SIGMA AV

Data privacy

Thank you for visiting our website and for your interest in SIGMA System Audio-Visuell GmbH. We would like to take this opportunity to inform you about the scope of data collection, storage and use, as well as the purpose of data processing at SIGMA System Audio-Visuell GmbH within the framework of the provisions of the General Data Protection Regulation (GDPR). This policy applies to the collection of your personal data by us, in particular for business contacts, when using our website sigma-av.com, our social media sites and when you apply for a job with us.

For a better understanding, we would first like to give you an overview of the basic terms and legal basis for data collection, as well as general information about data collection at our company ("General Information"). We will then explain how we collect data in connection with our offers and services and what rights you have as a data subject.

Overview:

Section I. General

Section II. Business relationships

Section III. Use of our website

Section IV. Our social media presence

Section V. Other data processing

Section VI Applications

Section VII. Rights of data subjects

Section VIII. Status of the privacy policy

I. General

1.1 Definitions

The following basic terms, which comply with the provisions of Art. 4 GDPR, form the basis of this privacy policy.

"Personal data" (Art. 4 No. 1 GDPR) is any information relating to an identified or identifiable natural person ("data subject" or "person concerned"). A person is identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, information such as your name, postal address, email address or telephone number, but also usage data such as your IP address or content data from email correspondence that you exchange with us.
"Processing" (Art. 4 No. 2 GDPR) of data, hereinafter also referred to as "data processing", is any operation involving personal data, whether or not with the aid of automated (i.e. technology-based) procedures. This includes, in particular, the collection (i.e. procurement), recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning, combining, restricting, erasing or destroying personal data, as well as changing the purpose or objective for which the data was originally processed.
"Controller" (Art. 4 No. 7 GDPR) is the natural or legal person, authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Processor" (Art. 4 No. 8 GDPR) is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with its instructions (e.g. an IT service provider). For the purposes of data protection, the processor is not a third party.
"Third party" (Art. 4 No. 10 GDPR) is any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process personal data; this also includes other legal entities belonging to the group.
"Consent" (Art. 4 No. 11 GDPR) of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

1.2 Legal basis for data processing

Personal data may only be processed if there is a legal basis for doing so. These are set out in Art. 6(1) GDPR.

According to this, the processing of personal data is only lawful if at least one of the following conditions is met:

Article 6(1)(a) GDPR: The data subject has given consent to the processing of their personal data for one or more specific purposes;
Art. 6(1)(b) GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
Art. 6(1)(c) GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject;
Art. 6 (1) (d) GDPR: Processing is necessary to protect the vital interests of the data subject or of another natural person;
Art. 6(1)(e) GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
Art. 6 (1) (f) GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

1.3 Legal basis for the use of cookies when using our website

Cookies are set when you visit our website. We provide information about the use of cookies in particular in Section III.6. The storage of information in the end user's terminal equipment (e.g. by setting cookies) or access to information already stored in the terminal equipment is only permitted if it is covered by one of the following justifications under the Telecommunications Digital Services Data Protection Act (TDDDG):

Section 25 (1) TDDDG: If the end user has given their consent on the basis of clear and comprehensive information. Consent must be given in accordance with Art. 6 (1) (a) GDPR;
Section 25 (2) No. 1 TDDDG: If the sole purpose is to carry out the transmission of a message via a public telecommunications network; or
Section 25 (2) No. 2 TDDDG: If storage or access is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user.

2. Responsible body

The responsible body for data processing (Art. 4 No. 7 GDPR) is:

SIGMA System Audio-Visuell GmbH

Schiessstraße 53

40549 Düsseldorf

Telephone: +49 (0) 211 – 5377-0

Fax: +49 (0) 211 – 5377-177

Email:info@sigma-av.com

3. Data protection officer

Our data protection officer is your contact for data protection and any questions you may have. You can reach them at the following contact details:

Hermann-Josef Weien

Königsberger Straße 100

40231 Düsseldorf

Telephone: +49 (0) 172 2131215

Email: datenschutz@sigma-av.com

4. Further information on data processing

4.1 Purpose-specific data processing

We observe the principle of purpose-specific data use. We process all data mentioned in this privacy policy only for the purposes stated.

4.2 No obligation to provide data

You are under no legal or contractual obligation to provide us with your personal data. However, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. For example, without your IP address, i.e. the information about where the server should send the requested data, it is not possible to access our website.

4.3 Disclosure of data to third parties

Your personal data will only be passed on to third parties outside the scope of this privacy policy if (1) you have given your express consent in accordance with Art. 6 (1) (a) GDPR, (2) this is legally permissible and necessary for the performance of contractual relationships with you or the implementation of pre-contractual measures in accordance with Art. 6 (1) (b) GDPR, (3) there is a legal obligation to disclose the data in accordance with Art. 6 para. 1 sentence 1 lit. c) GDPR, e.g. to authorities (e.g. tax authorities, supervisory authorities, law enforcement authorities), (4) the transfer is necessary in accordance with Art. 6 (1) sentence 1 lit. f) GDPR to safeguard legitimate business interests, as well as to assert, exercise or defend legal claims, and there is no reason to assume that there is an overriding interest worthy of protection in not disclosing the data.

4.4 Your rights

We inform you about your rights – in particular your right to information, objection to processing and revocation of consent – in Section VII ("Rights of data subjects") of this privacy policy. Please refer to the information provided there.

5. Data security

We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties (e.g. TLS encryption for our website), taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including its likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments. We will be happy to provide you with further information on request. Please contact our data protection officer by email: datenschutz@sigma-av.com

6. Data deletion and storage period

For the processing operations we carry out, we specify below how long the data is stored by us and when it is deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for processing no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected. Storage may therefore continue beyond the specified period if storage is required by legal provisions to which we are subject as the controller (e.g. Section 257 of the German Commercial Code (HGB), Section 147 of the German Fiscal Code (AO)). This is usually a period of 6 to 10 years. The legal basis for this is Art. 6 (1) (c) GDPR. Insofar as this is necessary for the defence, exercise and assertion of legal claims (e.g. contractual claims), we may store the data until the expiry of the statutory limitation period (usually 3 years). The data may also be stored for a longer period in the event of a (threatened) legal dispute with you or other legal proceedings. The legal basis for this is, in particular, Art. 6(1)(f) GDPR. Longer storage may also take place if consent has been given in accordance with Art. 6 (1) (a) GDPR. When the storage period prescribed by law expires, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for this.

7. Cooperation with external service providers

We use external service providers in the UK and abroad who work on our behalf (e.g. shipping companies, waste disposal companies, technical service providers, including for IT, hosting, CMS and CRM). In some cases, the recipients receive your personal data as processors. These service providers only act on our instructions and are contractually obliged to comply with data protection regulations in accordance with Art. 28 GDPR. In some cases, the recipients act independently under their own data protection responsibility and are also obliged to comply with the requirements of the GDPR and other data protection regulations. In individual cases, we also transfer personal data to our consultants (e.g. tax advisors, lawyers) in legal or tax matters.

8. Data transfer to third countries

Within the scope of our business relationships, your personal data may be passed on or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. We will inform you of the respective details of the transfer below in the relevant sections.

The European Commission certifies that some third countries have data protection standards comparable to those of the EEA (Art. 45 GDPR) through so-called adequacy decisions. According to this, the EU Commission can decide that a third country offers an adequate level of protection. Further information on this can be found at the following link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en?prefLang=de.

For the USA, there is an adequacy decision by the European Commission for the EU-U.S. Data Privacy Framework. Companies in the USA that are certified under the EU-U.S. Data Privacy Framework are recognised as providing an adequate level of data protection for personal data. Further information on the EU-U.S. Data Privacy Framework and the list of certified companies can be found in English at: https://www.dataprivacyframework.gov/. In our data protection information, we provide information on whether a company is certified under the EU-U.S. Data Privacy Framework.

In other third countries to which personal data may be transferred, however, there may not be a consistently high level of data protection due to a lack of legal provisions. Where this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data in accordance with Art. 46 (1), (2) (c) GDPR, certificates or recognised codes of conduct.

