Go to homepage
Blog Downloads

Privacy policy

Data protection has a particularly high priority for our company. In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

Who is responsible for data processing?

This data protection information applies to data processing by:

ALUCA GmbH
Westring 1
74538 Rosengarten
Managing Directors: Andreas Mas Casellas, Thomas Steiert, Frédéric Straß


Who can I contact with questions about data protection?

You can reach our company data protection officer at:

ALUCA GmbH
Westring 1
74538 Rosengarten
Germany
E-Mail: [email protected]


What is personal data?

Any information relating to an identified or identifiable natural person. Personal data is information about an identified or identifiable person and thus all information that makes a person identifiable. Statistical data that cannot be associated with your person are not included here.


Applicability

This Privacy Policy applies to your visits to and use of our website, as well as all information, recommendations, and/or services provided to you by or through our website (the "Information").


What personal data do we process, as well as the type and purpose of use?

When visiting the website:

For most of our service offerings, no processing of personal data is required. You can therefore visit our website without telling us who you are.

We only collect and process access data that your Internet browser automatically transmits to us for technical reasons to provide the website. Depending on the access protocol used, the protocol data record contains general information with the following contents:

  • Your browser version
  • your operating system
  • the website you were previously on, if it contains a link to the ALUCA website

If our website uses cookies, the web server also stores this information. This also applies if you access our website with a mobile device, such as the browser of a cell phone. As a rule, this data does not allow any direct inference to your person and is processed to improve our website offering. The legal basis for the processing of your personal data is a legitimate interest, Art. 6 para. 1 letter f DS-GVO. We have a legitimate interest in presenting you with a website optimized for your browser and in enabling communication between our server and your terminal device.


When using the contact form:

Purpose of data processing
Personal data is processed in order for us to handle your enquiry. If your enquiry relates to the conclusion of a contract or is connected with an existing contract, personal data is processed solely for the purpose of fulfilling or entering into a contract. We will store any data you provide (such as email address, title, name, telephone number, company, department, address, uploaded documents, customer number, project number, message, etc.).

Legal basis for data processing
The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO (legitimate interest). The legitimate interest lies in ensuring that your request is processed promptly by our company.

If the request is directed towards the conclusion of a contract or if the request is related to an already concluded contract, the legal basis for the data processing of the personal data processed in the course of sending a request via our contact form is Art. 6 para. 1 p. 1 lit. b DSGVO (implementation of pre-contractual measures/fulfillment of a contract).

For personal data that you provide to us voluntarily, Art. 6 para. 1 lit. a DSGVO (consent) is the legal basis. You can revoke your consent at any time with effect for the future.

Duration of storage
The above data will be deleted as soon as they are no longer required to achieve the purpose of their processing. For the personal data sent by e-mail or the contact form provided, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.

If the legal basis for data processing is consent, the data will also be deleted if you have revoked your consent.

To whom do we transfer your data
To process your contact request, we transmit your request internally at the responsible party to the relevant departments. If you also inform us of the country that concerns you, we can process your inquiry even faster by forwarding your contact request to the distribution partner or group company responsible for this country.

The legal basis for the data transfer to the distribution partner or group company is your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO, as you indicate your country voluntarily. You can revoke your consent at any time with effect for the future.

If your contact request serves to initiate a contract or concerns contractual issues, the legal basis for the data transfer is Art. 6 para. 1 p. 1 lit. b DSGVO.


When subscribing to our newsletter:

If you are interested in our newsletter, you may voluntarily give your consent to receive it. We use a double opt-in process. This means that you will only receive our newsletter after you have confirmed your subscription by clicking the link in a confirmation email sent to the email address you have provided.
Once you have confirmed your subscription (double opt-in), your email address will be used solely for sending our newsletter to you. We will store any data you provide (such as email address, title, name, telephone number, company, department, address, uploaded documents, customer number, project number, message, etc.).

Purpose of data processing
The sole purpose of processing the personal data is for us to provide our newsletter to your specified e-mail address in order to inform you about news and offers.
Legal basis for data processing The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO (consent). You can revoke your consent at any time and without giving reasons.

Duration of storage
We store your personal data at the longest until you revoke your consent.

Who we share your data with
We use the services of HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland, to send our newsletters.

We use HubSpot to send and analyse our newsletters. The data you provide for subscribing to our newsletter is processed on HubSpot’s servers. HubSpot may also transfer personal data to the United States. The transfer is made under the EU–U.S. Data Privacy Framework (DPF), for which HubSpot LLC is appropriately certified. For more information, please refer to HubSpot’s Privacy Policy: https://legal.hubspot.com/privacy-policy


Applications

You can apply to our company electronically, e.g. via e-mail. Please note that e-mails sent unencrypted will not be protected against unauthorized access.

