Privacy Notice

  1. Name and address of the data controller
    The data controller under the General Data Protection Regulation and other national data protection laws of member states as well as other data protection regulations is:
    Surplex GmbH
    Theodorstraße 105
    40472 Düsseldorf
    Germany
    Tel: +49 (0)211 42 27 37 - 0
    E-Mail:  info@surplex.com
    Website: www.surplex.com

  2. Data protection officer
    Responsible for data protection:
    Surplex GmbH
    Theodorstraße 105
    40472 Düsseldorf
    Germany
    E-Mail: dataprivacy@surplex.com


  3. General information on data processing
    1. Scope of personal data processing
      We only process personal data of our users if this is necessary to provide a functional website as well as our content and services. Collection and utilisation of our users' personal data is only undertaken periodically with the user's consent. An exception applies in those cases where prior consent cannot be obtained for legal or circumstantial reasons and the processing of the data is permitted by law.
    2. Legal basis for processing personal data
      Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 Para. 1 (a) EU General Data Protection Regulation (GDPR) serves as legal basis.
      In processing personal data necessary for performance of a contract to which the data subject is a party, Art. 6 Para. 1 lit. b GDPR applies as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.
      Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR applies as the legal basis.
      In the event that vital interests of the data subject or another natural person require a processing of personal data, Art. 6 1 lit. d GDPR applies as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Para. 1 (f) GDPR applies as the legal basis for processing.
    3. Data Erasure and Storage Duration
      The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. Blocking or erasure of data will be carried out even if a storage deadline prescribed by the above-mentioned standards expires, unless data storage is a necessity for concluding or performing a contract.

  4. Provision of the website and creation of log files
    1. Description and Scope of Data Processing
      Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.
      The following data shall be collected:
      (1) Information about the browser type and version used
      (2) The user's operating system
      (3) The Internet service provider of the user
      (4) The IP address of the user
      (5) Date and time of access
      (6) Websites from which the user's system reaches our website
      (7) Websites accessed by the user's system via our website

      Die Logfiles enthalten IP-Adressen oder sonstige Daten, die eine Zuordnung zu einem Nutzer ermöglichen. Dies könnte beispielsweise der Fall sein, wenn der Link zur Website, von der der Nutzer auf die Internetseite gelangt, oder der Link zur Website, zu der der Nutzer wechselt, personenbezogene Daten enthält.
      Die Daten werden ebenfalls in den Logfiles unseres Systems gespeichert. Eine Speicherung dieser Daten zusammen mit anderen personenbezogenen Daten des Nutzers findet nicht statt.
    2. Legal basis for data processing
      The legal basis for the temporary storage of data and log files is Art. 6 para. 1 (f) GDPR.
    3. Purpose of Data Processing
      Temporary storage of IP address by the system is necessary to enable delivery of the website to the user's computer. To this end, the user's IP address shall remain stored for the duration of the session.
      The data is stored in log files to ensure the website's functionality. The data is also used to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context. These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 Para. 1 (f) GDPR.
    4. Duration of the Storage
      The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of data collection for provision of the website, this will be undertaken once the respective session has ended.
      If the data is stored in log files, this will be undertaken after 90 days at the latest. Further storage is possible. In this case, the user's IP addresses will be deleted or distorted, so that assignment of the accessing client will no longer be possible.
    5. Objection and Deletion Possibility
      Collection of data for the provision of the website and storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no option to object on the part of the user.

  5. Use of cookies
    1. Description and scope of data processing
      Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.
      We use cookies to make our website more user-friendly. Some elements of our website require that the browser's accessing can be identified even after changing the page. The following data is stored and transmitted in the cookies:

      Language settings
      (2)   Watch list
      (3)   Log-in information
    2. Legal Basis for Data Processing
      The legal basis for the processing of personal data using cookies is Art. 6 Para. 1 (f) GDPR.
    3. Purpose of Data Processing
      The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website will not be available without the use of cookies. In this case, it is necessary that the browser will be recognised even after changing the page.

      (1)   Acceptance of language settings
      (2)   Observing articles

      The user data collected by technically necessary cookies shall not be used to create user profiles.
    4. 4. Duration of Storage, Objection and Erasure options
      Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user you have full control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies.
      Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website's features in full.

