- Data controller
- Collection and processing of personal data
- What personal data we collect
- What do we use your personal data for, why and for how long
- Security of your personal data
- International Data Transfer
- Sharing your personal data
- Email addresses and newsletters
- Links to other websites
- Website tracking
- Security of personal data
- Safety precautions
- Your data protection rights
- Data protection officer
- Right to lodge a complaint with the competent supervisory authority
- Amendments to the Privacy Statement
Version status: 5/25/2018
The INDEX Group appreciates your visit to our website and your interest in our products and companies.
The INDEX Group is committed to protecting your data and take its responsibility regarding the security of customer data very seriously. Our privacy practices reflect current global principles and standards on handling personal data. These principles include transparency in how we use personal data , your choices and rights regarding the use, access and correction or deletion of your user information, data access, data integrity regulations, data security, data sharing, and monitoring of compliance with these regulations when processing this information. The INDEX Group is providing you with this information in compliance with the EU General Data Protection Regulation (EU GDPR)
This Privacy Statement sets out the following:
What personal data we collect and process about you in connection with your relationship with us as a customer and through your use of our website and online services;
- Where we obtain the data from:
- What we do with that data;
- How we store the data;
- Who we transfer/share that data to/with;
- How we deal with your data protection rights;
- How we ensure the security of data transferred to us
- And how we comply with the data protection rules.
All personal data is collected and processed in accordance with the EU General Data Protection Regulation and German data protection laws.
2. Data controller
“INDEX Group” (referred to as “we”, “us”, “our” or “INDEX Group” in this Statement) refers primarily in this Statement to
INDEX-Werke GmbH & Co. KG Hahn & Tessky
- with its registered office in Plochinger Straße 92, 73730 Esslingen, Germany
- reachable via telephone number +49 711 3191-0 and email address
email@example.com or website www.index-werke.de
- The enterprise is registered at the District Court Stuttgart HRA 210265 under PhG: INDEX-Verwaltungs-GmbH, District Court Stuttgart HRB 210266.
- The Executive Directors are Dr.-Ing. Dirk Prust (spokesman), Reiner Hammerl and Harald Klaiber, and the Chairman of the Administrative Board is Dr.-Ing. Ulrich Dohle
The principal enterprise is also responsible for all other enterprises within the INDEX Group, including in particular certain enterprises controlled by INDEX-Werke GmbH & Co. KG Hahn & Tessky.
INDEX-Werke GmbH & Co. KG Hahn & Tessky is the “data controller” of all personal data that is collected and used about customers of INDEX-Werke within the meaning of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (EU General Data Protection Regulation, EU GDPR) and the updated version of the Federal Data Protection Act (BDSG, updated version) (published in the Act to Adapt Data Protection Law to Regulation (EU)(DSAnpUG-EU)) of 30 June 2017.
By using this website, you consent to the electronic storage and use of your data as described here. If the INDEX Group decides to make changes to this Privacy Statement, we will post the changes on this website so that you will always know what data we store, and how we use it.
From time to time, as may be required by applicable law, we may also seek your explicit consent to process certain personal data collected on this website or volunteered by you.
4. Collection and processing of personal data
The INDEX Group wants to be able to better understand your needs and interests and provide you with an optimum service. As a result, the INDEX Group collects and uses personal data as described below, and in accordance with the applicable data protection laws.
We may further collect and process any information and data that you volunteer to us, e.g. when you register for events, subscribe to newsletters, participate in online surveys or when you enter into a pre-contractual or contractual relationship with us.
5. What personal data we collect
We may collect personal data from you when you initiate a commercial relationship with us on a pre-contractual basis, or have a commercial relationship with us as a customer on a contractual basis, use our website and other websites accessible through our website, participate in a survey or competition, or when you contact us.
Specifically, we may collect the following categories of data:
- Salutation, academic title, first name, surname, other names, job title, customer, department, street and house number, zip code, town or city, district, country and state, telephone number, email, website, language, region, industry, use;
- Information about your use of our website and/or app;
- The communications you exchange with us or directly to us via letters, emails, chat service, calls, and social media.
- Location, including real-time geographic location of your computer or device through GPS, Bluetooth, and your IP Address, along with public WLAN hotspot and cell tower location data, if you use location-based features and turn on the Location Services settings on your device and/or computer.