Your details will be used for processing your application and deciding whether to establish an employment relationship. The legal basis is § 26 para. 1 in conjunction with. Abs. 8 S.2 BDSG. Furthermore, your personal data may be processed insofar as this should be necessary for the defense of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 p.1 lit. f DSGVO. The stated purposes also constitute the legitimate interest in the processing.

Insofar as an employment relationship arises between you and us, we may, in accordance with Section 26 (1) BDSG, further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a company or service agreement (collective agreement).

Your application data will not be processed beyond the described use.
Your personal data will be deleted after completion of the application process after 6 months at the latest, provided that no other legitimate interests on our part oppose deletion or you have not given us your consent for longer storage. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).


Is there any data transfer to third parties?

A transfer of your personal data to third parties does not take place in principle, unless we are legally obliged to do so, or the data transfer is necessary for the implementation of the contractual relationship or you have previously expressly consented to the transfer of your data.

External service providers and partner companies, such as online payment providers or a shipping company commissioned with the delivery, only receive your data to the extent that this is necessary to process your order / your order. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers process your personal data on our behalf, we ensure within the framework of order processing pursuant to Art. 28 DSGVO that they comply with the provisions of data protection laws in the same manner.

Please also note the data protection notices of the respective providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.

We attach importance to processing your data within the EU / EEA. However, it may happen that we use service providers who process data outside the EU / EEA. Insofar as data is processed outside the EU / EEA and there is no adequacy decision by the EU Commission, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 DSGVO with the service provider in order to establish a secure level of data protection, which allow the transfer of personal data to a third country in individual cases.


We use cookies

What are cookies

Cookies are small text files that allow the web server to recognize a website visitor and store information about the visited web pages in the web browser. Cookies can be divided into "session cookies" and "persistent cookies". Session cookies are all those cookies that expire when a session is closed, i.e. they are only stored for the duration of the session. Persistent cookies, on the other hand, store the collected information for a longer period of time. Cookies can be set by website providers, but also by third parties.

We may store cookies on your browser if they are absolutely necessary for the operation of the website. For all other categories of cookies, we require your consent to use cookies.


Necessary cookies

Some cookies are necessary to provide core functionality. This website will not function properly without these cookies and they are enabled by default.


Analytical cookies

Analytical cookies help us improve our website by collecting and reporting information about your usage.


Marketing cookies

Marketing cookies are used to track visitors to websites so that publishers can serve relevant ads.

You can change or revoke your cookie setting preferences at any time on our website.


Cookie settings in your browser

We would also like to point out that, irrespective of the issue of granting/not granting consent, you can prevent cookies from being stored altogether by setting your browser to accept cookies only if you agree to this.


Cookie consent with cookie notice

Our website uses Cookie Notice for GDPR to obtain your consent to store certain cookies on your terminal device and to document this in a data protection compliant manner.

Cookie Notice is installed locally on our servers, so it does not connect to third-party servers. Cookie Notice & Compliance for GDPR stores a cookie in your browser in order to be able to assign the consents granted to you or their revocation. The cookie is deleted after the end of the session.

Cookie Notice is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. f DSGVO. The purpose of the data processing is the user-friendly and legally compliant design of our website. We want to make it as easy as possible for you to give or withdraw consent and increase the transparency of data processing using cookies, pixels, tag or similar on our website. In the purpose of data processing also lies our legitimate interest.

You can find more information at  https://legal.hubspot.com/cookie-policy and https://www.cookiebot.com/en/cookie-declaration/.


What cookies do we use?

Google Analytics 4:

If you have given your consent, this website will use Google Analytics 4, an analytics service of Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’).

Google Analytics uses cookies which enable an analysis of your use of our website. The information about your use of this website that is collected using the cookies is usually transferred to a Google server in the US and stored there.

With Google Analytics 4, IP address anonymisation is activated by default. With IP anonymisation, your IP address is truncated by Google within the member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases is your full IP address transferred to a Google server in the US and truncated there. Google states that the IP address transmitted by your browser through Google Analytics is not merged with other Google data.

During your visit to our website, your usage patterns are tracked in the form of ‘events’. Events can include:

  • page views;
  • first visit to our website;
  • session start time;
  • pages visited;
  • your ‘click path’, i.e. interaction with the website;
  • scrolls (whenever a user scrolls to the bottom of the page (90% down));
  • clicks on external links;
  • internal search queries;
  • interaction with videos;
  • file downloads;
  • advertisements viewed or clicked on;
  • language setting.