  6. Newsletter
    1. Description and Scope of Data Processing
      Newsletters are sent upon registration on the website
      You can subscribe to a free newsletter on our website. The data from the contact form is transmitted to us when you subscribe to the newsletter. The minimum requirement is the user's email address.
      However, further personal information may be provided for personalisation:
      • Title
      • Surname
      • First name

      The following data will also be collected upon subscription:  
      • IP address of the accessing computer
      • Date and time of subscription

      If you have consented to receive our newsletter, we will inform you about current auctions that correspond to your personal interests.
      We store and process this data for the purpose of sending newsletters. During the registration process, your consent is obtained for processing data and reference is made to this Privacy Notice.

      Newsletter is sent due to the sale of goods
      If you purchase goods or services from our website and provide us with your e-mail address, we may subsequently use it to send you a newsletter. In such a case, only direct marketing of our own similar products or services will be sent via the newsletter.
      No data is disclosed to third parties in connection with data processing for sending newsletters. The data will be used exclusively for sending the newsletter.
    2. Legal Basis for Data Processing
      The legal basis for the processing of data after the user subscribe to the newsletter is, if the user's consent to this has been obtained, Art. 6 Para. 1 (a) of GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 Para. 3 UWG. The legal basis for the pseudonymised storage of data for statistical purposes is Art. 5 Para. 1 (b) GDPR in conjunction with Art. 89 Para. 1 GDPR.
    3. Purpose of Data Processing
      The purpose of collecting the user's e-mail address is to send the newsletter. Collection of other personal data as part of the subscription process is for preventing the misuse of the services or of the used email address.
    4. Duration of Storage The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. The user's email address will therefore be stored for as long as the subscription to the newsletter is active.
    5. Objection and Deletion Options
      The subscription to the newsletter can be cancelled by the user concerned at any time. A link to do this can be found in every newsletter. This also enables withdrawal of consent for storage of personal data collected during the subscription process. The data are then available to us only as so-called metadata without direct personal reference for statistical evaluations.

  7. Registration
    1. Description and Scope of Data Processing
      We offer users the opportunity to register on our website by providing personal information. The data is entered into a contact form, transmitted to us, and stored. This data shall not be transferred to third parties. The following data is collected during the registration process:
      Title, surname, first name, areas of interest, company, street, postcode, city, country, mobile number, telephone, fax, password In addition, the following personal data shall be collected:
      IP address of the accessing computer, date and time of registration
      In the course of the registration process, the user's consent to the processing of this data shall be obtained.
    2. Legal Basis for Data Processing
      The legal basis for the processing of data, if the user's consent to this has been obtained, is Art. 6 para. 1(a) GDPR. If registration is for the fulfillment of a contract to which the user is a party or for the implementation of pre-contractual measures, an additional legal basis for the data processing is Art. 6, Para. 1(b) GDPR. The legal basis for the pseudonymised storage of data for statistical purposes is Art. 5 Para. 1 (b) GDPR in conjunction with Art. 89 Para. 1 GDPR.
    3. Purpose of Data Processing
      The user's registration is necessary for the provision of certain content and services on our website. The user's registration is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.
    4. Duration of Storage
      The data will be deleted or pseudonymised as soon as it is no longer needed to achieve the purpose for which it was collected. This is the case for data collected during the registration process for the fulfillment of a contract or the implementation of pre-contractual measures, if the data is no longer needed for the fulfillment of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations. Pursuant to the provisions of the Commercial Code and the Tax Code, the data must be stored for 10 years.
    5. Objection and Deletion Options
      As a user, you have the possibility to cancel the registration at any time. You can change the data stored about you at any time. If the data is required for the fulfillment of a contract or the implementation of pre-contractual measures, early erasure of data is only possible insofar as contractual or legal obligations do not preclude erasure. The data are then available to us only as so-called metadata without direct personal reference for statistical evaluations.

