework (DPF)” adequacy decision adopted in July 2023. US companies must be certified in order to be listed. You can find the adequacy decision here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

We have agreed so-called EU standard data protection clauses with the providers in third countries and, in some cases, data processing on servers in Germany and the EU. Timely data deletion reduces the risk of unauthorized access.

Alternatively or additionally, by concluding the EU standard data protection clauses issued by the European Commission with the receiving body, suitable guarantees pursuant to Art. 46 para. 2 c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available on the European Commission’s website, available here.

1.5 Disclosure of data to third parties

Your data will not be transmitted to unauthorized third parties. Insofar as external service providers receive your personal data, we have ensured that they implement appropriate technical and organizational measures and that they comply with the applicable data protection regulations and laws.

1.6 Data minimization

In accordance with the principles of data avoidance and data economy, we only store personal data for as long as is necessary or prescribed by law (statutory retention period). If the purpose of the collected data no longer applies or if the storage period ends, we block or delete the data.

2. processing in detail

Below we inform you for what purpose, in what way and to what extent your personal data may be processed when you visit our website.

2.1 Collection of personal data when visiting our website

If you use the website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR, legitimate interest):

  • IP address
    – Hostname
    – Date and time of the request
    – Time zone difference to Greenwich Mean Time (GMT)
    – Content of the request (specific page)
    – Access status/HTTP status code
    – Amount of data transferred in each case
    – Website from which the request comes (referrer)
    – The specific pages you visit on our website
    – Browser: Type, version and set language
    – Operating system: type and version

JavaScript is also activated:

  • Screen resolution
    – Color depth
    – Size of the browser window
    – Installed browser plugins
2.2 Cookies

This website uses so-called cookies. These are text files that are stored on your computer by the server. They may contain information about the browser, the IP address, the operating system and the Internet connection. We will not pass this data on to third parties or link it to personal data without your consent.

Cookies fulfill two main tasks. They help us to make it easier for you to navigate through our website and enable the website to be displayed correctly. They are not used to infiltrate viruses or start programs.

Users have the option of accessing our website without cookies. To do this, the corresponding settings must be changed in the browser. Please use the help function of your browser to find out how to deactivate cookies. However, we would like to point out that this may impair some of the functions of this website and limit the ease of use.

The websites www.aboutads.info/choices/ (USA) and www.youronlinechoices.com/uk/your-ad-choices/ (Europe) allow you to manage interest-based advertising.

2.3 Use of essential cookies

Essential cookies do not require your consent and are stored in accordance with Art. 6 para. 1 lit. f) GDPR processed by us. Our legitimate interest here is the smooth and optimal use and presentation of our website.

2.4 Cookie consent / consent required for the use of services by third-party providers

On our website we use the cookie consent tool “complianz” from Complianz BV, Kalmarweg 14-5, 9723 JG, Groningen (NL) (hereinafter referred to as “complianz”). The purpose of this processing is to obtain your consent for the technically unnecessary cookies used on our website and to document them in accordance with applicable data protection regulations and laws.

When you visit our website, a cookie is stored in your browser in which the consents you have given or the revocation of these consents are documented.

The legal basis for this data processing is Art. 6 para. 1 lit. c) GDPR – legal obligation, which consists in the fact that cookies that are not technically necessary must be deleted before they are used in accordance with Art. 6 para. 1 lit. f GDPR. ECJ ruling of October 1, 2019, AZ C-673/17, consent must be obtained.

The data collected will be stored until you ask us to delete it or delete the cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Further details on data processing by the provider can be found here.

2.5 Contact form

On our website, we offer you the opportunity to contact us via the online form or by e-mail. In this case, the information you provide will be stored for the purpose of processing the contact. The disclosure of your data is completely voluntary.

The processing of the data transmitted by you takes place exclusively on the basis of your consent (Art. 6 para. 1 lit. a) GDPR) or if you wish to conclude a contract with us or have questions about this (Art. 6 para. 1 b) GDPR). You can withdraw your consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data will not be passed on to unauthorized third parties. The data collected in this way is also not compared with data that may be collected by other components of our website. The services offered can – as far as technically possible and reasonable – also be used without providing this data or by providing anonymized data or a pseudonym.

Your data will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

2.6 Registration as a customer

You have the option of registering as a customer and sending us your inquiry about your desired product as part of this registration. For this type of processing, we require your personal data, company name, contact details, any files relating to your product and other data that you wish to send us.

The processing of the data transmitted by you takes place exclusively on the basis of your consent (Art. 6 para. 1 lit. a) GDPR) or if you wish to conclude a contract with us or have questions about this (Art. 6 para. 1 b) GDPR). You can withdraw your consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data will not be passed on to unauthorized third parties. The data collected in this way is also not compared with data that may be collected by other components of our website. The services offered can – as far as technically possible and reasonable – also be used without providing this data or by providing anonymized data or a pseudonym.

Your data will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

2.7 WordPress

Our website was created using the WordPress open source content management system. This service is provided by Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA) (hereinafter: “WordPress”). WordPress provides us with statistics when using this service so that we can analyze and optimize our website. Only anonymized data is collected and stored for these statistics (e.g. IP address). This means that WordPress cannot make any reference to your person. In addition, transaction data is collected for this purpose:

  • the address of the page accessed
  • Browser and browser version
  • the operating system used
  • the address of the previously visited website (referrer URL)
  • Host name of the device from which access is made
  • Date and time
  • Country/city information
  • Number of visitors coming from a search engine
  • Duration of the website visit
  • Clicks on the website

We also use WordPress extensions, offered by various service providers, with which we can design the website in a visual and user-friendly way (e.g. “Elementor”, www.elementor.com).

