Whistleblower system

If you have specific information about breaches of regulations with risks in connection with our business activities, you can contact our ombudsperson using the following reporting channels:

Contact Whistleblower Helpdesk, Ombudsperson (OBS):

Degen Deicke Wagner GmbH
Ombudsman Dr. Alexander Deicke
Alexanderstrasse 8a
70184 Stuttgart
Stuttgart, Germany
E-mail: deicke@whistleblower-helpdesk.de
Telephone: +49 177 6333972

You can use the telephone number and postal address to send information on high-risk violations – anonymously if you wish – to the whistleblower system.

Privacy policy

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used.
This data protection declaration applies to the ZMB BRAUN GmbH website, which can be accessed under the domain www.zmb-braun.de and the various subdomains (“our website”).

WHO IS RESPONSIBLE AND HOW CAN I REACH YOU?

Person responsible
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

ZMB BRAUN GmbH  · Markdorfer Str. 1 · 88048 Friedrichshafen (Germany) · Phone: +49 (0)7544 5098-0 · Fax: +49 (0)7544 6271 · E-Mail: info@zmb-braun.de
Datenschutzbeauftragter der HÄNDLE GmbH Maschinen und Anlagenbau: Holger Zürn, audius GmbH erreichen Sie unter datenschutz@zmb-braun.de.

WHAT IS IT ABOUT?
This privacy policy meets the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior when visiting a website. Information for which we cannot (or only with disproportionate effort) establish a connection to your person, e.g. through anonymization, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.
Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defense of legal claims and in the event of statutory retention obligations.

WHO RECEIVES MY DATA?
We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and is covered by the legal basis (e.g. consent or protection of legitimate interests) in individual cases. In addition, in individual cases we pass on personal data to third parties if this serves the assertion, exercise or defense of legal claims. Possible recipients may then be, for example, law enforcement authorities, lawyers, auditors, courts, etc.
Insofar as we use service providers for the operation of our website who process personal data on our behalf as part of order processing in accordance with Art. 28 GDPR, they may be recipients of your personal data. You can find more information on the use of processors and web services in the overview of the individual processing operations.

DO YOU USE COOKIES?
Cookies are small text files that are sent by us to the browser of your end device and stored there when you visit our website. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to carry out various analyses, so that we are able, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.
We provide information about the respective services for which we use cookies in the individual processing operations. You can find detailed information on the cookies used in the cookie settings or in the Consent Manager of this website.

WHAT RIGHTS DO I HAVE?
Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

  • Information in accordance with Art. 15 GDPR about the personal data stored about you in the form of meaningful information on the details of the processing and a copy of your data;
  • Correction in accordance with Art. 16 GDPR of incorrect or incomplete data stored by us;
  • Deletion in accordance with Art. 17 GDPR of the data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • restriction of processing pursuant to Art. 18 GDPR if the accuracy of the data is contested, the processing is unlawful, we no longer need the data and you oppose the erasure of the data because you need it for the establishment, exercise or defense of legal claims or you have objected to processing pursuant to Art. 21 GDPR.
  • Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 para. 1 lit. b GDPR and these have been processed by us using automated procedures. You will receive your data in a structured, commonly used and machine-readable format or we will transmit the data directly to another controller if this is technically feasible.
  • Objection pursuant to Art. 21 GDPR to the processing of your personal data, insofar as this is carried out on the basis of Art. 6 para. 1 lit. e, f GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding, compelling legitimate grounds for the processing can be demonstrated or the processing is for the establishment, exercise or defense of legal claims. If the right to object does not exist for individual processing operations, this is indicated there.
    • Revocation pursuant to Art. 7 para. 3 GDPR of your consent with effect for the future.
    • Complaint pursuant to Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.

HOW IS MY DATA PROCESSED IN DETAIL?
Below we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. There is no automated decision-making in individual cases, including profiling.

PROVISION OF THE WEBSITE
Type and scope of processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
    Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.

Purpose and legal basis
Processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6 (f) GDPR. The collection of data and storage in log files is absolutely necessary for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 para. 1 GDPR. Insofar as further storage of the log files is required by law, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is not technically possible to access our website without providing the data.

Storage duration
The aforementioned data is stored for the duration of the display of the website and, for technical reasons, for a maximum of 7 days.

Contact us
Type and scope of processing
On our website, we offer you the opportunity to contact us using a form provided. The information collected via mandatory fields is required in order to process the request. You can also voluntarily provide additional information that you believe is necessary to process the contact request.
When using the contact form, your personal data will not be passed on to third parties.
You can also contact us directly by e-mail or telephone.

