The data controller within the meaning of the GDPR and the Federal Data Protection Act (BDSG) is:

Ernst Feiler GmbH
Greimweg 4
95691 Hohenberg an der Eger

Phone: +49 (0)9233-77280
Fax: +49 (0)9233 – 772899

E-Mail: info@feiler.de

The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, or similar).

3. Hosting und Content Delivery Networks (CDN)

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

The use of the host is for the purpose of fulfilling our contractual obligations to potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing a secure, fast, and efficient online service through a professional provider (Art. 6(1)(f) GDPR). Our host will process your data only to the extent necessary to fulfil its performance obligations and will follow our instructions regarding this data.

We use the following host:

Mittwald CM Service GmbH & Co. KG
Königsberger Str. 4-6
32339 Espelkamp

To ensure data protection-compliant processing, we have entered into a Data Processing Agreement with our host.

4. General Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this Privacy Policy. When you use this website, various personal data will be collected. Personal data refers to any data that can be used to identify you personally. This Privacy Policy explains what data we collect and how we use it. It also explains how and for what purposes this data is processed.

Please note that data transmission over the internet (e.g., when communicating via email) may have security vulnerabilities. Complete protection of data from third-party access is not possible.

Data Retention

Unless a more specific retention period is specified within this Privacy Policy, your personal data will remain with us until the purpose for its processing no longer applies. If you submit a legitimate request for deletion or withdraw your consent for data processing, your data will be deleted, unless we have other legally permissible grounds for retaining your personal data (e.g., tax or commercial retention periods); in the latter case, the data will be deleted once these reasons no longer apply.

We have appointed a Data Protection Officer for our company.

Claus Nagel-Piciorus
C. Nagel & Kollegen GmbH
Danziger Straße 4
95126Schwarzenbach/Saale

E-Mail: datenschutz@nagel-kollegen.de

Notice on Data Transfer to the USA and Other Third Countries

We use tools from companies based in the USA or other third countries that do not have an adequate level of data protection. When these tools are active, your personal data may be transferred to and processed in these third countries. Please note that in these countries, there is no guarantee of data protection comparable to that of the EU. For example, US companies are required to disclose personal data to security authorities without the possibility for you, as the data subject, to take legal action against it. It cannot be ruled out that US authorities (e.g., intelligence agencies) may process, evaluate, and permanently store your data stored on US servers for surveillance purposes. We have no control over these processing activities.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the change in the address bar of your browser from "http://" to "https://" and by the lock symbol in your browser bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can withdraw your consent at any time. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

Right to Object to Data Processing in Specific Cases as well as to Direct Marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE LEGAL BASIS ON WHICH A PARTICULAR PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENCE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR). 

IF YOUR PERSONAL DATA IS BEING PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In case of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, their place of work, or the place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

Right to Data Portability

You have the right to receive the data we process based on your consent or in the performance of a contract in an automated manner, in a structured, commonly used, and machine-readable format, and to transmit it to another data controller. If you request the direct transfer of the data to another controller, this will only occur if it is technically feasible.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You may contact us at any time regarding this right. The right to restriction of processing applies in the following cases:

• If you dispute the accuracy of the personal data we have stored about you, we generally require time to verify this. During the verification period, you have the right to request the restriction of the processing of your personal data.
  
  
• If the processing of your personal data was/continues to be unlawful, you may request the restriction of data processing instead of deletion.
  
  
• If we no longer need your personal data, but you require it for the establishment, exercise, or defence of legal claims, you have the right to request the restriction of processing instead of deletion.
  
  
• If you have lodged an objection under Art. 21(1) GDPR, a balancing of interests must be carried out between your and our interests. As long as it has not been determined whose interests outweigh, you have the right to request the restriction of the processing of your personal data.
  
  

If you have restricted the processing of your personal data, such data—apart from its storage—may only be processed with your consent, or for the establishment, exercise, or defence of legal claims, or to protect the rights of another natural or legal person, or for reasons of substantial public interest of the European Union or a Member State.

Objection to Advertising Emails

We hereby object to the use of contact details published as part of the legal notice for the purpose of sending unsolicited advertising and informational materials. The operators of this website expressly reserve the right to take legal action in the event of unsolicited advertising communications, such as spam emails.

