Privacy Policy

General Information

In principle, we process personal data only insofar as this is necessary to provide a functioning website and our content and services of our Group companies. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
For the purposes of this Privacy Policy and applicable data protection legislation, our Group company Rosenxt Creation Center GmbH is the Data Controller of the personal information we receive about you.

Website

When you visit our external or internal websites, our customer portal, use our applications, or access our online services (collectively referred to as “Online Offerings”), we may process the following categories of personal data:

  • Contact details: such as your full name, work address, work phone and mobile numbers, and work email address,
  • Organizational information: including your job title and company name,
  • User-submitted information: such as details provided through support requests, surveys, comments, or forum posts,
  • Additional data you provide: by completing forms within our Online Offerings,
  • Usage and interaction data: including device and user identifiers, operating system details, pages and services accessed, and the date and time of each visit.

We process your personal data for the following purposes:

  • To deliver the features and functions of our Online Offerings, including account creation and management, updates, security, troubleshooting, support, and ongoing improvement and development,
  • To process billing related to your use of our Online Offerings
  • To verify your identity,
  • To respond to and fulfill your requests or instructions,
  • To process orders and provide access to specific information or offers,
  • To contact you with information and offers about our products and services, provide additional marketing materials, or invite you to participate in customer satisfaction surveys (as described in Section 4),
  • To enforce our Online Offering terms, our Customer Portal, establish or defend legal claims, and prevent fraud or other unlawful activities, including safeguarding our IT systems.
     

Online Offerings Provided Through Your Organization


If your access to our Online Offerings is provided by your organization—such as an employer or enterprise customer—our processing of personal data related to your use of these services is carried out on behalf of your organization. In these cases, our handling of any personal data you or your organization provide is governed by a data processing agreement between us and your organization. Your organization acts as the data controller and is responsible for the management and use of personal data contained within the Online Offering. If you have any questions about how your personal data is used in this context, please contact your organization directly.

Contact Requests

In the context of our business relationship, we may process the following categories of personal data relating to consumers and contact persons at (prospective) customers, suppliers, vendors, and partners (collectively referred to as “Business Partners”):

  • Contact information: such as full name, work address, work telephone and mobile numbers, and work email address,
  • Organizational details: including job title and company name,
  • Payment information: including details required for payment processing and fraud prevention, such as credit or debit card numbers, security codes, and other relevant billing information,
  • Additional information: necessary for managing a project or contractual relationship with us, or voluntarily provided by the Business Partner, such as data related to orders, payments, requests, or project milestones,
  • Publicly available data: personal data collected from public sources (including professional social networks and websites), integrity databases, and credit agencies,
  • Compliance information: data required for legal compliance checks or export control, such as date of birth, nationality, place of residence, identification numbers, identity documents, and information about significant litigation or legal proceedings involving Business Partners,


We process this personal data for the following purposes:

  • To communicate with Business Partners regarding our products, services, and projects, including responding to inquiries and providing information about purchased products,
  • To plan, execute, and manage our (contractual) relationship with Business Partners, such as processing transactions and orders, handling payments, conducting accounting, auditing, billing, and collections, arranging shipments and deliveries, facilitating repairs, and providing support services,
  • To create a business-related profile of interactions between you and us, enabling us to offer relevant information and tailored offers to you and your organization, and to enhance our communications,
  • To manage and conduct market analysis, sweepstakes, contests, and other customer activities or events,
  • To contact you with information and offers about our products and services, send additional marketing communications, and conduct customer satisfaction surveys (as described in Section 4),
  • To maintain and protect the security of our products, services, and websites, and to prevent and detect security threats, fraud, or other criminal or malicious activities,
  • To ensure compliance with legal obligations (such as record-keeping requirements), export control and customs regulations, Business Partner compliance screenings (including anti-corruption and anti-money laundering checks), and adherence to our policies or industry standards,
  • To resolve disputes, enforce contractual agreements, and establish, exercise, or defend legal claims.
     

Customer Satisfaction Surveys and Direct Marketing

Where permitted by applicable law, we may use your contact information to send you direct marketing communications—such as invitations to trade shows, newsletters, and updates about our products and services—as well as to conduct customer satisfaction surveys. These communications may be sent by email.

You have the right to object to the use of your contact data for these purposes at any time. To do so, simply email us at dataprotection@rosen-nxt.com or use the opt-out option included in each communication you receive.

Job Applications

When you apply for a job with us, we process your personal data in accordance with the privacy notice of the Rosenxt Recruiting Portal or any other recruiting platform you may use. This includes information you provide as part of your application – such as your name, contact details, qualifications, work experience, and any documents you upload – as well as data collected during the recruitment process, for example from interviews, assessments, or professional social networks like LinkedIn or XING.

We use this data to evaluate your application, assess your suitability for the position, and manage the recruitment process. Your information may also be used to match you with other suitable job opportunities within Rosenxt, depending on your preferences and the options you select in the recruiting portal.

