Privacy Policy (15.12.2022)


With the following information we would like to inform you about the processing of your personal data by us and your rights resulting from the data protection laws and especially from the general data protection regulation (regulation (EU) 2016/679 - "GDPR").
 

1. Controller and data protection officer

Controller in accordance with Art. 4 VII GDPR is:
Konica Minolta Business Solutions Europe GmbH
Europaallee 17, 30855 Langenhagen
Tel.: +49 (0) 511-74040
Email: info@konicaminolta.eu
See imprint

If you have any questions concerning data protection, you are welcome to contact our company data protection officer:
Dr. Frederike Rehker
Konica Minolta Business Solutions Europe GmbH
Europaallee 17, 30855 Langenhagen
Tel.: +49 (0)511 7404-0
Email: dataprotection@konicaminolta.eu
 

2. What are my rights as a data subject?

As a data subject, you have the following rights:

2.1 Right of access (Art. 15 GDPR): You have the right to be informed at any time of the categories of personal data processed, the purposes of processing, any recipients or categories of recipients of your personal data and the planned storage period.

2.2 Right of rectification (Art. 16 GDPR): You have the right to request the rectification or completion of personal data concerning you that is incorrect or incomplete.

2.3 Right to erasure („right to be forgotten“) (Art. 17 GDPR): You have the right to request the immediate erasure of your personal data. In particular, we are obliged as the controller to delete your data in the following cases:

  • Your personal data is no longer needed for the purposes for which it was collected.
  • A processing of your personal data took place solely on the basis of your consent, which you have now withdrawn, and there is no other legal basis that legitimises a processing of your personal data.
  • You have objected to a processing which is based on the legitimate or public interest and we cannot prove that there are legitimate grounds for processing.
  • Your personal data has been processed unlawfully.
  • The erasure of your personal data is necessary in order to comply with a legal obligation to which we are subject.
  • Your personal data has been collected in connection with information society services offered in accordance with Art. 8 I GDPR.
Please be aware that the right to erasure is subject to a limitation in the following cases, so that a deletion is excluded:
  • Your personal data is used to exercise the right to freedom of expression and information.
  • Your personal data serves to fulfil a legal obligation to which we are subject.
  • Your personal data is used to carry out a task that is in the public interest or in the exercise of official authority that has been assigned to us.
  • Your personal data serves the public interest in the field of public health.
  • Your personal data are necessary for archiving purposes in the public interest, for scientific or historical research or for statistical purposes.
  • Your personal data serve for us to establish, exercise or defend legal claims.
2.4 Right of restriction of processing (Art. 18 GDPR): You also have the right to request that the processing of your personal data be restricted; in such a case, your personal data will be excluded from any processing. This right applies if:
  • You contest the accuracy of your personal data and we have to verify the accuracy of your personal data.
  • The processing of your personal data is unlawful and instead of erasing your personal data, you request a restriction of processing.
  • We no longer need your personal data for the fulfilment of the specific purposes, but you still need this personal data to establish, exercise or defend legal claims.
  • You object to the processing of your personal data and it has not yet been determined whether your or our legitimate reasons override this.
2.5 Right of data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to us as a controller in a structured, common and machine-readable format and to transfer it to another controller. Furthermore, you also have the right to request that your personal data be transferred from us to another controller, insofar as this is technically feasible.
The requirements for the applicability of data portability are:
  • Your personal data is automatically processed based on your consent or a contract.
  • Your personal data does not serve to fulfil a legal obligation to which we are subject.
  • Your personal data will not be used to perform a task that is in the public interest.
  • Your personal data do not serve for the performance of a task which is performed in the exercise of a official authority delegated to us.
  • The exercise of your right shall not interfere with the rights and freedoms of others.
2.6 Right to object (Art. 21 GDPR): You have the right at any time to object to the processing of your personal data on grounds arising from your particular situation. This also applies to profiling. The requirement for this is that the processing is based on a legitimate interest on our part (Art. 6 I 1 lit. f GDPR) or the public interest (Art. 6 I 1 lit. e GDPR).
Furthermore, you may also at any time object to the processing of your personal data for the purposes of direct marketing or profiling linked to such direct marketing.
Should you object to the processing of your personal data based on a legitimate interest, we will check in each individual case whether we can show grounds worthy of protection that override your interests and rights and freedoms. In the event that there are no reasons worthy of protection on our part or your interests as well as rights and freedoms override our own, your personal data will no longer be processed. An exception is made if your personal data is still used for the establishment, exercise or defence of legal claims.
If you object to the processing of your personal data for the purposes of direct marketing or profiling, insofar as this is linked to such direct marketing, your personal data will no longer be processed for these purposes.

2.7 Right to lodge a complaint with the supervisory authority (Art. 77 GDPR): You also have the right to lodge a complaint with a supervisory authority at any time, in particular with a supervisory authority in the Member State of your residence, place of work or place of suspected infringement, if you consider that the processing of personal data concerning you is in breach of the data protection regulations.
The address of the supervisory authority responsible for our company is:

Der Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
Telefon 0511-120 4500
Fax 0511-120 4599
poststelle@lfd.niedersachsen.de
 
2.8 Right of withdrawal (Art. 7 GDPR): If you have given us consent to process your personal data, you can withdraw this consent at any time without giving reasons and in an informal manner. Withdrawal of consent does not affect the lawfulness of the processing that has taken place on the basis of the consent up to the point of withdrawal.

3. General information regarding the topic „purposes“

As a matter of principle, the processing of your personal data by us is always linked to a specified, explicit and legitimate purpose, which has already been defined before the processing activity is commenced, in accordance with the principle of purpose limitation under Art. 5 I lit. b GDPR. In the further course of this privacy policy, when a processing activity is cited, a description of the specific purpose is also included.

4. General information regarding the topic „legal bases“

We process your personal data in accordance with the GDPR. Accordingly, the processing of your personal data is always founded on a legal basis. Article 6 of the GDPR defines legal bases for the processing of personal data.

4.1. Legal bases for the processing of personal data

Consent
If we obtain your consent for the processing of your personal data, the processing will be carried out on the legal basis of Art. 6 I 1 lit. a GDPR. The following example serves to clarify this legal basis: You receive advertising from us by electronic mail and/or telephone and have given your prior consent.

Contract or pre-contractual measure
If the processing of your personal data is necessary for the fulfilment of a contract with you or for the implementation of pre-contractual measures taken in response to your request, the legal basis on which the processing of your personal data is based is Art. 6 I 1 lit. b GDPR.

Legal obligation
In cases where the processing of your personal data is necessary to comply with a legal obligation to which we are subject, this processing is based on Art. 6 I 1 lit. c GDPR.

Vital interest
Should the processing of your personal data be necessary to protect your vital interests or those of another person, this processing is carried out in accordance with Art. 6 I 1 lit. d GDPR.

Public interest
In cases where we process your personal data in order to perform a task which is in the public interest or in the exercise of official authority delegated to us, Art. 6 I 1 lit. e GDPR constitutes the legal basis.

Legitimate interest
If the processing of personal data is necessary to safeguard a legitimate interest of our company or a third party and at the same time the interests, basic rights and fundamental freedoms of the data subject, which require the protection of personal data, do not override our legitimate interest, Art. 6 I 1 lit. f GDPR serves as the legal basis for the processing.