5. Data Collection on This Website

Cookies

To make the visit to our website more attractive, user-friendly, and secure, we use so-called cookies in several places on our site. These are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain on your device until you delete them yourself or until your web browser automatically deletes them. In some cases, third-party cookies may also be stored on your device when you visit our site (third-party cookies). These allow us or you to use specific services of the third-party company (e.g., cookies for processing payment services).  Cookies serve various functions. Many cookies are technically necessary, as certain website features would not function without them (e.g., the shopping cart function or video display). Other cookies are used to evaluate user behaviour or display advertisements.

Cookies that are necessary for the execution of electronic communication processes (necessary cookies) or to provide certain features desired by you (functional cookies, e.g., for the shopping cart function) or to optimise the website (e.g., cookies to measure the web audience) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the storage of the relevant cookies will take place exclusively based on this consent (Art. 6(1)(a) GDPR); the consent can be withdrawn at any time.

You can configure your browser to inform you about the setting of cookies and to allow cookies only in specific cases, to exclude the acceptance of cookies for certain situations, or to activate the automatic deletion of cookies when closing the browser. Deactivating cookies may limit the functionality of this website. If cookies from third parties or for analysis purposes are used, we will inform you separately in this Privacy Policy and, if necessary, request your consent. Cookies do not cause any harm to your device and do not contain viruses, trojans, or other malicious software. Most browsers automatically accept cookies. However, you can configure your browser to inform you about the setting of cookies and to decide individually whether to accept them or to exclude the acceptance of cookies for specific cases or altogether. If cookies are not accepted, the functionality of our website may be limited in individual cases.

When you visit our website, the user is also informed about the use of cookies for analysis purposes and their consent is obtained according to Art. 6(1)(a) GDPR for the processing of the personal data used in this context. A reference to this Privacy Policy is also provided in this regard.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files that your browser automatically transmits to us. These include:

• Browser type and browser version
  
  
• Used operating system
  
  
• Referrer URL
  
  
• Hostname of the accessing computer
  
  
• Time of the server request
  
  
• IP address
  
  

This data is not merged with other data sources.

The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free display and optimisation of the website – for this purpose, the server log files must be collected.

6. Collection, Storage, and Use of Personal Data

We process personal data of our users primarily to the extent necessary to provide a functional website and our content and services. The processing of personal data is generally only carried out with the consent of the user. When you place an order or make an enquiry through our online shop, personal data is collected when you voluntarily provide it to us in order to perform a contract or when creating a customer account. The legal basis for this is Art. 6(1)(a) GDPR. The personal data transmitted will be used by us for the execution of the resulting contractual relationship and stored in accordance with legal requirements. The legal basis for the processing and transfer of data is Art. 6(1)(b) GDPR.

Data deletion is possible at any time and can be requested by contacting us.

We will only transfer your personal data if this is necessary for contract execution and permitted within the legal framework or if you explicitly consent. After the full completion of the contract or deletion of your customer account, your data will be deleted after the expiration of statutory retention periods, especially tax and commercial retention periods, unless you have explicitly consented to further use of your data or a legally permitted further use of the data has been reserved. If the processing of personal data is required to fulfil a legal obligation to which our company is subject, the legal basis for the processing is Art. 6(1)(c) GDPR. If the processing is necessary to safeguard a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6(1)(f) GDPR serves as the legal basis for the processing.  

Order Process

In our online shop, you have the option to place an order either as a guest or by creating a customer account. All data entered by you during the order process will be stored for contract processing. This includes:

• First and last name
  
  
• Gender (so we can address you correctly)
  
  
• Address, as well as any alternative delivery address
  
  
• Payment method and, depending on the selection, payment details
  
  
• E-Mail address
  
  
• Phone number (for potential follow-up questions)

Customer Account

If you wish to create a customer account in order to place orders without having to re-enter your details each time, you will need to provide the same personal information as required for guest orders. Additionally, you must set a password to protect the customer account. The customer account provides an overview of past orders and active order processes. If you leave the online shop, you will be automatically logged out after 24 hours at the latest.

We are not liable for any misuse of passwords, unless it was caused by us.

You can delete your customer account at any time by sending a request to the contact information provided below.

Contact Form

When you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact details you entered, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively processing the inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested. The data you enter in the contact form will remain with us until you request its deletion, revoke your consent for storage, or the purpose for storing the data no longer applies (e.g., after the completion of processing your inquiry). Mandatory legal provisions, particularly retention periods, remain unaffected.