Personal data related to your application is only accessible to those involved in the recruitment and selection process and is handled in accordance with applicable data protection laws.

Retention Periods

Unless otherwise specified at the time your personal data is collected (for example, in a form you complete), we will retain your personal data only as long as necessary to fulfill the purposes for which it was collected or otherwise processed, or as required to comply with legal obligations—such as statutory retention requirements under tax or commercial law. Once your data is no longer needed for these purposes, it will be securely deleted or anonymized.

Your Rights

Depending on the data protection laws applicable in your jurisdiction, you may have certain rights regarding your personal data. Subject to legal requirements, these may include the right to:

  • Request confirmation as to whether we process your personal data, and if so, access that data;
  • Request the correction of inaccurate or incomplete personal data;
  • Request the deletion of your personal data;
  • Request the restriction of processing of your personal data;
  • Request the portability of personal data you have actively provided to us;
  • Object, on grounds relating to your particular situation, to the further processing of your personal data;
  • Withdraw your consent to our processing of your personal data at any time.

To exercise any of these rights, please contact us using the details provided in this Privacy Policy.

Security

We take the protection of your personal data seriously. To safeguard your information against accidental or unlawful destruction, loss, misuse, alteration, unauthorized disclosure, or access, we implement appropriate physical, technical, and organizational security measures.

Data Privacy Contact

Our Data Privacy Organization is available to assist you with any questions, comments, concerns, or complaints regarding data privacy, or if you wish to exercise your data privacy rights. You can contact the Data Privacy Organization at: dataprotection@rosen-nxt.com.

We will always make reasonable efforts to address and resolve any requests or complaints you bring to our attention. In addition to contacting our Data Privacy Organization, you also have the right to reach out to the competent data protection authority with your request or complaint.

Processing under the EU’s General Data Protection Regulation

Joint Responsibility for Data Protection

During the course of our business relationship, we may share Business Partner contact information with our affiliated companies. In these cases, both we and our affiliated companies are jointly responsible for ensuring the proper protection of your personal data, in accordance with Art. 26 GDPR.

To make it easier for you to exercise your data subject rights in the context of this joint controllership, we have entered into relevant arrangements, where required by law, with these affiliated companies. These arrangement allows you to centrally exercise your rights by contacting our Group company Rosenxt Creation Center GmbH.

If you wish to exercise your rights or have any questions about your personal data, please contact us at: dataprotection@rosen-nxt.com.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we are required to inform you of the legal grounds on which we process your personal data.
Our processing of your personal data is generally based on one or more of the following legal bases:

  • Contract Performance: Processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract (Art. 6 I b GDPR).
  • Compliance with Legal Obligations: Processing is necessary for us to comply with legal obligations, such as statutory retention or reporting duties (Art. 6 I c GDPR).
  • Legitimate Interests: Processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (Article 6 I f GDPR). Our legitimate interests typically include the efficient management and operation of our Online Offerings and our business relationship with you. We regularly review our processing activities, apply robust data privacy protections, ensure transparency, and respect your rights to ensure that our legitimate interests do not override your own. If you would like more information about how we balance our legitimate interests with your rights and freedoms, you may contact our Data Privacy Organization at dataprotection@rosen-nxt.com.


In some cases, we may rely on your explicit consent as the legal basis for processing your personal data (Article 6 I a GDPR). Where consent is required, you will be asked for it separately, and you may withdraw your consent at any time.

These legal bases ensure that our processing of your personal data is lawful, fair, and transparent, in accordance with GDPR requirements.

Where we process your personal data to perform a contract with you or to comply with a legal obligation, the provision of your personal data is compulsory so far as it is either a contractual or statutory requirement, or a requirement necessary to enter into a contract. In such cases, provision of your personal data is mandatory since it would not otherwise be possible to enter and perform our contract with you, or to comply with our legal obligations.

International Data Transfers

When we transfer your personal data outside the European Economic Area (EEA), we ensure that your data remains protected in accordance with the General Data Protection Regulation (GDPR). To achieve this, and where required by law, we implement the following safeguards:

  • Binding Corporate Rules: We share your personal data with affiliated companies outside the EEA only if they have adopted our Binding Corporate Rules, which are internal policies to ensure adequate protection of personal data.
  • Standard Contractual Clauses: For transfers to external recipients outside the EEA, we require that the recipient has either entered into EU Standard Contractual Clauses with us or implemented their own approved Binding Corporate Rules.
  • Additional Safeguards: In some cases, we may rely on other mechanisms recognized under the GDPR, such as adequacy decisions, certification mechanisms, or codes of conduct, to ensure the protection of your personal data during international transfers.

If you would like more information about the safeguards applied to a specific international transfer, you may contact us at dataprotection@rosen-nxt.com.