II. Business relationships

(1) We collect company data and personal data from our business partners, contact persons and interested parties who wish to enter into a business relationship with us (hereinafter referred to as "business partners"). In particular, we collect the following data: name and address of the company as well as first name, surname and contact details (e.g. address, email, telephone number, fax number) of our business partners, customer numbers, contract data (e.g. subject matter of the contract, term of the contract), payment data (e.g. bank details), content data (e.g. content of messages) and other information for the execution of the enquiry or the order. In particular, we also use external service providers in compliance with legal requirements, e.g. for IT, CRM, software or cloud services, and project planning, in order to fulfil contracts, manage our data, maintain our customer and contractual relationships, and optimise our services and operational processes.

(2) The purpose of data processing is to fulfil our contractual obligations, communicate with business partners and organise our company. This includes, among other things, the provision of agreed services, correspondence, invoicing and the processing, exercise or assertion of any legal claims that may exist. The legal basis is Art. 6 (1) (b) GDPR for the fulfilment of our contractual obligations or for the implementation of a pre-contractual measure that is based on an enquiry. Furthermore, the legal basis is Art. 6 (1) (f) GDPR, as we have a legitimate interest in this processing. The legitimate interest consists in responding to enquiries and concerns from business partners, informing our business partners, being able to fulfil our contractual obligations and being able to enforce and defend legal claims. If the business partners have also given their consent, the additional legal basis is Art. 6 (1) (a) GDPR.

(3) Subject to statutory retention periods, the data will be deleted as soon as it is no longer required for the purpose of processing. Please also note our information under Section I.6.

(4) You may revoke your consent to the processing of personal data at any time. If the processing is based on Art. 6 (1) (f) GDPR and you believe that there are reasons arising from your particular situation that outweigh our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21 (1) GDPR. Please send your request to: datenschutz@sigma-av.com . For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

III. Data processing when accessing and using our website

1. Information when accessing the site

(1) Data and information are automatically collected each time you visit our website. The web server receives the following information from you as a log data record (so-called server log files). This data is collected, stored and further processed.

Your IP address
The page from which the page was requested (so-called referrer URL)
The name and URL of the requested page
The date and time of the visit
The description of the type, language and version of the web browser used
The amount of data transferred
The operating system used
A message indicating whether the request was successful (access status/HTTP status code)
The GMT time zone difference

This data is technically necessary for us to display our website to you and to ensure stability and security.

(2) The legal basis for this data processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in this processing. This legitimate interest consists of being able to provide you with the website and the information it contains at your request, ensuring stability and security, and improving the functionality of our website. The data is therefore processed for the following purposes in particular: to ensure a smooth connection and smooth use of our website, to evaluate the security and stability of the system, and to optimise the website. The data is not used to draw conclusions about your person, but is statistically evaluated in anonymised form, if necessary. If you visit our website to find out about our range of services or to use them, the legal basis for this data processing is Art. 6(1)(b) GDPR. According to this, the processing of data is permitted for the fulfilment of a contract or for the implementation of pre-contractual measures.

(3) The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data used to provide the website, this is generally the case when the respective session is ended. The processing of the data is essential for the operation of our website. For information on your rights as a data subject, please also read our notes under "VII. Rights of data subjects".

2. Host provider

The server on which our website is stored is operated by a host provider.

This provider acts as a processor for us in accordance with Art. 28 GDPR on the basis of a data processing agreement and processes data.

The host provider has access to all data mentioned in section II.1. Our host provider is:

Mittwald CM Service GmbH & Co. KG

Königsberger Straße 4-6

32339 Espelkamp

Telephone: +49-5772-293-100

Fax: +49-5772-293-333

3. Contact

(1) You have the option of contacting us (e.g. by e-mail, telephone, post). In this case, we process the following data from you, among other things: first and last name, telephone number, fax number, postal address, email address ( any additional information contained in the header or footer of your email ), customer and/or order number, time of the enquiry, your request (content data) and other information that you provide voluntarily. We process this data so that we can respond to your enquiry. The purpose of the processing is therefore to communicate with you. Please note that sending unencrypted emails does not provide protection against unauthorised access by third parties.

(2) The legal basis for this data processing is Art. 6 (1) (f) GDPR, as we have a legitimate interest in this processing. The legitimate interest consists in being able to respond to your enquiry and communicate with you at your request. If the process serves to fulfil a contract or to carry out a pre-contractual measure based on your enquiry and is necessary for this purpose, data processing is also carried out on the basis of Art. 6 (1) (b) GDPR.

(3) Once your enquiry has been finally processed, your personal data will be deleted, subject to statutory retention periods. This can be assumed to be the case if it is apparent from the circumstances that the matter in question has been finally clarified. If the enquiry is assigned to a contract, we will delete it after the contract term has expired. Please also note our information under Section I.6.

(4) If the processing is based on Art. 6 para. 1 sentence 1 lit. f) GDPR and you believe that there are reasons arising from your particular situation that outweigh our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21 para. 1 GDPR. Please send your request to:datenschutz@sigma-av.com . However, we would like to point out that in such a case, it may not be possible to process your request, in particular to communicate with you. For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

4. Further contact options

(1) We offer you further options on our website to contact us or use our services, about which we would like to inform you. We offer you the following options, which we will describe in more detail below:

Contact form
Appointment booking form
Technical support request
Chat

(2) We use the HubSpot service for these offers. This is offered by: HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA. The service is an integrated software solution and a CRM platform with marketing, sales and service functions. If you send us an enquiry via the aforementioned website services, the data you enter will be stored on the service's servers and used for the purpose of processing your enquiry. This may also involve the processing of additional personal data such as technical data (e.g. IP address, browser type and browser version, device type) or your usage behaviour (e.g. date and time of access, length of stay, referrer URL, geographical location). HubSpot acts as a processor and works on our behalf in accordance with Art. 28 GDPR on the basis of a processing agreement. HubSpot has assured us that the data is stored on servers located within the EU. However, it cannot be ruled out that the data may also be transferred to the USA. For these cases, HubSpot has submitted to the EU-U.S. Privacy Framework. This ensures an adequate level of data protection for your personal data. Further information on data protection at HubSpot can be found at the following link: https://legal.hubspot.com/de/privacy-policy.

(3) In sections 4.1 to 4.4 below, we provide further information on the specific data collected when using the aforementioned services:

4.1 Contact form

(1) You have the option of contacting us via a form ("contact form"). Here, we process the data entered in the input mask and subsequently transmitted to us, in particular your first and last name, email address, telephone number and the content-related information relating to your enquiry. The fields marked with an asterisk (*) in the input mask are mandatory fields that must be filled in.

(2) The data is processed for the purpose of handling your enquiry. Data processing is based on your express consent in accordance with Art. 6 (1) (a) GDPR. If the process serves to fulfil a contract or to carry out a pre-contractual measure based on your enquiry, data processing is also carried out on the legal basis of Art. 6 (1) (b) GDPR. Another legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR, as we have a legitimate interest in this processing. The legitimate interest is to be able to respond to your enquiry at your request.

(4) You may revoke your consent to the processing of your personal data at any time. If the processing is based on Art. 6 (1) (f) GDPR and you believe that your particular situation gives rise to reasons that outweigh our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21 (1) GDPR. Please send your request to: datenschutz@sigma-av.com . However, we would like to point out that in such a case, it may not be possible to process your request, in particular to communicate with you. For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

4.2 Appointment booking form

(1) On our website, we offer you the option of booking an appointment with us using a form ("appointment booking form"). We process the data transmitted here, in particular your first and last name, email address, company name and the date and time of the appointment. The fields marked with an asterisk (*) in the input mask are mandatory fields that must be filled in.

(2) The data is processed for the purpose of handling enquiries and managing appointments (e.g. with customers). Data processing is based on your express consent in accordance with Art. 6 (1) (a) GDPR. If the process serves to fulfil a contract or to carry out a pre-contractual measure based on your request, data processing is also based on Art. 6 (1) (b) GDPR. Another legal basis for this data processing is Art. 6 (1) (f) GDPR, as we have a legitimate interest in this data processing. The legitimate interest is to be able to respond to your enquiry at your request.

