1. Introduction
Thank you for visiting our website. We take data protection very seriously and are committed to protecting your personal data within the framework of our website offering.

Personal data refers to all data related to the personal and material circumstances of a natural person. Personal data collected on our website is used exclusively for our own purposes.

2. Data Controller
The controller responsible for data processing within the meaning of Art. 4 No. 7 GDPR is:

Q-railing Europe GmbH & Co. KG
Marie-Curie-Str. 8-14
46446 Emmerich am Rhein
Tel: +49 2822/91569-0
Email: privacypolicy@q-railing.com
Legal Representative: Ronald Guliker

We have appointed an external data protection officer for our company:

SICODA GmbH
Rochusstraße 198
53123 Bonn
Phone: +49 228 28614060
Email: dsb@sicoda.de

3. Legal Basis for Processing
The legal basis for data processing under the EU General Data Protection Regulation (GDPR) derives from Art. 6 GDPR. Depending on the situation in which your data is processed, various legal bases may apply:

Consent
Where your consent has been obtained for processing personal data, Art. 6(1)(a) GDPR serves as the legal basis. Consent can be withdrawn at any time with future effect.

Contract
Where processing is necessary for the performance of a contract to which you are a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing required to take steps at your request prior to entering into a contract.

Legal Obligation
Where processing is necessary to comply with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.

Vital Interests
Where processing is necessary to protect the vital interests of you or another natural person, Art. 6(1)(d) GDPR serves as the legal basis.

Legitimate Interests

Where processing is necessary for the purposes of legitimate interests pursued by our company or a third party, and such interests are not overridden by the interests, fundamental rights, and freedoms of the data subject, Art. 6(1)(f) GDPR serves as the legal basis. The legitimate interest of our company lies in conducting our business activities.

4. Data Subject RightsWhen your personal data is processed by us, you have the rights outlined in Chapter 3 of the GDPR:

• Right of Access (Art. 15 GDPR): You have the right to request access to your personal data processed by us.

• Right to Rectification (Art. 16 GDPR): You have the right to request the immediate correction of inaccurate or incomplete personal data stored by us.

• Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data unless further processing is necessary for the exercise of freedom of expression and information, compliance with a legal obligation, reasons of public interest, or the establishment, exercise, or defense of legal claims.

• Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the restriction of processing under certain conditions, for example:

  • When the accuracy of your data is contested;

  • When processing is unlawful, but you oppose the deletion of the data;

  • When the data is no longer needed by us, but you require it to establish, exercise, or defend legal       claims; or

  • When you have objected to processing under Art. 21 GDPR.

• Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format or request its transfer to another controller.

• Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, typically the authority in your usual place of residence, workplace, or our business location.

5. Web Server Logs
When you use our website, connection information is stored in server log files, including:

• IP address of the accessing system

• Browser details, such as operating system and screen resolution

• Accessed website

• Referring website

• Time of access

The web server logs are processed solely for security purposes. We use this data only for statistical analysis to ensure operational stability, security, and optimization. However, we reserve the right to review the logs retrospectively if there are specific indications of unlawful use.

6. Cookies
This website and its subpages use cookies and similar tracking technologies, such as web beacons and local storage objects (LSOs).

Cookies are text files stored on your device and can be read, transmitted, and modified by the website upon subsequent visits.

We use both:

• First-party cookies: Controlled by the website’s domain.
• Third-party cookies: Controlled by external providers to analyze content effectiveness, measure website performance, or provide tailored advertising.

Most cookies used are “session cookies” (transient cookies), which are deleted automatically at the end of your browser session. Other cookies (persistent cookies) remain on your device until manually deleted. These cookies help us recognize your browser on subsequent visits.

We use cookies only with pseudonymous identification numbers. Profiles are not linked to natural persons. Cookies are also used to support specific website functionalities, such as a shopping cart or “stay logged in” options.

Web Beacons are small graphic files that collect data such as device type, operating system, IP address, or visit time.

Local Storage Objects (LSOs) function similarly to cookies but store data locally in the browser.