4.2. Legal bases for the processing of special categories of personal data

If, in extraordinary cases, we need to process special categories of personal data, such as

  • data on racial or ethnic origin (e.g. skin color or special languages),
  • data on political opinions (e.g. party memberships),
  • data on religious or philosophical beliefs (e.g. membership of a sect),
  • data on trade union membership,
  • genetic data,
  • biometric data (e.g. fingerprints or photographs),
  • health data (e.g. identification numbers for disabilities),
  • or data concerning the sex life or sexual orientation
by you, this processing is based on one of the following legal bases, which are de-fined in Article 9 GDPR

Explicit consent
If you have given us your explicit consent for the processing of the above categories of personal data, this constitutes the legal basis for the processing in accordance with Art. 9 II lit. a GDPR.
 
Performing duties under social security/protection and employment law
If the processing of special categories of personal data relating to you is necessary in order to comply with a legal obligation arising from social security/protection or employment law, the legal basis for this processing is Art. 9 II lit. b GDPR.

Protection of vital interests
If the processing of special categories of personal data relating to you should be necessary to protect your vital interests or those of another person, such processing is carried out pursuant to Art. 9 II lit. c GDPR.

Manifestly public data
Insofar as special categories of personal data of yours are processed, which have previously been made public by yourself, the processing of these data is based on Art. 9 II lit. e GDPR.

Establishment / Exercise / Defence of legal claims
Insofar as the processing of the special categories of personal data relating to you serves us to establish, exercise or defend legal claims, Art. 9 II lit. f GDPR constitutes the legal basis for the processing.

Substantial public interest
In the case of the processing of special categories of personal data concerning you in order to safeguard a substantial public interest arising from EU or national law, the processing is based on Art. 9 II lit. g GDPR.

Assessment of the person's work capacity or other medical purposes such as health care
If the processing of special categories of personal data relating to you arises from a law of the EU or a Member State or a contract concluded with a member of a health profession and is carried out for the purposes of preventive health care, occupational medicine, assessment of an employee's work capacity, medical diagnosis, care or treatment in the health or social field or the management of systems and services in the health or social field, this processing is based on Art. 9 II lit. h GDPR.

Public interest in the area of public health
If the processing of special categories of personal data of yours should be necessary for public health reasons, including protection against cross-border health threats such as pandemics, this processing is carried out on the legal basis of Art. 9 II lit. i GDPR.

Archival purposes, scientific / historical research purposes, statistical purposes
Should the processing of special categories of personal data relating to you arise from a right of the EU or a member state, which stipulates processing for archiving, scientific or historical research or statistical purposes in the public interest, this processing is based on Art. 9 II lit. j GDPR.

5. General information regarding the topic „obligation to preserve records and time limits of erasure“

Unless otherwise stated, we delete personal data in accordance with Art. 17 GDPR or restrict its processing in accordance with Art. 18 GDPR. Apart from the retention periods stated in this privacy policy, we process and store your personal data only as long as the data are necessary for the fulfilment of our contractual and legal obligations. Personal data that are no longer required after the purpose has been fulfilled will be regularly deleted, unless further processing is required for a limited period of time, which may result from other legally permissible purposes. In order to fulfil documentation obligations as well as to comply with statutory obligations to preserve records in Germany, the necessary documents are kept for six years in accordance with § 257 I Commercial Code (HGB) and for ten years in accordance with § 147 I of the Fiscal Code of Germany (AO).

6. General information regarding the topic „disclosure of personal data“

Recipient of your data
We do not sell or rent user data in principle. A transfer to third parties beyond the scope described in this privacy policy will only take place if this is necessary for the processing of the respective requested service. For this purpose, we work together with service providers in the areas of marketing, sales, IT, logistics and human resources, among others. We select these service providers extremely carefully. In other cases we transfer data to requesting governmental authorities. However, this only takes place if there is a legal obligation to do so, for example if a court order exists.

Locations of the processing of your personal data
In principle, we process your data in Germany and in other European countries (EU/EEA). If your data is processed in countries outside the European Union or the European Economic Area (i.e. in so-called third countries), this will only take place if you have expressly consented to it, if it is stipulated by law or if it is necessary for our service provision to you. If, in these exceptional cases, we process data in third countries, this will be done by ensuring that certain measures are taken (i.e. on the basis of an adequacy decision by the EU Commission or by presenting suitable guarantees in accordance with Art. 44ff. GDPR).

7. Cookies

7.1. General information regarding the topic „cookies"

We use cookies on our website. Cookies are small text files that are stored on your hard drive in accordance with the browser you are using and through which certain information flows to the website that sets the cookie. Many of the cookies we use are deleted after the browser session ends (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (persistent cookies).

Cookies are used on our website for various purposes. For a better overview, each cookie has been assigned to one of the following categories:

Technically necessary

Cookies that belong to this category are necessary to ensure the core functionality and/or security of this website.

Functionality

Cookies of this category are used to increase user comfort e.g. by storing preferences such as language settings, text size adjustments, user names or local settings.

Marketing

These cookies are used by advertisers to serve ads that are relevant to their prospects.

Performance and analysis

This type of cookie is used to help us analyze website usage in order to measure and improve performance.

In the settings of the browser you use, you have the option of rejecting the acceptance of cookies or, for example, to limit this rejection to cookies from other parties, so-called third-party cookies. However, the browser settings you have made may mean that you may not be able to use all the functions of our website to their full extent.

Here you will find further information on the administration of cookies for corresponding browsers:


7.2 Cookie overview

Download our cookie overview here.

8. Processing activities with single controller

8.1 Single Controller - Konica Minolta Business Solutions Europe GmbH

The following describes in more detail the processing activities for which Konica Minolta Business Solutions Europe GmbH (hereinafter: Konica Minolta) is responsible.

8.1.1 Processing activity - Targeting and advertisement

8.1.1.1 Marketo


We use the marketing automation software Marketo from Marketo Inc., 901 Mariners Island Blvd. Suite 500, San Mateo, CA 94404, USA, to register for the newsletter and to send you information. With the help of Marketo, we collect statistical data on the use of our website and communication measures in order to optimise our offer accordingly and to conduct e-mail marketing and sales activities. In doing so, the processing is partly automated with the aim of evaluating certain personal aspects (profiling). Marketo collects your IP address and uses cookies to track and analyse the use of the website in order to provide information specifically tailored to the user's interests. For more information about cookies, please see "7. Cookies". The information generated by the cookies is transferred to a Marketo server (located within the EU/EEA) and stored there. On our behalf, Marketo uses this information to evaluate the use of the website by registered persons and to compile reports on website activity. You can prevent the storage of cookies by setting your browser accordingly. However, browser settings made by you may mean that you are unable to use all the functions of our online offer.

Due to the localisation of Marketo, the transfer of your personal data to Marketo may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of Marketo is your consent pursuant to Art. 6 I 1 lit. a GDPR. A potential transfer of your personal data to a third country in the context of the use of Marketo (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.
 
Further information on data protection at Marketo can be found at: https://documents.marketo.com/legal/privacy/

8.1.2 Processing activity - Spam avoidance / Google reCAPTCHA
 

We integrate the Google reCAPTCHA service on our website. This service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). Google reCAPTCHA is used to differentiate between manual input by a natural person and abusive and automated input by programs / bots in form fields in order to avoid spam or similar. As part of providing the functionality of the service and in particular the verification process of Google reCAPTCHA, your IP address and possibly other hardware and software information required by Google, such as the version of the browser used, are transmitted to Google.

Due to the localisation of Google, the transfer of your personal data to Google may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of Google reCAPTCHA represents our legitimate interest in accordance with Art. 6 I 1 lit. f GDPR. Our legitimate interest is to ensure the security and therefore the functionality of our website, especially by preventing spam and abuse.

