Contact
cross dimensional manufacturing

Privacy Policy

Name and contact of the person responsible according to Article 4 para. 7 DSGVO

toolcraft AG

Members of the Executive Board: Karlheinz Nüßlein, Christoph Hauck, Marc Volkhardt

Chairman of the Supervisory Board: Bernd Krebs

Handelsstr. 1
91166 Georgensgmünd
Germany

Phone: +49 9172 6956-0
Fax: +49 9172 6956-560

E-Mail: toolcraft@toolcraft.de
Internet: www.toolcraft.de 

Data Protection Officer: datenschutz@toolcraft.de

Privacy Policy and Legal Notice

Personal data may sometimes be collected when you visit this website. This Privacy Policy explains which personal data toolcraft collects when you visit this website and how we handle this data. When processing the personal data which we collect from visitors to this website, we act exclusively in accordance with the applicable legal provisions. We observe the Data Protection Ordinance (DSGVO) and the regulations of the Federal Data Protection Act (BDSG), which provide for the greatest possible degree of transparency, stipulate that personal data be processed in accordance with the law and regulate how it is disclosed.

Lawfulness of processing

The processing of personal data is only lawful if there is a legal basis for processing. Article 6(1)(a-f) of the General Data Protection Regulation (GDPR) specifically states the following as potential legal grounds for processing:

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • Processing is necessary for compliance with a legal obligation to which the controller is subject
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular where the data subject is a child.

Information about the collection of personal data

We provide information below about the collection of personal data when using this website. Personal data includes, for example: name, address, email addresses, and user behaviour.

When you contact us by email or via a contact/registration form, we will store the data you have provided in order to respond to your queries. We will erase the data collected on these forms after storage of the data is no longer necessary, or we will restrict processing if statutory retention periods apply.

Collection of personal data when visiting our website

If you use the website for information purposes only, i.e. if you do not register on our website, we only collect the personal data that your browser transfers to our server. If you wish to view our website, we collect the following data, which we require for technical purposes to display our website, to guarantee the stability and security of our website and to improve the content.

  • IP address
  • Date and time of request
  • Data regarding region of origin
  • Content of the request (landing pages, click paths, bounce rates and time spent on individual subpages)
  • Websites and social media channels from which the request is coming
  • Browser/operating system and device used to access the website

For further details, please see: https://support.google.com/analytics/answer/6004245?hl=en

Information on data security and transfer to third parties

The security of our website is one of our top priorities, which is why essential data transmissions on the toolcraft website are encrypted. In order to guarantee that the information you send to us online is kept confidential, we make every effort to update our encryption technology on a continuous basis so that it is in line with the latest technical developments.

To ensure that we can fully provide all of our services, we may in certain circumstances transfer your data to third parties appointed by us to provide support with our order processing activities. When transferring personal data to these third parties, we will only transfer the information needed in order for the services to be provided. The data will be transferred in accordance with the necessary data security standards. toolcraft will only transfer your personal data to third parties who confirm that they protect and process data in accordance with the applicable legislation.

We may also be required to disclose your data and related information if we are issued with a court or official order to do so. We also reserve the right to use your data to assert or defend ourselves against legal claims.

Recipients of data / Categories of recipients

Within the company, those persons who need your data to fulfil our contractual and legal obligations will have access to them. Service providers or agents we employ may also receive data for this purpose. We ensure that they keep them confidential and comply with our data protection policy.

Use of cookies

In addition to the above data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk for the browser you are using and that provide the website that creates the cookie with certain information. Cookies cannot run programs or infect your computer with viruses. They are used to make our website generally more user-friendly and effective.

You can configure your browser settings to suit your preferences, e.g. to reject third-party cookies or all cookies. Third-party cookies are cookies created by a third party and are not created by the website you are actually visiting. Please note that you may not be able to use all the features of this website if you disable cookies.

The provider uses Cookiebot as its cookie banner. Cookiebot is a product provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, hereinafter referred to as "Cybot". 
The provider uses the Cookiebot feature to inform users about the use of cookies on the website and to enable them to make a decision about whether cookies should be used. 
If a user consents to the use of cookies, the following data will be logged automatically by Cybot:

  • The user's IP number in an anonymous form;
  • The date and time of consent;
  • The user agent of the end user’s browser;
  • The provider's URL;
  • An anonymous, random and encrypted key;
  • The cookies consented to by the user (cookie status), serving as proof of consent.