The following is also collected:

  • your approximate location (region);
  • the date and time of your visit;
  • your IP address (truncated);
  • technical information about the browser and devices you use (e.g. language setting, screen resolution);
  • your internet service provider;
  • the referrer URL (the website or advertisement through which you reached this website).

Google uses this information on behalf of the website’s operator to analyse your use of the website and compile reports about website activities. The reports supplied by Google Analytics are used for analysing the performance of our website and the success of our advertising campaigns.

The recipients of the data might be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor under Art 28 GDPR),
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, United States,
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, United States.

The European Commission adopted its adequacy decision for the United States on 10 July 2023. Google LLC is certified under the EU–US Privacy Framework. Because Google’s servers are distributed globally and transfer to a third country (like Singapore, for example) cannot be fully excluded, we have also incorporated EU standard contractual clauses with the provider.

The data that is sent by us and linked to cookies is erased automatically after 30 days. The maximum lifetime of Google Analytics cookies is 2 years. When the storage duration for data has expired, that data is erased automatically once per month.

The legal grounds for this data processing are your consent under Art 6(1)(a) GDPR and section 25(1) first sentence of the German Telecommunications and Telemedia Data Protection Act (TTDSG). You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection in them. The lawfulness of processing based on your consent until the time of your withdrawal will not be affected by this.

You can also stop cookies being stored from the outset by changing the relevant settings in your browser software. If you configure your browser to decline all cookies, however, there might be limitations on the functions on this website and other websites. Furthermore, you can stop Google from collecting data generated by the cookie in relation to your use of the website (including your IP address) and from processing this data by:

  • not giving your consent to the setting of cookies, or
  • downloading and installing the browser add-on for deactivating Google Analytics HERE .

You can find more information about the Google Analytics terms of service and data protection at Google at https://marketingplatform.google.com/about/analytics/terms/gb/ and at https://policies.google.com/.


Google Tag Manager

For transparency, we would like to inform you that we use Google Tag Manager. This is a tag management system used to manage JavaScript and HTML tags that are used for tracking and analytics purposes. This service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The responsible entity in the EU/EEA is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Tag Manager does not collect any personal data itself, instead it helps us to integrate and manage our tags. Tags are small pieces of code used, among other things, to measure traffic and visitor behaviour, track the effectiveness of online advertising and social channels, set up remarketing and audience targeting, as well as to test and optimise websites. If you have disabled tracking, Google Tag Manager will take this into account.

Recipients of the data are:

  • Google Ireland Limited, EU
  • Google LLC, USA,
  • Alphabet Inc., USA.

Your consent is the legal basis for this data processing in accordance with Article 6(1)(a) of the GDPR. You have the right to withdraw any consent you have given at any time, with effect for the future. The lawfulness of the data processing carried out up to the point of your withdrawal remains unaffected.

You can find more information about Google Tag Manager at: https://www.google.com/intl/de/tagmanager/use-policy.html.

Where data is processed outside the EU/EEA, Google is certified under the Data Privacy Framework (DPF) programme and is listed in the Data Privacy Framework registry of the International Trade Administration (ITA). This means that Google has publicly committed to complying with the DPF obligations, and any data transfer transferred to the United States is deemed safe under the European Commission’s adequacy decision of 10 July 2023.


HubSpot

We use HubSpot on our website as a tool to support digital marketing, customer relationship management (CRM), content management, web analytics, and search engine optimisation (SEO). HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA, is the service provider. HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland, is responsible for users in the EU.


Type and purpose of data processing

HubSpot is an integrated software solution that we use to manage various aspects of customer relations and our online marketing. These include email marketing (newsletters and automated mailings), social media publishing & reporting, reporting (e.g., traffic sources, page visits, etc.), contact management (e.g., user segmentation & CRM), landing pages and contact forms.

We also use HubSpot for website analysis/tracking (including the Prospects feature for B2B company identification based on IP addresses), automations following form submissions, scheduling meetings, live chat and conversational bots, management of marketing events, hosting content via our own (sub-)domains including AMP support, as well as for a customer portal (ticketing / knowledge base access). Our forms include contact, partner, appointment, event, and complaint requests, as well as forms within the product configurator.

You can find details of the data collected by the HubSpot tracking code here: https://knowledge.hubspot.com/reports/data-collected-by-the-HubSpot-tracking-code

The following list shows the purposes for which data may be collected and processed using HubSpot. Consent applies only to the purposes stated. The data collected will not be used or stored for any purpose other than those listed below.

