Table of Contents
What is this privacy policy about?
Who is responsible for processing your data?
What personal data do we process?
For what purposes do we process your personal data?
What online tracking and advertising techniques do we use?
What applies to profiling and automated decisions?
How do we process data related to social media?
To whom do we disclose your personal data?
Do we disclose personal data abroad?
How long do we process personal data?
On what legal basis do we process data?
How do we protect your data?
What rights do you have?
GKN Hydrogen GmbH, Pennefeldsweg 11-15, 53177 Bonn ("GKN Hydrogen," "we," or "us") processes personal data that pertains to you or other individuals in various ways and for different purposes. "Personal data" includes all information that can be associated with a specific person, and "processing" refers to any interaction with such data, including collection, use, and disclosure.
This privacy policy explains how we process such data (hereinafter referred to as "personal data" or "data") when:
You visit our website gknhydrogen.ch or the websites of other group companies;
You use our services or purchase our products;
You are otherwise involved with us in connection with a contract;
You contact us via email, letter, social media, SMS, or through the contact form;
You register for our newsletter;
You are involved in any other data processing related to our offerings.
For readability purposes, this privacy policy refrains from mentioning multiple gender forms, but it refers to individuals of all genders.
Please take the time to read this privacy policy to understand how and why GKN Hydrogen GmbH processes your personal data, how GKN Hydrogen GmbH protects your personal data, and what rights you have in this context. If you have any questions or require more information regarding our data processing, we are happy to assist you (see section 2).
This privacy policy is aligned with both the Swiss Data Protection Act (DPA) and the European General Data Protection Regulation (GDPR). When the term "personal data" is used in this privacy policy, it also includes "personal data" as defined by the GDPR. However, the applicability of the GDPR depends on the individual case.
Für die Datenbearbeitungen nach dieser Datenschutzerklärung ist folgende Gesellschaft die «Verantwortliche», d.h. die datenschutzrechtlich in erster Linie zuständige Stelle, soweit im Einzelfall nichts anderes kommuniziert, wird:
GKN Hydrogen GmbH
Pennefeldsweg 11-15
53177 Bonn
+49 228 30406376
If you have any questions regarding data protection, please feel free to contact us at the following address so that we can process your request promptly:
E-Mail: info@gknhydrogen.com
We process various categories of personal data depending on the occasion and purpose. The main categories are listed below, although this list may not be exhaustive.
Much of the data mentioned in this section is provided to us directly by you (e.g., through the contact form, during communication with us, in connection with contracts, when using the website, etc.). You are generally not required to provide data, except in individual cases. If you wish to enter into contracts with us or use our services, you will need to provide us with certain data, particularly master and contract data, in accordance with your contractual obligations.
If you provide us with data about other people (e.g., colleagues), we assume that you are authorized to do so and that the data is accurate. By providing third-party data, you confirm this. Please also ensure that these third parties are informed about this privacy policy (e.g., by referencing this privacy policy).
Master data refers to basic information we need for handling business relationships or for marketing and advertising purposes, and that directly relates to your person and characteristics. We process, for example, the following master data:
Salutation, first name, last name, gender;
Address, contact details such as email address and telephone/mobile number;
Further information from identification documents;
Information on language preferences;
Information on professional profile and employment (e.g., employment relationship, employer, employment start date), and possibly education;
For contact persons at companies, also relationships to the company you work for;
Customer history;
Signature authorizations and consent declarations.
We generally receive this master data from you directly, but it may also come from other individuals working for your company or third parties such as our contractual partners, associations, address brokers, and publicly available sources like public registers or the internet (websites, social media, etc.).
Contract data refers to information that arises in connection with the conclusion and processing of a contract, such as details about contracts and the services to be provided or that have already been provided, as well as data from the pre-contract stage, details about the contract conclusion itself (e.g., the date of conclusion and the subject matter of the contract), and the information necessary or used for processing. We process, for example, the following contract data:
Date, application process, information about the type and duration, as well as conditions of the relevant contract, and data about the termination of the contract;
Contact details and billing address;
Information about the use of services;
Information about payments and payment methods, invoices, mutual claims, contacts with customer service, complaints, defects, returns, information about customer satisfaction, feedback, etc.