Your personal data will not be stored by us as the controller.

Further information regarding the processing by Google can be found in the privacy policy of Google . https://policies.google.com/privacy?hl=en

8.1.3 Processing activity - Typeform

On our website we integrate the service Typeform from TYPEFORM, S.L., Bac de Roda 163, 08018 Barcelona, Spain (hereinafter: Typeform). This service is used for forms and surveys on our website. After filling out and submitting a form or survey on our website, the IP address, the date and time and the duration of the visit to our website and the information provided in the form are transmitted to Typeform and stored.

Since Typeform acts as a processor within the meaning of Article 28 of the GDPR, a processing contract has been concluded. In addition, prior to using Typeform's service, it was checked in accordance with Art. 28 I GDPR whether the service provider ensures the security of the processing through technical and organisational measures taken.

Due to the localisation of Typeform, the transfer of your personal data to Typeform may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of Typeform is your consent pursuant to Art. 6 I 1 lit. a GDPR. A potential transfer of your personal data to a third country in the context of the use of Typeform (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.
You can obtain further information on the subject of data protection at Typeform under the following address: https://admin.typeform.com/to/dwk6gt/.

8.1.4 Processing activity - Cloudfront

This website uses the content delivery network (CDN) Cloudfront. This is a service of Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210 (hereinafter: Amazon Web Services). The CDN is integrated in the form of Java script code on our website and reloaded during a visit. Cloudfront allows us to provide increased loading performance, improved availability and data loss prevention by providing duplicate data (e.g. graphics or scripts) from this website on different servers around the world. However, when you visit this website, photo/video files may be automatically requested from Cloudfront, and this automated request for photo/video files may result in personal data, such as your IP address, being transmitted to servers of Amazon Web Services.

Due to Amazon's localisation, the transfer of your personal data to Amazon may involve the transfer of personal data to a third country that is neither in the European Union nor in the European Economic Area, in this case in particular to the USA. The processing of your personal data outside the EU/EEA is based on your consent pursuant to Art. 49 I lit. a GDPR. In the USA, there are no guarantees for an adequate level of data protection. As a result, the processing of personal data is associated with additional risks to the rights and freedoms of the data subjects. In the worst case, the rights of the data subjects cannot be exercised.

Due to the fact that Cloudfront is embedded on our website by means of Java Script, you can prevent its execution by disabling Java Script in your browser or by installing a so-called Java Script blocker (e.g. https://www.ghostery.com).

The legal basis for the processing of your personal data in the context of the use of Cloudfront is our legitimate interest, which in this case is to ensure the security and availability of this website, according to Art. 6 I 1 lit. f GDPR.

You can obtain further information on the subject of data protection at Amazon Web Services at the following address(es): https://aws.amazon.com/de/data-protection/ or https://aws.amazon.com/de/privacy

8.1.5 Processing activity - Application at Konica Minolta

8.1.5.1 Review of your application

 

We process the personal data provided in your application for the purpose of reviewing your application and determining your suitability for the advertised position. We may use specialized service providers to review your application. Suitable applications for a position will be passed on by the human resources department to the respective specialist department or national company for further examination. In order to comprehensively assess your application, we always need your CV as well as certificates or corresponding evidence. When entering your data, the following fields are mandatory: Name, first name, e-mail address, address, salary expectations and period of notice. It is also necessary that you include at least one attachment. Further details, such as a video or a photo, are voluntary.

In addition, our applicant portal offers you the following options:

  • Application: Here you will find an overview of your applications to Konica Minolta. By clicking on the individual application, you can view the details. If you are asked by us via e-mail to submit missing documents, you can upload them here. You also have the possibility to withdraw your application.
  • Appointments: As soon as we have sent you an appointment proposal by e-mail, you can view it in the "Appointments" section and confirm or reject it. If you are unable to keep an appointment, you will receive a new suggestion from us.
  • Profile: You can edit and update your data at any time. You can also delete your data at any time by logging in and clicking on "Delete user" or by contacting us. Any changes will be automatically forwarded to us.

We delete your application details five months after completion of the application process in accordance with § 61b I of the German Labour Courts Act (ArbGG) in conjunction with § 15 of the German General Act on Equal Treatment (AGG). The application process ends after a final status has been set for the individual application (Rejection | Acceptance).

This processing of personal data takes place on the basis of Art. 6 I 1 lit. b GDPR, § 26 of the new Federal Data Protection Act (BDSG-neu).

If you are under 18 years of age, we require the consent of your legal guardians in order to conclude a contract with you.

8.1.5.2 Shared applicant portal
 

For the above-mentioned period, we store your application data in our applicant portal. The companies Konica Minolta Business Solutions Deutschland GmbH and Konica Minolta Business Solutions Europe GmbH have access to this portal.

This enables us to compare your qualification profile with other positions and to draw your attention to other suitable positions. Access can be particularly useful if you have applied for a position that is available in the same or similar form in the above-mentioned companies or if you live in a border region. If you have applied for a transnational position, the respective countries may be involved in the selection process.

The processing of your application documents is basically based on § 26 BDSG and in case you have applied for a transnational position, the processing of your application documents is carried out by the respective countries on the legal basis of your consent according to Art. 6 I 1 lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy. Please note that if your consent is withdrawn, we can no longer consider your application for transnational positions.

Your rights are protected by internal contractual regulations that guarantee a high standard of data protection.

8.1.5.3 Applications from apprentices, students and school interns


We gladly accept applications from you as apprentices, students and school interns. We also treat these applications according to the above mentioned principles.

8.1.6 Processing activity - Konica Minolta Academy

On our Academy website, only log files are created during the mere visit. These log files contain personal data such as your IP address in particular. For more information on the processing in the course of log files, please refer to section 9.1.1 "Processing activity - visiting our website" in this privacy policy.

We also provide a contact form on our Academy website. The use of this form is purely optional and offers you the opportunity to contact us for further information about our training products and services.

There are four mandatory fields marked with an "*" when using the form, so that you must enter the relevant personal data in these fields in order to be able to send us a message via the contact form. These mandatory fields are:

  • Salutation
  • Last name
  • Business email
  • Postal code

Any processing of personal data that we have received from you via the contact form (e.g. your name or your email address) is carried out exclusively in order to process your request and, if necessary, to answer your questions.

The legal basis for the processing of your personal data in the course of this processing activity is Art. 6 I 1 lit. a GDPR. This is your consent, which you have given us before sending the form. The right of withdrawal also applies to this consent, for which you can find more information under 2.8 in this privacy policy.