  8. Email contact 
    1. Description and Scope of Data Processing
      You can contact us via the e-mail address provided. In this case, the user's personal data that is transmitted along with the email will be stored.
      The data will not be disclosed to third parties in this context. The data is used exclusively for the processing of the conversation.
    2. Legal Basis for Data Processing
      The legal basis for the processing of data transferred in the course of sending an email is Art. 6 Para. 1 (f) GDPR. If the email contact aims at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 Abs. 1 (b) GDPR. The legal basis for the pseudonymised storage of data for statistical purposes is Art. 5 Para. 1 (b) GDPR in conjunction with Art. 89 Para. 1 GDPR.
    3. Purpose of Data Processing
      In the event of contacting us by email, this also constitutes the necessary legitimate interest in the processing of the data.
      The other personal data processed during the sending process is for preventing the misuse of the contact form and to ensure the security of our information technology systems.
    4. Duration of Storage
      The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected.
    5. Objection and Deletion Options
      The user has the possibility to withdraw his/her consent to the processing of personal data at any time. A user who has contacted us by email can object at any time to the storage of his or her personal data. It will not be possible to continue the conversation in this case. The user can contact us via e-mail, post or telephone and object to the use of his data. All personal data stored in the course of contacting us will be deleted or pseudonymised as a result. The data are then available to us only as so-called metadata without direct personal reference for statistical evaluations.

  9. Application process  
    1. Description and Scope of Data Processing
      We offer users the opportunity to apply electronically on our website by providing personal information. If a user accepts this option, the data entered in the contact form will be transmitted to us and stored. The following data are collected in the context of electronic application:
      title, first name, last name, e-mail, telephone, salary expectation, file attachments, how you heard about us (text field) In addition, the following personal data are collected:
      The user's IP address, date and time of registration
    2. Legal Basis for Data Processing
      The legal basis for the processing of the data, if the user's consent to this has been obtained, is Art. 6 Para. 1 (a) of GDPR. The legal basis for processing the data transferred in the course of sending an email is Art. 6 Para. 1 (f) GDPR. If the email contact is aimed at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 Para. 1 (b) GDPR. The legal basis for the pseudonymised storage of data for statistical purposes is Art. 5 Para. 1 (b) GDPR in conjunction with Art. 89 Para. 1 GDPR.
    3. Purpose of Data Processing
      The processing of personal data from the contact form serves solely for the establishment of contact or the application. In the event of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.
    4. Duration of Storage
      Personal data are stored exclusively for the purpose of filling the vacant position for which you have applied. We also reserve the right to store your data for inclusion in our "Talent Pool" for 730 days after completion of the application process in order to identify any other interesting positions for you. Within the scope of the application process, the user's consent is obtained for a storage period exceeding the legal requirements.
    5. Objection and Erasure Options
      The user has the option of withdrawing his/her consent to the processing of personal data at any time. You can contact us at any time via dataprivacy@surplex.com to arrange for your data to be deleted. The data are then available to us only as so-called metadata without direct personal reference for statistical evaluations.
  10. Newsletter tracking
    1. Description and Scope of Data Processing
      The newsletters we send contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails that are sent in HTML format to enable log file recording and log file analysis. The personal data collected in this way will not be transferred to third parties. During the registration process, your consent will be obtained by a so-called double opt-in procedure. Reference is made to this Privacy Notice.
    2. Legal Basis for Data Processing
      The legal basis for the processing of data after the user subscribe to the newsletter is, if the user's consent to this has been obtained, Art. 6 Para. 1 (a) of GDPR.
    3. Purpose of Data Processing
      Newsletter tracking is used for statistical evaluation of the success or failure of online marketing campaigns. This enables us to track whether and when an e-mail is opened and which links in the e-mail are clicked on. This enables us to improve and optimise our newsletter.
    4. Duration of Storage
      The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. The data thus obtained will be deleted after a period of 180 days at the latest.
    5. Objection and Erasure Options
      The consent of the user concerned can be withdrawn at any time by unsubscribing from the newsletter. For this purpose, for example, a corresponding link can be found in every newsletter.

