Data protection declaration

Privacy Policy – Information on the Processing of Personal Data

This document informs you about how we process personal data.

Introduction and Structure of the Document

We, FUJI EUROPE CORPORATION GmbH (hereinafter referred to as “the Company,” “we,” or “us”), thank you for visiting our website and for your interest in our company and services. Your personal data will only be processed in accordance with the provisions of German and European data protection law.

Data protection law requires us, as the data controller, to ensure the protection of your personal data through various measures. One of these obligations is to inform you transparently about the nature, scope, purpose, duration, and legal basis of the data processing (cf. Art. 13 and 14 EU-GDPR). In this document, we address you, the data subject, also referred to as “Customer,” “User,” “You,” “Your,” or “Data Subject.” In this privacy policy, we inform you about how your personal data is processed by us.

Our privacy policy is structured in a modular way. It consists of a general part that applies to all types of personal data processing and specific situations, and a special part that only applies to the processing situation described therein. It is possible that we use this online document to inform you about processing operations that do not primarily occur on the website. These are found in the Special Part of the document. If you wish to quickly navigate through the document, many browsers offer a search function via the keyboard shortcut “CTRL+f.”

Definitions

Based on the model of Art. 4 EU-GDPR, the following definitions apply to this document:

“Personal Data” (Art. 4 No. 1 EU-GDPR) refers to any information that relates to an identified or identifiable natural person (“Data Subject”). A person is identifiable if they can be directly or indirectly identified, particularly through reference to an identifier such as a name, identification number, online identifier, location data, or other information concerning the person’s physical, physiological, genetic, mental, economic, cultural, or social identity. Identifiability may also be established through the combination of such information or additional knowledge. The form, manner, or embodiment of the information is irrelevant (e.g., photos, video or audio recordings can contain personal data).

“Processing” (Art. 4 No. 2 EU-GDPR) refers to any operation performed on personal data, whether or not by automated means. This includes the collection (i.e., obtaining), recording, organization, structuring, storage, alteration or modification, retrieval, consultation, use, disclosure by transmission, dissemination, or other provision, comparison, combination, restriction, deletion, or destruction of personal data, as well as the alteration of the intended purpose of data processing.

“Controller” (Art. 4 No. 7 EU-GDPR) is the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of processing personal data.

“Third Party” (Art. 4 No. 10 EU-GDPR) refers to any natural or legal person, authority, agency, or other body other than the data subject, the controller, the processor, and persons who are authorized to process personal data under the direct authority of the controller or processor.

“Processor” (Art. 4 No. 8 EU-GDPR) is a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller, particularly in accordance with their instructions (e.g., IT service providers). In data protection law, a processor is not considered a third party.

“Consent” (Art. 4 No. 11 EU-GDPR) of the data subject refers to any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, expressed through a statement or a clear affirmative action, by which the data subject signifies their agreement to the processing of personal data relating to them.

Name and Address of the Data Controller

The entity responsible for the processing of your personal data in accordance with Art. 4 No. 7 EU-GDPR, as well as contact details and additional information about our company, can be found in the legal notice on our website.

Contact Details of the Data Protection Team and Data Protection Officer

For all questions and as a point of contact on data protection matters, our Data Protection Team, consisting of data protection coordinators and our Data Protection Officer, is available at any time.

You can contact the Data Protection Team:

• By mail at the address listed in the imprint with the addition “Data Protection Team”
• By email at datenschutz@fuji-euro.de

If you, as the data subject, wish for your identity to remain known only to the Data Protection Officer and not to the controller, please contact us via an email address that does not allow identification. The Data Protection Officer will then provide you with a suitable communication channel.

Your Rights

You can assert your rights as a data subject regarding the processing of your personal data at any time by contacting us using the contact details provided at the beginning of this document. We recommend that you contact the Data Protection Team directly to facilitate your request.