Legal Basis:

• Cookies necessary for the website’s operation: Legitimate interest (Art. 6(1)(f) GDPR).

• Cookies used for analytics or marketing purposes: Your explicit consent (Art. 6(1)(a) GDPR).

Consent is requested via a cookie banner upon your first visit to our website. You can manage or revoke your consent anytime via the cookie settings or a designated symbol at the bottom-left corner of the page.

7. Consent Management Tool
We use the CCM19 consent management technology provided by Papoo Software & Media GmbH to collect and document user consents for cookie usage in a GDPR-compliant manner.

Data Collected:

• Consent data (ID, timestamp, opt-in/out selection, banner language, user settings)

• Device data (HTTP agent, HTTP referrer, HTTP page)

• Anonymized IP data

A cookie is stored in your browser to assign consent or revocation, with a storage duration of one year.

The legal basis for processing is our legal obligation to obtain necessary consent for cookies and third-party services under Art. 6(1)(c) GDPR.

Further information about data processing by Papoo Software & Media GmbH is available at: Papoo Privacy Policy.

We have entered into a data processing agreement with Papoo Software & Media GmbH in accordance with Art. 28 GDPR.

8. Google Tag Manager
We use Google Tag Manager, a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), to manage the scripts used on our website.

Google Tag Manager enables us to manage website tags via a user interface. The Tag Manager itself does not use cookies or collect personal data. It triggers other tags that may collect data, but it does not access this data.

To monitor system stability and performance, Google Tag Manager collects some aggregated data on tag triggering, which does not include user IP addresses or user-specific identifiers.

The legal basis for the use of Google Tag Manager is your consent, as per Art. 6(1)(a) GDPR.

Further information is available at: Google Tag Manager Use Policy.

9. Google Analytics 4
This website uses Google Analytics 4, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies to analyze your usage of the website.

Data Collected by Google Analytics 4:

• First visit

• Session start

• User engagement (e.g., the time a page is in focus)

• Standard parameters such as language, page location, referrer, page title, and screen resolution

The cookie-generated information about your use of the website is typically transmitted to a Google server in the USA and stored there. The US authorities may access these data under local laws. Google claims to anonymize your IP address within EU member states or other states that are party to the Agreement on the European Economic Area before transferring it to the USA.

Google processes this data on our behalf to evaluate your use of the website, compile reports about website activity, and provide other services related to website and internet usage.

Processing occurs only with your explicit consent under Art. 6(1)(a) GDPR. You can withdraw your consent at any time via the cookie settings.

Your data will automatically be deleted after [specify retention period]. Any data whose retention period has expired is deleted automatically once a month.

Further information is available at: Google Privacy Policy.

10. Piwik Pro
We use Piwik Pro, a web analytics system provided by Piwik PRO SA, to analyze user behavior and improve our website’s functionality.

Data Collected by Piwik Pro:

• IP address

• Visitor behavior

• Page views

• Device information (e.g., browser, operating system)

• Visitor ID and location

Piwik Pro acts as a data processor under Art. 28 GDPR. Processing occurs only with your explicit consent under Art. 6(1)(a) GDPR. You can revoke your consent at any time.

Further information is available at: Piwik Pro Privacy Policy.

11. Hotjar
We use Hotjar Ltd. to better understand user behavior and optimize our offerings. Hotjar collects information about how much time users spend on certain pages, which links they click, and how they interact with our website.

Data Collected by Hotjar:

• Anonymized IP address

• Device type, screen size, and browser information

• Interaction data (e.g., clicks, scrolling behavior)

Hotjar processes data based on your explicit consent under Art. 6(1)(a) GDPR. Data is stored on Hotjar’s servers in Ireland.

Further details can be found at: Hotjar Privacy Policy.

12. Google Ads
Our website uses Google Ads Conversion Tracking, an analytics service provided by Google Inc. When you arrive at our website via a Google advertisement, a cookie is placed on your device to track the origin of your visit and assess the effectiveness of our campaigns.

Processing occurs based on your consent under Art. 6(1)(a) GDPR. You can manage or disable cookies through your browser settings.