8.1.7 - Processing activity - Konica Minolta Webinars / GoToWebinar

Konica Minolta uses the GoToWebinar service provided by the LogMeIn Ireland Limited, Bloodstone Building, Block C, 70 Sir John Rogerson's Quay, Dublin 2, Ireland (hereinafter: LogMeIn) to conduct webinars.
Our webinar offerings vary from various free webinars to several paid webinars. The registration for these webinars is always done via a form on one of our landing pages. In the course of registration and participation in a webinar, personal data will inevitably be processed using various cookies that are set on your end device. For further information on the topic of cookies, please refer to "7. cookies". In addition, we would like to point out that personal data are processed by you even through the purely informative visit to the website. You can find more information on this under 9.1.1 "Processing activity - visiting our website". In the following you will find an overview of the personal data that can be processed if you decide to attend one of our webinars using the GoToWebinar service. The mandatory data to be entered are marked with a "*". A special feature is the address information, since this information is only required for webinars with costs in order to be able to send an invoice.
  • Email address*
  • First name*
  • Last name*
  • Company*
  • Job description
  • Phone number
Address information* (only for webinars with costs)
The legal basis for the processing of your personal data in the course of registration and participation in a free webinar is your consent in accordance with Art. 6 I 1 lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.
For webinars with costs, Art. 6 I 1 lit. b GDPR, i.e. the existing contract between you and us, constitutes the legal basis for the processing of your personal data.
Independent of registration and participation in a webinar, your personal data may also be used to analyze and optimize our webinar offerings. This processing is based on our legitimate interest according to Art. 6 I 1 lit. f GDPR, whereby our legitimate interest is the continuous optimization of our offer.
Due to the fact that LogMeIn acts as a processor within the meaning of Art. 28 Due to the fact that LogMeIn acts as a processor within the meaning of Art. 28 GDPR, a processing contract was concluded. In addition, prior to using the service of LogMeIn, it was checked in accordance with Art. 28 I GDPR whether the service provider ensures the security of the processing through technical and organisational measures taken.
Due to the localisation of LogMeIn, the transfer of your personal data to LogMeIn may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.
A potential transfer of your personal data to a third country in the context of the use of GoToWebinar (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.
A deletion of the information about your registration and participation in a webinar as well as all related personal data will automatically take place after 365 days.

8.1.8 Processing activity - Social networks on our website


On our website, we offer you the possibility to share or recommend individual content with your contacts or your network on social platforms or simply to access our page in the corresponding social network (Facebook, Instagram, Twitter, Xing or LinkedIn). For the above mentioned purposes, the common buttons of the respective social networks are available. By simply visiting our website, no personal data is initially transmitted to the providers of the social networks. Only when you yourself become active and click on one of the corresponding buttons of the social networks to share or recommend content, data such as your IP address, the date and time of the click and the address of the website on which you are currently located will be transmitted, if applicable. If you are simultaneously logged in to the corresponding social network at the time you click on a social network button on our website, the social network will automatically assign your page view to your profile. Even if you use the button of the social network in order to recommend content from this website, the social network can still associate this information with your profile. If you do not want the social network to associate your visit to our website with your profile, please log out of the social network before clicking on the button of the respective social network.

Furthermore, please note that your data will also be transferred to the respective social network provider if you do not have an account on the social network or are simply not logged in and still click on one of the corresponding buttons of the social networks on our website. In this case, your data can be used by the social networks to create usage profiles and subsequently for the purposes of advertising, market research or the demand-oriented design of the own website. You can object to this type of processing in accordance with Art. 21 GDPR. To exercise this right, however, you need to contact the respective provider of the social network.

You will find information on the individual objection possibilities of the individual providers of the social networks under point "8.1.8.2 - Possibilities of objection in social networks" in this privacy policy.

You should also take into account that due to the localization of Facebook, Instagram, LinkedIn, Twitter or Xing, when your personal data is transferred to the provider of the respective social network, a transfer to a third country, i.e. a transfer of personal data to a destination that is neither in the European Union nor in the European Economic Area, such as the USA, may occur.

Furthermore, we would like to point out that we ourselves do not collect any personal data that is transferred to the respective social network by clicking on one of the corresponding buttons.

By clicking on the respective button of a social network on our website, you give your consent in accordance with Art. 6 I 1 lit. a GDPR for your browser to establish a connection to the servers of the corresponding social network and for the aforementioned data to be transmitted. On the other hand, by clicking on the respective button you are also giving your consent in accordance with Art. 49 I lit. a GDPR. This consent represents the appropriate safeguard for a potential transfer of your personal data to a third country. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

8.1.8.1 Online presence in social networks

Within social networks, we, as the provider of the website, use the offers of online platforms to inform active users about information offers and services from Konica Minolta and, if interested, to communicate directly via the platforms. The social media channels thus complement our own website presence and offer interested parties who prefer this type of information an alternative means of communication. We are currently represented in the following networks with our own online profiles: As soon as you access the respective Konica Minolta profiles on the corresponding social network in your network, the terms and conditions and data processing guidelines of the respective providers apply.
We have no influence on the data collection and its further use by the social networks. Thus, we only know that your data will be processed for market research and advertising purposes and that usage profiles will be created from your usage behavior and the resulting interests. Furthermore, advertising can also be placed to this effect on the basis of supposed interests. For this purpose, cookies are usually stored on your end device.
We therefore expressly draw your attention to the fact that the personal data of users (e.g. the IP address) is stored by the providers of the networks in accordance with their data usage guidelines and used for business purposes. We would also like to point out that your data may be processed outside the European Union or the European Economic Area.

We process the data of users in Konica Minolta's presences on the corresponding social networks only insofar as they contact and communicate with us via comments or direct messages. You can assert your rights as a data subject both against us (see also point 2 "What are my rights as a data subject?") and against the provider of the social network. You can find information on the processing of your personal data by the individual social network providers as well as the options for objecting to this under point "8.1.8.2 -  Possibilities of objection in social networks" of this Privacy Policy.

The processing of users' personal data is based on our legitimate interests in effective information of users and communication with users in accordance with Art. 6 I 1 lit. f GDPR. If you are asked by the respective providers to give your consent to data processing (i.e. declare your consent, e.g. by ticking a check box or confirming a button), the legal basis for processing is Art. 6 I 1 lit. a GDPR, i.e. your consent.

8.1.8.2 Possibilities of objection in social networks

For a detailed presentation of the respective processing and the possibilities of objection (opt-out), we refer to the following linked information of the providers.
Information on the individual providers of the social networks: In addition, European marketing providers offer a new possibility of objection under the following link: http://www.youronlinechoices.com/. This is an initiative to educate about online advertising. In the preference management section http://www.youronlinechoices.com/de/praferenzmanagement/ you will find an overview of providers whose online advertising can be deactivated or activated there. Also in the case of access requests and the assertion of further rights of data subjects, we would like to point out that these can most effectively be asserted with the providers. Only the providers have access to the personal data of the users and can directly take appropriate measures and provide information. Should you nevertheless require assistance, you can contact us.

8.2 Single responsibility - Konica Minolta Sensing B. V.

The following describes in more detail the processing activities that are the responsibility of Konica Minolta Sensing B. V. (hereinafter: Sensing).

8.2.1 Processing activity - Microsoft Dynamics Forms


Various forms are integrated on the Sensing pages with the help of the Microsoft Dynamic Forms service. These forms are used, for example, for purely contacting you, registering to receive a newsletter or requesting a quote for a service or product. By using these forms, Sensing receives personal data from you, such as your name or the company in which you work. This personal data is processed by Sensing in order to respond to the relevant request.

The legal basis for the processing of your personal data in the context of the use of the above-mentioned forms is Art. 6 I 1 lit. a GDPR. This is your consent. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

9. Processing activities with joint controllership

9.1 Joined Controllershipo - Konica Minolta Business Solutions & Konica Minolta Sensing B. V.
 

General Information

The following information is intended to provide you with the essential contents of the contractual joint controllership agreement between Konica Minolta Business Solutions Europe GmbH (hereinafter: BEU) and Konica Minolta Sensing B. V. (hereinafter: Sensing) in accordance with Article 26 of the GDPR (hereinafter: Controllers).

The joint controllership extends to the processing activities listed after this information.