  11. Transfers of personal data to third parties
    1. TBAuctions Group
      We are part of the TBAuctions Group and may share your personal data with other companies within this group to the extent necessary for the fulfilment of contractual obligations, the optimisation of our services, the fulfilment of legal obligations or the protection of legitimate interests. The transfer of data will always be carried out in accordance with the applicable data protection laws and only to the extent necessary for the stated purposes. The companies within the TBAuctions group are contractually obliged to treat your personal data confidentially and to use it solely for the purposes stated in this data protection declaration. Should it be necessary to transfer your data outside the European Economic Area (EEA), we will ensure that an adequate level of data protection is guaranteed, for example by concluding appropriate standard contractual clauses.
    2. Service provider
      Personal data are transmitted to our service providers within the scope of contract fulfillment. They are transmittedaccording to the following information.
      1. Dismantling Service Provider
        For the processing of the contractual services, the following personal data, contact persons and mobile phone number will be transmitted to our dismantling service providers. This is done on the basis of a legal permit pursuant to Art. 6 Para. 1 (b) GDPR for the performance of the contract.
      2. Transport Service Provider
        To process the contractual services, the following personal data, contact person, delivery address and mobile phone number, will be transmitted to our transport service provider. This is done on the basis of a legal permit pursuant to Art. 6 Para. 1 (b) GDPR for the performance of the contract.
      3. Other relevant Service Provider
        Special order combinations can require the involvement of professional service providers. To process the contractual services, personal data such as contact persons, delivery address and mobile phone number can be transmitted to other relevant service providers if necessary, depending on the requirements of the order fulfillment. This is done on the basis of a legal permit pursuant to Art. 6 Para. 1 (b) GDPR for the performance of the contract.
    3. Payment Services and Payment Procedures
      If the person concerned selects one of the payment options in our online shop during the order process, personal data will be transmitted to our payment service provider in accordance with the following information.
      1. Privacy Policy on Credit Card as payment method
        BWhen paying by credit card via Heidelpay, payment is processed by the payment service provider Heidelberger Payment GmbH, Vangerowstrasse 18, 69115 Heidelberg (hereinafter referred to as "Heidelpay"), to which we send your data provided during the ordering process exclusively for the purpose of processing payments in accordance with Art. 6 Para. 1 (b) GDPR. Data will only be transferred if it is actually necessary for payment processing. Heidelpay transmits your data for the execution of the payment – when necessary - in accordance with Art. 6 Para. 1 (b) GDPR to HUELLEMANN & STRAUSS ONLINESERVICES S.A., 1, Place du Marché, 6755 Grevenmacher, Luxembourg. You can object to this processing of your data at any time by sending a message to the person responsible for data processing or to Heidelpay. However, Heidelpay may still be entitled to process your personal data if this is necessary for contractual payment processing.
      2. Privacy Policy on bank wire transfer by SOFORT GmbH as payment method
        When paying by instant transfer via Heidelpay, payment is processed by the payment service provider Heidelberger Payment GmbH, Vangerowstrasse 18, 69115 Heidelberg (hereinafter referred to as "Heidelpay"), to which we send your data provided during the ordering process exclusively for the purpose of processing payments in accordance with Art. 6 Para. 1 (b) GDPR. Data will only be transferred if it is actually necessary for payment processing. Heidelpay transmits your data for the execution of the payment – when necessary - in accordance with Art. 6 Para. 1 (b) of GDPR to SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany. You can object to this processing of your data at any time by sending a message to the person responsible for data processing or to Heidelpay. However, Instant Transfer may still be entitled to process your personal data if this is necessary for contractual payment processing.
      3. Privacy Policy on Paypal as payment method
        When paying by Paypal via Heidelpay, payment is processed by the payment service provider Heidelberger Payment GmbH, Vangerowstrasse 18, 69115 Heidelberg (hereinafter referred to as "Heidelpay"), to which we send your data provided during the ordering process exclusively for the purpose of processing payments in accordance with Art. 6 Para. 1 (b) GDPR. Data will only be transferred if it is actually necessary for payment processing. Heidelpay transmits your data for the execution of the payment – when necessary - in accordance with Art. 6 Para. 1 (b) GDPR to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. You can object to this processing of your data at any time by sending a message to PayPal. However, Paypal may still be entitled to process your personal data if this is necessary for contractual payment processing.
    4. Website analysis services
      1. Google Analytics