Third Party Sharing

We may share personal information, where necessary, with various categories of third parties, including but not limited to:

  • Professional advisers – such as lawyers, accountants, and other consultants.
  • Authorities and regulators – including government bodies, regulatory authorities, tax authorities, and corporate registries.
  • Insurers – such as professional indemnity or other relevant insurance providers.
  • Outsourced service providers – for services like document processing and translation, confidential waste disposal, IT systems and software provision, IT support, and secure document and information storage.
  • Parties involved in client services – including counsel, arbitrators, mediators, clerks, witnesses, cost draftsmen, courts, opposing parties and their lawyers, document review platforms, and experts such as tax advisors or valuers.
  • Analytics providers – for client insight purposes (e.g., Google Analytics).
  • Postal and courier services – to support postal marketing campaigns or deliver matter-related documents.

Please note that this list is not exhaustive, and there may be other situations where sharing information with third parties is necessary to deliver our services effectively.

Your Competent Data Protection Authority

If you have concerns or requests related to data privacy, we encourage you to first contact our Data Privacy Organization at dataprotection@rones-nxt.com. In addition, you always have the right to approach your local data protection authority with your request or complaint. A list of national data protection authorities and their contact details is available from the European Commission.

Processing Under Canadian Privacy Laws

Each Rosenxt company established in Canada (“Canadian Rosenxt Entity”) stores your personal data on secure servers, accessible only to authorized employees, representatives, or agents who require access for the purposes outlined in this privacy notice.

For residents of Québec: Please be aware that your personal data may be transferred outside the Province of Québec, including to other provinces, territories, or countries outside of Canada. Where such transfers occur, a privacy impact assessment has been conducted, and appropriate safeguards have been implemented to ensure the protection of your personal data in accordance with Québec’s Law 25 and other applicable laws.

Under Canadian privacy laws, including PIPEDA and Law 25, you have the right to access and correct your personal data, request data portability, and, in certain cases, request deletion or object to automated decision-making. Your data is processed based on your consent, legal obligations, contractual necessity, or our legitimate business interests.

If you have any questions about how a Canadian Rosenxt Entity processes your personal data—including the use of service providers located outside of Canada—or if you wish to exercise your rights regarding your personal data, please contact our Data Privacy Organization at dataprotection@rosen-nxt.com.
 

Processing under Swiss Data Protection Law 

Every data subject has the right to enforce her/his rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner.

Processing under the United Kingdom’s Data Protection Act 2018 and the UK GDPR

Data Controller

The Rosenxt UK Ltd acts as the data controller under the UK GDPR for the processing activities described in this Privacy Notice.

In the context of our business relationship, we may share Business Partner contact information with affiliated Rosenxt companies. In such cases, we and these Rosenxt companies are jointly responsible for ensuring the proper protection of your personal data, in accordance with Article 26 of the UK GDPR.

To facilitate the effective exercise of your data subject rights under this joint controllership, we have entered into relevantagreements, where required by law, with these Rosenxt companies. This agreement allows you to centrally exercise your data protection rights by contacting Rosenxt Creation Center GmbH, Germany.

If you wish to exercise your rights or have any questions about how your personal data is handled, please contact us at: dataprotection@rosen-nxt.com.

Legal Basis for Processing

Under the General Data Protection Regulation (UK GDPR), we are required to inform you of the legal grounds on which we process your personal data.

Our processing of your personal data is generally based on one or more of the following legal bases:

  • Contract Performance: Processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract (Art. 6 I b UK GDPR).
  • Compliance with Legal Obligations: Processing is necessary for us to comply with legal obligations, such as statutory retention or reporting duties (Art. 6 I c UK GDPR).
  • Legitimate Interests: Processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (Article 6 I f UK GDPR). Our legitimate interests typically include the efficient management and operation of our Online Offerings and our business relationship with you. We regularly review our processing activities, apply robust data privacy protections, ensure transparency, and respect your rights to ensure that our legitimate interests do not override your own. If you would like more information about how we balance our legitimate interests with your rights and freedoms, you may contact our Data Privacy Organization at dataprotection@rosen-nxt.com.
    In some cases, we may rely on your explicit consent as the legal basis for processing your personal data (Article 6 I a UK GDPR). Where consent is required, you will be asked for it separately, and you may withdraw your consent at any time.

These legal bases ensure that our processing of your personal data is lawful, fair, and transparent, in accordance with UK GDPR requirements.

Where we process your personal data to perform a contract with you or to comply with a legal obligation, the provision of your personal data is compulsory so far as it is either a contractual or statutory requirement, or a requirement necessary to enter into a contract. In such cases, provision of your personal data is mandatory since it would not otherwise be possible to enter and perform our contract with you, or to comply with our legal obligations.