- Personal details about your physical or mental health, alleged commission or conviction of criminal offenses are considered “sensitive” personal data under applicable data protection laws. Data of this nature along with the personal data of children shall not be collected.
6. What do we use your personal data for, why and for how long
Your data may be used for the following purposes:
- Providing products and services you request and fulfilling contractual obligations: We use the information you give us to perform the services you have asked for in relation to your product;
- Provision of IT services for the performance of tasks as part of a commercial relationship with customers, trading partners and prospective customers;
- Contacting you in the event of changes to or cancellations of orders: We send you information about the services you have asked for and any changes to such services. These communications are not made for marketing purposes and cannot be opted-out of;
- In the case of an individual entrepreneur: Verification and/or checking of creditworthiness and modes of payment: We use your payment information for accounting, billing and audit purposes and to detect and/or prevent any fraudulent activities;
- Administrative or legal purposes: We use your data for statistical and marketing analysis, systems testing, customer surveys, maintenance and development, or in order to process disputes or claims.
- Security, health, administration, crime prevention/detection: We may share your data with government authorities or enforcement bodies to comply with legal requirements;
- Customer Services communications: We use your data to manage our communication with you as our customer and to improve our services and enhance your experience with us;
- Processing job queries;
- Providing tailored services: We use your data to provide information we believe is of interest to you, prior to, during, and after your use of our products, and to personalize the services we offer to you;
- Marketing: From time to time we will contact you via email with information regarding promotions and additional products. However, you will have the opportunity to decide for yourself whether to receive such information. You will also be given the opportunity with every email that we send you to decide whether you wish to continue receiving our direct marketing material, or if you wish to opt out of our offers.
We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the reasons we have collected and needed to use your personal data.
In most cases we will need to process your personal data, so we can conclude a purchase, service or maintenance contract with you. (Article 6(1)(b) GDPR regarding processing for the performance of a contract, taking steps prior to entering into a contract)
We may also process your personal data for one or more of the followings:
- To comply with a legal obligation
- You have consented to us using your personal data (e.g. for marketing related purposes);
- To protect your vital interests or those of another person (e.g. in case of a medical emergency);
- It is in our legitimate interests in operating as a trading company (e.g. for administrative purposes).
We will not retain your data for longer than is necessary to fulfill the purpose for which it is being processed. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means.
We must also consider periods for which we might need to retain personal data in order to meet our legal obligations (e.g. in accordance with the retention periods stipulated in the German Commercial Code or in relation to claims resulting from damages caused by defects or consequential damages) or to process complaints and queries, as well as to protect our legal rights in the event of a claim being made.
When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimize over time the personal data that we use, and if we can anonymize your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
7. Security of your personal data
We follow strict security procedures when storing or sharing your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal data so that it can be securely transferred over the Internet.
We may disclose your information to trusted third parties for the purposes set out in this Privacy Statement. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with European data protection laws (EU GDPR).
8. International Data Transfer.
INDEX-Werke operates businesses in multiple jurisdictions, some of which are not located in the European Economic Area (EEA), such as Brazil, China and the USA. While countries outside the EEA do not always have strict data protection laws, we require all services providers to process your data in a secure manner and in accordance with European data protection laws. We utilize standard methods under EU law to legitimize data transfers outside the EEA.
9. Sharing your personal data
Your data will only be provided to the employees of the enterprises within the INDEX Group who require such data to perform their duties. As part of this, we have provided additional protection for access to your data by way of roles, rights and authorization concepts.
Employees of the INDEX Group working with personal data are subject to a strict non-disclosure agreement and are given regular training regarding how to deal with personal data.
Your personal data may be shared with other enterprises within the INDEX Group.
We may also share your personal data with the following third parties for the purposes described in this Privacy Statement:
- Government authorities, law enforcement bodies and supervisory authorities
- Trusted third parties who provide ancillary services that we use in order to conduct our business, such as service technicians in all countries we operate in, cloud services and email marketing service providers who support our Marketing team in conducting customer surveys and providing targeted marketing campaigns;
- Legal and other professional advisers, courts and law enforcement bodies in all countries we operate in, in order to enforce our legal rights in relation to our contract with you;
10. Email addresses and newsletters
If you provide us with your email address and/or specify your email address via the contact form, we will also get in touch with you via email. We will not disclose your email address to any third parties outside of the INDEX Group. You may opt out of receiving emails from the INDEX Group at any time.