Contractual agreement

The controllers have laid down the principles for the joint processing of personal data as well as the corresponding responsibilities under data protection law and the resulting tasks for the processing activities listed below in a contract. In particular, the obligations to exercise the data subject rights pursuant to Art. 15-22 of the GDPR and the information obligations pursuant to Art. 13-14 of the GDPR were laid down in the course of the contract.

Furthermore, the contract contains information on joint collaboration and its organisation with regard to data protection. The main contents of the contract are described in more detail below.

Collaboration and organization

For compliance with data protection in the context of joint collaboration, the responsible parties have concluded agreements regarding the organisation. Thus, the authorisations, responsibilities and competences for the employees involved in the joint processing have been defined.

In order to keep the situation up to date, there is a continuous exchange between the controllers regarding the circumstances and, if necessary, new findings regarding practical or legal circumstances that could have an impact on the joint processing.

Obligations

The controllers have defined the responsibilities for obligations resulting from the GDPR in the concluded contract for joint processing, which will be specifically addressed in the follow-up.

Information to be provided

The two controllers have agreed that they will coordinate the information for joint processing activities and subsequently provide it in accordance with Art. 13 and 14 and Art. 26 I 2 GDPR in a precise, transparent, comprehensible and easily accessible form in clear and simple language.

Data subject rights

You can assert your rights as a data subject, which are described in more detail in section 2 "What are my rights as a data subject?", directly against both controllers. If the party you have contacted does not have a contractual relationship with you, your concern will be forwarded immediately to the other party for processing.

Personal data breaches and communication with the supervisory authority

Both controllers are subject to the reporting and notification obligations resulting from Art. 33 and 34 GDPR towards the supervisory authority and the persons affected by a breach of the protection of personal data for their respective spheres of activity.

Furthermore, the controllers have agreed that they will inform each other without delay if they discover an irregularity or error in a processing activity with regard to the provisions of data protection law. In addition, the information for a necessary notification of the incident to the competent supervisory authority and, if applicable, to the data subjects will be forwarded without delay.

Security of processing

Each controller is responsible, in accordance with its own sphere of responsibility, for organising its own processing of personal data in such a way that the requirements of data protection are complied with. In particular, the necessary technical and organisational measures shall be taken to protect personal data processed and the rights and freedoms of data subjects.

Processing on behalf of and transfer to third countries

Both controllers have agreed that in the event of processing of the personal data of the data subject in a third country, the principal shall inform the other party of the existence of appropriate safeguards for an adequate level of data protection in the respective third country.

In addition, there is a duty to inform on the part of the principal in the course of an amendment of a processing contract towards the other party. If the other party is of the opinion that this amendment leads to a breach of the stipulations of Art. 28 GDPR, it can demand an immediate amendment of the contract.

Accountability

Documentation within the meaning of Article 5 II GDPR, which serves as evidence of the proper processing of personal data, shall be maintained by each controller in accordance with its legal powers and obligations and shall be kept beyond the end of the contract.

9.1.1 Processing activity - Visiting of our website

Insofar as you use our website solely for informational purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your personal browser transmits to our server. This data is technically necessary so that the website can be displayed to you. Furthermore, this data is technically necessary to ensure the stability and security of our website. The legal basis for the processing of your personal data in this case is Art. 6 I lit. f GDPR; the legitimate interest in this case is the provision and optimal presentation of this website as well as the protection of this against external attacks and their traceability. We delete this personal data after the end of the usage process, unless we need it for purposes of abuse detection and abuse traceability; in such a case, we retain this data for up to a maximum of 30 days.

When visiting our website, the following personal data may thus be processed, which is automatically transmitted by your browser to our servers and stored there in the form of so-called "log files":

  • IP address of the terminal device used to access the website
  • Date, time and duration of the request
  • Country of origin of the request
  • Content of the request (specific page / file)
  • Access status/http status code (e.g. "200 OK")
  • Internet address of the website from which the request to access our website was made
  • Browser and installed add-ons (e.g. Flash Player)
  • Operating system and interface
  • Language and version of the browser software
  • Amount of data transferred in each case
  • Time zone difference to Greenwich Mean Time (GMT)

We can only provide some of the services offered on our website if we are able to contact you. In this respect, the possibility of using these services depends on you providing us with certain personal (contact) data. We collect, use and process this personal data only to the extent necessary to provide you with the respective service. If you contact us by e-mail or via a contact form, the personal data you provide in each case (your e-mail address and other information you provide voluntarily, such as your name/telephone number) will be stored by us in order to process your request and, if necessary, answer your questions.

Here, the legal basis for the processing of your personal data is Art. 6 I 1 lit. f GDPR; the legitimate interest is to answer your request. After a final response to your request, we delete your request and the information on the processing with a period of three years after the end of the respective calendar year.

9.1.2 Processing activity - Google Tag Manager

On our website, we use the Google Tag Manager, of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: Google). With the help of the Tag Manager, we can centrally integrate and manage various software solutions such as Google Analytics via corresponding code sections - also known as tags - on our website. These code sections are also used to collect data regarding your browser, your website visits or to set cookies.

The Google Tag Manager itself is integrated via Java Script. The corresponding files for the integration of the Google Tag Manager are downloaded from Google's servers. After consent has been given, your end device establishes a connection with Google's servers in order to start a request to receive the required files. In the process, personal data from you, such as your IP address, will be transmitted to Google and processed by Google in order to transfer the files in response to the request.

Due to Google's localisation, the transfer of your personal data to Google may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Article 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of Google Tag Manager is your consent pursuant to Art. 6 I 1 lit. a GDPR. A potential transfer of your personal data to a third country in the context of the use of the Google Tag Manager (third country transfer) will only take place on the basis of your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

Further information on the processing of your personal data within the scope of the individual solutions used can be found below in the separate texts for the individual solutions.

9.1.3 - Processing activity - EMAKINA / Microsoft Azure

Our website is managed by EMAKINA Central & Eastern Europe GmbH, Weyringergasse 30, 1040 Vienna (hereinafter: EMAKINA) and hosted in the Azure cloud, i.e. on servers of the external service provider Microsoft.

Thus, your personal data collected on this website is stored on the servers of this service provider. The data may be, for example, your IP address, meta and communication data or data from a contact form.

The Microsoft Azure servers on which our website is hosted are located in Europe, but due to Micorsoft's localisation, the transfer of your personal data to Microsoft may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to a disproportionate access of state authorities to your personal data.

The legal basis for the use of EMAKINA as hoster of our website is, according to Art. 6 I 1 lit. b GDPR, the fulfilment of the contract with our customers and potential interested parties. A potential transfer of your personal data to a third country in the context of hosting on Microsoft servers (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

​9.1.4 Processing activity - Content Management System / Kentico

For our website we use the Content-Management-System (short: CMS) called Kentico. Kentico is operated by the company Kentico software s.r.o, Nové sady 996/25, 602 00 Brno, Czech Republic. The CMS is used to present and manage websites, online stores, intranets or other corporate websites. We use Kentico EMS and Kentico Cloud in combination as CMS, which is provided as Software as a Service for creation and maintenance of our corporate websites. It enables us to create website content and distribute it to the websites of our subsidiaries and partner companies via defined workflows. We have connected Kentico to our SDL translation management platform to initiate translations directly from Kentico and enable automatic distribution of these translations to our subsidiaries and partners' websites. Kentico is also providing a marketing automation platform allowing all national operating companies to gather leads through the website, match these with a certain persona created in Kentico and nurture these leads via email workflows or personalized website content.