As a data subject, you have the right to:

• Request information about the personal data we process under Art. 15 EU-GDPR. Specifically, you can request information about the processing purposes, the categories of data, the categories of recipients to whom your data has been or will be disclosed, the intended retention period, the existence of the right to rectification, deletion, restriction of processing, or objection, the existence of the right to lodge a complaint, the source of your data if it was not collected by us, as well as information about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the details thereof;
• Request the correction of inaccurate or the completion of incomplete personal data we hold about you under Art. 16 EU-GDPR without undue delay;
• Request the deletion of your personal data stored by us under Art. 17 EU-GDPR, provided that the processing is not necessary for exercising the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
• Request the restriction of the processing of your personal data under Art. 18 EU-GDPR, where the accuracy of the data is contested by you or the processing is unlawful;
• Receive the personal data you provided to us in a structured, commonly used, and machine-readable format or request the transfer to another controller under Art. 20 EU-GDPR (“Data Portability”);
• Object to the processing of your personal data under Art. 21 EU-GDPR, where the processing is based on Art. 6 (1) lit. e or lit. f EU-GDPR. This applies particularly if the processing is not necessary for the performance of a contract with you. If the objection is not related to direct marketing, we ask that you provide the reasons why you believe your data should not be processed as we have been doing. In the case of a legitimate objection, we will examine the situation and either cease or modify the data processing or demonstrate to you our compelling legitimate grounds for continuing the processing. For many services on our website that process personal data based on Art. 6 (1) lit. f EU-GDPR, the objection can be technically implemented via technologies available in or to be installed in your browser, such as blocking JavaScripts or cookies;
• Withdraw any consent you have given us under Art. 7 (3) EU-GDPR, including consent given before the EU-GDPR came into effect (i.e., before May 25, 2018), at any time, provided you have granted such consent. This will result in the cessation of data processing based on your consent for the future;
• Lodge a complaint with the competent supervisory authority for data protection regarding the processing of your personal data by our company under Art. 77 EU-GDPR.

Legal Basis for Data Processing

By law, personal data may only be processed if it falls under one of the following justifications:

Art. 6 (1) lit. a EU-GDPR (“Consent”): If the data subject has voluntarily, in an informed manner, and unambiguously indicated through a statement or other clear affirmative action that they consent to the processing of their personal data for one or more specific purposes;

Art. 6 (1) lit. b EU-GDPR (“Contract”): If the processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures taken at the request of the data subject;

Art. 6 (1) lit. c EU-GDPR (“Legal Obligation”): If the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., a statutory retention obligation);

Art. 6 (1) lit. d EU-GDPR: If the processing is necessary to protect vital interests of the data subject or another natural person;

Art. 6 (1) lit. e EU-GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or

Art. 6 (1) lit. f EU-GDPR (“Legitimate Interests”): If the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (particularly where the data subject is a minor). In cases where the processing is based on Art. 6 (1) lit. f EU-GDPR, the specified purposes also constitute our legitimate interests. (1) lit. f EU-DSGVO beruht, stellen die genannten Zwecke zugleich unsere berechtigten Interessen dar.

For the processing operations we perform, we specify the applicable legal basis below. Processing may also be based on multiple legal grounds.

Data Deletion and Retention Period

For each of our processing operations, we indicate below how long the data will be stored and when it will be deleted or blocked. For consents, the specified data retention and deletion period as indicated in the consent request is decisive. If no explicit retention period is provided below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Generally, your data is stored only within the territory of Germany, in an EU member state, or in another contracting state of the European Economic Area (EEA). Possible exceptions to this are described in the following sections and processing operations. However, data may be stored beyond the specified period in the event of a (potential) legal dispute with you or any other legal proceedings, or if retention is required by statutory regulations to which we, as the controller, are subject (e.g., § 257 HGB, § 147 AO). When the legally required retention period expires, the personal data will be blocked or deleted unless further retention is necessary and a legal basis exists for this.

Data Security: Website, Email, Fax

We employ technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction, or unauthorized access by third parties (e.g., TLS encryption for our website). These measures are implemented considering the state of the technology, the implementation costs, the scope, context, and purpose of the processing, as well as the existing risks (including their probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

For secure data transmission over the Internet, we use the hybrid encryption protocol Transport Layer Security (TLS), which was previously known under the designation Secure Sockets Layer Software (SSL). This software encrypts the information you transmit. All privacy-relevant information is stored in encrypted form in a protected database.

Please note that the confidentiality of email communications cannot be guaranteed. Although we offer transport encryption (TLS) through our mail servers, the confidentiality may depend on various mail relay servers, over which we have no control: Whether these servers also use TLS and whether they analyze the emails is beyond our influence.

When sending a fax, the transmission takes place via the Internet Protocol (FoIP). The transmission is technically identical to sending an email or website data. We cannot determine whether an IP-based service encrypts the data, and therefore, the confidentiality of the transmitted data cannot be guaranteed. We recommend not to send sensitive data via fax.

We are happy to provide you with further information upon request. Please contact our Data Protection Team for more details.

Collaboration with Data Processors

As with any larger company, we also use external service providers to manage our business operations, such as for IT, logistics, telecommunications (e.g., package delivery, sending of letters or emails), analyzing our databases, marketing activities, payment processing, sales, and marketing. These service providers have access to personal data that is required for fulfilling their tasks. However, they are not allowed to use this data for any other purposes. Data processors act solely according to our instructions and are contractually obliged under Art. 28 EU-GDPR to comply with data protection regulations. Data processors are not considered third parties.

Conditions for the Transfer of Personal Data to Third Countries

As part of our business relationships, your personal data may be shared or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), in so-called third countries. . Such processing will occur exclusively to fulfill contractual and business obligations and to maintain your business relationship with us. We will inform you about the details of such transfers at the relevant points. Generally, we specify the location of the company providing the service.

The European Commission has issued adequacy decisions for certain third countries, certifying that their data protection standards are comparable to those of the EEA. The Commission has issued adequacy decisions for the following countries and territories: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay, South Korea, and the United Kingdom (as of Dec. 2021).

In other third countries where personal data may be transferred, there may be a lack of legal provisions ensuring a consistently high level of data protection. Where this is the case, we ensure that data protection is generally adequately guaranteed. This is typically achieved through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certifications, or recognized codes of conduct.

Automated Decision-Making

We do not intend to use personal data collected from you for automated decision-making procedures (including profiling).

Obligation to Provide Personal Data

We do not make the conclusion of contracts with us dependent on the prior provision of personal data. As a customer, you are generally not obligated by law or contract to provide us with your personal data. However, it may be the case that we are unable to offer certain services or can only offer them to a limited extent if you do not provide the required data. If this is exceptionally the case within the scope of the products or processing processes described below, we will notify you separately.

Legal Obligation to Provide Certain Data

In certain cases, we may be subject to a specific legal or regulatory obligation to provide personal data to third parties, particularly public authorities (Art. 6 (1) lit. c EU-GDPR).

Changes to the Privacy Policy

In the context of developments in data protection law, as well as technological or organizational changes, this document will be regularly reviewed for necessary adjustments or additions. We reserve the right to change this privacy policy at any time, in accordance with applicable data protection regulations, with future effect. Any changes will be published here. Current version: January 27, 2025.

Information on the Processing of Personal Data in Specific Processing Operations

The following sections describe processing operations grouped by different categories of individuals whose data is processed (“Data Subjects”).

Visitors to Websites

Information about our company and the services we offer can be found, in particular, at www.fuji-euro.de and its associated subpages (hereinafter collectively referred to as “Websites”). When you visit our Websites, personal data about you is processed.

Your data will only be processed for as long as necessary to achieve the purposes mentioned above. The legal bases for processing are as specified in relation to the processing purposes. Third parties that we engage may store your data on their systems for as long as required in connection with providing services to us, in accordance with the respective contractual arrangements.

The following categories of recipients, who are usually data processors, may have access to your personal data:

Service providers for operating our website and processing data stored or transmitted by the systems (e.g., data center services, payment processing, IT security). The legal basis for the transfer is Art. 6 (1) lit. b oder lit. f EU-GDPR, unless they are data processors.

Government bodies/authorities, to the extent required to fulfill a legal obligation. The legal basis for the transfer is Art. 6 (1) lit. c EU-DSGVO;

Persons involved in the conduct of our business operations (e.g., auditors, banks, insurers, legal advisors, regulatory authorities, parties involved in mergers or joint venture formations). The legal basis for the transfer is Art. 6 (1) lit. b oder lit. f EU-DSGVO.

Furthermore, we will only transfer your personal data to third parties if you have explicitly consented to it under Art. 6 (1) lit. a EU-DSGVO.

Processed Personal Data on the Website/Log Data

When you use the website for informational purposes, the following categories of personal data are collected, stored, and further processed by us. When you visit our website, a so-called log data record (server log files) is temporarily and anonymized stored on our web server. This record mainly contains:

• The page from which the request was made (referrer URL)
• The name and URL of the requested page
• The date and time of the request
• The description of the type, language, and version of the browser used
• The IP address of the requesting computer
• The amount of data transmitted
• The operating system
• A message on whether the request was successful (access status/HTTP status code)
• The GMT time zone difference

The processing of the log data serves statistical purposes and the improvement of the quality of our website, especially the stability and security of the connection (legal basis is Art. 6 (1) lit. f EU-GDPR).

It is possible that we may temporarily process additional information provided by your operating system, browser, and/or other technologies to our web servers in order to deliver the website. The legal basis for this is also Art. 6 (1) lit. f EU-DSGVO.

Services for Storing Information on Your Device or Accessing Information Already Stored on Your Device (Cookies, Plugins, JavaScript, etc.)

On our websites, we use services and technologies to store information on your device and/or to access information already stored on your device. These technologies may include cookies. Cookies are text files and/or entries in the browser’s internal database that associate your browser with a unique string of characters. Specific information is exchanged between the entity setting the cookie and your device.

Cookies and other services can contain data that allow the recognition of the device used. Some cookies and technologies only contain information about specific settings that are not personally identifiable.

You may refuse or technically block some services, if your browser allows this. However, please note that in such a case, you may not be able to fully utilize all the features of our website.

The help function in most web browsers’ menu bar explains, for example, how to stop your browser from accepting new cookies, how to have your browser notify you when a new cookie is received, or how to delete all cookies that have been received. You can also configure your browser to prevent specific technologies (e.g., JavaScript) from running, which are required for some services. To the extent that services on our website process personal data based on Art. 6 (1) lit. f EU-GDPR, such objections can be implemented through these browser functions and technologies.

Regarding their functionality, services are differentiated into:

Technical Services: These are essential for navigating the website, utilizing basic features, and ensuring the security of the website; they do not collect information for marketing purposes, nor do they store which websites you have visited.

Performance Services: These collect information about how you use our website, which pages you visit, and whether errors occur during website use. They do not collect information that could identify you – all collected data is anonymous and used only to improve the website and understand user interests.

Advertising, Targeting & Sharing Services, Social Media Plugins: These services are used to provide tailored advertising or third-party offers on the website and to measure the effectiveness of these offers. These services may also improve interactivity between our website and other services (e.g., social networks).

All services share the common feature of storing information on your device and/or accessing information already stored on your device.

Unlike the functional differentiation of services, the legislator distinguishes between two purposes of services:

1. Services that are necessary for transmitting a message over a public telecommunications network and/or are absolutely required to provide a telemedia service explicitly requested by the user. The necessity may be based on technical, legal, economic, operational, and/or contractual reasons.
2. Services for all other purposes.

Any use of services that are technically, legally, economically, operationally, and/or contractually required to provide an explicitly requested service can be based on a legal basis other than consent under Art. 6 (1) lit. a EU-GDPR.

General Services on the Website

We currently use the following services described above. Where processing is based on consent under Art. 6 (1) lit. a of the EU GDPR, we also specify how consent is obtained.

Service: Contact Form

When using contact forms, the data you provide (e.g., gender, name, address, company, email address, and submission time) is processed. The processing of contact form data is carried out to handle inquiries, and the legal basis for this is Art. 6 (1) (1) lit. b oder lit. f of the EU GDPR.

Consent Management Tool / Consent Management Provider / “Cookie Banner”

We use services to request and manage consent for individual services.

Service: Enfold Avia Cookie Consent

This website uses the Enfold Avia Cookie Consent service, a consent management tool. The service asks for consent to allow certain services on the website. These consents are collected and documented. The service provider is Kriesi Media GmbH, Burggasse 121, 1070 Vienna, Austria. As this service is hosted locally on the web server, no data is transferred to third parties.

The service sets a necessary cookie that stores the following information:

When you visit our website, the following personal data is transferred to the consent management tool: consent(s) or withdrawal of consent(s), IP address, information about the browser and device, and the time of your visit to the website. The consent management tool also stores a cookie to link consents and withdrawals. The data collected in this way is stored until we are asked to delete it, the Enfold Avia Cookie Consent cookies are deleted by the user, or the purpose for data storage no longer applies.

The data processing is done to obtain legally required consents and, where applicable, based on our legitimate interest to make our website legally compliant and low-risk (legal basis: Art. 6 (1) lit. c and, where applicable, lit. f of the EU GDPR).

Google (and possibly Alphabet) Services, Products, and Technologies

In this section, we have summarized services offered by Alphabet Inc. (a publicly traded US holding company) and especially by Google, which is part of the holding. Using these services may result in data transfer to a third country (the USA). For the USA, the European Commission issued an adequacy decision on July 10, 2023, confirming an adequate level of data protection for transmission to companies participating in the EU-US Privacy Framework. The data transfer to the USA is also based on the standard contractual clauses of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/

Service: Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland.

Processing takes place only once you have provided consent under Art. 6 (1) lit. a of the EU GDPR. Additional information on this processing can be found in the consent request in the consent management tool.

Once consent is granted, an analysis of your use of our website and online services is enabled. Information about your use of these websites and online services is transferred to Google servers in the USA and stored. For the USA, the European Commission issued an adequacy decision on July 10, 2023, confirming an adequate level of data protection for transmission to companies participating in the EU-US Privacy Framework. The data transfer to the USA is also based on the standard contractual clauses of the European Commission. Google will use this information to evaluate your website visit, compile reports on website activity, and provide other services related to website and internet usage. Google may also transfer this information to third parties if required by law or where third parties process this data on Google’s behalf.

Service: YouTube

We use services from YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (YouTube) on our website. The provider is part of the Google LLC group, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Processing takes place only once you have provided consent under Art. 6 (1) lit. a of the EU GDPR. Additional information on this processing can be found in the consent request in the consent management tool.

Once consent is granted, and if you visit one of our pages with a YouTube plugin, a connection to YouTube’s servers is established. The YouTube server will be informed of which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to associate your browsing behaviour directly with your personal profile.

Service: Google DoubleClick

We use Google’s online marketing tool DoubleClick on our websites, provided by Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland.

Processing takes place only once you have provided consent under Art. 6 (1) lit. a of the EU GDPR. Additional information on this processing can be found in the consent request in the consent management tool.

Once consent is granted, DoubleClick sets cookies to serve relevant ads to visitors, improve campaign performance reports, or prevent a visitor from seeing the same ad repeatedly. Google uses a cookie ID to capture which ads are displayed in which browser, preventing them from being shown multiple times. Additionally, DoubleClick may capture so-called conversions related to ad requests, e.g., when a visitor sees a DoubleClick ad and later visits the advertiser’s website and makes a purchase. According to Google, DoubleClick cookies do not contain personal information, though we cannot verify this statement.

Service: Google reCAPTCHA

We use the Google reCAPTCHA service on our websites, provided by Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. Processing takes place only once you have provided consent under Art. 6 (1) lit. a of the EU GDPR. Additional information on this processing can be found in the consent request in the consent management tool.

Once consent is granted, reCAPTCHA allows us to verify whether data input on our websites (e.g., in a contact form) is made by a human or an automated program. reCAPTCHA automatically starts analyzing the behavior of the website visitor. To perform this analysis, reCAPTCHA evaluates various information, such as the IP address, the duration of the visitor’s stay on the website, and mouse movements. The data collected during the analysis is forwarded to Google.

Service: Google Web Fonts / External Fonts

We use Google Web Fonts on our websites, provided by Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. Processing takes place only once you have provided consent under Art. 6 (1) lit. a of the EU GDPR. Additional information on this processing can be found in the consent request in the consent management tool.

Once consent is granted, Google Web Fonts enables a consistent display of fonts. When you visit a page, your browser loads the required web fonts into its cache to display text and fonts correctly. For this purpose, the browser you are using must connect to Google’s servers. This allows Google to become aware that our website was accessed through your IP address.

Service: Google APIs

Our website integrates program interfaces (APIs) from Google, provided by Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. Processing takes place only once you have provided consent under Art. 6 (1) lit. a of the EU GDPR. Additional information on this processing can be found in the consent request in the consent management tool.

Once consent is granted, Google APIs can quickly integrate JavaScript libraries to enable or improve various functionalities on our website. Various data, especially your IP address, is transmitted to Google.

Service: Google Static / gstatic

We use Google Static, a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. gstatic is a service that delivers static content (e.g., images, CSS, JavaScript). The goal is to improve network speed for users and reduce bandwidth usage to make browsing more efficient.
Processing takes place only when you have provided consent under Art. 6 (1) lit. a of the EU GDPR. Additional information on this processing can be found in the consent request in the consent management tool.
Using this service may result in data transfer to a third country (the USA). For the USA, there is an adequacy decision by the European Commission dated July 10, 2023, confirming an adequate level of data protection for companies participating in the EU-US Privacy Framework. The data transfer to the USA is also based on the standard contractual clauses of the European Commission. More information is available in the provider’s privacy statement at: https://policies.google.com/privacy

Service: Google Ads

We use Google Ads on our website, provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Processing takes place only when you have provided consent under Art. 6 (1) lit. a of the EU GDPR. Additional information on this processing can be found in the consent request in the consent management tool.

Once consent is granted, Google Ads can display ads in the Google search engine or on third-party websites when users enter specific search terms (keyword targeting). Furthermore, ads can be targeted based on user data available to Google (e.g., location data and interests) (audience targeting). Website operators can quantitatively analyze these data to assess which search terms triggered ad displays and how many ads led to clicks.

Service: Google Play

We use the Google Play service, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”). Google Play is an online store that offers mobile apps, games, music, movies, and other digital content for Android devices. It allows users to download, purchase, and update applications and digital media content. To use Google Play, certain data is processed, including device information such as device ID, IP address, device type, and operating system version. Additionally, information about downloaded apps, payments, and in-app purchases may also be collected. The data processing is for the purpose of providing apps and digital content, processing payments, updating applications, and personalizing offers. The legal basis for data processing is the fulfillment of the contract for the use of Google Play according to Art. 6 (1) lit. b GDPR.

By using the service, data may be transferred to a third country (USA). For the USA, the European Commission adopted an adequacy decision on 10.07.2023, determining an adequate level of data protection for the transfer to companies participating in the EU-U.S. Privacy Framework. The provider is certified there.

Further information on Google’s privacy practices can be found in Google’s privacy policy at: https://policies.google.com/privacy

Facebook and Meta Platforms Services, Products, and Technologies

This section summarizes services offered by Meta Platforms, Inc., especially Facebook.

Service: Facebook / Facebook Like Button / Facebook Connect

We use services from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook) on our websites.

Processing occurs only when you have given consent according to Art. 6 (1) lit. a GDPR. Further information regarding this processing is provided in the consent request within the consent management tool.

If consent is given, your browser establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to your browser and embedded into the website. By embedding the plugins, Facebook receives the information that your browser has visited the relevant page of our website, even if you do not have a Facebook account or are not logged into Facebook at that moment. This information (including your IP address) is transmitted directly to a Facebook server in the USA and stored there.

If you interact with the plugins, such as by clicking the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there.

The information is also published on Facebook and may be shown to your Facebook friends. Facebook may use this information for advertising, market research, and customizing the Facebook pages. For this purpose, Facebook creates usage, interest, and relationship profiles, e.g., to evaluate your use of our website in relation to ads displayed to you on Facebook, inform other Facebook users about your activities on our website, and provide additional Facebook-related services. If you do not want Facebook to associate the data collected from our website with your Facebook account, you must log out of Facebook before visiting our website. Please note that we do not have knowledge of the content of the data transmitted to Facebook or how it is used.

Service: WPML

We use the WPML service on our website, a language tool that allows us to present the website in different languages. The service provider is OnTheGoSystems Ltd., 22/F 3 Lockhart Road, Wanchai, Hong Kong, China. This service may be hosted locally. It is considered an essential tool.

The legal basis for this is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in presenting our website to visitors in their native language. Sollten wir ein Consent-Management-Tool einsetzen, können wir uns ggf. dazu entschließen, die Verarbeitung auch auf die Einwilligung nach Art. 6 Abs. 1 lit. a GDPR. More information about consent will be provided in the consent management tool.

Using the service may involve data transfer to a third country (China). The data transfer to China is based on the Standard Contractual Clauses of the European Commission.

Further information can be found in the provider’s privacy documentation at the following URL: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/

Applicants

You can apply to us through various means. Regardless of how you apply, your applicant data will only be processed for the purpose of handling your application and will be stored for a maximum of six months after the completion of the selection process, unless you grant us consent to further process your data in a talent pool.

The following personal data will be processed as part of an application:

• All data you have submitted during the application process (e.g., in your application documents or interviews)
• Any additional data that we have lawfully collected during the process (e.g., from public sources like professional networks)
• This may also include special categories of personal data (e.g., disability status, racial or ethnic origin, religious or philosophical beliefs, or union membership) if such data has been provided to us in the above-mentioned ways.

The legal basis is the decision on the establishment of an employment relationship or, after its establishment, the performance of the employment contract according to §26 Para. 1 BDSG-new and Art. 6 (1) lit. b GDPR. After the selection process is concluded, we store all data for another six months to respond to any potential disputes related to the application process. This temporary retention is based on Art. 6 (1) lit. f GDPR.

Service: Application via Email

You have the option to apply to us via email. Please send your application documents to bewerbung@fuji-euro.de. Please note that we cannot guarantee the confidentiality of your data in the case of applications via email. While we offer transport encryption (TLS) via our mail server, confidentiality may depend on various mail relay servers over which we have no control. We cannot control whether these servers use TLS or whether they analyze the emails. If you have concerns, please use the postal service for your application.

Business Partners and Information Seekers

You can contact us by phone, fax, or email. Please also refer to the section “Data Security: Website, Email, Fax.”

When contacting us by phone, we collect information for caller identification (caller ID). If your phone number is not suppressed or withheld, we can see the number from which you are calling. The phone number, call date, and call time are automatically stored by our phone system and used only to return your call if requested or if your call was interrupted due to technical issues. This data is deleted after a maximum of 4 weeks. We do not record calls.

When contacting us by email, the email will be stored and used for the purpose you have communicated in the email (e.g., product order). The same applies to contact by fax.

If you order products or request information from us, we will create a customer account for you. The customer account contains the following data:

• The name and contact details of the company for which you are placing the order
• Your first and last name as a contact person
• For each order processed through this customer account, we store:
• The date of the order and delivery
• Ordered products
• Current order status

This data is required for processing your order and/or inquiry and is only used for this purpose (Art. 6 (1) lit. b or f GDPR). Unless otherwise stated, the retention periods for this data are based on the legal retention obligations to which we are subject.