International Data Transfers

When we transfer your personal data outside the United Kingdom, we ensure that your data remains protected in accordance with the UK GDPR. To achieve this, and where required by law, we implement the following safeguards:

  • Binding Corporate Rules: We share your personal data with affiliated companies outside the EEA only if they have adopted our Binding Corporate Rules, which are internal policies to ensure adequate protection of personal data.
  • Standard Contractual Clauses: For transfers to external recipients outside the UK, we require that the recipient has either entered into the UK International Data Transfer Agreement or Addendum (as applicable) with us or implemented their own approved Binding Corporate Rules.
  • Additional Safeguards: In some cases, we may rely on other mechanisms recognized under the UK GDPR, such as adequacy decisions, certification mechanisms, or codes of conduct, to ensure the protection of your personal data during international transfers.

If you would like more information about the safeguards applied to a specific international transfer, you may contact us at dataprotection@rosen-nxt.com.

Third Party Sharing

We may share personal information, where necessary, with various categories of third parties, including but not limited to:

  • Professional advisers – such as lawyers, accountants, and other consultants.
  • Authorities and regulators – including government bodies, regulatory authorities, tax authorities, and corporate registries.
  • Insurers – such as professional indemnity or other relevant insurance providers.
  • Outsourced service providers – for services like document processing and translation, confidential waste disposal, IT systems and software provision, IT support, and secure document and information storage.
  • Parties involved in client services – including counsel, arbitrators, mediators, clerks, witnesses, cost draftsmen, courts, opposing parties and their lawyers, document review platforms, and experts such as tax advisors or valuers.
  • Analytics providers – for client insight purposes (e.g., Google Analytics).
  • Postal and courier services – to support postal marketing campaigns or deliver matter-related documents.

Please note that this list is not exhaustive, and there may be other situations where sharing information with third parties is necessary to deliver our services effectively.

Your Competent Data Protection Authority

If you have concerns or requests related to data privacy, we encourage you to first contact our Data Privacy Organization at dataprotection@rosen-nxt.com. In addition, you always have the right to approach the Information Commissioner's Office, which can be contacted at: https://ico.org.uk/global/contact-us/
 

Processing Data from Subjects in Vietnam

If you are located in Vietnam or if we process your personal data within the scope of Vietnamese data protection regulations, the following additional provisions apply pursuant to Decree No. 13/2023/ND-CP on the Protection of Personal Data (PDPD):

Purpose of Data Processing

We process your personal data solely for the following purposes:

  • [e.g.] Contract performance, customer support, communication, service improvement, analytics

Categories of Personal Data

The personal data we process may include:

  • Basic personal data (e.g. name, email address, phone number)
  • Sensitive personal data (only if required and subject to separate consent), such as health information or biometric data

Consent

Processing is generally based on your freely given, explicit, and informed consent in accordance with Article 11 of the PDPD.

You may withdraw your consent at any time with future effect and without providing a reason.

Your Rights under the PDPD

As a data subject under Vietnamese law, you have the following rights:

  • Right to be informed about the nature, purpose, and scope of data processing
  • Right to access your personal data
  • Right to correct or delete your personal data
  • Right to restrict or object to the processing
  • Right to withdraw your consent at any time
  • Right to lodge a complaint with the Vietnamese Ministry of Public Security (MPS)

To exercise your rights, please contact us at: dataprotection@rosen-nxt.com

Cross-Border Data Transfers

If personal data is transferred from Vietnam to servers or service providers outside of Vietnam, we comply with all requirements under the PDPD, including:

  • Conducting a Personal Data Transfer Impact Assessment
  • Implementing appropriate safeguards
  • Notifying the Vietnamese Ministry of Public Security (MPS), where required
  • Obtaining the data subject’s consent if necessary

Data Retention and Security

We retain your personal data only as long as necessary for the stated purposes or as required by applicable laws.

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse.

Processing under the California Consumer Privacy Act

This section applies solely to individuals residing in the State of California, in accordance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Your Privacy Rights

If you are a California resident, you have the following rights regarding your personal information:

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purpose for collection, and the categories of third parties to whom your information was disclosed.
  • Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions (e.g. legal compliance, security, or transactional requirements).
  • Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing: You may request that we do not sell or share your personal information (as defined by California law). We do not sell personal information in exchange for monetary value, but some data may be shared for cross-context behavioral advertising.
  • Right to Limit the Use of Sensitive Personal Information: If we collect sensitive personal information (e.g., precise geolocation, biometric data), you may limit our use of it to specific, necessary purposes.
  • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.

Categories of Personal Information Collected

We may collect the following categories of personal information, as defined by the CCPA/CPRA:

  • Identifiers (e.g., name, email address, IP address)
  • Customer records (e.g., billing address, payment details)
  • Internet activity (e.g., browsing behavior on our website)
  • Geolocation data (e.g., general location derived from IP)
  • Employment or professional data (if applicable)
  • Inferences drawn from the above data to create profiles

We collect this data for purposes including providing and improving our services, customer support, compliance, analytics, and marketing.

Sources of Personal Information

We collect personal information from the following sources: 

  • Directly from you (e.g., forms you submit)
  • Automatically through your interaction with our services
  • Third-party service providers or partners

Retention of Personal Information

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law.