  • CRM
  • Statistics
  • Marketing
  • Customer service/ticketing (including the customer portal)
  • Communication/appointment management (live chat, bots, meetings)
  • Hosting/provision of content (including subdomains, ccTLDs, and AMP)

The list includes the personal data that may be collected by or through the use of this service:

  • Geographic location
  • Type of browser
  • Navigation information
  • Referring URL
  • Performance data
  • Mobile app data
  • HubSpot subscription service login information
  • Files viewed
  • Domain names
  • Pages viewed
  • Aggregated usage
  • Operating system version
  • Internet service provider
  • IP address
  • Device identifier
  • Duration of visit
  • Source from which the application was downloaded
  • Operating system
  • Events occurring within the application
  • Access times
  • Clickstream data
  • Device model and version
  • Form entries, including attachments (e.g., configuration PDFs), communication and ticket contents, meeting/availability data, email interaction data (opens/clicks), newsletter consent/preferences, and server log data when hosting via our own (sub-)domains

Information on cookies/device access: Where information is stored on or accessed from your device, this is done with your consent (Section 25 TDDDG in conjunction with Article 6(1)(a) GDPR). The cookies currently used on the website can be viewed in the website’s cookie settings (via the link in the footer).


Use of the appointment scheduling tool

For online appointment scheduling, we use the HubSpot meetings tool which uses Microsoft Teams integration to set up meetings. This integration runs entirely within our Microsoft tenant.

When scheduling an appointment, an online Microsoft Teams meeting is set up automatically regardless of the appointment type chosen. Technologically necessary data is exchanged between HubSpot and Microsoft for this purpose.


The data transferred to Microsoft may include in particular:

  • name and email address of the inviter;
  • name and email address of the person scheduling the appointment;
  • appointment metadata (date, time, duration, time zone);
  • meeting subject/agenda;
  • allocation to an internal user calendar;
  • technical identifiers (Microsoft Teams user ID, meeting ID).

This data is necessary for creating an online meeting automatically and sending out invitations.


Retention period

Data will be stored until you withdraw your consent and will be deleted as soon as it is no longer needed for the purposes of processing, unless statutory retention requirements or overriding legitimate interests apply. (Statutory retention periods apply to contract, ticket, and trade or tax-related data.)


Data recipients


Transfer to third countries

Please note that this service may transfer data to countries outside the EU/EEA, including those without an adequate level of data protection.

The United States is currently covered by an adequacy decision from the European Commission. Data transfers to the United States are therefore legally permitted provided that the recipient is certified under the EU–U.S. Data Privacy Framework. HubSpot Inc. is covered by this certification: https://www.dataprivacyframework.gov/list


Legal basis

Your consent is the legal basis for the data processing described above. Where HubSpot services are necessary for entering into or fulfilling a contract between us and our customers or members, the legal basis is Article 6(1)(b) GDPR. In other cases, the use of HubSpot services is based on Article 6(1)(f) GDPR (legitimate interests) (for example, for efficient communication, ticket handling, IT security, and internal analyses). Section 25 TDDDG also applies when device information is stored or accessed. HubSpot acts as a processor for us in accordance with Article 28 GDPR.

Our newsletters contain what’s called a web beacon/tracking pixel that tracks opens and clicks and links them to your HubSpot profile. This helps us optimise content and personalise future mailings (through segmentation).

Your consent is the legal basis for this processing (Article 6(1)(a) GDPR; Section 25 TDDDG also applies when accessing information on your device). You can opt out of personalised tracking at any time via the preferences centre or withdraw your consent; alternatively, you may unsubscribe completely.


Right to withdraw consent

You can withdraw your consent at any time with effect for the future by accessing the cookie settings via the link in the website footer and updating your preferences. The lawfulness of the data processing carried out up to the point of your withdrawal remains unaffected.

For more information, please refer to HubSpot’s Privacy Declaration: https://legal.hubspot.com/privacy-policy


Privacy Policy for Our Social Media Pages

Social media has become a core part of the internet and modern communication. To stay in touch with our users and promote our activities, we use our own social media profiles on selected networks. We regularly share posts, stories, and updates that you can engage with publicly, depending on the features of the respective social media platform. We only process personal data here that you have deliberately shared and which is publicly visible on our social media page.

Our social media pages and channels include the following:

  • Facebook
  • Instagram
  • LinkedIn
  • Xing

When you visit one of our social media pages, your browser establishes a connection with the servers of the respective platform. Regardless of whether you are registered with the social media platform, your IP address is transmitted and cookies may be set. The operators of these platforms may also process your personal data for their own purposes, such as advertising or creating user profiles. If you have your own profile on one of these social media platforms and logged into your account, the provider may link your visit to our social media page with your user account.