The encrypted key and cookie status are saved to the user's end device through a cookie so that the cookie status can be recalled on future visits to the site. This cookie is automatically deleted after 12 months.  
The legal basis for this is Article 6 Paragraph 1(f) GDPR. It is in the provider's legitimate interest to provide a user-friendly website and to meet the legal requirements laid down in the GDPR.
Users can prevent or end the installation of the cookie and its storage, and thereby withdraw their consent to cookies at any time, by adjusting their browser settings. More information on this can be found above under "Cookies".
Cybot provides further information at the following link:
https://www.cookiebot.com/en/privacy-policy/

Google Tag Manager

This website uses Google Tag Manager. This service allows website tags to be managed on a single user interface. Google Tag Manager only implements tags. This means that it does not use cookies and does not collect any personal data. Google Tag Manager triggers other tags that may collect data. Information on these third-party providers can be found in this Privacy Policy. Google Tag Manager does not, however, access the data collected by these third parties. The Google Analytics service is integrated using Google Tag Manager.

If deactivation is performed at the domain or cookie level, this will remain in effect for all tracking tags, provided that they are implemented using Google Tag Manager.

For more information, please see the Google Tag Manager Use Policy.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer to help the website analyse how users use the site. The information generated by the cookie about your use of the website will normally be transmitted to and stored by Google on servers in the United States. If IP anonymisation has been activated on this website, however, Google will truncate your IP address within member countries of the European Union or other contracting states to the Agreement on the European Economic Area before transmitting it. Only in exceptional cases will the full IP address be transmitted to a server in the U.S. and truncated there. On behalf of the operator of this website, Google will use said information for the purpose of evaluating your use of the website, compiling reports on website activity for the website operator and providing other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent the collection of data created by the Cookie and related to your usage of this website (including your IP address) as well as the processing of these data by Google by means of downloading and installing a browser plug-in available at tools.google.com/dlpage/gaoptout.

This website uses Google Analytics with the "_anonymizeIp()" extension. This means that IP addresses are truncated before they are processed, so that they cannot be used to identify individuals. If the data collected about you is personally identifiable, it will be excluded immediately and the personal data will then be deleted as soon as possible.
We use Google Analytics to analyse and regularly improve use of our website. We can use the statistics from Google Analytics to improve our website and make it more interesting for you when you visit. The legal basis for the use of Google Analytics is Article 6(1)(f) GDPR. Details of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Terms of Use:
https://www.google.com/analytics/terms/gb.html
Privacy overview:
https://support.google.com/analytics/
Privacy Policy:
http://www.google.de/intl/en/policies/privacy

Use of Google AdWords conversion tracking

Our website uses the online advertising program Google AdWords and the related conversion tracking tool. Google conversion tracking is an analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you click on an advert displayed by Google, a conversion tracking cookie is stored on your computer. These cookies are only valid for a limited period of time, do not contain any personal data and can therefore not be used for personal identification purposes. If you visit certain pages on our website before the cookie has expired, Google and we will be able to detect that you have clicked on the advert and have been forwarded to this page. Every Google AdWords customer receives a different cookie. This means that it is impossible for cookies to be tracked across the websites of AdWords customers.

The information obtained with the help of the conversion cookie is used to create conversion statistics. These statistics inform us of the total number of users who have clicked on one of our adverts and who have been forwarded to a page with a conversion tracking tag.  We do not, however, receive any information that can be used to personally identify users. The data is processed on the basis of Article 6 (1) (f) of the General Data Protection Regulation (GDPR) due to our legitimate interest in targeted advertising and in analysing the impact and efficiency of this advertising.

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, if this processing is performed on the basis of Article 6 (1) (f) GDPR.

Moreover, you can prevent cookies from being stored by selecting the appropriate technical settings in your browser software. Please note, however, that in such cases you may not be able to make full use of all the features available on this website. If you choose this option, you will not be included in the conversion tracking statistics.