Purpose and legal basis
The processing of your data by using our contact form or contacting us by e-mail/telephone is carried out for the purpose of communication and processing your request on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. If your request relates to an existing contractual relationship with us, the processing is carried out for the purpose of fulfilling the contract on the basis of Art. 6 para. 1 lit. b GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields. If you do not wish to provide this data, please contact us by other means.

Storage duration
If you use the contact form on the basis of your consent, we will store the data collected for each inquiry for a period of three years, starting from the time your inquiry is dealt with or until you withdraw your consent.
If you contact us as part of a contractual relationship, we will store the data collected for each inquiry for a period of three years from the end of the contractual relationship.

Newsletter
Type and scope of processing
If you register on our website to receive our newsletter, we collect your e-mail address and store this information together with the date of registration and your IP address. You will then receive an e-mail in which you must confirm your registration for the newsletter (double opt-in). If you do not confirm your registration, it will expire automatically and the data will not be processed for sending the newsletter.
To send the newsletter, we use a service provided by CleverReach GmbH & Co KG, which processes your personal data on our behalf in accordance with Art. 28 GDPR. Your data will not be passed on to third parties.

Purpose and legal basis
We process your data for the purpose of sending the newsletter on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. By unsubscribing from the newsletter, you can declare your revocation at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to send the newsletter without providing your data.

Storage duration
After registering for the newsletter, we store the data for a maximum of 24 hours until the registration is confirmed. After successful confirmation, we store your data until you withdraw your consent (unsubscribe from the newsletter) and, for technical reasons, for a maximum of 7 days after that.

CDNJS
Type and scope of processing
We use CDNJS for the proper provision of content on our website. CDNJS is a service provided by Cloudflare, Inc. which acts as a content delivery network (CDN) on our website.
A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of CDNJS.

Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Further information can be found in the privacy policy for CDNJS: https://www.cloudflare.com/privacypolicy/.

Google Analytics
Type and scope of processing
We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, subpages visited and the time spent by visitors.
Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users.
This information is used, among other things, to compile reports on website activity.

Purpose and legal basis
The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

Google CDN
Type and scope of processing
We use Google CDN to properly provide the content of our website. Google CDN is a service of Google Ireland Limited, which acts as a content delivery network (CDN) on our website.
A CDN helps to make the content of our online offering, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google CDN.

Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.

Google Fonts
Type and scope of processing
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you establish a connection to the servers of Google Ireland Limited, whereby your IP address is transmitted.

Purpose and legal basis
The use of Google Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.

Google Tag Manager
Type and scope of processing
We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website.
This allows us to flexibly integrate additional services in order to evaluate user access to our website.

Purpose and legal basis
The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Lead Forensics
Type and scope of processing
We have integrated Lead Forensics on our website as a tool for customer intelligence. Lead Forensics is a service provided by Lead Forensics Ltd, 3000 Lakeside Western Road, Portsmouth, England, PO6 3EN, United Kingdom, which identifies anonymous website visitors, enriches existing contact data if necessary, or provides complete contact data and offers insights into the visit history.
Lead Forensics uses cookies and other browser technologies to evaluate user behavior and recognize users.
Among other things, Lead Forensics shows us which companies have visited our website, determines the history of your visit to this website, including all the pages you have visited and viewed and the length of your stay on this website.
Lead Forensics collects and processes data about companies such as company name, phone number, address, web address, industry, company profile, turnover and key people.

Purpose and legal basis
The use of Lead Forensics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Lead Forensics Ltd. Further information can be found in the privacy policy for Lead Forensics: https://leadforensics.com/privacy-policy/.

Vimeo Video
Type and scope of processing
We have integrated Vimeo Video on our website. Vimeo Video is a component of the video platform of Vimeo, LLC, where users can upload content, share it over the Internet and receive detailed statistics.
Vimeo Video enables us to integrate content from the platform into our website.
Vimeo Video uses cookies and other browser technologies to evaluate user behaviour, recognize users and create user profiles. This information is used, among other things, to analyze the activity of the content listened to and to create reports.
When you access this content, you establish a connection to the servers of Vimeo, LLC, 555 W 18th St, New York, New York 10011, whereby your IP address and possibly browser data such as your user agent are transmitted.

Purpose and legal basis
The use of Vimeo Video is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Vimeo, LLC. Further information can be found in the privacy policy for Vimeo Video: https://vimeo.com/privacy.