Exercising Your Rights

You can submit a privacy rights request by:

We will verify your identity before fulfilling your request. You may designate an authorized agent to make requests on your behalf.

Do Not Sell or Share My Personal Information

We provide California residents with the ability to opt out of the sale or sharing of their personal information.
You can exercise this right at: dataprotection@rosen-nxt.com

California “Shine the Light” Law

Under California Civil Code § 1798.83, residents of California have the right to request, once per calendar year, a list of all third parties to whom we have disclosed certain categories of personal information for those third parties’ direct marketing purposes, as well as the type of personal information disclosed.

If you are a California resident and would like to make such a request, please contact us at:

Please include your full name, mailing address, and state that you are requesting information under the “Shine the Light” law. We will respond within 30 days as required by law.

Cookies and Tracking Technologies

Web Browser Cookies: A web browser cookie is a small text file sent from a website to your computer or mobile device where it is stored by your web browser. Web browser cookies may store information such as your IP address or other identifier, your browser type, and information about the content you display and interact with on the digital services. By storing such information, web browser cookies can store your preferences and settings for online services and analyze how you use online services.

Tracking Technologies: Web Beacons, Pixels, Tags and Scripts

E-mails and mobile applications can contain small, transparent image files or lines of code to record how you interact with them. This information is used to help website and app publishers better analyze and improve their services.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break. Cookies as well as the storage of data in the local storage only allow functionalities which should contribute to a positive user experience on our website. We do not use cookies with personal data without given consent.

In addition, we use cookies on our website that allow an analysis of users’ browsing behavior.

When accessing our website, the user is informed about the use of cookies for analytics purposes and his consent to the processing of the personal data used in this context is obtained. The legal basis for the processing of personal data using technically necessary cookies is Article 6 para. 1 s. 1 lit. f GDPR. The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break. We require cookies for the following applications: acceptance of language settings. The user data collected through technically necessary cookies will not be used to create user profiles.

The legal basis for the processing of personal data using cookies for analytics purposes is the consent of the user Art. 6 para. 1 lit. a GDPR. The use of the analytics cookies is for the purpose of improving the quality of our website and its contents. Through the analytics cookies, we learn how the website is used and so we can constantly optimize our offer.

Cookies are stored on the computer of the user and transmitted to our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

Implemented Technologies

Usercentrics Consent Management Platform

Description of Service

This is a consent management service. Usercentrics GmbH is used on the website as a processor for the purpose of consent management.

Processing Company

Usercentrics GmbH Sendlinger Str. 7, 80331 Munich, Germany

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company. datenschutz@usercentrics.com

Data Purposes

This list represents the purposes of the data collection and processing.

  • Compliance with legal obligations
  • Consent storage

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

  • Local storage
  • Pixel

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

  • Opt-in and opt-out data
  • Referrer URL
  • User agent
  • User settings
  • Consent ID
  • Time of consent
  • Consent type
  • Template version
  • Banner language
  • IP address

Duration to store the data

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes. The consent data (given consent and revocation of consent) are stored for one years. The data will then be deleted immediately.

Data Recipients

In the following the recipients of the data collected are listed. Usercentrics GmbH. Click here to read the privacy policy of the data processor https://usercentrics.com/privacy-policy/

Sitecore Analytics / Search / XMCloud / Digital Asset Management

Description of Service

This is a content management service including search options and analytics data.

Processing Company

Sitecore
101 California Street
Floor 16
San Francisco, CA 94111

Data Protection Officer of Processing Company

Chief Privacy and Cyber Compliance Officer
Sitecore
101 California Street
Suite 1600
San Francisco, CA 94111
Emailing privacy@sitecore.com with the subject line “Data Subject Rights Request”

Data Purposes

Sitcore uses cookies to collect information about the way that visitors use Sitecore Sites, to support the features and functionality of those Sites, and to personalize your experience when you use them.

  • To improve the operation of the Sites
  • To engage in research and development of the Sites and Sitecore’s product offerings
  • To conduct ordinary business operations such as sales, marketing, support, education and training
  • To engage in corporate reporting and management
  • To recruit employees for Sitecore to conduct market research
  • To maintain a safe and trusted environment for Sitecore employees, customers, Site visitors and members of the public
  • To conduct other similar uses pertaining to the Sitecore Sites.