If you want to prevent the provider from linking data about your visit with your stored account information, you should log out of your account before visiting our social media pages and delete any cookies stored on your device. Even after following these steps, providers may still recognise you using what's called unique identifiers, such as device IDs or other identifiers.


Data Processing on Our Social Media Pages

As soon as you interact publicly with our social media channels, for example by commenting on videos, images, or posts, these interactions are published on our social media pages of the respective platform and may also be visible to third parties (these are called user interactions). You can also reach us through direct messages on the respective platforms.

Data processing in this context is based on our legitimate interest in engaging with users who voluntarily interact with us and our social media content. Article 6(1)(f) GDPR is the legal basis for this processing.


„Insights“ and Analytics

Aside from the publicly visible features, all of the social media platforms mentioned allow us to view anonymous statistics on how visitors interact with our social media profiles. These insights and analytics provide us with anonymised data about visitors and their interactions with our social media pages in the form of statistics, which the providers collect, for example, using cookies and other technologies. It is not possible for us to identify you personally from these statistics, even if you are logged into your account when you visit our social media page.

These statistics provide us with information on trends among our followers and visitors, their aggregated demographic data (average age, gender, approximate location: country and city), and the reach of our posts (interactions, reactions, comments). This helps us to identify which content is most engaging for our target audience.

More information on these insights and analytics can be found here:

Facebook-Insights

Instagram-Insights

LinkedIn-Insights

Xing Brand Manager


Purpose of Processing and Legal Basis

Our legitimate interest is the legal basis for using our social media pages and for processing data for the insights function (Article 6(1)(f) GDPR). Our legitimate interest in processing this data is to showcase our public relations activities and campaigns, and to offer modern communication options to anyone interested. Insights help us understand the needs and interests of our target audiences and improve our presence on social media. If you consented to data processing when visiting the social media page (for example, by interacting with the platform’s cookie banner), processing is then based on your consent (Article 6(1)(a) GDPR), which you may withdraw at any time with effect for the future.


Recipients and Transfers to Third Countries

Since the operators Meta (Facebook, Instagram, and WhatsApp), X (Twitter), and LinkedIn are headquartered in the United States, data may be processed outside the European Union. All of these providers are certified under the Data Privacy Framework (DPF) programme and appear in the International Trade Administration’s (ITA) Data Privacy Framework registry. This means that the providers have publicly committed to upholding a level of data protection equivalent to that of the EU. Data transfers to certified US companies are therefore generally deemed safe under the European Commission’s adequacy decision of 10 July 2023.


Joint controllers

We share responsibility with the operators of each social media platform for processing data related to your visit to our social media pages:

Facebook, Instagram and WhatsApp:

Meta Platforms Ireland Limited
Serpentine Avenue, Block J
Dublin 4, Irland

As joint controllers, we are providing you with the key details of our joint responsibility agreement with Meta below, in line with Article 26 GDPR:
https://www.facebook.com/legal/controller_addendum

LinkedIn:

LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2, Ireland

As joint controllers, we are providing you with the key details of our joint responsibility agreement with LinkedIn below, in line with Article 26 GDPR:
https://legal.linkedin.com/pages-joint-controller-addendum

Xing and onlyfy:

New Work SE
Am Strandkai 1
20457 Hamburg

As joint controllers, we are providing you with the key details of our joint responsibility agreement with Work SE below, in line with Article 26 GDPR:
https://www.xing.com/terms/unternehmensprofil#h2-b-vereinbarung-zur-gemeinsamen-datenschutzrechtlichen-verantwortlichkeit


Your rights

Regardless of the details of the specific agreements we have in place with the platform operators, you can exercise your rights both with us and with the respective operators.

Please be aware that the social media operators also process your data for their own purposes, which are beyond our control. For more information, please refer to the privacy notices of the operators:

Facebook and Instagram

WhatsApp

LinkedIn

Xing


YouTube

With your consent, we use YouTube on our website. The operator of the video platform is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, United States, a subsidiary of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, United States.

In this context, we use a two-click solution to protect your personal data. If you view a page containing an embedded YouTube video, a connection will only be made to the YouTube servers when you click on the ‘Confirm’ button. YouTube will set cookies in this case and use your visit data for its own purposes. If you are signed into YouTube at that time, the information about the videos you watch will be linked to your YouTube account. You can stop this by signing out of your account before visiting our website.