The data is stored locally until it is no longer required for the above-mentioned purposes.

The legal basis for this type of processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can revoke your consent at any time in the cookie settings. You can find more information here: https://automattic.com/de/privacy

2.8 etracker

We use the services of etracker GmbH (Erste Brunnenstr. 1, 20459 Hamburg, Germany, www.etracker.com) to analyze usage data. Cookies are used to statistically analyze the use of this website by its visitors and to display usage-related content or advertising. etracker cookies do not contain any information that enables a user to be identified.

The data generated with etracker is processed and stored by etracker on our behalf exclusively in Germany and is therefore subject to strict German and European data protection laws and standards. etracker has been independently tested, certified and awarded the ePrivacyseal data protection seal of approval.

Data processing is carried out on the legal basis of Art. 6 para. 1 lit. f) (legitimate interest) GDPR Our legitimate interest lies in the optimization of our online offering and our website. Since the privacy of our visitors is particularly important to us, etracker anonymizes the IP address as early as possible and converts login or device identifiers into a unique key that is not assigned to a person. No other use, merging with other data or disclosure to third parties is carried out by etracker.

You can object to the data processing described above at any time, insofar as it is personal. Your objection has no negative consequences for you.
Further information on data protection at etracker can be found here.

2.9 Social media

We maintain publicly accessible profiles in the social networks to which we provide links on our website. The responsible body is therefore responsible for the respective presence in the respective social network.

As a rule, social networks analyze your user behavior comprehensively when you visit their websites. Visiting the social media sites therefore triggers numerous data protection-relevant processing operations over which we have no influence.

If you are logged into your social media account and visit a social media site, the operator of the social network can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social network. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social networks can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you within and outside the respective social networks. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we are not able to track all processing operations of the social networks. Depending on the provider, further processing operations may therefore be carried out. For details, please refer to the terms of use and privacy policy of the respective social network (see below).

Social networks in detail:
Instagram

The operating company of the Instagram services is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

The data collected is also transmitted to the USA and other third countries and stored on servers in the USA or other third countries. We have concluded an agreement with Meta on joint responsibility (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit the Instagram page. You can view this agreement under the following link:

www.facebook.com/legal/terms/page_controller_addendum

You can adjust your advertising settings yourself in your user account. Click on the following link and log in:

https://help.instagram.com/131112217071354

Details can be found in Instagram’s privacy policy:

https://about.instagram.com/de-de/safety

Further information and Instagram’s applicable privacy policy can be found at help.instagram.com/155833707900388 and www.instagram.com/about/legal/privacy/.

Web messaging service Twitter/X Corp.

We have a Twitter profile. This service is provided by X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Within the European Union, X Corp. is represented by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND (hereinafter: Twitter). In the following, this service is referred to as “Twitter”. Twitter offers the so-called “Tweet” function. This allows you to publish messages up to 280 characters long, including website links, in your own Twitter account. If you use the “Tweet” function of Twitter on our website, the respective website will be linked to your account on Twitter and may be publicly announced there. Data will also be transmitted to Twitter in the process.

We have no knowledge of the content of the transmitted data and its use by Twitter. For more information, please consult Twitter’s privacy policy: https://twitter.com/de/privacy

Twitter offers you the opportunity to define your own data protection settings under the following link: http://twitter.com/account/settings.

LinkedIn

LinkedIn Corporation (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2 Ireland ) https://www.linkedin.com/legal/privacy-policy

Xing

New Work SE, Am Strandkai 1, 20457 Hamburg https://privacy.xing.com/de/datenschutzerklaerung

2.10 Data protection for applications and in the application process

The data controller collects and processes the personal data of applicants for the purpose of handling the application process and for the decision on the establishment of an employment relationship. This is done on the basis of Art. 88 para. 1 GDPR in conjunction with (in conjunction with) Section 26 of the Federal Data Protection Act (BDSG) and Art. 6 para. 1 lit. b) GDPR – pre-contractual measures. Processing can also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a web form on the website. Your data will only be forwarded to the departments responsible for the application process.

If the controller concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any contractual, legal or other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in a defense in proceedings under the General Equal Treatment Act (AGG).

3 Your rights

Information, blocking, erasure and rectification

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data. You can contact us or our data protection officer at any time at the address given in the legal notice if you have further questions on the subject of personal data.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. All you need to do is send us an informal message by e-mail. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection and direct marketing (Art. 21 GDPR)

If the data processing is based on Art. 6 para. 1 lit. a or f GDPR (consent or legitimate interest), you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection information. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR).

If you are a customer with us, your data may also be used for direct advertising if it concerns the same or similar topics in connection with the services you have commissioned. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right of appeal exists without prejudice to other administrative or judicial remedies.

The supervisory authority responsible for us is

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Hintere Bleiche 34
55116 Mainz

Phone: +49 (0) 6131 8920-0

Fax: +49 (0) 6131 8920-299

poststelle(at)datenschutz.rlp.de

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you file an objection pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

4 Changes to our privacy policy

We reserve the right to make changes at any time in order to ensure that our data protection information always complies with the current legal requirements. This also applies in the event that the data protection information has to be adapted due to new or revised services, for example new services. The new data protection information will then apply the next time you visit our website. This data protection notice was last updated in March 2024.