In the course of using the CMS, we collect activity data from all visitors of our website in an anonymous form. Once visitors to our website identify themselves by filling out a contact form, this information is attached to their email address. For more information on the contents of a contact form, please refer to "9.1.1 Processing activity - Visiting our website".

As part of the technical implementation of the individual functions of the CMS, Kentico sets cookies. Further information on the subject of cookies and the individual cookies used by Kentico can be found under "7. Cookies". In principle, data is stored directly in Kentico, so that any data collected by Kentico is stored on the designated web servers of Microsoft Azure in the Netherlands. An exception is when a subsidiary or partner company uses the marketing automation software called Marketo. In this case, only the activity data is stored in Kentico and all other data is transferred directly to Marketo and held there. For more information about Marketo, please visit "8.1.1.1 Marketo".

In the course of storing your personal data on Microsoft Azure web servers, the transfer of your personal data to Microsoft may be a third country transfer due to Microsoft's localisation. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of Kentico is our legitimate interest pursuant to Art. 6 I 1 lit. f GDPR. Our legitimate interest here is to ensure the operation and security of our website. A potential transfer of your personal data to a third country in the context of the use of Kentico (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

Further information on data protection at Kentico can be found under the following address: https://kenticocloud.com/privacy

9.1.5 Processing activity - Consent Management Platform / User Centrics

On our website we use the Usercentrics Consent Management Platform. This is a consent management tool based on JavaScript. With the help of this tool, we can give the visitor of our website both an overview of the essential software solutions used and the possibility to decide on the use of any other software solutions that require prior consent. Furthermore, the platform offers the visitor the possibility to withdraw any given consent at any time without giving reasons and thus to prevent the future processing of personal data by the respective software solution. Furthermore, with the help of the platform, we can meet the requirement resulting from the GDPR for consent management, which provides, among other things, the possibility to prove that consents have been given or not.

In the context of the use of the Usercentrics Consent Management Platform, the following data may be processed, among other things:

  • Consent data
  • Consent –ID
  • Consent status (Opt-in, Opt-out)
  • Consent timestamp
  • Language of the consent banner
  • Version of the banner template
  • Device data (http Agent, http Referrer)

The use of the Usercentrics Consent Management Platform and the associated processing of personal data serves to fulfill legal obligations within the meaning of Art. 6 I 1 lit. c GDPR. Thus, the use of the platform is necessary both to comply with the obligation to provide documentary evidence within the meaning of Art. 5 II GDPR and the legal obligation resulting from the judgment "ECLI:EU:C:2019:801" of the European Court of Justice and the related judgment "I ZR 7/16" of the German Federal Court of Justice, according to which § 15 III 1 of the German Telemedia Act (TMG) is to be interpreted with regard to Art. 5 III 1 of Directive 2020/58/EC in such a way that the service provider may only use cookies to create usage profiles for the purposes of advertising or market research with the consent of the user.

Deletion of your personal data in connection with the use of the Usercentrics Consent Management Platform will take place as soon as it is no longer required to fulfill the purpose. In case of withdrawal of consent, we retain the information regarding the withdrawal for three years. The retention results on the one hand from the accountability according to Art. 5 II GDPR and on the other hand from the regular statute of limitations according to § 195 German Civil Code (BGB). The period of this limitation begins according to § 199 BGB with the end of the year in which the claim arose. Thus, the statute of limitations begins at the end of December 31 of the year in which the withdrawal occurred and ends three years later on December 31 at 00:00

9.1.6 Processing activity - Webanalytics

9.1.6.1 Google Analytics

We use the Google Analytics service on our website. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our services and make them more interesting for you as a user.

Within the scope of the use of Google Analytics, cookies are set on your terminal device, which enable an analysis of your visit / your use of our website. Further information on the subject of cookies can be found under "7. Cookies".

You may refuse the use of cookies by selecting the appropriate settings in your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) as well as the further processing of this data by Google by downloading and installing the browser plugin available under the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

On behalf of the operator of this website, Google will use the information received to evaluate your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider.

The data stored in the cookies about your visit and use of our website may be transmitted to Google's servers. However, due to the activated anonymisation function, your IP address is already shortened within the European Union or the European Economic Area before it is transmitted to Google. Furthermore, the IP address transmitted by your browser will not be merged with other data from Google. Due to the localisation of Google, the transfer of your personal data to Google may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of Google Analytics is your consent pursuant to Art. 6 I 1 lit. a GDPR. A potential transfer of your personal data to a third country in the context of the use of Google Analytics (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

On behalf of the provider of this website, Google will use the information obtained for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider.

For more information on Google's terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or https://www.google.com/intl/de/analytics/privacyoverview.html.


9.1.6.2 Microsoft Clarity

This website uses features of the web analytics service Microsoft Clarity. The provider is Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (hereinafter: Microsoft).

Microsoft Clarity provides website usage statistics, session recordings, and heatmaps, created mainly through the tracking of mouse movements. Microsoft Clarity will use the processed information for evaluating the use of our website, compiling reports on website activity, and providing other services related to the use of the website. Hence, we use Microsoft Clarity to analyze and regularly improve the user behavior on our website and with the help of the statistics we obtain, we can make our offer more interesting and user-friendly for you as a user. 

The collection of your user data is done via cookies, which are set on your end device and enable an analysis of the visit of our website. For more information on cookies, please see "7. Cookies" in this privacy policy.
We will process the following data with Microsoft Clarity:

  • Unique user ID
  • Date and time of visit
  • IP Address
  • Location data 
  • Session ID
  • User behavior
    • Interaction data
    • Mouse movements
    • Clicks
    • Scrolling activity

The deletion of the data processed on a user level in Microsoft Clarity takes place automatically after 13 months. Text fields, such as contact forms, surveys or search fields are masked out in the screen recordings so that the entries you make are not recorded. Personal data entered in our online forms is therefore not processed by Microsoft Clarity.

In exceptional circumstances, due to Microsoft's headquarters, your personal data may be transferred to the USA and thus be transferred to a so-called third country. A transfer to a third country is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. Microsoft Corporation is certified under the DPF so that the GDPR standard of data protection applies to these transfers.

The legal basis for the processing of your personal data in the context of the use of Microsoft Clarity is your consent pursuant to Art. 6 I lit. a GDPR. Information on your right of withdrawal can be found under point "2.8 Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

9.1.6.3 Google Analytics 4

On our website, we use the Google Analytics 4 service (in short: GA4). This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). We use GA4 to collect website visitor data, which is used by GA4 to compile reports on the use of this website. These reports help us to better understand how visitors use our website and to improve it regularly.

The collection of your visitor data is based on events and parameters. The parameters covered differ according to the event being monitored. However, the following parameters are recorded for each event:

  • Language
  • Page position
  • Referrer URL
  • Page title
  • Screen resolution
Other possible parameters that can be captured by optimised analyses for events are:
  • Clicks
  • File downloads
  • First visit of the website
  • Interaction with forms
  • Page visits
  • Scrolling on the website
  • Start of a session
  • Video interaction
  • Performed search on the website
Independently of the parameters described above, your IP address is also processed. This is used for geo-localisation and is then automatically anonymised according to Google.
In addition, detailed location and device data can be collected. This is the following data:
  • City
  • Latitude (city)
  • Longitude (city)
  • Version of the browser
  • User agent string of the browser
  • Device brand
  • Device model
  • Device name
  • Version of the operating system
  • Screen resolution

Your visitor data may be collected in particular through cookies that are set by GA4 on your end device and enable an analysis of the visit / use of our website. Further information on the subject of cookies can be found under "7. Cookies" in this privacy policy.