The legal grounds for the data processing outlined here are your consent, Art 6(1)(a) GDPR, section 25(1) first sentence of the German Telecommunications and Digital Services Data Protection Act, which we obtain from you when you view our website. The outlined data processing does not occur if you have not given corresponding consent. You can withdraw any consent you have given at any time with effect for the future.

Where data is processed in a location outside of the European Economic Area/European Union where the level of data protection does not meet the European standard, Google states that it uses standard contractual clauses. Furthermore, Google LLC in the US has been certified under the Data Privacy Framework (DPF) programme and is on the Data Privacy Framework List kept by the International Trade Administration (ITA). This means that Google has made a public commitment to upholding DPF obligations and that any transfer of data to the US is permitted based on the current European Commission adequacy decision.

More information about the handling of user data can be found in YouTube’s privacy policy at: https://www.google.com/intl/policies/privacy.


Use of LeadXperience (LXP)

Our website uses LeadXperience (LXP), an analysis and lead identification system from 711media websolutions GmbH, as well as Matomo, a web analytics tool. Both systems are connected to each other technologically to analyse usage patterns on our website and identify company visits.

LXP uses a script embedded on the website to identify companies. In doing so, the anonymised or truncated IP address is compared with external company databases, which means that only companies are identified and not natural persons. The data processed includes, among other things, the truncated IP address, technical device data (browser, operating system, referrer), the time and duration of the visit, the pages viewed and defined interactions such as form submissions, downloads and clicks on email addresses or telephone numbers. Additionally, a resource-efficient LXP session recording tool might be used to analyse cursor movements, scrolling and interaction paths under a pseudonym. LXP compares company identifications and visit activities with each other and performs lead scoring that evaluates a company’s interest in our content; personal profiling does not take place.

Matomo is used for statistical analysis purposes and processes data such as anonymised IP addresses, the date and time of the visit, navigation on the website, dwell time, technical device information and the same interaction metrics as LXP. Moreover, Matomo session recording is used in our implementation to reconstruct user interactions under a pseudonym. It may be activated as an alternative or addition to the LXP recording. The processing of tracking data that is not technologically necessary is based on your consent under Art 6(1)(a) GDPR, which you can give or withdraw at any time in our cookie consent management tool. The statistical analysis, company identification and lead scoring are based on our legitimate interest, pursuant to Art 6(1)(f) GDPR, in improving our online offering and gauging the interest of visiting companies. All IP addresses in both systems are anonymised so they cannot be traced back to individual people.

The recipients of the data are 711media websolutions GmbH in its capacity as a technical service provider; our hosting provider and internal departments (marketing, sales, Web administration). Data is not transferred to third countries as it is processed solely within the EU/EEA. LXP data and lead scoring data are stored for up to twelve months. Matomo analysis data is processed for six to thirteen months, depending on the configuration. Session recordings (Matomo or LXP) are kept for no more than three months. Technical server log files containing IP addresses are stored for a significantly shorter period of time depending on the system.

Optout for LXP

Matomo

Our website uses the open-source web analytics service Matomo, provided by InnoCraft Ltd, 7 Waterloo Quay, PO625, 6140 Wellington, New Zealand. The EU representative of InnoCraft, and the contact point for EU/EEA companies, is ePrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg.

We use Matomo to analyse the behaviour of visitors to our website for statistical purposes, to optimise website functionality and stability, and for marketing purposes. Our purpose and interest in processing data is to optimise our website, personalise content, and improve our services.

We use cookies when using Matomo – small text files stored in the visitor’s browser that assign unique identifiers to the visitor’s device (tracking cookie ID). This allows us, together with other personal data such as the IP address, to link specific website activity to the device associated with the cookie. We also use Matomo’s IP masking feature, meaning we remove the last X or Y components (1) of each visitor IP address transmitted to us when using Matomo, in order to protect users’ privacy. You, as a user, cannot be identified from the data.

The usage information stored in the cookie (including your truncated IP address) is sent to our server and stored for analysis. Matomo is hosted solely on our own servers, so no data is transmitted to servers outside our control.

We use the collected data to analyse user behaviour for the purpose of improving the website’s functionality and stability, as well as for marketing purposes. Our purpose and interest in processing data is to optimise our website, personalise content, and improve our services.

You can disable cookies through your browser settings; however, if you do so, you may not be able to use all the features of this website fully. If you do not consent to the storage and analysis of your usage data from your visit, you can also block Matomo from collecting this data at any time with a single click below. An opt-out cookie will then be set in your browser, which means that Matomo will not collect any session data. Please be aware that if you delete your cookies, the opt-out cookie will also be deleted and you must set it again.