Description of Service

  • Cookies
  • Pixel Tags

Data Collected

  • Identifiers:
  • IP address
  • Email address
  • Unique personal identifier
  • Cookie data
  • Tags, beacons, pixels
  • Device data (device name, browser/OS version, device configuration, settings, etc.)
  • Internet or Other Similar Network Activity:
  • Browsing history
  • Search history
  • Information on a consumer's interaction with a website, application, or advertisement
  • Referring URLs
  • Search terms/queries
  • Website Activities:
  • Session Duration
  • Referring Website
  • Source IP Address
  • Source Geographical Data
  • User Agent
  • Pages Viewed
  • Events Triggered
  • Other Calculated Metrics (such as content volume)

Duration to store the data

  • User Interaction Data: 90 Days
  • Analytics Data: None

Data Recipients

  • Sitecore Affiliates
  • Third Party service providers
  • Ad networks and advertising providers

Google Analytics

Description of Service

This is a web analytics service. With this, the user can measure the advertising return on investment "ROI" as well as track user behavior with flash, video, websites and applications

Processing Company

Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company. Contact Data Protection Officer

Data Purposes

This list represents the purposes of data collection and processing.

  • Marketing
  • Analytics

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

  • Cookies
  • Pixel
  • JavaScript
  • Device fingerprinting

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

  • Click path
  • Date and time of visit
  • Device information
  • Location information
  • IP address
  • Pages visited
  • Referrer URL
  • Browser information
  • Hostname
  • Browser language
  • Browser type
  • Screen resolution
  • Device operating system
  • Interaction data
  • User behavior
  • Visited URL
  • Cookie ID

Duration to Store the Data

The retention period is the time span the collected data is saved for processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The Retention Period depends on the type of saved data. Each user can choose how long Google Analytics retains data before automatically deleting it.

Data Recipients

In the following, the recipients of the data collected are listed.

Google Ireland Limited, Alphabet Inc., Google LLC

Privacy Policy of the Data Processor

Cookie Policy of the Data Processor

Opt Out from this Processor across All Domains

Storage Information

Maximum age of cookie storage: 2 years

Stored Information

  • >Name: __utmb; Purpose: This cookie is used to track the time of the visit.; Type: cookie; Duration: Session;
  • Name: _ga; this cookie is used to distinguish between users.; Type: cookie; Duration: 2 years;
  • Name: _gid; this cookie is used to identify the user.; Type: cookie; Duration: 1 day;
  • Name: __utma; this cookie is used to record the time and date of the first visit, the total number of visits and the start time of the current visit. ; Type: cookie; Duration: Session;
  • Name: __utmz; this cookie is used to record where the visitor came from. ; Type: cookie; Duration: Session;
  • Name: IDE; this is used to show personalised ads; Type: cookie; Duration: 1 year, 1 month;
  • Name: CONSENT; this is used to store the consent choices of the user. ; Type: cookie; Duration: 2 years;
  • Name: __utmt; this is used to throttle the request rate. ; Type: cookie; Duration: 10 minutes;
  • Name: _gat; this is used to read and filter requests from bots.; Type: cookie; Duration: 1 minute;
  • Name: __utmc; this is used to store the time of the visit.; Type: cookie; Duration: 30 minutes;

Google Tag Manager

Description of Service

This is a tag management system. Via Google Tag Manager, tags can be integrated centrally via a user interface. Tags are small sections of code that can track activities. Script codes of other tools are integrated via Google Tag Manager. The Tag Manager allows controlling when a particular tag is triggered.

Processing Company

Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company. Contact Data Protection Officer

Data Purposes

This list represents the purposes of data collection and processing.

  • Tag Management

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

  • Website tags

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

  • Aggregated data about tag firing

Duration to Store the Data

The retention period is the time span the collected data is saved for processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Data Recipients

In the following, the recipients of the data collected are listed.

Alphabet Inc., Google LLC, Google Ireland Limited

Privacy Policy of the Data Processor

Cookie Policy of the Data Processor

Google Maps

Description of Service

This is an integrated map service.

Processing Company

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company. Contact Data Protection Officer

Data Purposes

This list represents the purposes of data collection and processing.

  • Display maps based on personal information like IP addresses

Google ReCaptcha

Description of Service

This is a service that checks whether data is entered by a human or by an automated program.

Processing Company

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company. Contact Data Protection Officer

Workday

Description of Service

Workday is an ERP, which can plan, execute, and analyze accounting, finance, payroll, and HR teams in one system that unifies all organizational data.

Find the Privacy Statement here: Workday Privacy Statement

Processing Company

6110 Stoneridge Mall Road
Pleasanton, CA 94588
USA

Data Protection Officer of Processing Company

If you have any questions about this Privacy Statement or wish to exercise your rights, please submit your request through Workday's Request Portal.

You may also contact Workday at the mailing addresses below:

Workday, Inc.
Attn.: Privacy
6110 Stoneridge Mall Road
Pleasanton, CA 94588
USA

Data Purposes

  • Manage your user account in accordance with the applicable terms of service
  • Ensure that you can log in to use our services and access information you need securely and efficiently
  • Deliver requested resources or services to you
  • Better understand the visitors who come to Workday websites, where they come from, and what content on our website is of interest to them. Workday uses this information for internal analytics purposes and to improve the quality and relevance of their websites.
  • Provide, operate, and maintain the websites, including providing access to content you have requested and displaying country-specific information.
  • Protect the security and prevent misuse of our websites and services by tracking the use of the websites and services, verifying accounts and activity, investigating suspicious activity, and enforcing the terms and policies.