Inquiries via Email, Phone, or Fax

When you contact us via email, phone, or fax, your inquiry, including all personal data derived from it (such as name, inquiry), will be stored and processed for the purpose of handling your request. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively processing the inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested.

The data you send us via contact inquiries will remain with us until you request its deletion, revoke your consent for storage, or the purpose for storing the data no longer applies (e.g., after the completion of processing your request). Mandatory legal provisions, particularly legal retention periods, remain unaffected.

Newsletter

If you wish to subscribe to the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. No other data is collected, or only voluntarily provided data is collected. This data is used solely for sending the requested information and is not shared with third parties. The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 (1)(a) GDPR). You may revoke the consent given for storing the data, the email address, and its use for sending the newsletter at any time, such as through the “unsubscribe” link in the newsletter. The lawfulness of data processing carried out prior to the revocation remains unaffected.

The data you provided for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter or until the purpose for storing it ceases to apply. After unsubscribing from the newsletter, your data will be deleted from the newsletter distribution list. We reserve the right to delete or block email addresses in our newsletter distribution list at our discretion, as part of our legitimate interest under Art. 6 (1)(f) GDPR. After unsubscribing from the newsletter distribution list, your email address may be stored on a blacklist with us or with the newsletter service provider to prevent future mailings. The data from the blacklist is only used for this purpose and will not be merged with other data. This serves both your interest and our interest in ensuring compliance with the legal requirements for sending newsletters (legitimate interest according to Art. 6 (1)(f) GDPR). The storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.

Brevo

This website uses Brevo for sending newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Brevo is a service that allows organizing and analyzing newsletters, among other things. The data you provide for receiving the newsletter is stored on Sendinblue's servers in Germany.

With the help of Brevo, we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter was opened and which links were clicked. In this way, we can determine which links were clicked most often. Additionally, we can track whether certain predefined actions were taken after opening or clicking (conversion rate). For instance, we can see if you made a purchase after clicking the newsletter. Brevo also enables us to segment the newsletter recipients into different categories (clustering). For example, recipients can be segmented by age, gender, or location. This allows us to tailor newsletters to specific target groups. If you do not wish for Brevo to analyze your data, you must unsubscribe from the newsletter. We provide a corresponding link to unsubscribe in each newsletter message.

Detailed information on the features of Brevo can be found at the following link: https://www.brevo.com/?r=t.

Data processing is based on your consent (Art. 6 (1)(a) GDPR). You may revoke this consent at any time. The lawfulness of data processing carried out prior to the revocation remains unaffected. The data you provided for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter. After unsubscribing, the data will be deleted from the newsletter distribution list. Data stored for other purposes remains unaffected. After unsubscribing from the newsletter distribution list, your email address may be stored on a blacklist with us or the newsletter service provider to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest according to Art. 6 (1)(f) GDPR). The storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.

For further details, please refer to Brevo's privacy policy at https://www.brevo.com/legal/privacypolicy/.

We have entered into a contract with Brevo in which we require Brevo to protect our customers' data and not share it with third parties.

Whistleblower Channel

Our whistleblower channel offers employees, business partners, and external parties the opportunity to report incidents or misconduct that violate applicable laws or our code of conduct. Any report submitted will be treated with the utmost confidentiality and will be forwarded directly to the management, with the option to remain completely anonymous if desired. We take the protection of reports submitted through this channel and the confidentiality of any personal data contained within them very seriously.

Collection and Processing of Personal Data

When submitting a report through our whistleblower channel, we may collect the following personal data:

First name (not mandatory)
Last name (not mandatory)
E-Mail address (not mandatory)
Your relationship with the company

The processing of your personal data is carried out exclusively for the purpose of processing and investigating the reported incident.

Legal Basis for Processing

The processing of your personal data within the whistleblower channel is carried out based on the fulfilment of a legal obligation and/or the legitimate interest in investigating potential violations of legal or internal regulations.

Data Retention

Your personal data will only be retained for as long as is necessary for the processing of the report. After this, the data will be securely deleted in accordance with our internal guidelines.