Depending on how your email application is set up, information may be transmitted automatically to the INDEX Group if you send an email to the INDEX Group.
If you would like to receive the newsletter offered on the website, we will require your email address as well as information allowing us to verify that you are the owner of the specified email address and that you have agreed to receive the newsletter. No further data is collected or only collected on a voluntary basis. This data is used exclusively to send the requested information and will not be shared with third parties.
The data entered into the newsletter subscription form is processed solely with your consent (Article 6(1)(a) GDPR). You may withdraw your consent to the storage of data, your email address and use thereof for sending the newsletter by following the “unsubscribe” link in the newsletter. The lawfulness of any data processing operations carried out will not be affected by withdrawal.
We will store the data you provide us in order to receive the newsletter until you cancel your subscription, and we will erase the data when you unsubscribe from the newsletter. Data that we have stored for other purposes (e.g. email addresses for the members area) will not be affected.
11. Links to other websites
Our website may potentially contain links to the websites of third party providers. The INDEX Group is not responsible for the privacy practices or the content of websites outside of the INDEX Group.
Cookies are small text files that are transferred to your computer's hard drive through your web browser. They enable us to recognize your browser and help us to track visitors to our website, thus enabling us to understand better the products and services that will be most suitable to you. Most web browsers automatically accept cookies, but, if you wish, you can change these browser settings by accepting, rejecting and deleting cookies. The "help" portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you choose to change these settings, you may find that certain functions and features will not work as intended. The cookies we use do not detect any information stored on your computer.
For more information about cookies and how to stop cookies being installed, please visit the following website: http://www.allaboutcookies.org.
13. Website tracking
We use tracking software to monitor customer usage patterns and site usage to help us develop the design and layout of our websites. This software does not enable us to capture any personal data.
The tracking software that we use is described in greater detail here:
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called “cookies”, which are text files placed on your computer to enable your use of the website to be analyzed. The information generated by the cookies regarding your use of this website will usually be transferred to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within the Member States of the European Union or other signatories to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website in order to compile reports about website activities and to provide additional services relating to website and Internet use.
We would like to point out that Google Analytics was extended on this website by the code “anonymizeIp()” in order to guarantee anonymized collection of IP addresses (so-called IP masking).
The IP address communicated by your browser as part of Google Analytics is not associated with any other data held by Google. You may prevent the storage of cookies by selecting the appropriate settings on your browser software; however, please note that if you do so, you may not be able to use all the functions of this website to their full extent.
You can also prevent the release of data generated by the cookies about your use of the website (including your IP address) to Google as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link:
You can prevent Google Analytics from collecting information by clicking on the following link. An opt-out cookie will be installed that prevents the future collection of your information when you visit this website:
You can find more detailed information on the terms and conditions of use and on data protection at www.google.com/analytics/terms/de.html and/or at www.google.com/intl/de/analytics/privacyoverview.html
Google Analytics Remarketing
Our websites make use of the functionality of Google Analytics Remarketing in conjunction with the multi-device functionality of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This functionality makes it possible with Google Analytics Remarketing to link ad target groups to the multi-device functionality of Google AdWords and Google DoubleClick. This enables interest-related and personalized ads, which have been adjusted for you based on your previous usage and browsing habits on a device (e.g. mobile phone), to be displayed on another one of your devices (e.g. tablet or PC).
If you have given your consent accordingly, Google will then link your web and app browsing history to your Google account for this purpose. As a result, the same personalized ads will be displayed to you on each device on which you are logged in to your Google account.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for multi-device ad promotion.
You can permanently opt out of multi-device remarketing/targeting by disabling personalized ads in your Google Account; to do this, simply follow this link: www.google.com/settings/ads/onweb/.
The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google (Article 6( 1)(a) GDPR). For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.
Google Adwords and Google Conversion Tracking
Our website uses Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your Internet browser stores on your computer. These cookies lose their effectiveness after 30 days and cannot be used for personal identification of the user. If the user visits certain pages on our website and the cookie has not yet expired, we and Google are able to recognize that the user has clicked on the advert and has been forwarded to this page.
