privacy policy

Recipients of personal data may include, in particular, IT service providers, hosting providers, marketing and analytics service providers, customer relationship management (CRM) systems, and other service providers used in the course of our business operations, each acting as processors or independent controllers as applicable.

We use the consent management platform Cookiebot, a service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (formerly Cybot A/S), to obtain, manage and document your consent for optional cookies and similar technologies. Further information is available in the provider’s privacy information: https://www.cookiebot.com/en/privacy-policy/ and https://www.cookiebot.com/en/cookie-declaration/

When you submit your cookie preferences, Cookiebot processes the information required to document and technically implement your choice, in particular an anonymized IP address, date and time of consent, browser information, the requested URL, an anonymized encrypted key and your consent status.

To store and recognize your consent status on future visits, Cookiebot places a consent cookie on your device. This cookie is stored for up to 12 months unless you change or withdraw your consent earlier.

The legal basis for the processing related to storing and documenting your consent is Art. 6(1)(c) GDPR insofar as such processing is necessary to demonstrate compliance with legal obligations (Art. 7 GDPR), and alternatively Art. 6(1)(f) GDPR based on our legitimate interest in proving and managing consent decisions.

If you contact us by email or via the contact form on our website, we process the personal data you provide – such as your name, email address, company, phone number, message content and, where applicable, your IP address and technical metadata – in order to process and respond to your enquiry and to ensure the security of our systems.

The legal basis is Art. 6(1)(b) GDPR where your enquiry relates to pre-contractual measures or the performance of a contract with us. In all other cases, the legal basis is Art. 6(1)(f) GDPR based on our legitimate interest in responding to business enquiries and maintaining communication records.

We store your enquiry data only for as long as necessary to process your request and any related follow-up communication. Enquiry data is generally reviewed for deletion after three years. Longer retention applies where statutory retention obligations under commercial or tax law require it, or where the data is needed to assert, exercise or defend legal claims.

If you subscribe to our newsletter, we process your email address and, where provided, your name in order to send you our newsletter. We use a double opt-in procedure: after submitting your registration, you will receive a confirmation email and your subscription will only be activated once you click the confirmation link contained therein.

For newsletter dispatch and mailing list management, we use CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany, as a processor under a data processing agreement pursuant to Art. 28 GDPR. We also store the IP address used at the time of registration and the date and time of both registration and confirmation in order to document your consent and prevent misuse. They offer further information on their privacy policy here: https://www.cleverreach.com/en-de/privacy-policy/

The legal basis for sending the newsletter is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future, for example by clicking the unsubscribe link in any newsletter or by contacting us via the provided form.

After unsubscribing, we will cease sending the newsletter. Your email address will be deleted from the active mailing list or suppressed. Records documenting your consent (including registration IP address and date/time of registration and confirmation) are retained for up to three years after withdrawal of consent, in order to demonstrate the lawfulness of the prior processing and to defend potential legal claims.

We use the service Heyzine, provided by Nocodefunctions S.L., Spain, to make digital publications such as brochures, catalogues or magazines available as interactive flipbooks. When such flipbooks are accessed, technical usage data may be processed in order to display the content, ensure security and functionality, and evaluate the use of the publications statistically. If a lead form is used within a flipbook, we process the data you enter there, (name, email address, company) in order to handle your request, provide the requested information and contact you in relation to the respective topic. Heyzine provides functions for collecting lead data and may process personal data such as names and email addresses in this context. Personal data is processed on the basis of a Data Processing Agreement. Further information on data processing by Heyzine can be found in Heyzine’s Privacy Policy.

The legal basis for the provision and statistical analysis of the flipbooks is Art. 6(1)(f) GDPR, based on our legitimate interest in presenting our publications in a user-friendly and efficient way and improving their performance. Where the processing is necessary to handle a specific request or to provide requested information, the legal basis is Art. 6(1)(b) GDPR. If we obtain your consent, in particular for marketing communication or newsletter subscriptions, the legal basis is Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.

Links to social media
Our website contains links to our profiles on social networks. Social media providers are not loaded automatically when you access our website. A connection to the respective provider is established only when you actively click on the relevant link or graphic.

Once you click such a link, the respective provider becomes independently responsible for the processing of your personal data. We have no control over the data processing carried out by social media providers after you click. Please note that data may be transferred to and processed outside the European Economic Area. Further information can be found in the privacy notices of the respective providers.

LinkedIn
Our website contains links to our LinkedIn company page and, on certain contact pages, to individual LinkedIn profiles of employees. These are simple outbound links. LinkedIn is contacted only when you actively click the respective link; no data is transmitted to LinkedIn through the mere display of the link on our website.