GA4 can use various methods to aggregate your visitor data across devices. On the one hand, GA4 can assign you a unique user ID that enables cross-device mappings. However, we do not use this feature. In the event that you have a Google account, are logged in to it and have activated personalised advertising, Google may associate the information collected with your Google account using Google signals. On the basis of this data, personalised ads may then be displayed. With the help of the device ID, which corresponds to the client ID for a website and the ID of the app instance for an app, GA4 can also assign data across devices.

If GA4 is not allowed to use cookies and user IDs because you have not given your consent for this, GA4 can fill this data gap with the help of so-called behaviour modelling, which is based on the concepts of machine learning. GA4 will try to fill the missing information with so-called "observed" data of similar users who have consented to the processing.

The data collected by the GA4 service, such as the screen resolution of your terminal device, may be aggregated with other Google services that we use in order to trigger further processing. These include, for example, Google Optimize, which is used to perform so-called A-B tests of the website, and Google Ads. The data collected from GA4 can be used to create target groups in Google Ads and used for remarketing purposes.
Deletion of the user-level data processed in GA4 takes place automatically after 14 months.

Due to the localisation of Google, the transfer of your personal data to Google may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of Google Analytics 4 is your consent pursuant to Art. 6 I 1 lit. a GDPR. A potential transfer of your personal data to a third country in the context of the use of Google Analytics 4 (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

9.1.6.4 Google Optimize

We use the Google Optimize service on our website. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). We use Google Optimize to determine how we can improve our website design.

Google Optimize offers us various types of tests, such as A/B tests or multivariate tests, in order to examine and evaluate the use of our website and, in particular, individual functionalities. During the execution of a test, you as a visitor may be shown a different version of our website. The targeting of the tests, i.e. the selection of the visitors who are shown an alternative version of the website, can be carried out on the basis of a wide range of parameters.

On the one hand, the so-called URL alignment can be used to specifically determine which pages of our website should be considered for tests. The determination of whether you are assigned to a test group can be determined in various ways:
 

  • One possibility are the so-called search parameters. In this way, parameters such as the visit of our website via an email campaign can be used to decide on an assignment to a test group.
  • Through the automatic connection with Google Analytics 4, the tests of Google Optimize can be aligned with target groups of Google Analytics 4.
  • Another way to determine the test group is to target users who come to our website from a specific source, such as another website we have previously defined.
  • It is also possible that you, as a visitor to our website, will be placed in a test group of a test by Google Optimize on the basis of your geographical position.
  • The information about the browser in use, the operating system and the device you are using can also be used to decide whether you are assigned to a test group.
  • By means of a cookie that is set by us on your end device, Google Optimize can be signalled that you are to be assigned to a test group.
  • Information stored in the data layer, i.e. in a so-called JavaScript object, such as the name of a service or product you have viewed, can be used to decide whether you are assigned to a test group.
  • The last option for test group assignment is JavaScript. This is specifically about JavaScript variables on specific pages of our website, which values can lead to an assignment to a test group.

Due to the localisation of Google, the transfer of your personal data to Google may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of Google Optimize is your consent pursuant to Art. 6 I 1 lit. a GDPR. A potential transfer of your personal data to a third country in the context of the use of Google Optimize (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.


9.1.7 Processing activity - Targeting and Advertisement

9.1.7.1 Google Ads


On our website we use the service Google Adwords from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). This service enables us to draw attention to our appealing offers on external websites by means of advertising material (so-called Google Ads). These advertising materials are delivered by Google via so-called "Ad Servers". Ad server cookies are used for this purpose. For further information on the topic of cookies, please go to "7. cookies". Ad server cookies enable the evaluation of performance parameters (e.g. ad impressions, clicks or conversions). In this way we can determine how successful the individual advertising measures are. If you come to our website via an ad from Google, Google Adwords stores a cookie on your end device. This cookie stores analysis values (unique cookie ID, number of ad impressions per placement (frequency), last impression, opt-out information (marking that the user no longer wants to be addressed)). The cookies set by Google Adwords lose their validity after 30 days. These cookies are not intended to identify you personally. Rather, they enable Google Adwords to recognize your internet browser. If you visit certain pages on the website of an Adwords client, Google and the client will recognize that you have been redirected to the client's page via a clicked advertisement. Google provides us as an Adwords customer with a statistical analysis. This analysis enables us to measure the effectiveness of our advertising measures. We do not receive any further data beyond this.

Due to the localisation of Google, the transfer of your personal data to Google may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of Google Adwords is your consent pursuant to Art. 6 I 1 lit. a GDPR. A potential transfer of your personal data to a third country in the context of the use of Google Adwords (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

Further information on data protection at Google can be found here:


9.1.7.2 Facebook Pixel

We use the offer of the social network Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA ( hereinafter: Facebook) and use a so-called Facebook pixel on our website. This is a marketing service from Facebook. In the course of this service, a cookie is deposited on your end device. This cookie makes it possible for us to show certain visitors of our website, who also use Facebook, individually tailored and interest-based advertising on Facebook. The Facebook pixel allows us to track the behavior of users after they have clicked on a Facebook advertisement. With the help of the Facebook pixel, we can track how our marketing measures are accepted on Facebook and if necessary take optimization measures.

The information collected through the pixel may also be aggregated by the Facebook Ireland Limited and the aggregated information may be used by the Facebook Ireland Limited for its own advertising purposes as well as for third party advertising purposes. For example, the Facebook Ireland Limited may infer certain interests from your browsing behavior on this site and may also use this information to promote third party offers. The Facebook Ireland Limited may also combine the information collected via the pixel with other information that the Facebook Ireland Limited has collected about you via other websites and/or in connection with the use of the social network "Facebook", so that a profile about you can be created and stored at the Facebook Ireland Limited. This profile may be used for advertising purposes. For more information about the privacy policy of the Facebook Ireland Limited, please visit https://www.facebook.com/policy.php.

Due to the localisation of Facebook, the transfer of your personal data to Facebook may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of Facebook Pixel is your consent pursuant to Art. 6 I 1 lit. a GDPR. A potential transfer of your personal data to a third country in the context of the use of Facebook Pixel (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

9.1.7.3 LinkedIn Insight Tag

On our website we have included the conversion tool "LinkedIn Insight Tag" from the LinkedIn Ireland Unlimited Company (hereinafter: LinkedIn).

The LinkedIn Insight Tag is a small JavaScript code snippet that we have implemented on our website. With the help of the LinkedIn Insight tag, data about the visit of our website is collected and transmitted to LinkedIn. This data includes the referrer URL, IP address, device information, browser information, and a timestamp for the visit of our website. LinkedIn does not provide us with access to the personal data collected in detail. LinkedIn uses this information to provide us with reports on website audiences and ad performance, based on aggregate data, so that we can optimize our website based on the information we receive. In addition, LinkedIn provides us with the ability to track conversions and retarget our website visitors through the LinkedIn Insight tag. This allows us to display targeted advertising outside of our website without identifying the website visitor.

Due to the localisation of LinkedIn, the transfer of your personal data to LinkedIn may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of the LinkedIn Insight Tag is your consent pursuant to Art. 6 I 1 lit. a GDPR. A potential transfer of your personal data to a third country in the context of the use of the LinkedIn Insight Tag (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

The data processed in the LinkedIn Insight tag is encrypted and anonymized within seven days. After 90 days at the latest, the anonymized data is automatically deleted if it is no longer required for the fulfillment of the defined purpose.