        This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; "Google"). The use includes the "Universal Analytics" operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse user's activities across devices. Google Analytics uses "cookies", which are text files that are stored on your computer and which help analyse your use of the website. As a rule, the cookie-generated data regarding your use of this website will be forwarded to a Google server in the USA and stored there. However, if IP anonymisation is enabled on this website, your IP address will first be abbreviated by Google within the member states of the European Union or other parties to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there. The IP address transmitted by your browser as part of Google Analytics is not synchronised with other Google data. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is § 15 Paragraph3 TMG and Art. 6 Para. 1 (f) GDPR. Sessions and campaigns will end after a certain period of time. By default, sessions end after 30 minutes without activity and campaigns after six months. The time limit for campaigns can be up to a maximum of two years. For more information on terms of use and data protection, visit https://www.google.com/analytics/terms/en.html or https://policies.google.com/?hl=en. You can prevent cookies from being stored by selecting the appropriate settings in your browser; however, we wish to point out that by doing so, you may not be able to enjoy the full functionality of this website. Furthermore, you can prevent the collection of data generated by the cookie and related to the usage of the website (including your IP address) and the processing of the data by Google by downloading and installing the browser plugin . Opt-out cookies prevent future collection of your data when you visit this website. In order to prevent data collection by Universal Analytics across multiple devices, you need to perform the opt-out on all systems you are using. You can set the opt-out cookie by clicking here: disable Google Analytics
      2. etracker
        surplex GmbH uses services of etracker GmbH from Hamburg, Germany (www.etracker.com) to analyze usage data. We do not use cookies for web analysis by default. Insofar as we use analysis and optimization cookies, we obtain your explicit consent separately in advance. If this is the case and you consent, cookies are used to enable statistical coverage analysis of this website, measurement of the success of our online marketing measures, and test procedures, for example, to test and optimize different versions of our online offering or its components. Cookies are small text files that are stored by the Internet browser on the user's terminal device. etracker cookies do not contain any information that enables identification of a user. The data generated by etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited, certified and awarded the data protection seal ePrivacyseal of approval in this regard. Data processing is carried out on the basis of the legal provisions of Art. 6 (1) f (legitimate interest) of the General Data Protection Regulation (DSGVO). Our concern in terms of the DSGVO (legitimate interest) is the optimization of our online offer and our web presence. Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, combination with other data or transfer to third parties will take place. You can object to the data processing at any time. The objection has no adverse consequences. Change your Cookie-Settings here.
        Further information on data protection at etracker can be found here.
      3. Hotjar
        We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. In addition, unique user attributes and events are transferred so that individual functions of our website can be specifically examined by Surplex for user-friendliness, with the aim of providing you with an even better website for industrial auctions. This user and usage information is not combined with or shared with data from other sources and is only ever available to Surplex within the scope of the respective usage exclusively and temporarily for the purpose of optimizing the website. Hotjar is contractually forbidden to sell any of the data collected on our behalf.For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.You can object to the collection of analysis data at any time by changing your cookie settings with us and deactivating the "Analysis" area.
      4. BlueConic
        We collect so-called first party data via the BlueConic customer data platform. This means that it is data that we collect ourselves as a company. This includes data on surfing behavior, e-mail marketing, and social media channels. The Customer Data Platform collects data directly from you as a user and stores it in a database to enrich the respective customer profile. With the help of this database, we can individualize the various channels used and adapt them to your needs. Internally, the Customer Data Platform uses deterministic data matching. This uses unique identifiers of users, such as your email address or customer number, to link them to your other customer data. If you want to make a change later, you can customize it here: Cookie settings.
    5. Advertising and marketing services
      1. Google Remarketing
        This website uses the remarketing function of Google Inc. ("Google"). This feature is designed to show visitors to our site such as you interest-based ads from the Google advertising network. Your browser will store small text files called "cookies" on your computer that will allow you to be recognised when you websites that belong to the Google advertising network. In this way, you can be presented with advertisements related to content previously accessed on sites using the Google remarketing feature. Google states that it does not collect any personal data from this function.
        However, if you still wish to decline the use of Google's remarketing feature, you can always disable it by activating the appropriate settings at http://www.google.com/settings/ads. Alternatively, you can disable the use of cookies for interest-based advertising through the ad network initiative by following the instructions in http://www.networkadvertising.org/managing/opt_out.asp . Additional information on Google remarketing and Google’s privacy policy can be found at: http://www.google.com/privacy/ads/.
      2. Google Adwords and conversion tracking
        To draw attention to our current projects and developments, planned activities and services, we place Google AdWords ads and use Google Conversion Tracking. These ads appear after searches on Google Network websites. We have the possibility to combine our ads with certain search terms. We also use AdWords remarketing lists for classified ads. This allows us to customise search ad campaigns for users who have visited our site before. The services allow us to combine our ads with certain search terms or to place ads for previous visitors in which, for example, services that visitors have viewed on our website are advertised.