You can turn off personalised ads by visiting the Google Ad Settings page. Instructions on this are available at https://support.google.com/ads/answer/2662922?hl=en. You can also deactivate the use of cookies by third-party providers by visiting the opt-out page of the Network Advertising Initiative at https://www.networkadvertising.org/choices/ and following the steps on how to opt out.

For further information and to read Google's Privacy Policy, please visit https://policies.google.com/privacy?hl=en&gl=de

Google AdWords Call Tracking

If you access our website via a Google AdWords ad (also applies to the mobile website) and then dial the displayed phone number or directly dial the phone number in the ad via the browser on your device, Google stores your phone number or parts of your phone number for the purpose of call tracking. The following information is collected when you make the call: time, date, duration of call, destination number and phone number of the caller (or parts thereof). Under no circumstances is the content of the call stored. The stored data is provided to the recipient of the call. By using the service, you consent to the processing of your data as described. If you do not want to participate in tracking, you can opt out by easily disabling the Google Conversion Tracking cookie in your browser settings. You will then not be included in the Conversion Tracking statistics.

Conversion Tracking cookies are stored on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

For more information about Google AdWords and Google Conversion Tracking, please see Google's Privacy Policy at: http://www.google.de/intl/en/policies/privacy.

Use of social media links and plug-ins

Our website uses buttons with links to social media platforms: LinkedIn, Facebook, Instagram, Xing and YouTube. The buttons do not contact the servers of LinkedIn, Facebook, Instagram, Xing and YouTube. When you click a button, you will be taken to our profiles on these platforms. You can log in/register on each platform, but you are not required to do so. Personal data cannot be transferred to us when you are redirected or when you view our profiles.

1. Facebook

This website includes a link to Facebook. These links are recognisable from the Facebook logo.

a) Description and scope of the data processing

Our website includes a link to our Facebook page to allow us to communicate with customers, prospective customers and users. Facebook is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). In terms of data processing, we and Facebook are joint controllers within the meaning of Article 26(1) GDPR. Our mutual obligations arising from this joint controllership arrangement are determined in an agreement concluded between us and Facebook known as the “Page Insights Controller Addendum”. This agreement can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum.

We use statistical analysis to evaluate how you use our Facebook business page. For this purpose, we obtain detailed statistics on how our Facebook pages are used. These statistics are known as “Facebook Insights” and do not contain any personal data. For further information on Facebook Insights, please visit: https://www.facebook.com/legal/terms/information_about_page_insights_data.

We do not create any profiles on individual users.

We use the statistics to tailor our business page to our users’ requirements. We do this on the basis of our users’ interests, which Facebook analyses and ascertains from the statistics. Facebook uses cookies to do this, including as follows:

  • Placing and reading a cookie and subsequently processing personal data, including by using the datr cookie to link usage data with statistics (known as Insights).
  • Placing and reading a cookie and subsequently processing personal data by using cookies such as the fr cookie to link usage data for the purposes of advertising and creating profiles.
  • Storing and reading a cookie and subsequently processing personal data by using the c_user cookie to link the usage data, including the information previously provided by registered users during the registration process, to statistics (known as Insights).

For further information, please visit https://en-gb.facebook.com/policies/cookies/

b) Legal basis for processing personal data

The legal basis is our legitimate interest in communicating and sharing information with users pursuant to Article 6(1) (1)(f) GDPR. If you communicate with us through Facebook, the legitimate interest is our interest in responding to your enquiry pursuant to Article 6(1) (1)(f) GDPR. If the purpose of our communications with you is to conclude a contract or to take steps prior to entering into a contract, the additional legal basis for processing is Article 6(1) 1(b) GDPR. (see above).

c) Duration of storage and how to delete your data and opt out of it being stored

Personal data collected when you contact us is deleted as soon as it no longer needs to be stored. This is the case when it can be deduced from the circumstances that the matter in question has been fully resolved and the conversation with the user has come to an end. Data relevant to the fulfilment of contracts is retained for six years (Section 257 of the German Commercial Code – HGB) following the completion of the order and tax-related data for ten years (Section 147 of the German Fiscal Code – AO).