For more information about LinkedIn's privacy policy, please visit the following address: https://www.linkedin.com/legal/privacy-policy


9.1.7.4 Newsletter

Konica Minolta offers a newsletter to customers and interested parties on a consent-based approach. The only mandatory data for receiving the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally. Registration for the newsletter takes place by means of the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the information. If you do not confirm your registration by clicking on the link provided in the e-mail, the link sent to you will be deactivated and your data will be deleted. If you agree to receive information, you will have access to the following information:

  • News and information about Konica Minolta's product portfolio
  • Exclusive invitations to events, trade fairs and webinars
  • Sending of testimonials and success stories
  • Market trends in the form of studies, market research and white papers
  • Possibility of taking part in customer satisfaction surveys

As part of the double opt-in process carried out during registration, we store the IP addresses you use for a period of 30 days as well as the times of registration and confirmation. Based on your consent, we will evaluate your user behavior on our websites as well as within the newsletters which we send out and assign them to your e-mail address / user profile within our database. In addition, we store information about the browser you use and the settings made in your operating system as well as information about your Internet connection with which you have accessed our website. Via the newsletter sent to you, we receive, among other things, receipt and read confirmations as well as information about the links you have clicked on in our newsletter. We also store which areas you have visited on our website and in our apps. By creating a personal user profile, we want to tailor our advertising approach to your interests and optimize our offers on our website for you.

Our newsletter contains information and news from Konica Minolta Business Solutions Europe GmbH and other affiliated group companies (Konica Minolta Business Solutions Deutschland GmbH, Konica Minolta Business Solutions Austria GmbH, Konica Minolta Business Solutions (Belgium) N.V., Konica Minolta Business Solutions Nederland B.V., Konica Minolta Business Solutions Spain S.A., Konica Minolta Business Solutions Italia S.p.A., Konica Minolta Business Solutions Portugal, Unipessoal Lda., NEA RENT - ALUGUER E COMÉRCIO DE EQUIPAMENTOS S.A., Konica Minolta Business Solutions Sweden AB, Konica Minolta Business Solutions Denmark A/S, Next Agenda ApS, Konica Minolta Business Solutions Finland Oy, Konica Minolta Business Solutions Norway AS, Konica Minolta Business Solutions Czech spol. s r.o., Konica Minolta Business Solutions Bulgaria EOOD, WEBCOM Poland Sp. z o.o., Konica Minolta Hungary Business Solutions Ltd., Konica Minolta Business Solutions SE Ltd, Konica Minolta Croatia - business solutions, Ltd, Konica Minolta Poslovna Rjesenja BH d.o.o., Konica Minolta Business Solutions Polska Sp.z o.o., Konica Minolta Slovakia spol. s r.o., Konica Minolta Business Solutions Romania s.r.l., Konica Minolta Business Solutions Slovenija, poslovne resitve, d.o.o., Konica Minolta Baltia, UAB, Konica Minolta Business Solutions Greece S.A., Konica Minolta Marketing Services Limited, Konica Minolta Marketing Services Ireland Limited, Konica Minolta Marketing Services B.V., Charterhouse Print Management AG, Charterhouse AB, Indicia Group Limited, Hamsard 3099 Limited, Evolving Media Limited, Indicia Limited, Indicia Edinburgh Limited, Konica Minolta Business Solutions France S.A.S., Conibi S.A.S, Dactyl Buro du Centre S.A.S., OMR Impressions S.A.S., Konica Minolta Business Solutions (UK) Ltd., Konica Minolta Business Solutions East Ltd., KONICA MINOLTA Business Solutions (Northern Scotland) Ltd, Capture Imaging Ltd, ProcessFlows Holdings Ltd, ProcessFlows (UK) Ltd, Software Paradise Ltd, Digital Document Solutions Ltd, Konica Minolta Business Solutions (Ideal) Ltd., Konica Minolta Printing Solutions (UK) Ltd., Konica Minolta Business Solutions (Wales) Ltd., Konica Minolta Sensing Europe B.V., Mobotix AG).

The legal basis for the processing of your personal data for the above-mentioned purposes is your consent pursuant to Art. 6 I 1 lit. a GDPR. Your consent can be withdrawn at any time without giving reasons. You can also send an e-mail to einwilligung(at)konicaminolta.de or to the contact details given in the imprint. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. For more information about your right of withdrawal, please see point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

9.1.8 Processing activity - Google Fonts

On our website, we use fonts from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These fonts are grouped together by Google under the name Google Fonts.

So-called cascading style sheets and font files are required for the integration of Google Fonts. Style sheets are files that are used to change the design of a website, such as the font or font size. A font file contains any information about how the font is displayed. The corresponding files (cascading style sheets, font files) for the integration of Google Fonts are stored on our web server. This means that no connection to Google's servers needs to be established in order to obtain these files and therefore no data transfer to Google takes place within the scope of Google Fonts.

9.1.9 Processing activity - localisation of business partners / Google Maps

We integrate the Google Maps service on our website. This service is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: Google). Google Maps is a digital map service that enables us to integrate interactive maps on our website in order to give you an overview of our locations and to offer you the possibility of planning your route.

When you visit a sub-page on which Google Maps is integrated, your personal data, such as your IP address, is transferred to Google. Further information on the subject of cookies can be found under "7. Cookies". If you have a user account at Google to which you are logged in at the time of visiting the corresponding sub-page, the data transmitted to Google will be directly assigned to your user account. If you do not wish to be assigned in this way, you must log out of your Google user account before visiting the relevant sub-page. However, your personal data will also be processed by Google if you are not logged in to a Google user account, and Google will use the transmitted data to create usage profiles for the purposes of tailored advertising and market research. You can object to this type of processing by Google at any time by asserting your right of objection to Google in accordance with Art. 21 GDPR.

Due to the localisation of Google, the transfer of your personal data to Google may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of Google Maps is your consent pursuant to Art. 6 I 1 lit. a GDPR. A potential transfer of your personal data to a third country in the context of the use of Google Maps (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

Your personal data will not be stored by us as the controller.

Further information on data protection at Google can be found at the following address: https://policies.google.com/privacy?hl=en


9.1.10 Processing activity - Youtube

On our websites we have integrated YouTube videos. These are stored at www.youtube.com, but can be played directly from our website. YouTube is a platform of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: Google). We have activated the enhanced privacy mode when embedding the videos on our website. This means that no information about you will be sent to YouTube if you do not play the videos. However, when you play videos, data is transferred to YouTube. First, YouTube is notified that you have visited the appropriate subpage of our website where the video is embedded. In addition, other data may be transferred to YouTube that we are not aware of. We also have no influence on the data transfer. If you are registered on YouTube, the transferred data is directly associated with your account. YouTube stores your data as usage profiles and uses them for the purpose of advertising, market research and/or the needs-based design of the website. Such an evaluation can be carried out in particular (even for users who are not logged in) for the purpose of providing need-based advertising. You have the right to object to the creation of usage profiles by YouTube in accordance with Art. 21 GDPR, which you must assert directly with YouTube.

Due to the localisation of Google, the transfer of your personal data to Google may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.

The legal basis for the processing of your personal data in the context of the use of YouTube is your consent pursuant to Art. 6 I 1 lit. a GDPR. A potential transfer of your personal data to a third country in the context of the use of YouTube (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.

Further information on data protection at Google can be found at the following address: www.google.com/intl/en/policies/privacy/

10. Konica Minolta Global Policy