More information is available at: Google Privacy Policy.
 

13. Google AdSense
Our website uses Google AdSense, an online advertising service from Google Inc., to display advertisements tailored to your interests.

Data Collected by Google AdSense:

• IP address

• User interactions with advertisements (e.g., clicks, mouse movements)

Google also uses web beacons (invisible images) to evaluate user behavior. Data may be transmitted to third parties and processed in the USA.

Processing occurs based on your consent under Art. 6(1)(a) GDPR. To manage or disable cookies and tracking, visit Google Ad Preferences.

14. Contact Form
When you use our contact form, the information entered (e.g., name, email address) is processed to respond to your inquiry.

Additional Data Collected:

• IP address

• Date and time of form submission

Processing occurs based on your explicit consent under Art. 6(1)(a) GDPR. You can revoke your consent at any time, but this may limit our ability to respond to your inquiry.

15. Newsletter
If you subscribe to our newsletter, your email address will be used solely for sending the requested updates. We store your IP address and the date of subscription to verify consent.

We use Campaign Monitor by Marigold to manage our newsletters. Data may be processed in the USA under the EU-US Data Privacy Framework.

Processing occurs based on your consent under Art. 6(1)(a) GDPR. You can unsubscribe at any time via the link provided in each newsletter.

More information is available at: Campaign Monitor Privacy Policy.

16. Facebook
As part of our social media activities, we operate a Facebook page. We share joint responsibility for the collection of personal data on this Facebook page with Meta Platforms Ireland Limited (“Meta”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Meta processes personal data of visitors to the page for its own purposes. This includes data collected during each visit, such as user IDs, content accessed, interactions with the page, and information about the content viewed. Meta’s privacy policy provides further details: Facebook Privacy Policy.

Users may object to certain data processing activities by Meta. Instructions for objection can be found here: Facebook Ad Preferences Guide.

For our use of Page Insights, Meta provides anonymized statistics about user interactions on our page. These insights help us analyze and optimize our social media presence. To regulate responsibilities for these data processes, we have signed a specific agreement with Meta, which is available here: Facebook Page Insights Supplement.

This processing serves our legitimate interest in optimizing our communication via Facebook. The legal basis is Art. 6(1)(f) GDPR.

Meta also processes user data outside the EU or EEA, including in the USA. Meta ensures compliance with GDPR requirements for third-country data transfers under Art. 44 ff GDPR.

17. Instagram
We maintain an Instagram account as part of our social media activities. For this account, we share responsibility for data collection with Meta Platforms Ireland Limited (“Meta”), which owns Instagram.

Meta independently processes personal data of visitors to our Instagram page. This includes information such as user IDs, accessed content, interactions, and engagement data. Meta’s privacy policy provides more details: Instagram Privacy Policy.

Visitors may object to certain data processing activities by Meta. More information on how to object can be found here: Instagram Data Preferences Guide.

We use Instagram Insights, anonymized data provided by Meta, to evaluate the performance of our Instagram account. This processing serves our legitimate interest in improving our online presence. The legal basis is Art. 6(1)(f) GDPR.

Meta may process user data outside the EU/EEA, including in the USA. Meta ensures compliance with GDPR requirements for third-country data transfers under Art. 44 ff GDPR.

18. YouTube Channel
We operate a YouTube channel hosted by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The use of YouTube is at the user’s own responsibility and is governed by Google’s terms of use. Google processes data such as email addresses, usernames, and activity information for logged-in users, as well as IP addresses, cookies, and location data.

As the operator of the channel, we primarily receive anonymized data, such as viewing statistics. Personal data collected by YouTube is processed by Google according to its privacy policy: Google Privacy Policy.

19. Embedded YouTube Videos
Our website uses embedded YouTube videos. When you interact with an embedded video (e.g., by pressing play), YouTube may collect personal data such as your IP address, device details, and browsing activity. If you are logged into a YouTube or Google account, this data may be associated with your account.