We receive this data from you, but also from partners we work with. These data can relate to your company (in which case they are not considered "personal data") or to you if you work for a company or receive services from us personally.
Communication data includes information related to our communication with you, for example, if you contact us via the contact form or other communication methods. Communication data includes, for example:
The content of correspondence (e.g., from emails, written correspondence, phone conversations, etc.);
Information about the type, time, and possibly the location of communication, as well as other metadata of the communication.
In connection with the use of our website, technical data is generated. This includes, for example, the following data:
The IP address of the device and the device ID;
Information about your device, the operating system of your device, or language settings;
Information about your internet provider;
Accessed content or logs that record the use of our systems;
The date and time of access to the website and your approximate location.
We may assign an individual code to you or your device (e.g., through a cookie; see section 5.1). This code is stored for a certain period, often only during your visit. From technical data, we typically cannot deduce who you are unless you contact us via the contact form on our website. In this case, we can link technical data with master data, and therefore with your person.
To tailor our offerings and services to you or your company as much as possible, we try to better understand your preferences and adapt our services accordingly. For this purpose, we collect and use data related to your behavior. Behavioral data primarily includes information about your use of our website, which can also be derived from technical data. This includes, for example, information about your use of electronic communications (e.g., whether and when you opened an email or clicked on a link). We may also use other interactions with us as behavioral data, and we may link behavioral data with other data (e.g., anonymized data from statistical offices) and analyze these data both on a personal and non-personal basis.
Preference data gives us insights into what your likely needs are and which services may interest you or your company. Therefore, we also process data about your interests and preferences. To do this, we may link behavioral data with other data and analyze these data on a personal and non-personal basis. This allows us to draw conclusions about characteristics, preferences, and likely behavior.
We may also collect data from you in other situations. For example, in connection with administrative or legal proceedings, data may be collected (such as records, evidence, etc.) that may also pertain to you. We may receive or create photos, videos, and audio recordings in which you may be recognizable (e.g., at events).
We primarily use the personal data we collect to process your orders. In addition, we process your personal data, where permitted and where we deem it appropriate, for other purposes in which we (and sometimes third parties) have a legitimate interest corresponding to the purpose. These purposes include:
For communication purposes: This means to contact you and maintain communication. This includes responding to inquiries and contacting you with follow-up questions, for example, via email. We primarily process your communication and master data for this purpose.
For customer care and marketing purposes: To inform you specifically about offers tailored to your personal interests and preferences, such as personalized advertising. For this purpose, we primarily process technical data, master data, communication data, and behavioral data.
We also process data to improve our services and for product development.
To ensure IT security and prevention: We process personal data to monitor the performance of our operations, particularly IT, our website, applications, and other platforms, for security purposes, to ensure IT security, to prevent theft, fraud, and misuse, and for evidence purposes. This includes, for example, evaluating system logs of our system usage (log data), preventing, defending against, and investigating cyberattacks and malware, analyzing and testing our networks and IT infrastructures, and system and error testing.
For legal protection: We may also process personal data to enforce claims in court, in pre-trial or out-of-court proceedings, and before authorities domestically and abroad, or to defend against claims. For this purpose, master and communication data may be processed.
To comply with legal requirements: This includes processing complaints and other reports, complying with court or authority orders, measures to detect and investigate abuses, and generally actions we are required to take under applicable laws, self-regulation, or industry standards. We may process your master and communication data for this purpose.
For administration and support: To organize our internal processes efficiently, we process data where necessary for managing IT, accounting, or archiving data. Communication and behavioral data, as well as technical data, may be used for this purpose.
We may also process data for other purposes. These include corporate management, including organizational and corporate development, other internal processes, and administrative purposes (e.g., management of master data, accounting, and archiving), training and educational purposes, and preparation and execution of the purchase and sale of business divisions, companies, or parts of companies, and other corporate transactions, which may involve the transfer of personal data, as well as measures for business control and safeguarding other legitimate interests.
If we ask for your consent for specific processing activities, we will inform you separately about the relevant purposes of the processing. You can revoke your consent at any time by notifying us via email.