        For interest-related offers, an analysis of online user behaviour is necessary. Google uses cookies to perform this analysis. When you click on an ad or visit our website, Google sets a cookie on your computer. This information is used to specifically address the visitor during a later search query. Further information on the cookie technology used can also be found in Google's notes on website statistics and in the data policy. With the help of this technology, Google and we as customers receive information that a user has clicked on an and has been redirected to our websites to contact us via the contact form. Likewise, Google and we, as customers, use Google forwarding numbers to receive information that a user has clicked on a phone number from us on the Internet and contacted us by phone. The information obtained in this way is used exclusively for statistical evaluation for ad optimisation. We do not receive any information that personally identifies visitors. The statistics provided by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were forwarded to a page of our website with a conversion tag. Based on these statistics, we can trace the search terms for which our advertisement was clicked particularly often and which advertisements lead to contact by the user via the contact form or via telephone. With respect to telephone contact by prospects or customers, the statistics provided by Google include the start time, end time, status (missed or received), duration (seconds), caller area code, telephone charges and call type.

        If you do not wish to do so, you can prevent the storage of the cookies required for these technologies, e.g. via the settings on your browser. In this case, your visit is not included in the user statistics. You can also use the ad settings to select Google ad types or disable interest-based ads on Google. Alternatively, you can disable the use of cookies by third parties by using the Network Advertising Initiative's disabling tool. However, we and Google continue to receive statistical information on how many users visited this page and when. If you do not want to be included in these statistics either, you can prevent this by using additional programmes for your browser (e.g. with the add-on Ghostery).

      3. Criteo
        On our web pages, information about the surfing behaviour of the web page visitors is collected and stored in anonymised form for marketing purposes by the technology of Criteo GmbH. Cookies are used for this purpose, and other technical information about you and your usage behaviour is collected. Criteo uses an algorithm to analyse surfing behaviour and then display targeted product recommendations as personalised banners throughout your online usage (web, in-app, email). Under no circumstances can the data collected be used to personally identify the visitor to this website.
        The data collected is only used to improve the offer. Any other use or disclosure to third parties will not take place. You can object to the completely anonymous analysis of your surfing behaviour by clicking on this link (https://www.criteo.com/privacy/) to unsubscribe.
        For more information about Criteo's technology, please see the Criteo Privacy Policy (http://www.criteo.com/privacy/).
      4. Facebook Pixel
        Within our website, we use the "Facebook pixel" of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. So-called tracking pixels are integrated on our pages. When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. Facebook receives information from your browser that our site has been accessed from your mobile device. If you are a Facebook user, this allows Facebook to associate your visit to our pages with your user account. Please note that, as the provider of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses this data. We can only select the segments of Facebook users (such as age, interests) to which our ads should be displayed.

        By calling up the pixel from your browser, Facebook can also recognise whether a Facebook ad was successful, e.g. if it led to an online purchase. This allows us to track the effectiveness of Facebook ads for statistical and market research purposes. For more information about this, please see Facebook's privacy policy at https://www.facebook.com/about/privacy/. Please click here if you do not want to capture data via Facebook pixels: https://www.facebook.com/settings?tab=ads#_=_. Alternatively, you can disable the Facebook pixel on the Digital Advertising Alliance page using the following link: http://www.networkadvertising.org/managing/opt_out.asp or you can click here and an opt-out cookie will be set:
      5. LinkedIn
        On our website, we use the analysis and conversion tracking technology of the LinkedIn platform, an offer of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2 (Ireland). With the aforementioned LinkedIn technology, you can see more relevant adverts based on your interests. LinkedIn also provides us with aggregated and anonymous reports of ad activity and information about how you interact with our website. LinkedIn uses cookies for this purpose. These cookies are used to uniquely identify a web browser on a particular computer, they are valid for 30 days and do not contain any personal data and therefore do not serve to personally identify our website users. The cookie is used to analyse how you interact with our website (e.g. which website you used to reach us, how long you stayed here, what offers you were interested in) and whether you are a member of the LinkedIn platform or not. The information collected using cookie is used to compile the aforementioned anonymous statistics and reports and to display adverts based on your interests.
        For more information about LinkedIn's privacy policy, check here. Regardless of whether you are a registered member of the LinkedIn platform or not, you can object to the analysis of your usage behaviour by LinkedIn and the display of interest-based recommendations ("Opt-Out"); click on the field "Reject on LinkedIn" (for LinkedIn members) or "Reject" (for other users) under the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
    6. More tools and miscellaneous
      1. YouTube components with extended data protection mode
        On our website, we use components (videos) of YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a Google Inc company, Amphitheatre Parkway, Mountain View, CA 94043, USA, using the option " - extended privacy mode - " provided by YouTube.When you access a page that has an embedded video, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser, and according to YouTube's " - extended privacy mode -" data, in particular which of our websites you visited when you view the video, is only transmitted to the YouTube server when you view the video. If you are logged in to YouTube at the same time, this information will be associated with your YouTube account. You can prevent this by logging out of your account before you visit our website. To provide embedded videos, our API client uses YouTube API Services. By the usage, you agree to be bound to YouTube's Terms of Service, available at https://www.youtube.com/t/terms. Further information on YouTube's privacy policy is provided by Google at the following link: https://www.google.com/intl/en/policies/privacy/.
      2. Trusted Shops Trustbadge
        The Trusted Shops Trustbadge is included on this website. In balancing interests, this serves to protect our legitimate interests in the optimal marketing of our offer in accordance with Art. 6 Para. 1 (f) GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Strasse. 15C, 50823 Cologne. When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, e.g. your IP address, date and time of accessing, transferred data volume and the requesting provider (access data) and documents the accessing. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your visit to the site.
      3. Whatsapp
        You can contact us through the instant messenger service WhatsApp. If you select this communication channel, your telephone number will be automatically transmitted to us. Contact is made exclusively via a secure mobile device. The data will not be transferred to third parties, unless this has already been stipulated by WhatsApp's general terms and conditions as a condition of use. The contact number is only used for telephone communication with you, e.g. for telephone inquiries. The data is stored for 4 weeks.
        If you contact Surplex through WhatsApp, we cannot guarantee the confidentiality and security of your information. To use WhatsApp, you must agree to the terms and conditions of WhatsApp Inc., allowing WhatsApp Inc. to access your mobile number and stored phone contacts, among other things. In addition, WhatsApp Inc. stores data on servers that are outside the scope of the European Data Protection Regulation. Surplex shall not be liable for any damages arising from your use of the WhatsApp Platform.
      4. Userlike
        This website uses Userlike, a live chat software provided by Userlike UG. Userlike uses "cookies", text files placed on your computer, enabling you to have personal real-time chats on this website. The data collected will not be used to identify a visitor personally and neither will it be aggregated with any personal data of this user. For more details, please visit our Privacy Policy page. https://www.userlike.com/en/terms#privacy-policy
      5. GOOGLE WEB FONTS
        For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO. If your browser does not support web fonts, a standard font is used by your computer.
        Further information about handling user data, can be found at Google Fonts FAQ and in Google’s privacy policy.
  12. Rights of the data subject
    If your personal data is processed, you are a data subject under the GDPR and you have the following rights with respect to the person responsible. Your requests can be sent to dataprivacy@surplex.com.
    1. Right of access
      You can ask the data controller to confirm whether your personal data will be processed by us.
      If such processing is taking place, you can request to be informed by the data controller regarding the following information:
      1. the purposes for processing the personal data;
      2. the categories of personal data being processed;
      3. the recipients or categories of recipients to whom your personal data has been or will be disclosed;
      4. the planned storage duration of your personal data or, if specific information in that regard is not possible, criteria for determining the storage period;
      5. the existence of a right of rectification or deletion of your personal data or of a restriction on processing by the data controller or of a right to oppose such processing;
      6. the existence of a right of appeal to a supervisory authority;
      7. any available information on the origin of the data if the personal data has not been collected from the person concerned;
      8. the existence of automated decision-making, including profiling, in accordance with Article 22 Para. 1 and 4, GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the person concerned.
      You have the right to request information regarding whether your personal information will be transmitted to a third-party country or an international organisation. In this respect, you can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
    2. Right to rectification
      You have a right to rectification and/or integration with respect to the data controller if your processed personal data is incorrect or incomplete. The controller shall make the correction immediately.
    3. Right to restrict processing
      Under the following conditions, you may request that the processing of your personal data be restricted if:
      1. you contest the accuracy of your personal data for a period that enables the controller to verify the accuracy of the personal data;
      2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
      3. the controller no longer needs the personal data for processing purposes, but they are required by you for the establishment, exercise or defence of legal claims or
      4. you have objected to processing pursuant to Art. 21 Para. 1 GDPR pending the verification whether the legitimate grounds of the controller overrides your reasons.

      Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State.

      If the processing restriction has been done in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.

    4. Right to erasure
      • a) Obligation to erase

        You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

        • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
        • You withdraw your consent on which the processing is based according to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 (a) GDPR, and where there is no other legal ground for the processing.
        • You object pursuant to Art. 21 Para. 1 GDPR, you object to the processing and there are no overriding justifiable reasons for the processing, or Art. 21 Para. 2 GDPR to the processing;
        • The personal data have been unlawfully processed.
        • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
        • The personal data concerning you has been collected in relation to services offered by information society services according to Art. 8 Para. 1, GDPR.
      • b) Transfer of personal data to third parties

        If the controller has made the personal data that concerns you public and if the data subject is obliged for its erasure pursuant to Art. 17, Para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

      • c) Exceptions

        The right to erasure does not exist insofar as the processing is necessary

        • to exercise the right of freedom of expression and information;
        • for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the person responsible is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the person responsible;
        • for reasons of public interest in the field of public health in accordance with Art. 9 Para. 2 lit. h and i, as well as Art. 9 Para. 3, GDPR;
        • for archiving purposes in the interest of public, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, to the extent that the law referred to in (a) is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing; or
        • to assert, exercise or defend legal claims.
    5. Right to information
      If you have exercised your right to have the controller correct, delete or restrict the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

      It is your right to have the controller inform you regarding such recipients.
    6. Right to data portability
      You have the right to obtain your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, insofar as
      • the 0. the processing is based on consent pursuant to Art. 6 Para. 1 lit. a, GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract pursuant Art. 6 Para. 1 (b) GDPR and
      • the processing is carried out using automated methods.

      In exercising this right, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    7. Right to object
      You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions; The responsible party will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to processing that is for direct marketing purposes, the personal data that concerns you will no longer be processed for these purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

    8. Right to withdraw the consent under data protection law
      You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the legality of processing undertaken on the basis of this consent before its withdrawal.
    9. Automated individual decision-making, including profiling
      You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
      • is necessary for entering into, or performance of, a contract between the you and a data controller;
      • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
      • is based on your explicit consent.

      However, these decisions may not be based on special categories of personal data pursuant to Art. 9, Para. 1 GDPR, unless Art. 9 Para. 2 (a) or g and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.

      In the cases referred to in 1 and 3, the data controller shall implement suitable measures to safeguard your rights and freedom and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

    10. Right to complain to a supervisory authority
      Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you contravenes the GDPR.
      The supervisory authority with which the appeal has been filed shall inform the appellant of the status and results of the appeal, including the possibility of a judicial remedy under Art. 78 GDPR.
  13. Opt Out Overview
    Tool Data Privacy Opt-out
    Google Analytics https://bit.ly/2EhbVl4 here
    Adwords Conversion https://bit.ly/2EhbVl4 http://bit.ly/1GFNqdS
    Adwords Remarketing https://bit.ly/2EhbVl4 http://bit.ly/1GFNqdS
    Criteo Pixel https://bit.ly/2H6fYUx https://bit.ly/2H6fYUx
    Facebook Pixel https://bit.ly/1gi9r5J
    LinkedIn https://bit.ly/2q1Hwmv https://bit.ly/2uGJRs3