We only store the analysis data for as long as it is required for the purpose of data processing. For information on Matomo’s data retention period, please refer to the provider or visit https://matomo.org/privacy.

Your consent is the legal basis for storing or accessing information in accordance with Section 25(1) TDDDG, and for any further data processing under Article 6(1)(a) GDPR. You can withdraw any consent you have given at any time with effect for the future by accessing the cookie settings in the footer and updating your preferences.

For more information on Matomo’s data protection practices, please visit:

https://matomo.org/guide/manage-matomo/privacy/

Optout for Matomo

Excentos/Product advisor

Online product advisors are used on our website to provide you, as a user, with the best possible customer service. The product advisory solution is provided by excentos Software GmbH (Reiterweg 1, 14469 Potsdam, Germany). User interactions, such as chosen response options, navigation behaviour, and any purchases (only after your consent has been requested and obtained), are collected for optimisation purposes. Your consent is the basis for using this service (Article 6(1)(a) GDPR and Section 25 TDDDG). You may withdraw your consent at any time.

Usage data is stored in anonymised form in a web analytics system (Matomo) operated by excentos. In addition, necessary infrastructure services such as Cloudflare collect users’ IP addresses and usage activities as part of a legitimate interest assessment, in order to prevent cyber-attacks. This is a necessary security measure to ensure that the product advisory services can be provided. This data is stored only temporarily (up to 4 hours) to identify potential attack patterns. During this time, it may be possible to indirectly link the data to user activity via timestamps. After this period, IP addresses, including all log data, are completely deleted. For more information, please refer to the provider’s Privacy Policy.


Leaflet

We use the open-source mapping service Leaflet on our website to provide interactive maps. The maps are hosted locally on our servers, so no connection to external Leaflet servers is made. During the technical operation of the map application, certain information is automatically processed, including your IP address, date and time of access, the content accessed, browser type and version, operating system, and, where applicable, any technical error logs. This processing is necessary to ensure the map functions correctly and to maintain system security. Article 6(1)(f) GDPR is the legal basis for this, with our legitimate interest being a user-friendly and technically functional presentation of our online services. Your data is not shared with third parties or transferred to third countries, as Leaflet is hosted entirely locally. Log data is retained only temporarily and deleted as soon as it is no longer needed.


Elfsight

We use widgets from the service provider Elfsight to provide interactive calculators, including our ROI and ESG calculators. As part of this, technically necessary data may be processed, such as your IP address, browser and device information, language settings, date and time of access, as well as technical usage data such as loading times or error messages. The values you enter for the calculations may also be processed, though this is generally not considered personal data. Elfsight processes this data to provide the calculator, display results, and ensure the stability and functionality of the service. Article 6(1)(f) GDPR is the legal basis for this, as we have a legitimate interest in offering a user-friendly service. If user input includes personal data, it is processed either on the basis of Article 6(1)(b) GDPR or, where applicable, with your consent under Article 6(1)(a) GDPR, depending on the context. Elfsight may also process data in third countries, in particular in the United States. Appropriate data protection measures, including EU standard contractual clauses, have been agreed with the provider. The retention period is determined by Elfsight; technically necessary log data is stored by us only for as long as required to ensure the system operates correctly.


Data protection information for the internal reporting system

Purposes of the processing of personal data

ALUCA GmbH processes the following types of personal data, among others, as part of the entry and processing of reports in the internal reporting system:

  • Information for personal identification of the whistleblower, such as first and last name, gender, address, telephone number and e-mail address;
  • Employment status at ALUCA GmbH;
  • Information on data subjects, i.e. natural persons designated in a report as a person who has committed the offence or with whom the designated person is associated. Such information includes, for example, first and last name, gender, address, telephone number and e-mail address or other information that enables identification;
  • Information about offences that may allow conclusions to be drawn about a natural person.

ALUCA GmbH processes the personal data for the purpose of investigating the reports in order to prevent or detect violations of applicable law or company guidelines and/or to take follow-up measures (such as measures to verify the validity of the allegations made in the report and, if necessary, to take action against the reported violation, including through internal enquiries, investigations, criminal prosecution measures, measures to (re)collect funds or conclude the proceedings).