For information on how long Facebook stores cookies, please visit https://en-gb.facebook.com/policies/cookies/
You can deactivate or restrict the transmission of cookies by changing your web browser’s settings. Cookies that are already stored may be deleted at any time. This may also be done automatically.

d) Transfer to third countries

The data may also be processed outside of the EU or European Economic Area (EEA), in particular on Facebook servers located in the USA. This may put users at risk, for example by making it more difficult to enforce users’ rights. Data transfers are subject to the standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR, which were approved by the European Commission in its decision 2021/914 of 4 June 2021: (https://www.facebook.com/legal/EU_data_transfer_addendum)

2. LinkedIn

This website includes a link to LinkedIn. These links are recognisable from the LinkedIn logo.

a) Description and scope of the data processing

This website includes a link to LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

We have a page on the LinkedIn network to allow us to communicate with customers, prospective customers and users. In terms of data processing, we and LinkedIn are joint controllers within the meaning of Article 26(1) GDPR. Our mutual obligations arising from this joint controllership arrangement are determined in an agreement concluded between us and LinkedIn. This agreement can be viewed here.

LinkedIn uses two types of cookie: persistent cookies and session cookies. A persistent cookie lasts beyond the current session and is used for many purposes, such as recognising you as an existing user, so it is easier for you to return to LinkedIn and interact with our services without having to sign in again. Since a persistent cookie stays in your browser, it will be read by LinkedIn when you return to one of our sites or visit a third-party site that uses our services. Session cookies last only as long as the session (usually the current visit to a website or a browser session).

LinkedIn also uses pixels. A pixel is a tiny image embedded within websites and emails that requires a call (that provides device and visit information) to LinkedIn’s servers in order for the pixel to be rendered in those websites and emails. LinkedIn uses pixels to learn more about your interactions with email content or web content, such as whether you interacted with ads or posts. Pixels can also enable LinkedIn and third parties to place cookies in your browser.

How to opt out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

If you are a LinkedIn member but have logged out of your account on a browser, LinkedIn may still continue to log your interaction with our services on that browser under certain circumstances for up to 30 days in order to generate usage analytics for LinkedIn services. LinkedIn may share these analytics in aggregate form with us.

For further information, please visit https://www.linkedin.com/legal/cookie-policy.

b) Legal basis for processing personal data

The legal basis is our legitimate interest in communicating and sharing information with users pursuant to Article 6(1) 1(f) GDPR. If you communicate with us through LinkedIn, the legitimate interest is our interest in responding to your enquiry pursuant to Article 6(1) (1)(f) GDPR. If the purpose of our communications with you is to conclude a contract or to take steps prior to entering into a contract, the additional legal basis for processing is Article 6(1) 1(b) GDPR.

c) Duration of storage and how to delete your data and opt out of it being stored

Personal data collected when you contact us is deleted as soon as it no longer needs to be stored. This is the case when it can be deduced from the circumstances that the matter in question has been fully resolved and the conversation with the user has come to an end. Data relevant to the fulfilment of contracts is retained for six years following the completion of the order (Section 257 of the German Commercial Code – HGB) and tax-related data for ten years (Section 147 of the German Fiscal Code – AO).

You can deactivate or restrict the transmission of cookies by changing your web browser’s settings. Cookies that are already stored may be deleted at any time. This may also be done automatically.

d) Transfer to third countries

The data may also be processed outside of the EU or European Economic Area (EEA), in particular on servers located in the USA. This may put users at risk, for example by making it more difficult to enforce users’ rights. For further information, please visit https://www.linkedin.com/help/linkedin/answer/62533

3. XING

This website includes a link to XING. These links are recognisable from the XING logo.

a) Description and scope of the data processing

Our website includes a link to XING (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany).

We are joint controllers within the meaning of Article 26 GDPR. XING does not provide a contract pursuant to Section 26 GDPR.

XING is a social network operated by XING SE, which is headquartered in Hamburg, Germany. Members primarily use it to manage their professional and personal contacts and to make new connections. Organisations can use it to create a page with a logo and short profile, to post news and to start discussion groups.

You need to register as a user to make use of the networking features. There is a free basic version and a paid premium version with additional features.