After clicking the link, LinkedIn processes personal data under its own responsibility. Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Further information on data processing by LinkedIn: https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/legal/cookie-policy

Employee profile links
Where we provide links to individual LinkedIn profiles of employees on our contact pages, these are simple outbound links. LinkedIn is contacted only when you actively click the respective link. The linked LinkedIn profile and any subsequent data processing are the responsibility of LinkedIn.

facebook plug-in

Our website may contain embedded Facebook/Meta content (e.g. social plugins, like buttons or share functions). Such content is activated only if and after you have given your consent via Cookiebot. Until consent is given, no connection to Meta’s servers is established.

Once activated, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (‘Meta’), processes personal data under its own responsibility, including your IP address and, if you are logged into Facebook, your Facebook user ID. Data may be transferred to Meta’s servers in the United States. Meta relies on the EU Standard Contractual Clauses and participates in the EU-U.S. Data Privacy Framework.

The legal basis for our use of Facebook/Meta content is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with section 165(3) TKG 2021. You may withdraw your consent at any time via “Cookie Settings” on our website.

Further information: https://www.facebook.com/privacy/policy/ and https://www.facebook.com/policies/cookies/

We use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). GA4 is activated only if and after you have given your consent via Cookiebot.

GA4 helps us analyse how visitors use our website. In connection with GA4, the following categories of data may be processed: online identifiers (including a randomly generated client ID stored in a cookie), device and browser information, approximate location (country/city level only; IP addresses are not logged or stored by GA4), page views, events and interactions, referral source and session duration.

Unlike earlier versions of Google Analytics, GA4 does not log or store IP addresses. Measurement data is associated with a randomly generated identifier, not with your IP address.

Measurement data is transmitted to Google’s servers. Depending on your location and Google’s infrastructure, data may be processed in the United States or other countries outside the EEA. Google relies on the EU Standard Contractual Clauses and participates in the EU-U.S. Data Privacy Framework as safeguards for such transfers. We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR.

The legal basis for the use of GA4 is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with section 165(3) TKG 2021. You may withdraw your consent at any time via “Cookie Settings” on our website.

GA4 cookies are stored for a maximum of 13 months from the date they are set, unless you withdraw your consent earlier.

We use Google Maps, a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). Google Maps content on our website is activated only if and after you have given your consent via Cookiebot, or – where implemented as a two-click solution – only after you actively click to load the map.

When Google Maps is activated, Google may process your IP address, device information and, if applicable, location data, and may set cookies or similar technologies. Data may be transferred to Google’s servers in the United States or other countries outside the EEA. Google relies on the EU Standard Contractual Clauses and participates in the EU-U.S. Data Privacy Framework.

The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. You may change or withdraw your consent at any time via “Cookie Settings” on our website.

Further information: https://policies.google.com/privacy and https://www.google.com/intl/en/help/terms_maps/

Our website may contain embedded YouTube videos, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google/YouTube’). Embedded videos are loaded only if and after you have given your consent via Cookiebot, or – where implemented – only after you actively click to load the video.

When a YouTube video is loaded, personal data such as your IP address, device and browser information, and information about the requested video may be processed by YouTube/Google, and cookies or similar technologies may be set. Data may be transferred to Google’s servers in the United States or other countries outside the EEA. Google relies on the EU Standard Contractual Clauses and participates in the EU-U.S. Data Privacy Framework.

The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time via “Cookie Settings” on our website.

Further information: https://policies.google.com/privacy and https://support.google.com/youtube/answer/7671399

We use Google Ads conversion tracking, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). This service is activated only if and after you have given your consent via Cookiebot.

Conversion tracking allows us to measure in aggregated form whether users who reached our website via a Google ad subsequently performed specific actions (conversions). For this purpose, a cookie is set on your device when you click on a Google ad. This cookie is valid for 30 days and does not contain any information that personally identifies you. The data generated is used exclusively to produce aggregated conversion statistics.

Data may be transmitted to Google’s servers in the United States or other countries outside the EEA. Google relies on the EU Standard Contractual Clauses and participates in the EU-U.S. Data Privacy Framework.

The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time via “Cookie Settings” on our website.

Further information: https://policies.google.com/privacy and https://support.google.com/google-ads/answer/1722022

We use IPMeta (ipmeta.io), a free plugin service operated by IpMeta.io, to restore the ‘Service Provider’, ‘Network Domain’ and ‘Network Type’ dimensions in our Google Analytics 4 property.

When you visit our website and consent has been granted via Cookiebot, IPMeta converts your IP address into the corresponding network information (internet service provider, network domain and network type) using IPMeta’s own proprietary WHOIS database. According to the provider, IPMeta does not store any visitor data. The IP address is used exclusively for the lookup and immediately discarded thereafter. IPMeta does not use any third parties for this purpose.