• You have explicitly consented to such disclosure pursuant to Article 6(1) sentence 1 lit. a of the GDPR,
  
  
• The disclosure is necessary for the establishment, exercise, or defence of legal claims, as per Article 6(1) sentence 1 lit. f of the GDPR, and there is no reason to believe that you have a prevailing legitimate interest in preventing the disclosure of your data,
  
  
• There is a legal obligation to disclose the data, as per Article 6(1) sentence 1 lit. c of the GDPR, or
  
  
• The disclosure is legally permissible and necessary for the performance of a contract with you, pursuant to Article 6(1) sentence 1 lit. b of the GDPR.

Disclosure of Personal Data for Order Processing

Your personal data will be shared with third-party service providers, specifically with the transport company responsible for delivery, to the extent necessary for the delivery of the goods. In the case of shipping to a postal station, it may be necessary to provide your email address to the logistics service provider in addition to your shipping address.

Payment data will be shared with the assigned financial institution or payment service provider as part of the payment processing, provided that this is necessary for the transaction. If you choose to pay on invoice, you will not be required to provide any payment details. This payment method is available for invoice amounts up to a maximum of €350.00. For payments via PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on invoice" via PayPal, your payment data will be transmitted to the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. Payment processing is conducted via PayPal under the applicable PayPal Terms of Service, which can be reviewed at https://www.paypal.com/uk/legalhub/paypal/useragreement-full  or – if the customer does not have a PayPal account – under the terms for payments without a PayPal account, available at https://www.paypal.com/uk/legalhub/paypal/guest-tnc?locale.x=en_GB.

If paying by credit card (Visa, Master, or Maestro card), the payment processing will be carried out by the payment service provider Concardis GmbH, Helmann-Park 7, 65760 Eschborn. If this payment method is selected, the information provided during the order process, along with details of your order, will be exclusively shared with Concardis for payment processing. For payments via Sofortüberweisung (Instant Transfer), the payment will be processed by Sofortüberweisung.de. This is a direct transfer procedure with high-security standards for online banking, certified with TÜV-approved data protection. You are neither required to register nor to provide a credit card. You can pay directly via your online bank account.   

Disclosure of Personal Data for Creditworthiness or Identity Verification

When selecting a payment method where we pre-finance the order, such as delivery on invoice, we reserve the right to conduct a creditworthiness check based on mathematical-statistical procedures to ensure security for both you and us, and to protect our legitimate interests. The necessary personal data for the creditworthiness check will be transmitted to Creditreform Bayreuth, Groher & Kollegen KG, Wittelsbacherring 42, 95444 Bayreuth, during the creditworthiness verification process.

The credit report may include probability values (so-called score values). If score values are included in the result of the credit check, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, among other factors, address data. The result of the credit check, concerning the statistical risk of payment default, will be used to decide on the establishment, execution, or termination of a contractual relationship. If the payment method via PayPal is selected, PayPal reserves the right to carry out a creditworthiness check for payments via credit card, direct debit via PayPal, or – if offered – "purchase on invoice" via PayPal.

PayPal will use the result of the credit check, concerning the statistical payment default probability, to decide whether to offer the respective payment method. The credit report may contain probability values (so-called score values). If score values are used in the credit report result, they are based on a scientifically recognised mathematical-statistical procedure. The calculation of the score values includes, among other factors, address data. Further privacy-related information, including the credit agencies used, can be found in PayPal's privacy policy: https://www.paypal.com/uk/legalhub/paypal/privacy-full?locale.x=de_DE and in PayPal's terms of service: https://www.paypal.com/uk/legalhub/paypal/useragreement-full  or – if the customer does not have a PayPal account – in the terms for payments without a PayPal account, available at: https://www.paypal.com/uk/legalhub/paypal/guest-tnc?locale.x=en_GB.

8. Plug-ins und Tools

YouTube with Enhanced Privacy

This website integrates videos from YouTube. The operator of the site is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the enhanced privacy mode. Therefore, YouTube – regardless of whether you watch a video – establishes a connection to the Google DoubleClick network. Once you start a YouTube video on this website, a connection to YouTube's servers is made. The YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, YouTube is able to directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.

Additionally, YouTube may store various cookies on your device or use comparable recognition technologies (e.g., device fingerprinting) after you start a video. This allows YouTube to gather information about visitors to this website. These data are used, among other things, to collect video statistics, improve user-friendliness, and prevent fraud attempts. After starting a YouTube video, further data processing operations may be triggered, over which we have no influence.