We have access to statistical analyses about visits to our business page. This data is anonymised and cannot be used to identify individual users. We use the statistical analyses to optimise the information we publish.

If you are logged into your XING account when you visit our page, it will be possible for information about your use of the service to be linked to your user account. You can prevent this information from being collected by logging out of your XING account before visiting our page.

XING sometimes also processes data about you that was not collected directly from you. This may, for example, be the case if a user provides the information to XING, or XING obtains it from other sources. For example, this occurs when a user makes the information available to XING, or XING obtains the information from other sources. In such cases, XING states that it processes the data for the purpose of fulfilling its contractual obligations towards the respective user and/or to safeguard its legitimate interests, while giving due consideration to the user’s interests. The data concerned may include:

  • Data from uploaded address books or lists
  • First and last names
  • Email addresses
  • Phone numbers
  • Job titles and company names
  • Locations: towns/cities and countries
  • Twitter and Facebook handles

If you interact on XING when you are logged in (e.g. by sharing or commenting on content), this data will be stored. This information is visible to other users.

You can also use XING to contact us.

For further information, please visit:
https://privacy.xing.com/en/privacy-policy

b) Legal basis for processing personal data

The legal basis is our legitimate interest in communicating and sharing information with users pursuant to Article 6(1) 1(f) GDPR. If you communicate with us through XING, the legitimate interest is our interest in responding to your enquiry pursuant to Article 6(1) (1)(f) GDPR. If the purpose of our communications with you is to conclude a contract or to take steps prior to entering into a contract, the additional legal basis for processing is Article 6(1) (1)(b) GDPR.

c) Duration of storage and how to delete your data and opt out of it being stored

If the upload feature in question is only used for a single user search, categorisation or grouping, XING will delete the uploaded data immediately afterwards. If the purpose of the upload feature in question requires permanent storage of the uploaded data, XING will store this data until the respective user either deletes this data themselves or their user account is deleted. The invited non-users can use an opt-out link in the invitation email to object to further invitations or invitation reminders being sent to their email address.

Personal data collected when you contact us is deleted as soon as it no longer needs to be stored. This is the case when it can be deduced from the circumstances that the matter in question has been fully resolved and the conversation with the user has come to an end. Data relevant to the fulfilment of contracts is retained for six years following the completion of the order (Section 257 of the German Commercial Code – HGB) and tax-related data for ten years (Section 147 of the German Fiscal Code – AO).

You can deactivate or restrict the transmission of cookies by changing your web browser’s settings. Cookies that are already stored may be deleted at any time. This may also be done automatically.
In addition, you can use the settings options on mobile devices to restrict XING’s access to contact and calendar data, photos and location data, etc. on these devices. However, the options depend on your operating system.

d) Transfer to third countries

XING transfers data to third countries. In particular, XING shares certain data with other users or third parties worldwide in order to fulfil its contractual obligations. In cases where the transfer of data to a third country does not serve the fulfilment of XING’s contractual obligations, XING has not received your consent, the transfer is not necessary for the establishment, exercise or defence of legal claims, and no other exemption clause applies, XING only transfers your data to a third country when an adequacy decision pursuant to Article 45 of the EU GDPR or appropriate safeguards pursuant to Article 46 of the EU GDPR are in place.

In general, XING transfers the data on the basis of the EU standard data protection clauses as adopted by the European Commission. You can find a copy of these standard data protection clauses on the European Commission’s website.

4. Instagram

This website includes a link to Instagram. The links are recognisable from the Instagram logo.

a) Description and scope of the data processing

This website includes a link to Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA).

Our website includes a link to our Meta page to allow us to communicate with customers, prospective customers and users. Meta is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). In terms of data processing, we and Facebook are joint controllers within the meaning of Article 26(1) GDPR. Our mutual obligations arising from this joint controllership arrangement are determined in an agreement concluded between us and Facebook known as the “Page Insights Controller Addendum”. This agreement can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum.

Our mutual obligations arising from this joint controllership arrangement are determined in an agreement concluded between us and Facebook known as the “Page Insights Controller Addendum”. This agreement can be viewed here: https://www.facebook.com/legal/terms/page_controller_addendum.

Please note that when you use our Instagram page and its features, you do so at your own risk. This applies in particular to your use of the interactive features (e.g. comments and likes).
When you visit our Instagram page, Instagram collects data such as your IP address as well as further information stored on your computer in the form of cookies. Instagram uses this information to provide us, as the operator of the Instagram page, with statistical information about how our Instagram page is used.

When you visit an Instagram page, the IP address assigned to your device is shared with Instagram. According to Instagram, this IP address is anonymised (in the case of “German” IP addresses) and deleted after 90 days. Instagram also stores information about its users’ devices (e.g. for its “login alert” feature); as part of this feature, Instagram may be able to link IP addresses to individual users.

If you are currently logged into Instagram as a user, a cookie with your Instagram ID is stored on your device. This allows Instagram to see that you have visited this page and to track how you have used it. This also applies to all other Instagram pages. Instagram can use Instagram buttons integrated into webpages to collect data on your visits to these webpages and to link this information to your Instagram profile. This data can be used to present you with tailored content or advertising.

For further information on the use of cookies, please visit:
https://help.instagram.com/1896641480634370?ref=ig

You can view the up-to-date version of Instagram’s Privacy Policy here: https://help.instagram.com/519522125107875

b) Legal basis for processing personal data

The legal basis is our legitimate interest in communicating and sharing information with users pursuant to Article 6(1) (1)(f) GDPR. If you communicate with us through Instagram, the legitimate interest is our interest in responding to your enquiry pursuant to Article 6(1) (1)(f) GDPR. If the purpose of our communications with you is to conclude a contract or to take steps prior to entering into a contract, the additional legal basis for processing is Article 6(1) 1(b) GDPR.

c) Duration of storage and how to delete your data and opt out of it being stored

Personal data collected when you contact us is deleted as soon as it no longer needs to be stored. This is the case when it can be deduced from the circumstances that the matter in question has been fully resolved and the conversation with the user has come to an end. Data relevant to the fulfilment of contracts is retained for six years following the completion of the order (Section 257 of the German Commercial Code – HGB) and tax-related data for ten years (Section 147 of the German Fiscal Code – AO).

You can deactivate or restrict the transmission of cookies by changing your web browser’s settings. Cookies that are already stored may be deleted at any time. This may also be done automatically.

To prevent Instagram from collecting data on your activities online, you should log out of Instagram or deactivate the “Saved login” feature, delete the cookies stored on your device, and close and restart your browser. This will delete information relating to Instagram that can be used to identify you directly. It will also allow you to use our Instagram page without your Instagram ID being disclosed. An Instagram login screen will appear if you try to access any of our page’s interactive features (e.g. the “Like”, comments or message features). After logging in, Instagram will once again be able to recognise you as a specific user.

Instagram stores data until it no longer needs it to provide services and Meta products or until you delete your account, whichever comes first. This is determined on a case-by-case basis and depends on factors such as the type of data, why it is collected and processed, and the relevant legal or operational requirements to store the data. If you search for something on Facebook, for example, you can access and delete this enquiry from your search history at any time, but the log of this search will only be deleted after six months.

d) Transfer to third countries

Instagram is a global service. When you use Instagram, data may be transferred outside of your home country, including to the USA.

Data is also transferred to Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

The data may also be processed outside of the EU or European Economic Area (EEA), in particular on Facebook servers located in the USA. This may put users at risk, for example by making it more difficult to enforce users’ rights. Data transfers are subject to the standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR, which were approved by the European Commission in its decision 2021/914 of 4 June 2021: (https://www.facebook.com/legal/EU_data_transfer_addendum)

5. YouTube

This website includes a link to YouTube. These links are recognisable from the YouTube logo.

a) Description and scope of the data processing

This website includes a link to YouTube (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).
We have a YouTube page to allow us to share video content with our customers, prospective customers and users. In terms of data processing, we and YouTube are joint controllers within the meaning of Article 26(1) GDPR. Our mutual obligations arising from this joint controllership arrangement are determined in an agreement concluded between us and YouTube. This agreement can be viewed here: https://privacy.google.com/businesses/gdprcontrollerterms/.

When you use YouTube, YouTube stores cookies on your device.

Please note that these cookies allow YouTube to track your user behaviour on external websites away from YouTube (and across multiple devices if users are logged in). This applies to all users regardless of whether they are registered with YouTube. Please also note that we have no influence over how the service provider uses cookies to process data. We are also not given access to any personal data as part of this process, with the exception of insights data in aggregate form, which we use for statistical purposes. This insights data does not allow us to identify individual users. You can still access our services if you configure your browser in such a way that no cookies can be stored by the respective online services.

For further information, please visit https://policies.google.com/technologies/cookies?hl=en#types-of-cookies.

More information on the insights data collected can be found here: https://support.google.com/youtube/answer/9002587?hl=en#zippy=%2Creach %2Coverview%2Cengagement%2Caudience%2Crevenue

How to opt out: https://adssettings.google.com/authenticated

b) Legal basis for processing personal data

The legal basis is our legitimate interest in sharing information with users pursuant to Article 6(1) 1(f) GDPR.

c) Duration of storage and how to delete your data and opt out of it being stored

You can deactivate or restrict the transmission of cookies by changing your web browser’s settings. Cookies that are already stored may be deleted at any time. This may also be done automatically.

d) Transfer to third countries

The data may also be processed outside of the EU or European Economic Area (EEA), in particular on servers located in the USA. This may put users at risk, for example by making it more difficult to enforce users’ rights. For further information, please visit https://policies.google.com/privacy?hl=en

We also use embedded YouTube videos at various points on our website. By clicking on these plug-ins, you consent to communication with YouTube and a connection is established. As data is transferred directly, we have no knowledge of the transferred data. YouTube is informed that you have accessed the specific page.

We have no control over the collected data and data processing operations and we do not know the full extent of data collection, the purposes of processing or the retention periods. We also have no information about erasure (deletion) of the collected data by the plug-in provider.

The plug-in provider stores the data collected about you as user profiles and uses these profiles for the purposes of advertising, market research and/or to personalise the design of its website. Data is processed (including for users who are not logged in) to display personalised advertising and to inform other users of the social network about your activity on our website. You have a right to object to the creation of these user profiles. To object, you must contact the relevant plug-in provider.

The data is disclosed whether or not you have an account with the plug-in provider and are logged in to the platform. If you are logged in to the plug-in provider's platform, your data collected on our website is directly associated with your existing account with the plug-in provider. We recommend regularly logging out after you have used a social network, in particular before clicking on the plug-in, so that your activity cannot be associated with your profile.

See the provider's Privacy Policy below for more information about the purpose and scope of data collection and processing by the plug-in provider. The Privacy Policy also provides more information about your rights and the settings you can use to protect your privacy.

Youtube from Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://policies.google.com/technologies/partner-sites.

Subscription to and sending of our newsletter

Our newsletter informs you about the latest developments at toolcraft. By subscribing, you agree to the collection and storage of your IP address and the data you entered when registering so that you can be sent the newsletter.

As soon as you have registered for the newsletter, we will send you an email with a link so that you can confirm your subscription. You can at any time withdraw your consent to receive the newsletter with effect for the future. Your personal data will not be disclosed to third parties.

By subscribing to our newsletter, you declare that you consent to receive it and that you agree to the process described above.

Double opt-in and record-keeping

We use a double opt-in process to confirm subscriptions to our newsletter. This means that after registering you will receive an email asking you to confirm your subscription. This confirmation is required because it prevents anyone from using somebody else’s email address to sign up for the newsletter.

We keep records of the subscriptions to our newsletter so that we can provide evidence that the registration process meets the legal requirements. These records include the time and date of registration and confirmation and your IP address.

Use of the email distribution service "CleverReach"

This website uses CleverReach to distribute newsletters. The provider of this service is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter referred to as “CleverReach”). CleverReach is a service used to organise and analyse the distribution of newsletters. The data you enter when subscribing to our newsletter (e.g. email address) is stored on CleverReach’s servers in Germany or Ireland.