(3) For automatic appointment management, the appointment booking form is connected to the Microsoft Teams service. This is a service offered by Microsoft Corporation: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The data you enter is also transmitted to Microsoft so that a link for a Teams meeting can be created automatically, which we can use to contact you, and so that an email with the appointment confirmation and the Teams link can be sent. It also allows an appointment to be created and managed in our calendar.

Microsoft acts as a processor and, in accordance with Art. 28 GDPR, acts on our behalf and processes data on the basis of a data processing agreement. Microsoft has assured us that the data is stored on servers located within the EU. However, it cannot be ruled out that the data may also be transferred to the USA. For such cases, Microsoft Corporation has submitted to the EU-U.S. Privacy Framework. This ensures an adequate level of data protection for your personal data. Further information on data protection at Microsoft can be found at the following link: https://www.microsoft.com/de-de/privacy/privacystatement.

(4) Once your request has been processed, your personal data will be deleted, subject to statutory retention periods. This can be assumed to be the case if it is clear from the circumstances that the matter in question has been conclusively clarified. If the request is assigned to a contract, we will delete it after the contract term has expired. Please also note our information under Section I.6.

(5) You may revoke your consent to the processing of your personal data at any time. If the processing is based on Art. 6 (1) (f) GDPR and you believe that your particular situation gives rise to reasons that outweigh our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21 (1) GDPR. Please send your request to: datenschutz@sigma-av.com . For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

4.3 Request for technical support

(1) On our website, we offer you the opportunity to contact us via a form and report a technical problem, which creates a ticket ("ticket form"). Here, we process the data transmitted there, in particular your first and last name, email address, telephone number, device number, order number and the details of your request. The fields marked with an asterisk (*) in the input mask are mandatory fields that must be filled in.

(2) The data is processed for the purpose of handling your request for technical support. Data processing is based on your express consent in accordance with Art. 6 (1) (a) GDPR. If the process serves to fulfil a contract or to carry out a pre-contractual measure based on your request, data processing is also carried out on the basis of Art. 6 (1) (b) GDPR. Another legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR, as we have a legitimate interest in this processing. The legitimate interest is to be able to respond to your support request at your request.

(4) You may revoke your consent to the processing of your personal data at any time.

If the processing is based on Art. 6 (1) (f) GDPR and you believe that there are reasons arising from your particular situation that outweigh our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21 (1) GDPR. Please send your request to: datenschutz@sigma-av.com. For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

4.4 Chat

(1) We offer you the opportunity to contact us via a chat function on our website ("chat"). Here, we process the data transmitted there, in particular your first and last name, email address, telephone number, company and the content you enter during the communication (chat history). We may also collect information about when you contacted us via our chat function. In addition, the chat widget uses a cookie to interact with website visitors and provide the chat history. This cookie is deleted after 12 months. For more information on cookies, please refer to Section III.6.

(2) The data is processed for the purpose of handling your enquiry via our chat. Data processing is based on your express consent in accordance with Art. 6 (1) (a) GDPR. If the process serves to fulfil a contract or to carry out a pre-contractual measure based on your enquiry, data processing is also based on Art. 6 (1) (b) GDPR. Another legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR, as we have a legitimate interest in this processing. The legitimate interest is to be able to respond to your chat enquiry at your request.

(4) You may revoke your consent to the processing of your personal data at any time. If the processing is based on Art. 6 (1) (f) GDPR and you believe that your particular situation gives rise to reasons that outweigh our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21 (1) GDPR. Please send your request to: datenschutz@sigma-av.com. For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

5. Newsletter

(1) You have the option of subscribing to our newsletter. For this service, we process the data you provide there, in particular your email address and your first and last name. The fields marked with an asterisk (*) in the input mask are mandatory fields that must be filled in – in this case, your email address. Providing your name is voluntary. If you enter your name, we can address you personally.

(2) You can register to receive our newsletter via our website. We use the so-called double opt-in procedure for this. After submitting the registration form via our website, you will receive a confirmation email from us. In this email, you must confirm that you wish to receive information about our newsletter in future by clicking on a link provided. If confirmation is not received within 30 days, the data you have provided will be deleted. After confirmation, we will store your email address and, if applicable, your name and company name for the purpose of sending you the newsletter. In addition, we store your IP address and the time of registration and confirmation when you register. The data you provide will be used for account management and to send you the newsletter.

(3) We evaluate the user behaviour of our newsletter recipients. For this purpose, the newsletter emails sent contain so-called web beacons or tracking pixels. Among other things, information is collected about the receipt of the newsletter, whether the newsletter was opened by the recipient, when and how often the newsletter was opened (including date and time), from which device and browser the newsletter was opened, and which of the links provided on our website the recipient clicked on. This information is assigned to the individual recipients of our newsletter and stored. This enables us to identify the reading habits of recipients and tailor our content to their interests. Data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR. In addition, the information about the receipt of the newsletter helps us to increase the delivery rate and to sort out email addresses that no longer exist. Has a legitimate interest in these purposes in accordance with Art. 6 (1) (f) GDPR. This statistical data is deleted after a period of 3 months. We store your IP address, the time of registration and the time of confirmation of your registration in order to be able to verify the registration and to investigate any misuse. We also have a legitimate interest in this pursuant to Art. 6 (1) (f) GDPR.

(4) We use the HubSpot service to send and evaluate the receipt of our newsletter. This service is operated by HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA. When you subscribe to the newsletter, the data you enter is stored on HubSpot's servers and used for the purpose of processing your request. This may also result in the processing of other personal data, such as your IP address or your usage behaviour. HubSpot acts as a processor and works on our behalf in accordance with Art. 28 GDPR on the basis of a data processing agreement. HubSpot has assured us that the data is stored on servers located within the EU. However, it cannot be ruled out that the data may also be transferred to the USA. In such cases, HubSpot has submitted to the EU-U.S. Privacy Framework. This ensures an adequate level of data protection for your personal data. Further information on data protection at HubSpot can be found at the following link: https://legal.hubspot.com/de/privacy-policy

(5) Consent to receive the newsletter can be revoked at any time with future effect (e.g. by clicking on a link in the newsletter, by emailing post@sigma-av.com). In the event of revocation, you will be removed from the newsletter distribution list. This also allows you to revoke your consent to the storage of your personal data. The data will be processed until consent is revoked. It is not possible to revoke consent to the collection of newsletter statistics separately – in this case, you must unsubscribe from the newsletter. If the processing is based on Art. 6 (1) (f) GDPR and you believe that there are reasons arising from your particular situation that outweigh our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21 (1) GDPR. Please send your request to: datenschutz@sigma-av.com . For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

6. Cookies

At this point, we would like to inform you about our use of the Usercentrics cookie consent management tool (Section 6.1) and our use of cookies (Section 6.2).

6.1 Usercentrics

(1) In order to fulfil our legal obligation under Art. 7 (1) GDPR, we use the Usercentrics consent management platform. This is operated by:

Usercentrics GmbH

Sendlinger Straße 7

80331 Munich

Germany

Tel.: + 49 (0) 89 21 54 01 20

Email: contact@usercentrics.com

https://usercentrics.com/de/

The Usercentrics Consent Management Platform is a service that manages and documents consent for the use of cookies (consent manager). Using this tool enables us to obtain your consent to the processing of personal data or to refrain from processing personal data if you do not consent.

The Usercentrics Consent Management Platform collects log file data, user agent (device, browser type, browser language, browser version, resolution) and consent data (consent yes/no, timestamp, data scope, data attributes, controller ID, processor ID, consent ID) via JavaScript. This JavaScript enables Usercentrics to inform you about certain tags and web technologies on our website and to obtain, manage and document your consent. Usercentrics sets a necessary cookie to document the consents given . For further details on data processing, please refer to the privacy policy of Usercentrics: www.usercentrics.com/de/datenschutzerklaerung.

(2) The legal basis for the processing of the data is Art. 6 (1) (c) GDPR, as we are legally obliged to prove your consent (Art. 7 (1) GDPR). In addition, we have a legitimate interest pursuant to Art. 6 (1) (f) GDPR in ensuring that the necessary consents are documented and managed. Usercentrics GmbH is the processor of this data pursuant to Art. 28 GDPR on the basis of a data processing agreement. The data we collect with Usercentrics is automatically deleted after 12 months.

(3) If you believe that there are reasons arising from your particular situation that outweigh our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21(1) GDPR. Please send your request to: datenschutz@sigma-av.com.

6.2 Cookies

(1) We use technical tools for various functions on our website that may be stored on your device (e.g. PC, tablet, mobile phone). These technical tools are primarily cookies. Cookies are small text files that are stored on your device and provide certain information to the entity that sets the cookie. Cookies cannot execute programmes or transfer viruses to your computer. They primarily serve to make the website faster and more user-friendly and to recognise you when you visit again later. You can view the cookies that have been set and their duration at any time in your browser settings and delete the cookies manually . Other technologies used are not based on cookies, but on similar technical mechanisms.

(2) Cookies are stored for various reasons: to make the website usable in the first place by enabling basic functions such as page navigation and website security (so-called necessary cookies), to remember information, set user preferences in the long term or personalise content (so-called preference cookies), to enable analysis of website usage (so-called statistics cookies) or to track visitors to websites and pass on information about users to third-party providers (so-called marketing cookies). A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Session cookies or temporary cookies are automatically deleted as soon as you close your browser. This type of cookie makes it possible to record your session ID. This allows various requests from your browser to be assigned to a common session and makes it possible to recognise your device during subsequent visits to the website. Permanent cookies are cookies that are stored in your browser for a longer period of time and can transmit information. The respective storage period varies depending on the cookie. You can delete permanent cookies yourself via your browser settings. Some of the cookies we use on our website come from third parties. They help us to analyse the effectiveness of our content and the interests of website visitors, to measure the performance of our website, or to place needs-based advertising and other content on our website or other websites.

(3) Our website requires us to use cookies. Without these technologies, our website cannot be displayed or cannot be displayed completely. These cookies are generally those that are deleted after you leave our website, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. You can view the individual cookies in our consent manager. The legal basis for cookies that are absolutely necessary to offer you the use of our website is Section 25 (2) No. 2 TDDDG and Art. 6 (1) (f) GDPR.

(4) We only use various cookies or other technologies with your consent. You can give your consent via the consent manager. The functions are only activated with your consent and can be used in particular to analyse and improve visits to our website, to make it easier for you to use different browsers or end devices, to recognise you when you visit, or to display advertising tailored to your interests or to measure the effectiveness of advertisements. The legal basis for this processing is Section 25 (1) TDDDG and Art. 6 (1) (a) GDPR. You can revoke your consent at any time. The best way to do this is via our consent manager.

(5) For more information about which specific cookies we use and how you can manage your cookie settings and deactivate certain cookies, please refer to our consent manager: footer of our webpage

(6) If you have given your consent to the use of cookies, you can revoke this consent at any time and object to the processing in accordance with the legal requirements. For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects". You can access the cookie settings and the option to object here: footer of our webpage. You can also prevent cookies from being stored by adjusting your browser settings accordingly. In this case, however, not all functions of this website may be fully usable.

7. Web tracking, analysis and online marketing

At this point, we would like to inform you about our use of web tracking, analysis and online marketing services. These services also use cookies and other technologies. Information on other services operated by Google (e.g. Google Analytics) and the use of cookies in this context can be found in section III.8 of this privacy policy.

7.1 Sales Viewer

(1) We use the SalesViewer tool on this website to analyse visitor behaviour and identify potential customers. This service is provided by SalesViewer GmbH, Universitätsstraße 60, 44789 Bochum.

Sales Viewer automatically collects data such as the IP address, the pages visited, the length of time spent on the website and other information about the visitor, which is obtained from public sources. For this purpose, a JavaScript-based code is used to collect company-related data and information about its use. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). According to Sales Viewer, the data is immediately pseudonymised and is not used to personally identify visitors to this website. Further details on data processing can be found in Sales Viewer's privacy policy: https://www.salesviewer.com/de/plattform/datenschutz/. SalesViewer acts as a processor and works on our behalf in accordance with Art. 28 GDPR on the basis of a processing agreement.

(2) We use the information to optimise our marketing and sales opportunities. The legal basis for this is a legitimate interest pursuant to Art. 6(1)(f) GDPR.

(3) The data stored within the scope of SalesViewer will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations that prevent deletion.

(4) You can object to the collection and storage of data at any time with future effect by clicking on this link https://www.salesviewer.com/opt-out to prevent SalesViewer from collecting data on this website in future. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you will need to click on this link again. For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

7.2 HubSpot

(1) We use the HubSpot service for marketing and analysis purposes on our website. This service is provided by HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA. The service is an integrated software solution and CRM platform with marketing, sales and service functions. We use this service to analyse user behaviour on our website in order to improve our content and services and to recognise you when you visit our website. Cookies are set and web beacons are used for this purpose. Personal data such as your IP address, your location, the duration of your visit or your usage behaviour on our website (e.g. pages visited) are processed. We can assign this information to you if you have used a form on our website to contact us. HubSpot acts as a processor and works on our behalf in accordance with Art. 28 GDPR on the basis of a data processing agreement. HubSpot has assured us that the data is stored on servers located within the EU. However, it cannot be ruled out that the data may also be transferred to the USA. In such cases, HubSpot has submitted to the EU-U.S. Privacy Framework. This ensures an adequate level of data protection for your personal data. Further information on data protection at HubSpot can be found at the following link: https://legal.hubspot.com/de/privacy-policy

(2) The legal basis for the collection and further processing of data is your consent in accordance with Art. 6 (1) (a) GDPR. In addition, a further legal basis is a legitimate interest in efficient customer communication and marketing purposes in accordance with Art. 6 (1) (f) GDPR. The data we have will be deleted after a period of 24 months.

(3) You can prevent the storage of cookies at any time by adjusting your browser software settings, rejecting cookies via the consent manager or revoking your consent. If your data is processed on the basis of Art. 6 (1) (f) GDPR and you believe that there are reasons arising from your particular situation that outweigh our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21 (1) GDPR. Please send your request to: datenschutz@sigma-av.com . For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

7.3 LinkedIn Insight Tag

(1) We use the LinkedIn Insight Tag (or LinkedIn Pixel) on our website. This is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. By integrating this JavaScript tag, you as a user of our website can be shown interest-based and relevant advertisements when visiting , the LinkedIn social network or other websites that also use this process. We also receive statistics about website visitors (e.g. demographic information). Furthermore, we can evaluate your use of our LinkedIn advertising and your interest in our offers using a conversion tracking function and show you LinkedIn ads via retargeting on other websites.

(2) Your browser automatically establishes a direct connection to the LinkedIn server. This occurs both when you visit the LinkedIn website and when you visit websites that use the LinkedIn Insight tag. We have no influence on the scope and nature of LinkedIn's use of the data. To the best of our knowledge, LinkedIn receives information that you have accessed the relevant page of our website or clicked on one of our advertisements. If you are registered with LinkedIn and logged in, LinkedIn can assign the visit to your account. If you do not want this to happen, we recommend that you log out of your account beforehand. Even if you are not registered with LinkedIn or are not logged in, it is possible that LinkedIn may obtain data about your IP address, the time period and other identifying features and link them to the actions you have taken.

(3) The legal basis for the processing of your data is Art. 6 (1) (a) GDPR. The integration only takes place with your consent. In this context, it cannot be ruled out that data from LinkedIn may also be transferred to servers in the USA. In such cases, LinkedIn has submitted to the EU-U.S. Privacy Framework. This ensures an adequate level of data protection for your personal data. Further information on the LinkedIn Insight Tag can be found here: https://business.linkedin.com/de-de/marketing-solutions/insight-tag?lr=1/. The LinkedIn privacy policy can be found here: https://de.linkedin.com/legal/privacy-policy.

(4) You can withdraw your consent at any time. The easiest way to do this is via our Consent Manager. Further information on your rights as a data subject can be found under "VII. Rights of data subjects".

8. Google

(1) We use various Google services, including Google Analytics, Google Tag Manager, Google Ads and YouTube. These are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you use these services, Google generally collects and processes information and personal data, in particular your IP address, location data, time stamps and information about your device and browser. We provide information about the use of the individual services in sections 8.1 to 8.5 of this privacy policy.

(2) It cannot be ruled out that the information may also be transferred by Google to servers in the USA. In such cases, Google has submitted to the EU-U.S. Privacy Framework in the USA. This ensures an adequate level of data protection for your personal data. In addition, Google has committed itself in standard contractual clauses to guarantee European data protection law even in a third country (Art. 46 (2) (c) GDPR). Further information on standard contractual clauses: https://business.safety.google/adsprocessorterms/sccs/c2p/. Further information on data protection at Google can be found at the following link: https://policies.google.com/privacy. Google uses cookies for its services. Further information on this can be found in the Google Cookie Policy at the following link: https://policies.google.com/technologies/cookies#types-of-cookies. If you are logged into a Google account while visiting our website, there is also the possibility that the information will be linked to your account. If you do not want this to happen, you should log out of your Google account beforehand. Even if you are not registered with Google or have not logged in, there is a possibility that the provider may obtain and store your IP address. Further information on managing your Google data can be found here: https://support.google.com/accounts/answer/3024190. You can also adjust the settings in your browser, e.g. by setting your browser to block cookies.

8.1 Google Analytics

(1) Our website uses Google Analytics. To simplify the management of this tool, we use Google Tag Manager (for more information, see section 8.2 below). Google Analytics is a web tracking service provided by Google .

(2) We primarily use cookies, data about your device and browser, your IP address and website or app activities to record interactions between you as a visitor to the website and our website. Google Analytics also collects your anonymised IP addresses to ensure the security of the service and to provide information about the region of the respective user (so-called "IP location determination"). With the anonymisation function ("IP masking"), Google truncates the IP addresses within the EU/EEA by the last octet. Google acts as a processor and works for us on the basis of a processing agreement in accordance with Art. 28 GDPR. Information on the scope of services provided by Google Analytics can be found at https://marketingplatform.google.com/about/analytics/terms/de/. Google provides information on data processing when using Google Analytics at the following link: https://support.google.com/analytics/answer/6004245?hl=de/. We can check the success of our marketing campaigns by having Google link the information to Google Ads (see also our notes under section 8.3 below). This function can be deactivated via the Google Manager: https://www.google.com/settings/ads/onweb/?hl=de/.

(3) The purpose of our use of Google Analytics is to enable the analysis of your user interactions on websites and in apps and to improve our offering and make it more interesting for you as a user based on the statistics and reports obtained. The legal basis for the collection and further processing of the information is your consent in accordance with Art. 6 (1) (a) GDPR. The information is automatically deleted after a period of 14 months.

(4) You can withdraw your consent at any time. The easiest way to do this is via our consent manager or by installing the Google browser add-on, which is available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de/. However, we would like to point out that if you prevent the use of Google Analytics, you may not be able to use all the functions of our website to their full extent. For more information on your rights as a data subject, please refer to "VII. Rights of data subjects".

8.2 Google Tag Manager

(1) We use Google Tag Manager for analysis purposes. This is a tag management service. Tags are code segments. According to Google, Google Tag Manager collects certain aggregated data on tag firing in order to monitor the stability, performance and installation quality of the system and to obtain data for diagnostic purposes. This data does not contain any IP addresses or measurement IDs that are linked to a specific person. According to Google, Google Tag Manager does not collect, store or share any information about visitors to customer properties. This also applies to the URLs of visited pages. Further information about Google Tag Manager can be found at: https://marketingplatform.google.com/intl/de/about/tag-manager/. Further information about data processing by Google Tag Manager can be found at: https://support.google.com/tagmanager/answer/9323295?hl=de

(3) By using Google Tag Manager, we aim to simplify and clearly integrate various services. Data processing is based on your express consent in accordance with Art. 6 (1) (a) GDPR.

(4) You can revoke your consent to the processing of your personal data at any time. The easiest way to do this is via our Consent Manager. For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

8.3 Google Ads

(1) We use Google Ads to draw attention to our services with the help of advertisements. If you access our website via a Google ad, Google Ads will store a cookie on your device. The legal basis for the processing of your data is Art. 6 (1) (a) GDPR. The integration only takes place with your consent.

(2) The advertising material is delivered by Google via so-called "ad servers". For this purpose, we and other websites use so-called ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of advertisements or clicks by users. The Google Ads cookies stored on our website enable us to obtain information about the success of our advertising campaigns. These cookies are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement, last impression and opt-out information are usually stored as analysis values for this cookie. The cookies set by Google enable Google to recognise your internet browser. If a user visits certain pages on an advertiser's website and the cookie stored on their computer has not yet expired, Google and the advertiser can recognise that the user has clicked on the ad and been redirected to that page. Each advertiser is assigned a different cookie, so that cookies cannot be tracked across the websites of other advertisers. By integrating Google Ads, Google receives information that you have accessed the relevant part of our website or clicked on one of our advertisements. Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We ourselves do not collect any personal data independently in the aforementioned advertising measures, but merely provide Google with the opportunity to collect the data. We only receive statistical evaluations from Google that provide information about which ads were clicked on, how often and at what prices. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information. Further information about Google Ads is available here: https://support.google.com/My-Ad-Center-Help/answer/12155656

(3) You may revoke your consent at any time. The easiest way to do this is via our consent manager. For further information on your rights as a data subject, please also read our notes under "VII. Rights of data subjects".

8.4 YouTube

(1) We have integrated YouTube videos into our website. These can be played directly from our website. These videos are stored on YouTube. Our purpose in doing so is to be able to present the video content directly on our website. The videos are integrated in extended data protection mode. This means that no data about you as a user is transferred to YouTube if you do not play the videos. Data is only transferred when you play the videos. We have no influence on this data transfer. The legal basis for displaying the videos is your consent in accordance with Art. 6 (1) (a) GDPR.

(2) When you visit the website, YouTube receives information that you have accessed the corresponding subpage of our website. In addition, data such as your IP address and timestamp are transmitted. YouTube processes your data as usage profiles and uses it for market research, demand-oriented advertising, the design of its website and/or to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise your right of objection, you must contact the provider of YouTube. Further information can be found in Google's privacy policy:www.google.de/intl/de/policies/privacy .

(3) You can revoke your consent to the processing of your personal data at any time. For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

8.5 Google Fonts

We use Google Fonts to ensure a uniform presentation of fonts and a visually appealing website. The fonts are integrated locally on our server and are therefore only loaded from there. This means that no connection to Google's servers is established and no personal data, e.g. your IP address, is transmitted to Google.

IV. Social media pages

(1) We have profiles and pages on various social media platforms to provide information about our company and our offers and to get in touch with other users. If you want to interact with us via the respective platform (e.g. send messages, like posts), it is usually necessary for you to have an account with the respective service and to be logged in. Data is therefore processed by the respective platform providers. This includes the collection of data to determine user behaviour, for advertising purposes and for market research.

We have profiles on the following services:

Instagram
Threads
Facebook
LinkedIn
TikTok
YouTube
Google company profile

The Facebook service is operated by: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland

The services "Instagram" and "Threads" are operated by: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland

The LinkedIn service is operated by: LinkedIn Ireland Unlimited Company , Wilton Place, Dublin 2, Ireland

The TikTok service is operated by:TikTok Technology Limited, The Sorting Office, Ropemaker Place, Dublin 2, D02 HD23, Ireland

The YouTube service is operated by:Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

The Google Business Profile service is operated by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

With regard to data processing on the individual platforms, we refer you to the respective privacy policy. The links to the privacy policies of the individual social networks can be found below.

(2) Some of the social media profiles are linked on our website. The links can be identified by the icon of the respective platform or by the name. When you click on the corresponding link, you leave our site and open the respective website in a new tab or window. You thereby leave our area of responsibility. Please only click on the respective link if you wish to visit the site.

We do not use social media plugins on our website, which means that no data is passed on to the providers of social media platforms when you visit our website. However, if you click on a link and thus access the website of a social network, certain data about you may be collected. This applies regardless of whether you have a user account with the respective social media platform. In this case, it is also possible that your data may be processed outside the European Union. If you have a social media account with one of the above-mentioned networks, we recommend that you log out of your account before clicking on the link if you do not want your visit to our website to be associated with your account.

(3) In principle, the providers of the platforms are responsible for processing your personal data . We would like to point out that you use the platforms and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, sending messages, publishing content). In some cases, however, data is also processed by us or there is joint responsibility with the respective platform. Below, we inform you about which user data we process when you visit our sites.

When you visit our sites, the platform providers collect your IP address and other information stored on your device in the form of cookies. This information is also used to provide us, as the account operators, with statistical information about your interaction with us.

The data processed in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. In the case of transfers to the USA, the providers of Instagram, Threads, Facebook, LinkedIn, Google and YouTube in the USA have submitted to the EU-US Privacy Framework. This ensures an adequate level of data protection for your personal data. The provider of TikTok relies on adequacy decisions (Art. 45 GDPR) and standard contractual clauses (Art. 46 GDPR) to ensure an adequate level of protection for users' personal data. Further information on this is available from TikTok at the following link: https://www.tiktok.com/legal/page/eea/transferee-countries/de.

We do not know how the platforms use the data from your visit to our website and your interaction with our posts for their own purposes, how long they store this data, or whether data is passed on to third parties.

Data processing may differ depending on whether you are registered and logged in to the respective social network or portal or whether you visit the site as a non-registered and/or non-logged-in user. When you access a post or account, the IP address assigned to your device is transmitted to the platform provider. If you are currently logged in as a user, a cookie on your device can be used to track your movements on the network. If you want to avoid this, you should log out, delete the cookies on your device and restart your browser.

The providers describe what information the respective platform receives and how it is used in their privacy policies:

Further information on data protection at Facebook can be found here: https://de-de.facebook.com/privacy/policy/

Further information on data protection at Instagram can be found here: https://privacycenter.instagram.com/policy/

Further information on data protection at Threads can be found here: https://help.instagram.com/515230437301944?locale=en_EN

Further information on data protection at LinkedIn can be found here: https://de.linkedin.com/legal/privacy-policy

Further information on data protection at TikTok can be found here: https://www.tiktok.com/legal/page/eea/privacy-policy/de

Further information on data protection at YouTube and Google can be found here: https://policies.google.com/privacy?hl=de

(4) When you visit one of our profiles, the providers provide us with data on user behaviour, known as insights. Below, we provide information about the statistics we receive.

(a) Facebook / Instagram / Threads

When you visit our Facebook, Instagram or Threads page, which are provided by Meta Platforms Ireland Limited , Meta Platforms Ireland Limited provides us with so-called "page insights". "Page Insights" are summarised statistics created based on certain events logged by Meta servers when people interact with pages and their associated content. This is statistical information that is made available to us to provide information about the success of the posts and to gain insights into the types of actions that people take on the pages. Among other things, provides aggregated demographic information about the target group (e.g. age, gender, city and country), the time of their activity, new subscribers and departures, as well as the reach and impressions of our posts (e.g. likes, comments, clicks). The legal basis for the use of "Page Insights" is a legitimate interest pursuant to Art. 6 (1) (f) GDPR, as we have a legitimate interest in the efficient provision of content, the optimisation of our offerings and the analysis of our social media activities. Further information on "Page Insights" can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data. Meta Platforms Ireland Limited uses cookies for this function, which may remain stored for a longer period of time, regardless of whether you have a Facebook, Instagram or Threads account. Further information on the use of cookies by Meta Platforms Ireland Limited can be found here: https://www.facebook.com/privacy/policies/cookies. You can specify in your browser settings whether and which cookies may be stored. You can also delete cookies there. When you visit our Facebook, Threads or Instagram page, we are jointly responsible with Meta Platforms Ireland Limited for collecting your data on our site. We have entered into an agreement with Meta Platforms Ireland in this regard. The agreement on joint responsibility for data processing in accordance with Art. 26 GDPR can be accessed here: https://www.facebook.com/legal/terms/page_controller_addendum. The agreement concluded with Meta Platforms Ireland stipulates, among other things, that Meta Platforms Ireland is responsible for providing users with information about the processing of "Page Insights". It is also agreed that Meta Platforms Ireland shall enable the exercise of data subject rights (e.g. information, deletion, objection, etc.). In addition, it is stipulated that Meta Platforms Ireland shall take appropriate technical and organisational measures to ensure the security of the processing. Joint responsibility is limited to the collection and transfer of data by Meta Platforms Ireland Limited. Meta Platforms Ireland Limited is solely responsible for the further processing of your personal data on Facebook, Threads and Instagram. This applies in particular to the possible transfer of your data outside the European Union, e.g. to the USA. We also refer to the privacy policies of Facebook, Threads and Instagram linked under Section IV (3).

(b) LinkedIn

When you visit, follow or interact with our LinkedIn page, LinkedIn Ireland Unlimited Company processes personal data to create "Page Insights". This is statistical information that is made available to the page operator to provide information about the success of the posts and to gain insights into the types of actions that people take on the pages. In particular, LinkedIn processes data provided by the member, such as professional role, city, country, industry, seniority, company size and employment status from a member's profile. In addition, LinkedIn processes information about how a member has interacted with our company page, e.g. whether a member is a follower. LinkedIn states that the security of member data processing and the provision of "Page Insights" is ensured by appropriate technical and organisational measures. LinkedIn provides further information on this at the following link: https://security.linkedin.com/. LinkedIn uses cookies for this function, which may remain stored for a longer period of time, regardless of whether you have a LinkedIn account. For more information on LinkedIn's use of cookies, please refer to LinkedIn's cookie policy: https://de.linkedin.com/legal/cookie-policy. You can specify in your browser settings whether and which cookies may be stored. You can also delete cookies there. The page statistics provided to us consist of aggregated data. The legal basis for the use of "Page Insights" is a legitimate interest pursuant to Art. 6 (1) (f) GDPR, as we have a legitimate interest in the efficient provision of content, the optimisation of our offerings and the analysis of our social media activities. When you visit our LinkedIn page, we are jointly responsible with LinkedIn Ireland Unlimited Company for the collection of your data on our page. We have entered into an agreement with LinkedIn Ireland Unlimited Company in this regard. The agreement between us and LinkedIn on joint responsibility for data processing in accordance with Art. 26 GDPR can be accessed here: https://legal.linkedin.com/pages-joint-controller-addendum. In the agreement, LinkedIn has agreed to assume responsibility for the provision of "Page Insights" within the framework of the GDPR and to comply with all applicable obligations under the GDPR with regard to the processing of "Page Insights". This means that LinkedIn will, among other things, ensure that members are informed about the data processed and support members' rights to information and deletion. The joint responsibility is limited to the collection and transfer of data by LinkedIn (LinkedIn Ireland Unlimited Company). LinkedIn Ireland Unlimited Company is solely responsible for the further processing of your personal data at "LinkedIn". This applies in particular to the possible transfer of your data outside the European Union, e.g. to the USA. We also refer to the privacy policy of LinkedIn Ireland Unlimited Company linked under Section IV (3).

When you visit, follow or interact with our TikTok page, TikTok Technology Limited processes personal data to create "TikTok Analytics". These are aggregated statistics created based on certain events logged by TikTok servers when people interact with pages and their associated content. TikTok Analytics is anonymous aggregated data. This is provided to us to give us information about the success of posts and to gain insights into the types of actions people take on the pages. Among other things, summarised demographic information about the target group (e.g. age, gender, city and country), time of activity, new subscribers and departures, as well as the reach and impressions of our posts (e.g. likes, comments, clicks) can be viewed. The legal basis for the use of "TikTok Analytics" is a legitimate interest pursuant to Art. 6 (1) (f) GDPR, as we have a legitimate interest in the efficient provision of content, the optimisation of our offerings and the analysis of our social media activities. Further information on TikTok Analytics can be found here: https://www.tiktok.com/legal/page/global/information-about-tiktok-analytics/en. TikTok Technology Limited uses cookies for this purpose, which may remain stored for a longer period of time, regardless of whether you have a TikTok account. Further information on the use of cookies by TikTok Technology Limited can be found here: https://www.tiktok.com/legal/page/global/tiktok-website-cookies-policy/de. You can specify in your browser settings whether and which cookies may be stored. You can also delete cookies there. When you visit our TikTok page, we are jointly responsible with TikTok Technology Limited for the collection of your data on our page. We have concluded an agreement with TikTok Technology Limited in this regard. The agreement on joint responsibility for data processing in accordance with Art. 26 GDPR can be accessed here: https://www.tiktok.com/legal/page/global/tiktok-analytics-joint-controller-addendum/en. Among other things, the agreement stipulates that TikTok is responsible for providing users with information about the processing of data. It also stipulates that TikTok shall enable the exercise of data subject rights (e.g. information, erasure, objection, etc.). Joint responsibility is limited to the collection and transmission of data by TikTok. TikTok Technology Limited is solely responsible for the further processing of your personal data at "TikTok". This applies in particular to the possible transfer of your data outside the European Union. It is therefore also possible that your data may be processed by TikTok outside the European Economic Area. We also refer you to the data protection provisions linked under Section IV (3) and to the information available at https://www.tiktok.com/legal/page/eea/transferee-countries/de on ensuring an adequate level of protection by TikTok.

(d) YouTube

When you visit, follow or interact with our YouTube channel, Google Ireland Limited processes personal data. This includes information about your IP address, location, time, device used, user behaviour (e.g. videos and advertisements viewed, search terms, interactions with other users). This data is evaluated as part of YouTube Analytics. This is statistical information that is made available to us to provide information about the success of the posts and to gain insights into the types of actions that people take on the pages. If you have an account on YouTube or a Google service, it is possible that your actions will be linked to this account. If you do not want this to happen, it is advisable to log out of your account beforehand. Google Ireland Limited uses cookies that may remain stored for a longer period of time, regardless of whether you have a YouTube or Google account. For more information about Google Ireland Limited's use of cookies, please refer to the cookie policy: https://policies.google.com/technologies/cookies?hl=de. You can specify in your browser settings whether and which cookies may be stored. Further information on YouTube Analytics is available at: https://support.google.com/youtube/topic/9257532?hl=de&sjid=12072518908804735472-EU. The statistics provided to us via YouTube Analytics consist of aggregated data. Google Ireland Limited does not provide us with any personal data for this purpose. Among other things, we can view summarised demographic information without names about the target group (e.g. age groups, gender, country/region), impressions of our posts (e.g. number of views, playback duration, drop-off rate, playback sources, device type, click-through rate of thumbnails), new subscribers and departures, search terms used to find our videos, and interactions (e.g. likes, comments). The legal basis for the evaluation is a legitimate interest pursuant to Art. 6 (1) (f) GDPR, as we have a legitimate interest in the efficient provision of content, the optimisation of our offerings, the success of our posts and the analysis of our social media activities. We have no influence on which data is processed by Google Ireland Limited. In particular, we have no knowledge of the scope, purpose, duration and location of the storage of data by Google Ireland Limited. Google Ireland Limited is responsible for the processing of your personal data on YouTube. This applies in particular with regard to the possible transfer of your data outside the European Union, e.g. to the USA. We also refer to the data protection provisions of Google Ireland Limited linked under Section IV (3).

(e) Google company profile

When you visit or interact with our company's Google Business Profile, Google Ireland Limited processes personal data. This includes information about your IP address, location, time, device used, user behaviour (e.g. clicks on "Call", start of navigation). This data is evaluated by Google Ireland Limited to generate insights. The insights are therefore anonymous statistical data that is made available to us. For example, we receive information about how often our profile is displayed in Google searches, which search terms were used to find our company, and the number of post views. The statistics provided to us consist of aggregated data. Google Ireland Limited does not provide us with any personal data for this purpose. The legal basis for the evaluation is a legitimate interest pursuant to Art. 6 (1) (f) GDPR, as we have a legitimate interest in the efficient provision of content, the optimisation of our offerings and the analysis of our online activities. If you have a Google service account, it is possible that your actions will be linked to this account. If you do not want this to happen, it is advisable to log out of your account beforehand. Google Ireland Limited uses cookies that may remain stored for a longer period of time, regardless of whether you have a Google account. For more information about the use of cookies by Google Ireland Limited, please refer to the cookie policy: https://policies.google.com/technologies/cookies?hl=de. You can specify in your browser settings whether and which cookies may be stored. We have no influence on which data is processed by Google Ireland Limited. In particular, we have no knowledge of the scope, purpose, duration and location of data storage by Google Ireland Limited. Google Ireland Limited is responsible for the processing of your personal data. This applies in particular to the possible transfer of your data outside the European Union, e.g. to the USA. We also refer to the data protection provisions of Google Ireland Limited linked under Section IV (3).

(5) Furthermore, we only process the data from your use of the profiles that you provide to us. If you subscribe to or follow our channels, visit the pages, comment on, share or like posts, your publicly visible profile information (e.g. name, photo, company) and the content you publish (e.g. comments, images) will be shared with us. The purpose of processing is to provide communication, interact with our customers and interested parties, evaluate the reach of our offering, and for marketing. The legal basis for processing your data on the respective platform is Art. 6 (1) (f) GDPR .

If you send us a message ("direct message") via one of our profiles, we may collect the following data:

Your first and last name, the name of your profile and your profile picture
Information about your profession (e.g. job title, employer)
Other personal data that you voluntarily provide to us in your message (e.g. e-mail address)
The content of your enquiry

We process this data in order to respond to your enquiry. The legal basis for this data processing is Art. 6(1)(f) GDPR, as we have a legitimate interest in this processing. The legitimate interest is to be able to respond to your enquiry at your request. If the process serves to fulfil a contract or to carry out a pre-contractual measure based on your enquiry, the data processing also takes place on the basis of Art. 6 (1) (b) GDPR. If you ask us a question that we can only answer by email, telephone or post, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy. Please also note our information under Section III.3.

Once your enquiry has been finally processed, your personal data will be deleted, subject to statutory retention periods. This can be assumed to be the case if it is clear from the circumstances that the matter in question has been finally clarified. If the enquiry is assigned to a contract, we will delete it after the contract term has expired. Please also note our information under Section I.6. If you subscribe to or follow a page, this data will be stored for as long as your profile exists or you subscribe to or follow our offer. You can delete posts that you have published yourself on our channels (e.g. comments, likes, images) at any time.

(6) If you believe that your particular situation gives rise to reasons that outweigh our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21 (1) GDPR. To exercise your rights as a data subject – see also "VII. Rights of data subjects" – you can contact us (datenschutz@sigma-av.com ) or the provider of the respective platform. If we are not responsible for responding to your request, we will forward it to the respective platform operator. If you have any questions about profiling or the processing of your data when using the website, please contact the operator of the respective platform directly. If you have any questions about the processing of your interaction with us on our website, please write to us using the contact details provided above.

V. Other data processing

1. Community management

(1) We use a community management service to support our activities on social networks and for other offers (e.g. GoogleAds), in particular for publishing content and evaluating the effectiveness of our posts and activities. This service is operated by: Metricool Software SL, Calle Téllez, No. 12, Entreplanta H, 28007, Madrid, Spain. This is a service used to manage accounts and advertising campaigns. It helps us in particular with the planning, publication and analysis of posts on our social media channels. Among other things, the tool enables us to measure the success of campaigns on our social media channels, evaluate user interactions and improve the performance of our content. For example, we receive information about the location, age and gender of users. The data is displayed to us in pseudonymised form. Personal data may be processed in this context, in particular information such as IP address, location data, browser type, devices used, information about user behaviour on the platform (e.g. pages visited, length of stay), public user profile data and data from direct messages. According to Metricool's own information, the data is stored exclusively on servers within the European Union. Further information on data processing by Metricool can be found in the provider's privacy policy: https://metricool.com/privacy-policy/

(2) The purpose of use is the uniform and simplified publication and planning of content on social networks for marketing reasons. The programme also helps us to determine which publications and campaigns are successful. The legal basis for processing is Art. 6 (1) (f) GDPR, as we have a legitimate interest in the efficient provision of content, the optimisation of our offers and the analysis of our online activities. The provider of Metricool acts as a processor and works for us on the basis of a processing agreement in accordance with Art. 28 GDPR. The data available to us will be deleted as soon as it is no longer required for its purposes.

(3) If you believe that there are reasons arising from your particular situation that outweigh our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21(1) GDPR. Further information on your rights as a data subject can be found under "VII. Rights of data subjects".

2. Cardeleine

(1) We use the digital business card service Cardeleine. This service is offered by Blue Performance GmbH, Brienner Straße 45d, 80333 Munich. We use this service to share our contact details or to scan the contact details of others (e.g. using a mobile phone). This enables us to manage digital business cards and provides a scanning solution for digitising printed business cards.

(2) The data collected and stored is that which appears on the business card, i.e. in particular first and last name, company, job title, position and contact information (e.g. address, telephone number, email address). This data is then stored on, among other places, the work mobile phone of the employee who performs the scanning process. It is also stored on the servers of Blue Perfomance GmbH. Further information on data protection at Cardeleine can be found at the following link: https://www.cardeleine.com/de/legal/privacy. The data is also stored via a customer relationship management function of an external service provider that we use for address management. The services are provided for us as processors in accordance with Art. 28 GDPR on the basis of a data processing agreement.

(3) The data is processed on the basis of your consent (e.g. when you hand over your business card for scanning) in accordance with Art. 6 (1) (a) GDPR. If the process serves to fulfil a contract or to implement a pre-contractual measure, the data processing is carried out on the basis of Art. 6 (1) (b) GDPR. In addition, data processing serves a legitimate interest pursuant to Art. 6 (1) (f) GDPR, as it facilitates business communication with you and improves our operational processes. We provide information about our deletion periods in Section I.6.

(4) You may revoke your consent to the processing of personal data at any time. If the processing is based on Art. 6 (1) (f) GDPR and you believe that there are reasons arising from your particular situation that outweigh our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21 (1) GDPR at . Please send your request to: datenschutz@sigma-av.com . For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

3. Kickbox

(1) We use the Kickbox service to verify the accessibility of email addresses. This service is provided by J2 Martech Corp, DBA Kickbox, 700 S. Flower St, Suite 500, Los Angeles, CA 90017, USA. This involves the processing of email addresses in particular. We check whether an email is deliverable, undeliverable, risky or unknown. In addition, information is included regarding the domain type, whether it is a disposable address or a role email address, and the accept-all behaviour of the mail server.

(2) Processing is carried out exclusively for the purpose of validation, to improve the deliverability of emails, to avoid spam and to optimise our operational processes. The legal basis is Art. 6 (1) lit. f) GDPR, as we have a legitimate interest in process optimisation with regard to our email communication and want to avoid sending spam. The service acts as a processor for us in accordance with Art. 28 GDPR on the basis of a processing agreement. Once email addresses have been verified by us, they are deleted from our account after one week. Email addresses that are not accessible or are otherwise marked by Kickbox are removed from our directory.

(3) Kickbox has informed us that the data is processed on servers located within the EU. However, it cannot be ruled out that the data may also be transferred to the USA. In this case, J2 Martech Corp. has submitted to the EU-U.S. Privacy Framework. This ensures an adequate level of data protection for your personal data. Further information on data protection at Kickbox can be found at: https://docs.kickbox.com/docs/privacy-policy and https://docs.kickbox.com/docs/gdpr.

(4) If you believe that your particular situation gives rise to reasons that override our legitimate interest in the aforementioned processing, you may object to this in accordance with Art. 21(1) GDPR. Please send your request to: datenschutz@sigma-av.com . For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

VI. Applications

(1) Here we inform you about the data we process when you apply for a job with us.

(2) You can apply for an advertised position via our website, among other ways. We use a widget from the talent management platform Join, which is integrated into our website, to carry out the application process and manage applicants. This is offered at by Join Solutions AG, Eichenstrasse 2, 8808 Pfäffikon SZ (Schwyz), Switzerland. Join is a recruiting software. When you see a job offer on our website and click on it, you will be redirected to the Join website. When you visit the Join website, the IP address of the device used, the device, the date and time of access, the name and URL of the file accessed, the website from which access is made (referrer URL), the identifier of the browser used and the name of the Internet provider are recorded and stored in log files. If an application is submitted via Join for a specific position with us, the following data in particular, provided it is entered or uploaded, will be processed by Join and transmitted to us: Email address, contact details, first and last name, CV, references, other individual documents and information (e.g. cover letter, certificates, diplomas, qualifications and professional experience provided). According to Join, all data collected as part of the application is encrypted using SSL technology and transmitted to Join's servers for the purpose of applicant management, where it is stored and processed. Join provides us with the application portal as a so-called processor in accordance with Art. 28 GDPR, for which we have concluded a data processing agreement. When you apply via Join, your data may be transferred to Switzerland, i.e. outside the European Union. The legal basis for this data transfer to Switzerland is Art. 45 (1) GDPR. Based on a decision by the European Commission, Switzerland guarantees a level of data protection for your personal data that is adequate in accordance with the GDPR. The decision can be viewed via this link: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32000D0518. Further information on data protection at JOIN can be found at the following link: https://join.com/de/datenschutz

(3) If you do not apply via JOIN, but send us your application by post or email, for example, we will process the data you provide as part of this application process. This includes your first and last name, email address, contact details, qualification data (e.g. CV, references, certificates, etc.) and other individual documents and information (e.g. cover letter, qualifications and professional experience provided).

(4) If you apply to us – regardless of whether your application is submitted via our website, via Join or by other means (e.g. by post or email) – your data relating to the application will be processed by us for the purpose of personnel selection in compliance with the statutory provisions. The primary legal basis for this is Art. 6 (1) (b) GDPR in conjunction with Art. 88 (1) GDPR in conjunction with § 26 (1) BDSG. In the context of personnel selection, information about severe disability may be processed as a special category of personal data in accordance with Art. 9 (1) GDPR and is based on Art. 9 (2) lit. b) GDPR in conjunction with § 26 (3) BDSG.

(5) If an application process leads to employment with us, we will continue to process your data for the purpose of the employment relationship, insofar as this is necessary for the performance or termination of the employment relationship. For this purpose, the data will be transferred to our system and stored at least for the duration of the employment relationship. The legal basis for this is Art. 88 GDPR in conjunction with § 26 BDSG.

(6) Your data will be deleted if you withdraw your application. Your data will be deleted after three months of the selection process being completed if we reject your application. Longer storage is possible if you have given us your consent (Art. 6 (1) (a) GDPR), e.g. so that we can consider your application for another job vacancy at a later date. Please also note our information under Section I.6. If your application was submitted via Join, we will also remove your data from our Join employer account when it is deleted. We will then no longer have access to it. However, it is possible that Join may continue to store certain data. In this case, it may be advisable for you to delete your data from your applicant profile on Join yourself or have it deleted. In this regard, we refer you to Join's privacy policy linked above in Section VI (2). For further information on your rights as a data subject, please also read our information under "VII. Rights of data subjects".

VII. Your rights as a data subject

You can assert your rights as a data subject with regard to your processed personal data at any time by contacting us using the contact details provided in section I.3 above or at datenschutz@sigma-av.com. As a data subject, you have the right

pursuant to Art. 7 (3) GDPR to revoke your consent at any time – i.e. your voluntary, informed and unambiguous declaration of intent, made clear by a statement or other unequivocal affirmative action, that you agree to the processing of the personal data concerned for one or more specific purposes – if you have given such consent. As a result, we may no longer continue the data processing that was based on this consent in the future;
to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if it was not collected by us, and the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details;
to request the immediate rectification of inaccurate data or the completion of your data stored by us in accordance with Art. 16 GDPR;
to request the erasure of your data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
to request the restriction of the processing of your data in accordance with Art. 18 GDPR, unless the accuracy of the data is disputed by you or the processing is unlawful;
to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller ("data portability") in accordance with Art. 20 GDPR;
to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data in our company in accordance with Art. 77 GDPR.

Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which we will implement without you having to specify a particular situation. Unless it is an objection to direct marketing, we ask you to explain the reasons why we should not process your data as we have done when exercising your right of objection. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or point out to you our compelling legitimate reasons for continuing the processing. To exercise your right of objection, simply send an email to datenschutz@sigma-av.com.

VIII. Changes to this privacy policy

In the context of the further development of data protection law and technological or organisational changes, our data protection information is regularly reviewed for the need for adjustment or supplementation and amended if necessary.

This privacy policy is current as of September 2025.

*Disclaimer:
This document has been translated from German using an AI translation tool. The translation is provided for convenience only. In the event of any discrepancies or inconsistencies, the original German version shall prevail as the legally binding document.