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

  • Local storage
  • Pixel
  • Cookies

Data Collected

A) Automated data collection: 

Your browser automatically transfers data to our system when you visit our website:

  • IP address
  • URL of the page from which you came to our website
  • Browser type
  • Date and time of your visit
  • Operating system used
  • Amount of data sent

B) Cookies

C) Personal Data provided from the visitor:

  • via contact form
  • via the application process

LinkedIn Insight Tag

Description of Service

This is a conversion tracking and retargeting service.

Processing Company

LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company. Contact Data Protection Officer

Data Purposes

This list represents the purposes of data collection and processing.

  • Marketing
  • Retargeting
  • Analytics

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

  • Cookies
  • Pixel

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

  • Device information
  • IP address
  • Referrer URL
  • Timestamp
  • Browser information

Duration to Store the Data

The retention period is the time span the collected data is saved for processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted after 90 days.

Data Recipients

In the following, the recipients of the data collected are listed.

LinkedIn Ireland Unlimited Company

Privacy Policy of the Data Processor

Cookie Policy of the Data Processor

Opt Out from this Processor across All Domains

Storage Information

Maximum age of cookie storage: 6 months

Stored Information

  • Name: BizographicsOptOut; Purpose: This cookie is used to determine whether a user has rejected targeted advertising.; Type: cookie; Duration: 10 years;
  • Name: UserMatchHistory; Purpose: Used by the LinkedIn Insight tag to provide detailed campaign reporting and discover new business demographics by layering LinkedIn data with website visitor data.; Type: cookie; Duration: 30 days;
  • Name: U; Purpose: This is a browser Identifier for users outside EU/EEA.; Type: cookie; Duration: 2 months, 29 days;
  • Name: li_sugr; Purpose: Used to make a probabilistic match of a user's identity outside the EU/EEA.; Type: cookie; Duration: 2 months, 29 days;
  • Name: bscookie; Purpose: This is used for remembering that a logged-in user is verified by two-factor authentication.; Type: cookie; Duration: 2 years;
  • Name: bcookie; Purpose: Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse.; Type: cookie; Duration: 2 years;

Meta Pixel

Description of Service

This is a Tracking technology offered by Meta and used by other Meta services. It is used to track interactions of visitors with websites ("Events") after they have clicked on an ad placed on Facebook or other services provided by Meta ("Conversion").

Processing Company

Meta Platforms Ireland Ltd.

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company. Contact Data Protection Officer

Data Purposes

This list represents the purposes of the data collection and processing.

  • Analytics
  • Marketing
  • Retargeting
  • Advertisement
  • Conversion Tracking
  • Personalization

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

  • Cookies
  • Pixel

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

  • Ads viewed
  • Content viewed
  • Device information
  • Geographic location
  • HTTP-header
  • Interactions with advertisement, services, and products
  • IP address
  • Items clicked
  • Marketing information
  • Pages visited
  • Pixel ID
  • Referrer URL
  • Usage data
  • User behavior
  • Facebook cookie information
  • Facebook user ID
  • Usage/click behavior
  • Browser information
  • Device operating system
  • Device ID
  • User agent
  • Browser type

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

Duration to Store the Data

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

User’s interactions tracked on websites will not be stored longer than for two years. However, the data will be deleted as soon as they are no longer needed for the processing purposes.

Data Recipients

In the following, the recipients of the data collected are listed.

Meta Platforms Ireland Ltd., Meta Platforms Inc.

Privacy Policy of the Data Processor

Cookie Policy of the Data Processor

Storage Information

Maximum age of cookie storage: 1 year

Stored Information

  • Name: messaging_plugin_#; Type: cookie; Duration: - ;
  • Name: fr; Type: cookie; Duration: - ;
  • Name: _fbp; Type: cookie; Duration: - ;
  • Name: pxcelBcnLcy; Type: cookie; Duration: - ;
  • Name: _fbp; Type: web;

Youtube Video

Description of Service

This is a video player service. It can be used by users to watch, like, share, comment, and upload videos.

Processing Company

Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company. Contact Data Protection Officer

Data Purposes

This list represents the purposes of the data collection and processing.

  • Displaying Videos

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

  • Cookies (if Privacy-Enhanced Mode is not activated)

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

  • Device information
  • IP address
  • Referrer URL
  • Videos viewed

Duration to Store the Data

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Data Recipients

In the following, the recipients of the data collected are listed.