Every Google AdWords customer receives a different cookie. Cookies therefore cannot be tracked via the websites of AdWords customers. The information that is gathered with the help of conversion cookies serves to produce conversion statistics for AdWords customers who have opted for conversion tracking. As a result, the customers are informed about the total number of users who have clicked on their advert and been forwarded to a site with a conversion tracking tag. However, they do not receive any information with which the users could be personally identified. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing the user settings via your Internet browser. You will then not be included in the conversion tracking statistics.
The basis for storing “conversion cookies” is Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its web content and the advertising shown with it.
You can set your browser so that you are informed when cookies are stored on your computer so that you can allow cookies to be used once only, accept cookies in certain cases only, always refuse them, or automatically delete cookies when you close your browser. The functionality of this website may be restricted if you disable cookies.
Our website uses the visitor promotion pixel of Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) in order to measure conversion statistics.
This allows you to track the behavior of visitors to your website once they have been forwarded to the provider’s website after clicking on a Facebook ad. In doing so, the effectiveness of the Facebook ads can be evaluated for statistical and market research purposes, and future campaigns can also be optimized.
The data collected is anonymous to us as the operator of this website; it gives us no indications of users’ identities. However, the data from Facebook is saved and processed so that a link to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data use policy. In doing so, Facebook is able to place ads on Facebook’s own pages as well as outside of Facebook. We, as the operator, have no influence over the use of the data.
You can find out more information about how to protect your privacy in Facebook’s Data Policy: www.facebook.com/about/privacy/.
You can also disable the “Custom Audiences” remarketing function in the Preferences area for ads under www.facebook.com/ads/preferences/.
You must be logged in to Facebook to do this.
If you do not have a Facebook account, you can disable Facebook's usage-based ads on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/
14. Security of personal data
The protection of your personal data is of the utmost importance to us. In order to protect the personal data of our customers, we ensure such data is processed exclusively in computer centers and on computers in line with the industry standard (e.g. firewalls, password protection, access controls etc.) and protected by way of security technology.
15. Safety precautions
Our computer center and internal IT department are constantly adapting the technical safety precautions in line with current conditions and requirements. Both are also subject to continuous monitoring by the data protection officer.
16. Your data protection rights
Under certain circumstances, by law you have the right to:
- Request information about whether we hold personal data about you, and, if so, what that data is and why we are holding/using it.
- Request access to your personal data (commonly known as a "right of access by the data subject"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we have a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we process your personal data for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal data or profiling of you.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal data in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically usable format and to be able to transfer your data to another party in an electronically usable format.
- Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any unauthorized persons.
Our data protection officer is on hand to help support you in this regard.
17. Data protection officer
We have appointed a data protection officer (“DPO”) to oversee compliance with this Privacy Statement and support you with any queries arising in relation to your personal data and your rights.
If you wish to exercise any of your rights, please contact our data protection officer at
INDEX-Werke Data Protection Officer,
Plochinger Str. 92,
73730 Esslingen, Germany
Phone: +49 711 3191-0
18. Right to lodge a complaint with the competent supervisory authority
We would be grateful if you could make direct contact with us in the event of any problems. However, should you still wish to lodge a complaint, please feel free to contact the competent supervisory authority for data protection stated here; you have the right to lodge a complaint with a supervisory authority at any time.
The competent authority in Germany is “The Federal Commissioner for Data Protection and Freedom of Information” as the most senior federal authority, with its registered office in Bonn, Germany, and the most senior data protection supervisory authority for INDEX-Werke as a German data controller. The Federal Commissioner may delegate its duties to the regional data protection authorities.
With regard to the Index Group, this is
The State Representative for Data Protection and Freedom of Information in Baden-Württemberg, Germany
PO Box 10 29 32, 70025 Stuttgart, Germany Königstraße 10a, 70173 Stuttgart, Germany
Phone: 0711/61 55 41 – 0
Fax: 0711/61 55 41 – 15
19. Amendments to the Privacy Statement
Our Privacy Statement may change from time to time as a result of further developments to our website or changes in the law. We reserve the right to modify this Privacy Statement at any time with effect for the future. This will be communicated to you by way of an email or a notice on our website. The respective version status and respective date of publication are specified in the Privacy Statement itself.
Previous version statuses are saved by the DPO.