The resulting network dimensions (Service Provider, Network Domain, Network Type) are transmitted to our GA4 property as anonymized, non-personal custom dimensions. They do not allow identification of individual visitors.

The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time via “Cookie Settings” on our website. Further information: https://ipmeta.io

When you access our website, your browser or device automatically transmits certain technical data, which is processed by our server or web hosting provider. This data includes: IP address, date and time of access, requested URL, referrer URL (previously visited page), browser type and version, operating system and HTTP access status/response code.

This data is processed in order to ensure the security, stability and proper functioning of the website, including the detection, prevention and investigation of cyber security incidents, and to enable the technical delivery of website content.

Our website is hosted by Kinsta Inc., 8899 Beverly Blvd, Suite 400, Los Angeles, CA 90048, USA. Kinsta acts as our processor within the meaning of Art. 28 GDPR for all hosting-related processing.

The legal basis for this processing is Art. 6(1)(f) GDPR based on our legitimate interest in operating a secure and properly functioning website. Server log data is generally deleted after 30 days. Longer retention applies where specific log entries are required for the investigation of a security incident or for the assertion, exercise or defence of legal claims, in which case the relevant data is retained until the matter is resolved.

Depending on the selected hosting configuration, personal data processed by Kinsta in the course of providing hosting services may be transferred to third countries outside the EEA, in particular the United States. Kinsta relies on the EU Standard Contractual Clauses and, where applicable, participates in the EU-U.S. Data Privacy Framework.

Further information: https://kinsta.com/legal/privacy-policy/ and https://kinsta.com/legal/data-processing-addendum/

At trade fairs, conferences or other business occasions, we may receive contact details – for example from business cards or direct exchanges – and process this information to establish contact, initiate business relationships and maintain business communication.

Data processed may include: name, job title, company, business email address, phone number and any other information provided on the business card or during the exchange.

The legal basis is Art. 6(1)(f) GDPR based on our legitimate interest in maintaining and expanding our professional network and conducting our business activities. We store such data only for as long as it is needed for these purposes. Contact data is reviewed at regular intervals of no longer than two years; where no relevant business relationship has developed or where contact has ceased, the data will be deleted.

We use Microsoft Clarity, a web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA (‘Microsoft’). Microsoft Clarity is activated only if and after you have given your consent via Cookiebot to the use of analytics cookies and similar technologies. Without your consent, Microsoft Clarity is not activated and no Clarity cookies are placed on your device.

Microsoft Clarity helps us understand how visitors interact with our website by generating heatmaps, session recordings and aggregated usage statistics. In connection with Microsoft Clarity, the following categories of personal data may be processed: IP address (truncated), device and browser information, visited pages, click and scroll behaviour, mouse movements, time spent on the website and similar interaction data.

The information collected is transmitted to and processed on Microsoft’s servers. Processing may involve recipients in countries outside the European Economic Area, in particular the United States. Microsoft relies on the EU Standard Contractual Clauses and participates in the EU-U.S. Data Privacy Framework as safeguards for such transfers. We have concluded a data processing agreement with Microsoft pursuant to Art. 28 GDPR.

The legal basis for the use of Microsoft Clarity is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with section 165(3) TKG 2021. You may withdraw your consent at any time with future effect via the “Cookie Settings” link on our website.

Microsoft Clarity cookies are stored for a maximum of 12 months from the date they are set, unless you withdraw your consent earlier.

Further information: https://privacy.microsoft.com/en-us/privacystatement, https://learn.microsoft.com/en-us/clarity/setup-and-installation/consent-management and https://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-cookies

Our website contains links to career pages and, in some cases, to separate career portals or subdomains operated by us, such as jobs-austria.rosendahlnextrom.com or jobs-finland.rosendahlnextrom.com. When you click such a link, you leave this website or access a separate recruitment environment.

The processing of personal data in connection with job applications, applicant accounts, talent pools or recruiting analytics carried out via those portals is governed by the separate applicant privacy notice applicable to the respective career portal or recruiting system. Please refer to the privacy notice displayed within the relevant career portal for full information.

On certain contact pages, we provide downloadable vCard files for individual contact persons. When you request a vCard file, your browser transmits technical access data – including IP address, date and time of access, the requested file name, browser type and HTTP response code – which is recorded in server log files in order to deliver the file and to ensure the security and stability of the website.

The legal basis is Art. 6(1)(f) GDPR based on our legitimate interest in providing contact information in a user-friendly manner and ensuring the secure operation of our website. This access data is treated in the same way as other server log data and is deleted in accordance with the retention periods described in the section ‘Server log files’ above. No additional tracking takes place solely as a result of downloading a vCard.