Alphabet Inc.
Google LLC
Google Ireland Limited

Privacy Policy of the Data Processor

Cookie Policy of the Data Processor

Opt Out from this Processor across All Domains

Storage Information

Maximum age of cookie storage: 8 months

Stored Information

  • Name: __sak; Type: web;
  • Name: LAST_RESULT_ENTRY_KEY; Type: web;
  • Name: yt-player-bandaid-host, yt-player-bandwidth, yt-player-headers-readable; Type: web;
  • Name: yt-remote-cast-installed, yt-remote-connected-devices, yt-remote-device-id, yt-remote-fast-check-period, yt-remote-session-app, yt-remote-session-name; Type: web;
  • Name: YEC; Type: cookie; Duration: 1 year, 1 month;
  • Name: CONSENT; Type: cookie; Duration: 2 years;
  • Name: DEVICE_INFO; Type: cookie; Duration: 5 months, 26 days;
  • Name: remote_sid; Type: cookie; Duration: Session;
  • Name: test_cookie; Type: cookie; Duration: 1 day;
  • Name: VISITOR_INFO1_LIVE; Type: cookie; Duration: 6 months;
  • Name: YSC; Type: cookie; Duration: Session;
  • Name: PREF; Type: cookie; Duration: 8 months;
  • Name: pm_sess; Type: cookie; Duration: 30 minutes;
  • Name: CGIC; Type: cookie; Duration: 6 months;
  • Name: UULE; Type: cookie; Duration: 6 hours;

Google Ads Conversion Tracking

Description of Service

This is a conversion tracking service. This service records what happens after a click on an ad placed by us via Google Ads when users subsequently visit the website. In conversions, we measure whether users, after clicking on an ad placed by us via Google Ads, perform a certain action specified by us on the website (e.g., whether services are ordered). This allows the user to track which keywords, ads, ad groups or campaigns lead to the desired interaction of the users.

Processing Company

Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company. Data Protection Officer

Data Purposes

  • Conversion Tracking
  • Analytics
  • Measuring the success of marketing campaigns

Technologies Used

  • Cookies
  • Tracking Pixel
  • Tracking code

Data Collected

  • Browser language
  • Browser type
  • Clicked advertisements
  • Cookie ID
  • Date and time of visit
  • IP address
  • Referrer URL
  • Web request
  • User behavior

Duration to store the data

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes. The data will be deleted as soon as they are no longer needed for the processing purposes.

Data Recipients

In the following, the recipients of the data collected are listed.
Google Ireland Limited, Google LLC, Alphabet Inc

Click here to read the privacy policy of the data processor

Click here to read the cookie policy of the data processor

Click here to opt out from this processor across all domains

Storage Information

Maximum age of cookie storage: 1 year

Stored Information

  • Name: test_cookie; Set as a test to check whether the browser allows cookies to be set. Does not contain any identification features.; Type: cookie; Duration: 15 minutes; Domain: doubleclick.net;
  • Name: IDE; Contains a randomly generated user ID. Using this ID, Google can recognize the user across different websites across domains and display personalized advertising.; Type: cookie; Duration: 1 year; Domain: doubleclick.net;
  • Name: _gcl_aw; This cookie is set when a user clicks on a Google ad to reach the website. It contains information about which ad was clicked, so that successes achieved, such as orders or contact requests, can be assigned to the ad.; Type: cookie; Duration: 2 months, 29 days;
  • Name: _gcl_dc_; This cookie is set when a user clicks on a Google ad to reach the website. It contains information about which ad was clicked, so that successes achieved, such as orders or contact requests, can be assigned to the ad.; Type: cookie; Duration: 2 months, 29 days;

Google Fonts

Description of Service:
Google Fonts is a web font service provided by Google LLC that allows website owners to incorporate custom fonts into their websites for an enhanced visual experience. By utilizing Google Fonts, websites can improve the presentation and styling of text.

Processing Company:
The processing company responsible for Google Fonts is:
Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043
USA

Data Protection Officer Company:
For inquiries regarding data protection and privacy, you can contact the Data Protection Officer at Google LLC through the following link: Google Data Protection Officer Contact

Data Purposes:
The data collected through Google Fonts is processed for the following purposes:
- To deliver custom fonts to your browser for the purpose of enhancing the visual presentation of text on websites.

Technologies Used:
The technologies used by Google Fonts include, but are not limited to, the use of cookies and web fonts to ensure efficient delivery and display of fonts on websites.

Data Collected:
Google Fonts may collect the following data:
- Information about your device and browser, such as device type, browser type, and browser settings.
- IP address.
- Requested font data, including font family and styles.

Duration to Store the Data:
The data collected by Google Fonts is not stored permanently. It is retained for a short duration to facilitate the efficient delivery of fonts. The specific duration may vary but is generally a short-term storage to support the loading and rendering of fonts during your website visits.

Data Recipients:
The data collected by Google Fonts may be shared with the following recipients:
- Google LLC

It's important to note that Google Fonts may be subject to Google's general privacy policy, which you can review here.

By using Google Fonts, you agree to the terms outlined in this Privacy Policy. If you have any concerns or questions about your data privacy, please contact Google's Data Protection Officer using the provided link.

This Privacy Policy is subject to change, and any updates will be reflected in the effective date stated at the beginning of the policy.