Legal basis

  1. We only process information for the personal identification of the whistleblower if the whistleblower has given us consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. According to this, processing is only lawful if the data subject has given their consent to the processing of their personal data for one or more specific purposes.
  2. We process information on employee status, information on data subjects and other information that allows conclusions to be drawn about natural persons on the basis of Art. 6 para. 1 lit. f GDPR. Accordingly, processing is lawful if processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Depending on the specific individual case to be examined, our legitimate interest lies in the processing of reports in order to be able to carry out follow-up measures, such as measures to verify the validity of the allegations made in the report and, if necessary, to take action against the reported violation, including through internal enquiries, investigations, criminal prosecution measures, measures to (re)recover funds or conclude the proceedings. Whether the interests or fundamental rights and freedoms of the data subject conflict with such data processing is examined on a case-by-case basis, including with regard to the breach.
  3. We may process personal data of employees on the basis of Section 26 (1) sentence 2 BDSG. Accordingly, personal data of employees within the meaning of Section 26 (8) BDSG may be processed to uncover criminal offences if there are factual indications to be documented that justify the suspicion that the person concerned has committed a criminal offence in the employment relationship, the processing is necessary for detection and the employee's legitimate interest in the exclusion of processing does not outweigh this, in particular the type and extent are not disproportionate with regard to the occasion.


General information on the recipients or categories of recipients

The personal data processed as part of a notification is processed by lawcode GmbH, Universitätsstraße 3, 56070 Koblenz, Germany, on behalf of and in accordance with the instructions of ALUCA GmbH.
Personal data will only be transferred to third parties if there is a legal basis for this. This is particularly the case if the transfer serves to fulfil legal requirements according to which we are obliged to provide information, report or pass on data, if you have given us your consent to do so or if a weighing of interests justifies this.
In addition, external service providers, such as external data centres or telecommunications providers, process personal data on our behalf as processors.
Depending on the focus of responsibility of the report and for the effective initiation of follow-up measures, the personal data may be passed on to our relevant specialist departments.
Under certain circumstances, we may also pass on the personal data to state security and/or law enforcement authorities, other competent authorities and/or persons obliged to maintain confidentiality, such as auditors/lawyers.


General information about the retention period

Data is generally stored until the follow-up measures have been completed. As a rule, the data from a report is deleted after 2 months after the procedure has been finally concluded, unless the initiation of further legal steps requires further storage (e.g. initiation of criminal proceedings or disciplinary proceedings). Personal data in connection with reports will be deleted by us immediately if we consider them to be manifestly unfounded.

Information pursuant to Art. 13 para. 2 lit. e GDPR


What rights do you have?

Right to information
In accordance with Art. 15 DSGVO, you are entitled to request confirmation from the controller at any time as to whether personal data relating to you is being processed. To do so, you can use the form available at this link.

Right of rectification
Pursuant to Art. 16 DSGVO, you are entitled to demand that the controller rectify any inaccurate personal data concerning you without undue delay. This right also includes, depending on the purpose, the completion of incomplete personal data.

Deletion
If the personal data you have provided above is no longer necessary for the purpose of processing, the consent you have given for processing is revoked and there is no other reason for further processing, you may exercise your right to erasure in accordance with Article 17 of the GDPR and if there are no overriding legitimate grounds for further processing, you may request that your data be erased.

Restriction of processing
If the accuracy of the personal data processed by you is contested, the processing is unlawful, and in case of other grounds referred to in Art. 18 DSGVO, you may request the controller to restrict the processing.

Data portability
In accordance with Art. 20 DSGVO, you may request the controller to transfer the data you have provided to it in a structured, common and machine-readable format to you or to a third party.

Right of objection
Pursuant to Art. 21 (1) DSGVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) p. 1 lit. e (public interest) or f (legitimate interest); this also applies to profiling based on these provisions. We will no longer process the data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Article 21 (2) of the GDPR; this also applies to profiling insofar as it is related to such direct marketing. You can lodge your objection by mail at the address to ALUCA GmbH, Westring 1, 74538 Rosengarten or at [email protected].

Revocation of consent
You may revoke any consent you have given at any time, without giving any reason, by sending a written notice to ALUCA GmbH, Westring 1, 74538 Rosengarten or by sending an e-mail to [email protected]. To do so, you can use the form available under this link.

The lawfulness of the processing of your personal data, which was processed on the basis of the consent up to the time of the revocation, is not affected by the revocation.

Right of appeal
If you believe that the processing of personal data concerning you violates legal provisions, you have the right to lodge a complaint with a supervisory authority.


External links

On our websites you will find various links to other websites. We have neither influence nor control over the content and privacy policies of these linked websites. We therefore recommend that you check the privacy policy of these websites when you access the links.


Up-to-dateness and amendment of the privacy policy

Due to further developments of our website and offers on it, as well as changed legal regulations and/or requirements, it may become necessary to change this privacy policy. The current privacy policy can be found here.

This privacy policy is currently valid and is dated May 2026.