Processing occurs based on your explicit consent under Art. 6(1)(a) GDPR. You can prevent data collection by avoiding interaction with embedded videos or by clearing your cookies.

Further details can be found here: Google Privacy Policy.

20. Recruitment Process
You may submit applications for employment through our website, either in response to job postings or unsolicited. You can use our encrypted online application tool or submit your application via email. Please note that email submissions are not encrypted.

Data Collected:

• Contact details

• Resume

• Certificates

• Cover letter

• Additional documents

Processing occurs exclusively for the purpose of evaluating your application. Only personnel involved in the hiring process will have access to your data.

The legal basis for processing your data is Art. 88 GDPR in conjunction with Section 26 BDSG. If your application is unsuccessful, your data will be deleted six months after the conclusion of the recruitment process unless you have given explicit consent under Art. 6(1)(a) GDPR to retain your data in our talent pool. If your application results in employment, your data will be stored for the duration of your employment.

21. Amazon Web Services
Our main website is hosted by Amazon Web Services Inc. (AWS), 410 Terry Avenue North, Seattle, WA 98109, USA. AWS provides the infrastructure for website hosting, tools, and related services.

Data Processed by AWS:

• Website content

• Domain information

• Server log files

AWS processes data under the EU-US Data Privacy Framework, ensuring compliance with GDPR requirements for third-country data transfers.

The legal basis for this processing is our legitimate interest under Art. 6(1)(f) GDPR.

22. Ionos
We use IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany, to host our web store. Ionos processes website content, domain information, and log files.

Processing is carried out under a data processing agreement in accordance with Art. 28 GDPR. The legal basis for this processing is our legitimate interest under Art. 6(1)(f) GDPR.

23. Netlify
We utilize the content delivery network (CDN) provided by Netlify Inc., 512 2nd Street, Floor 2, San Francisco, CA 94107, USA. This service accelerates loading times and improves website security by distributing content globally.

Data Processed by Netlify:

• IP address

• Requested website content

Netlify processes data under the EU-US Data Privacy Framework, ensuring GDPR compliance for third-country transfers. The legal basis for this processing is our legitimate interest under Art. 6(1)(f) GDPR.

24. Login Area
You can create a user account on our website to access certain features. Data collected during registration and login is used solely to provide the requested services. This data is processed to ensure a secure and user-friendly experience.

25. Shopping Cart
Our website allows you to save items in a shopping cart during your session. These selections are stored in session cookies, which are deleted automatically when you close your browser.

26. Payment Services
We use the payment services of Adyen N.V., Simon Carmiggeltstraat 6, 1011 DJ, Amsterdam, for processing transactions.

Data Processed by Adyen:

• Payment type

• Transaction details (e.g., amount, currency)

• Billing and shipping addresses

• Credit card or account information

• Name and email address

Processing is based on your explicit consent under Art. 6(1)(a) GDPR.

27. Fastly
We use Fastly, Inc., 475 Brannan Street, San Francisco, CA 94107, to enhance website performance through its content delivery network (CDN).

Data Processed by Fastly:

• IP address

• Requested website content

Fastly processes data under the EU-US Data Privacy Framework. The legal basis for this processing is our legitimate interest under Art. 6(1)(f) GDPR.

28. Chatbot
Our chatbot, provided by tawk.to Inc., 187 East Warm Springs Rd, SB298, Las Vegas, Nevada, 89119, USA, enables users to interact with us via live chat.

Data Processed by Tawk.to:

• IP address

• Chat session data (e.g., text input, date, and time)

• Email address (if provided)

Data is stored under the EU-US Data Privacy Framework. Processing is based on your explicit consent under Art. 6(1)(a) GDPR. Data is deleted immediately after the chat ends or within one day in case of errors.

29. Retention Period
We store your personal data only for as long as necessary and permissible to fulfill the purpose for which the data was collected, unless legal retention periods prevent its deletion or you have explicitly consented to the continued storage of your personal data.

If certain data are subject to legal retention periods, we retain this data until the respective retention periods have expired.

If you explicitly consent to the continued storage of specific data, we will retain this data until you withdraw your consent.