The use of YouTube is in the interest of providing an engaging display of our online services. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) of the GDPR. If explicit consent was obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) of the GDPR; consent may be withdrawn at any time.

Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=en.

Google Web Fonts

This site uses so-called web fonts provided by Google to ensure consistent font presentation. The Google Fonts are installed locally. No connection to Google servers takes place during this process.

For further information on Google Web Fonts, please visit https://developers.google.com/fonts/faq?hl=en  and refer to Google's privacy policy at https://policies.google.com/privacy?hl=en.

Google Maps

This website uses the Google Maps service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

In order to use the features of Google Maps, it is necessary to store your IP address. This information is typically transferred to a Google server in the USA and stored there. The provider of this website has no influence over this data transfer. When Google Maps is activated, Google may use Google Web Fonts for the uniform display of fonts. When you access Google Maps, your browser loads the necessary web fonts into its browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of providing an engaging presentation of our online services and ensuring the easy location of places indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) of the GDPR. If explicit consent is requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) of the GDPR; consent can be withdrawn at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details, please refer to: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how user data is handled, please refer to Google's privacy policy at: https://policies.google.com/privacy?hl=en.

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). The usage is based on Art. 6(1)(f) of the GDPR. Google Analytics uses so-called "cookies", text files that are stored on your computer and enable analysis of your use of the website. The information generated by the cookie about your use of this website, such as bullet points, browser type/version, operating system used, referrer URL (the previously visited page), hostname of the accessing computer (IP address), and the time of the server request, is typically transferred to a Google server in the USA and stored there.

We have also enhanced Google Analytics on this website with the "AnonymizeIP" feature. This serves to mask your IP address, ensuring that all data is collected anonymously. When IP anonymization is enabled on this website, your IP address is truncated by Google before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA. According to Google's privacy policy, the IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage. Google may transfer this information to third parties if required by law or if third parties process the data on behalf of Google.

You can prevent the storage of cookies by adjusting the settings in your browser software; however, please note that in such cases, you may not be able to use all the functions of this website. You can also set your browser to notify you when cookies are set and decide individually whether to accept them, or you can exclude the acceptance of cookies in certain cases or in general. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. 

This will set an opt-out cookie on your device, preventing the future collection of your data when visiting this website. The opt-out cookie only applies to this browser and this website. If you delete the cookies in this browser, you will need to set the opt-out cookie again by clicking the link once more.

For further information on data protection related to Google Analytics, please refer to the Google Analytics Help: https://support.google.com/analytics/answer/6004245?hl=en. 

9. Our Services

Handling of Applicant Data

We offer you the opportunity to apply for positions with us (e.g., via email or post). Below, we inform you about the scope, purpose, and use of your personal data collected as part of the application process. We assure you that the collection, processing, and use of your data are carried out in accordance with applicable data protection laws and all other legal regulations, and that your data will be treated with the utmost confidentiality.

Scope and Purpose of Data Collection

If you submit an application to us, we process the associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.), as far as necessary for the decision regarding the establishment of an employment relationship. The legal basis for this processing is Section 26 of the German Federal Data Protection Act (BDSG-new) under German law (initiating an employment relationship), Art. 6(1)(b) of the GDPR (general pre-contractual steps), and – if you have provided consent – Art. 6(1)(a) of the GDPR. Consent may be withdrawn at any time. Your personal data will only be shared within our company with individuals who are involved in processing your application.

If the application is successful, the data you have provided will be stored in our data processing systems for the purpose of executing the employment relationship, based on Section 26 BDSG-new and Art. 6(1)(b) of the GDPR.


Data Retention Period

If we are unable to make you a job offer, if you reject a job offer, or if you withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months following the conclusion of the application process (rejection or withdrawal of the application) based on our legitimate interests (Art. 6(1)(f) GDPR). After this period, the data will be deleted, and any physical application documents will be destroyed. This retention period serves particularly for evidentiary purposes in the event of legal disputes. If it becomes clear that the data will be required after the 6-month period (e.g., due to an impending or ongoing legal dispute), deletion will only occur once the purpose for the extended retention no longer applies.

Longer retention may also take place if you have provided corresponding consent (Art. 6(1)(a) GDPR) or if legal retention obligations prevent deletion.