On our website, we use various techniques that allow us and third parties we engage to recognize and track you across multiple visits. The use of such techniques is specifically regulated. This section provides information about them.
For our website, we use third-party services to measure and improve the usability of the website and online advertising campaigns. This may involve integrating third-party components on our website that may use cookies and similar technologies (see below). When we use such technologies, the purpose is to distinguish your access (via your system) from other users' accesses so that we can ensure the functionality of the website and perform statistical evaluations. We do not intend to identify you personally. The technologies used are designed so that you are recognized as an individual visitor with each page view, for example, by assigning a specific identification number to you or your browser (e.g., a so-called "cookie"), but without being identified by name.
Cookies are files that your browser automatically stores on your device when you visit our website. Cookies contain a unique identification number (an ID) that allows us to distinguish individual visitors from others, generally without identifying them. Depending on the purpose, cookies may contain additional information, such as the pages visited and the duration of a page visit. We use session cookies, which are deleted when the browser is closed, and persistent cookies, which remain stored for a specific period after the browser is closed and serve to recognize visitors on a later visit.
We may also use similar technologies, such as [LinkedIn Insight Tags, Pixel Tags, or Fingerprints], to store data in the browser. Pixel Tags refer to small, usually invisible images or program codes loaded from a server that transmit specific information to the server operator, such as whether and when the website was visited. Fingerprints are information collected about your device’s configuration or your browser during your visit to our website, which distinguishes your device from others.
Similar to cookies, browser storage technologies like Local Storage and Session Storage are used to store user data and make it available across multiple page views and sessions.
We use the following types of cookies and similar technologies:
Necessary Cookies: Necessary cookies are essential for the functionality of websites, e.g., to enable you to switch between pages without losing data entered in a form.
Functional Cookies: Functional cookies allow for extended features and can display personalized content.
Performance Cookies: These cookies collect information about website usage and enable analysis, such as which pages are the most popular. They help simplify website visits and improve user-friendliness.
Marketing Cookies: Marketing cookies help us and our advertising partners target you with ads for products or services that may interest you, both on our websites and third-party sites, or display our ads during your further internet use after visiting our website.
We use cookies, as well as Local Storage and Session Storage, particularly for the following purposes:
Personalization of content
Display of personalized ads and offers
Display of ads on third-party websites and measuring success, i.e., whether you respond to these ads (remarketing)
Storing settings between visits
Determining how we can improve our website
Collecting statistical data on the number of users and their usage habits, and improving the speed and performance of the website
We may process your contact details to target you with ads on third-party platforms.
When visiting our website, you have the option to enable or disable specific categories of cookies (see checkboxes below). You can configure your browser settings to block certain cookies or similar technologies or delete existing cookies and other stored data. You can also extend your browser with software (so-called "plug-ins") that blocks tracking by specific third parties. More information can be found on your browser’s help pages (usually under the keyword "Privacy"). Please note that our website may not function fully if you block cookies and similar technologies.
We use third-party services to measure and improve the usability of the website and online advertising campaigns. Third-party providers may also be located outside of Switzerland and the EU/EEA, provided that the protection of your personal data is adequately ensured. For example, we use analytics services to optimize and personalize our website. The relevant third parties may record website usage and combine their records with information from other websites. This allows them to track user behavior across multiple websites and devices to provide us with statistical evaluations. These details may also be used by the providers for their own purposes, such as personalized advertising on their own or other websites.
Two of our key third-party providers are Google and HubSpot. More details about these can be found below. Other third parties generally process personal and other data in a similar manner.
Google Analytics: An analytics service from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd. (Google Building Gordon House, Barrow St, Dublin 4, Ireland; collectively "Google," with Google Ireland Ltd. being responsible for data processing). Google uses cookies and similar technologies to collect information about the behavior of individual users on the website and the device used (tablet, PC, smartphone, etc.). Google provides us with evaluations based on user behavior and device usage but also processes certain data for its own purposes. We have configured Google Analytics to anonymize visitor IP addresses before forwarding them to the USA. Privacy information for Google Analytics can be found here. You can disable Google Analytics by installing an appropriate browser add-on here. We do not record personal data like names, email addresses, etc., for Custom Events in Google Analytics. Custom Events are used solely for capturing website performance.
HubSpot: An analytics service from HubSpot Inc (25 1st St Fl 2, Cambridge, Massachusetts, 02141, United States) and HubSpot Ireland Ltd. (2nd Floor 30 North Wall Quay, Dublin 1, Ireland, collectively "HubSpot," with HubSpot Ireland Ltd. being responsible for data processing). HubSpot is an integrated software solution covering various aspects of online marketing. We use HubSpot as a CRM integration on our website to optimize communication processes with you. This enables us to ensure smooth communication and consulting services. We have configured the analytics service to anonymize visitor IP addresses before forwarding them to the USA. More information about HubSpot's data protection can be found in HubSpot’s Data Processing Agreement and HubSpot’s Privacy Policy.
We may process and evaluate your data automatically as described in section 3. This includes so-called profiling, i.e., automated evaluations of data for analysis and forecasting purposes, and to determine preference data (section 3.6). Key examples are profiling for customer care and marketing purposes.
To ensure the efficiency and consistency of our decision-making processes, we make certain decisions using computer systems based on specific rules and, if necessary, without review by a staff member. If decisions are made solely through automation and lead to a negative legal consequence or significantly impact you ("automated individual decisions"), we will inform you accordingly. You may present your point of view and request that a human review the decision.
We offer you the option on our website to use "social media plugins" from Facebook, Instagram, and LinkedIn to integrate their features into our websites. These plugins are deactivated by default. Once you activate them (e.g., by clicking the button), the respective providers can detect that you are on our website. If you have an account with the social media provider, they can associate this information with your account and track your usage of online offerings.
We are generally jointly responsible with the relevant providers for the exchange of data collected through plugins or similar functions, but not for further processing by the provider. Where possible, we have entered into a corresponding supplementary agreement here. You may address requests for information and other inquiries related to joint responsibility directly to the respective provider.
If you communicate with us or comment on or share content via social media and our profiles (e.g., on Facebook, Instagram, and LinkedIn), we collect information for communication with you, marketing purposes, and statistical evaluations. Please note that the platform provider also collects and uses data (e.g., user behavior) when visiting our social media presence, possibly combined with other known data (e.g., for marketing purposes or personalizing platform content). Further information on data processing by social network providers can be found in the respective social networks' privacy policies.
In connection with our processing, we also disclose your personal data to other recipients.
We may disclose personal data received from you or third parties, particularly to other companies of the GKN Hydrogen GmbH (see section 2). Such disclosure may serve group-internal administration or the support of the relevant group companies and their own processing purposes, such as personalizing marketing activities or developing and improving services.
We also disclose necessary personal data to service providers for their services. This particularly includes IT service providers, but also consulting firms, analytics service providers, debt collection agencies, credit bureaus, marketing service providers, etc. When service providers process personal data as processors, they are required to process personal data only according to our instructions (subject to non-personal evaluations) and to implement data security measures.
Data may also be disclosed to other recipients, such as courts and authorities in the context of proceedings and legal information and cooperation obligations, buyers of companies and assets, financing companies in securitizations, and collection agencies.
In certain cases, we may also disclose personal data to other third parties for their own purposes, for example, if you have consented to this or if data is required for the fulfillment of legal obligations or the protection of vital interests.
In cases where we engage third parties for processing or transfer data to other countries or third parties, we ensure that adequate protection for your personal data is guaranteed.
Recipients of data are not only located in Switzerland. This especially applies to certain service providers, who may be located outside the European Economic Area (EEA) and Switzerland (particularly in the USA), as well as in other countries worldwide. For example, we may transfer data to authorities and other individuals abroad if we are legally required to do so, or in connection with a business sale or legal proceedings. Not all of these countries currently provide a level of data protection equivalent to Swiss law. We address the lower level of protection through appropriate contracts, especially the standard contractual clauses issued by the European Commission and recognized by the Swiss Federal Data Protection and Public Law Commissioner (FDPIC). Further details and a copy of these clauses can be found at www.edoeb.admin.ch/edoeb/en/home/data-protection/trade-and-economy/transfers-abroad.html
In certain cases, we may transfer data in accordance with data protection regulations even without such contracts, for example, if you have consented to the transfer or if the transfer is necessary for contract performance, for the assertion, exercise, or defense of legal claims, or for overriding public interests.
We store and process your personal data as long as it is necessary for the purpose of processing (usually for the duration of the contractual relationship for contracts), as long as we have a legitimate interest in retaining it (e.g., to enforce legal claims, for archiving, and/or to ensure IT security), and as long as data is subject to a statutory retention obligation (e.g., a ten-year retention period for certain data). If no legal or contractual obligations apply, we destroy or anonymize your data after the retention or processing period expires as part of our usual procedures.
We generally retain master data for 8 years from the last interaction with you, but at least from the end of the contract. This period may be longer if necessary for evidentiary reasons or to comply with legal or contractual requirements or due to technical reasons. For purely marketing and advertising contacts, the retention period is usually much shorter, typically no more than 2 years from the last contact.
We generally retain contractual data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer if necessary for evidentiary reasons or to comply with legal or contractual requirements or due to technical reasons.
We anonymize or delete your behavioral and preference data when it is no longer meaningful for the purposes pursued, which can vary depending on the type of data between 2-3 weeks (for activity profiles) and 24 months (for product and service preferences). This period may be longer if necessary for evidentiary reasons or to comply with legal or contractual requirements or due to technical reasons.
Depending on the applicable law, data processing is only permitted if specifically allowed. This does not apply under Swiss data protection law but does under the GDPR, where applicable. In this case, we base the processing of your personal data on the following legal grounds:
Your consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR);
Processing is necessary for the performance of a contract or pre-contractual measures (e.g., evaluating a contract request; Art. 6(1)(b) GDPR);
Processing is necessary for the assertion or defense of legal claims or civil proceedings (Art. 6(1)(f) and Art. 9(2)(f) GDPR);
Processing is necessary for compliance with domestic or foreign legal regulations (Art. 6(1)(c) and (f); Art. 9(2)(g) GDPR);
Processing is necessary for a legitimate interest in data processing, particularly the interests mentioned in section 4 (Art. 6(1)(f) GDPR).
We implement appropriate security measures to maintain the confidentiality, integrity, and availability of your personal data, to protect it against unauthorized or unlawful processing, and to counteract the risks of loss, unintended alteration, unwanted disclosure, or unauthorized access. However, security risks can generally not be entirely excluded; residual risks are unavoidable.
Under applicable data protection laws, you have certain rights to obtain further information about our data processing and to influence it. These rights include:
Right to Information: You can request additional information about our data processing. We are happy to assist you. You can also make a so-called data subject request if you want more information and a copy of your data.
Objection and Deletion: You can object to our data processing and also request at any time that we delete your personal data, provided we are not required to continue processing or retaining the data, and if it is not necessary to process the data for the performance of the contract.
Correction: You can correct or complete inaccurate or incomplete personal data or add a dispute note.
Portability: You also have the right to obtain the personal data you have provided to us in a structured, commonly used, and machine-readable format or to have it transmitted to a third party, provided the data processing is based on your consent or is necessary for the performance of a contract.
Withdrawal: If we process data based on your consent, you can withdraw your consent at any time. The withdrawal only applies to the future, and we reserve the right to continue processing data based on another legal basis in the event of a withdrawal.
Please note that these rights are subject to legal conditions and restrictions and may not be fully available in every case. In particular, we may need to continue processing and storing your personal data to fulfill a contract with you, protect legitimate interests such as the assertion, exercise, or defense of legal claims, or comply with legal obligations. As far as legally permissible, especially for the protection of the rights and freedoms of other data subjects and to safeguard legitimate interests, we may refuse a data subject request in whole or in part (e.g., by redacting certain content that affects third parties or our business secrets).
If you wish to exercise your rights, please contact us by email. Our contact details can be found in section 2. We usually need to verify your identity in such cases. You also have the right to lodge a complaint with the competent supervisory authority regarding our processing of your data. The competent supervisory authority in Switzerland is the Federal Data Protection and Public Law Commissioner (FDPIC).
Date of the Privacy Policy: August 1, 2024