When we send newsletters through CleverReach, we are able to analyse the behaviour of our newsletter recipients. We can analyse, for example, how many recipients have opened the email containing the newsletter and how often each specific link in the newsletter was clicked. With the help of conversion tracking, we can also analyse whether a previously defined action (e.g. the purchase of a product on our website) took place after the link in the newsletter was clicked. For further information on how data is analysed through newsletters sent by CleverReach, please see: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

The data is processed on the basis of your consent (Article 6(1)(a) GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of any data processing which has already taken place is unaffected by this withdrawal.

If you do not want CleverReach to analyse your data, you must unsubscribe from the newsletter. We provide an unsubscribe link in each newsletter we email to you.

The data you provide to us when subscribing to our newsletter will be stored by us or by the newsletter service provider until you unsubscribe from the newsletter; your data will be deleted from the newsletter mailing list when you unsubscribe. Data stored by us for other purposes will not be affected by this.

After your data has been removed from the newsletter mailing list, your email address may be stored by us or by the newsletter service provider in a blacklist if such storage is necessary in order to prevent the newsletter from being emailed to you in the future. Data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements for the emailing of newsletters (legitimate interest within the meaning of Article 6(1)(f) GDPR). Storage in the blacklist is not limited in time. You may object to your data being stored in the blacklist if your interests override our legitimate interest. For more information, please see CleverReach’s privacy policy: https://www.cleverreach.com/en/privacy-policy/.

We have concluded a data processing agreement pursuant to Article 28 GDPR with the aforementioned provider. This agreement is a contract required under data protection law which ensures that the provider only processes the personal data of the visitors to our website in accordance with our instructions and in compliance with the GDPR.

Google reCAPTCHA

We use the Google service reCaptcha to ascertain whether information entered into our contact form or newsletter form was inputted by an actual person or a computer. Google uses the following data to verify whether the information was entered by a person or a computer: IP address of the device being used, the webpage you are visiting on our website and into which the reCaptcha service has been embedded, the date and duration of your visit, the data used to identify the browser and operating system type being used, your Google account if you are logged into Google, mouse movements on the reCaptcha areas and tasks which require you to identify images. The legal basis for this type of data processing is Article 6(1)(f) GDPR. We have a legitimate interest in performing this type of data processing on our website in order to keep our website secure and protect ourselves from automated data entry (attacks).

For more information on Google reCAPTCHA and to view Google’s privacy policy, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

Rights of the data subject

Withdrawal of consent

If the processing of personal data is based on consent that you have given, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can contact us at any time to withdraw your consent.

Right to confirmation

You have the right to request confirmation from the controller as to whether or not personal data concerning you is being processed. You can request confirmation at any time using the contact details above.

Right of access

If your personal data is being processed, you can request access to your personal data and the following information at any time:

a. the purposes of the processing;

b. the categories of personal data concerned;

c. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

d. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

f. the right to lodge a complaint with a supervisory authority;

g. where the personal data are not collected from the data subject, any available information as to their source;

h. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer. We provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Right to rectification

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure ("right to be forgotten")

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:

a. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;

c. the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;

d. the personal data have been unlawfully processed;

e. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

f. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

The right to erasure ("right to be forgotten") does not apply to the extent that processing is necessary:

– for exercising the right of freedom of expression and information;

– for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

– for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;

– for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

– for the establishment, exercise or defence of legal claims.

Right to restriction of processing

You have the right to obtain from us restriction of processing where one of the following applies:

a. the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;

b. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

c. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;

d. you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted under the above conditions, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

To assert the right to restriction of processing, the data subject concerned can contact us at any time using the contact details above.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to use, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

a. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
b. the processing is carried out by automated means.

In exercising the right to data portability as referred to in paragraph 1, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. Exercising the right to data portability does not affect the right to erasure ("right to be forgotten"). This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller no longer processes the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), you, on grounds relating to your particular situation, have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

You may exercise your right to object at any time by contacting the applicable controller.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:

a. is necessary for entering into, or performance of, a contract between the data subject and a data controller;

b. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or

c. is based on the data subject's explicit consent.

The data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

The data subject may exercise this right at any time by contacting the applicable controller.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if the you consider that the processing of personal data relating to you infringes this Regulation.

Right to an effective judicial remedy

Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, you have the right to an effective judicial remedy where you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data in non-compliance with this Regulation.

Concept, design and implementation

claudiusbähr+friends