The following data protection statements apply to our social media presences:

Facebook

https://www.facebook.com/feiler.de/

Instagram

https://www.instagram.com/feilergermany/
https://www.instagram.com/feilermini/

YouTube

https://www.youtube.com/ErnstFeilerGmbH/

LinkedIn

https://www.linkedin.com/company/feilergermany/

Data Processing by Social Networks

Social networks such as Facebook, Instagram, etc., can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). By visiting our social media presences, numerous data processing operations related to data protection are triggered. Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media platform may associate this visit with your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the respective social media platform. In such cases, data collection can occur, for example, via cookies stored on your device or by capturing your IP address. Using the data collected in this way, the operators of the social media platforms can create user profiles that store your preferences and interests. This allows interest-based advertising to be displayed both within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertisements can be displayed on all devices where you are logged in or have been logged in.

Please also note that we cannot track all processing operations on social media platforms. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

Legal Basis

Our social media presences aim to ensure a comprehensive online presence. This constitutes a legitimate interest pursuant to Article 6(1)(f) of the GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be provided by the operators of the social networks (e.g., consent in accordance with Article 6(1)(a) of the GDPR).

Controller and Exercise of Rights

When you visit one of our social media presences (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing activities triggered during your visit. You can exercise your rights (access, rectification, deletion, restriction of processing, data portability, and complaints) both against us and against the operator of the respective social media portal (e.g., Facebook).

Please note that, despite our joint responsibility with the social media portal operators, we do not have full control over the data processing activities carried out by the social media portals. Our influence is primarily determined by the business policies of the respective provider.

Data Retention

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for their storage no longer applies, upon your request for deletion, when you withdraw your consent for storage, or when the purpose for data storage is no longer relevant. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – particularly retention periods – remain unaffected.

We have no influence on the data retention periods for data stored by the operators of social networks for their own purposes. For details, please refer directly to the operators of the social networks (e.g., in their privacy policy, see below).

Social Media Networks in Detail

Facebook
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.

You can independently adjust your advertising settings in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads

For more details, refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/

Instagram
We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal data, refer to Instagram's privacy policy: https://help.instagram.com/519522125107875

YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, refer to YouTube's privacy policy: https://policies.google.com/privacy?hl=en

LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For details on how they handle your personal data, refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

We take precautions to protect your data and to prevent misuse from external sources, safeguarding your data against accidental or intentional manipulation, complete destruction, or access by unauthorised persons. Data transmission on the internet is encrypted. Our security measures are regularly reviewed and updated in line with technological developments. Measures such as encryption (SSL encryption), firewalls, anti-hacking programs, and manual security precautions are applied. If encryption is not active, you should carefully consider whether you still wish to send sensitive information over the internet. You can check whether encryption is active by looking for the lock symbol at the bottom of your browser or if the address begins with "https://".  

Data transmission is only SSL-encrypted when you use the online contact form on our website, but not when you use your own email address to send your application by email. In such cases, your personal email settings or those of your email provider apply.

12. Rights of the Data Subject

You have the right to:

• According to Art. 15 GDPR, request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the details of such processing;
  
  
• According to Art. 16 GDPR, request the correction of inaccurate or the completion of your personal data stored by us without undue delay;
  
  
• According to Art. 17 GDPR, request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims;
  
  
• According to Art. 18 GDPR, request the restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful, but you oppose its erasure, and we no longer need the data, but you require it for the establishment, exercise, or defence of legal claims, or you have objected to the processing according to Art. 21 GDPR;
  
  
• According to Art. 20 GDPR, receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or request its transmission to another controller;
  
  
• According to Art. 7(3) GDPR, withdraw your consent once given at any time. This will result in the future cessation of the data processing based on that consent;
  
  
• According to Art. 77 GDPR, lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or place of work, or the location of our company headquarters.

13. Right of withdrawal

If your personal data is processed based on legitimate interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data according to Art. 21 GDPR, provided that there are reasons arising from your particular situation, or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without the need to specify a particular situation. If you wish to exercise your right of withdrawal or objection, simply send an email to our Data Protection Officer: Claus Nagel-Piciorus, datenschutz@nagel-kollegen.de

14. Currency and Amendments to this Privacy Policy

This privacy policy is currently valid and has the status of March 2025. Due to the ongoing development of our website and services or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy.