Privacy Policy IS

REHAU Industrial Solutions appreciates your interest in our company and our products. We want you to feel comfortable when contacting REHAU. Therefore, the security of your personal data—such as your name, address, phone number, or email address—that is collected when you contact REHAU is of great importance to us.

This privacy notice is intended for all individuals with whom REHAU interacts, including customers, suppliers, service providers, other business partners, prospective customers, visitors to our websites, users of our apps/applications, other users of our products or services, and visitors to our locations (collectively referred to as “you” or “your”) . It contains the information required under Articles 13 and 14 of the GDPR.

Further information on data protection regarding REHAU’s corporate social media profiles can be found at industrial.rehau.com/en-en/privacy-notice-for-rehau-social-media-presence

1. Definitions

The processing of personal data is carried out in accordance with legal provisions.

The term “personal data” refers to any information relating to an identified or identifiable natural person. “Processing” includes any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Other data protection terms are used in accordance with the definitions in Article 4 of the GDPR.

2. Name and address of the controllers

REHAU Industrial Solutions SE & Co. KG
Rheniumhaus
Helmut-Wagner-Str. 1
95111 Rehau

3. General purposes of processing and legal bases

REHAU collects and processes your personal data in particular in the following cases:

• When you contact us directly, e.g., via our website, through REHAU Customer Service, or when you visit us at our locations, participate in our events, customer satisfaction surveys, and contests, and you are interested in our products or services, for example, or have any other inquiry.
• When you or your employer purchase products or services directly from us.
• When you or your employer request information about our products and services (e.g., sending brochures or price lists).
• When you purchase or use REHAU products.
• When you or your employer offer or sell products or services to us.

Please help us keep your information up to date by informing us of any changes to your personal data, particularly your contact information.

To the extent that REHAU processes personal data, this specifically concerns your name as well as your business contact information such as company, job title, phone number, or email address, as well as contract and transaction data. For specific purposes described in detail below, additional categories of data may be collected.

In addition to collecting your data via our contact forms on our website, we also collect data directly from you or through publicly available sources (e.g., commercial registers, government agencies, the Internet), to the extent necessary for the purpose.

4. Specific Processing Purposes and Legal Bases

Below, we inform you of the purposes for which REHAU processes which personal data. In non-recurring situations, REHAU will generally draw your attention to this information again separately in the specific processing context and provide supplementary information where necessary.

4.1. Processing of data for the preparation, conclusion, and performance of contracts

4.1.1. General

As a manufacturing company, REHAU processes personal data in the context of sales acquisition (see also section 4.11) and sales processes, as well as for the fulfillment of contracts. To this end, data is processed in particular for appropriate communication and addressing, contract initiation, quote processing, customer consultation, procurement, production and delivery of goods, contract management, and complaint handling.

In the course of these activities, the following categories of data are processed in particular:

• Contact data/personal master data (title, last name, first name, address, email address, etc.)
• Logistics data such as delivery address
• contract data, payment data

In doing so, it may be necessary for us to disclose the data to third parties involved in the supply chain or otherwise required for contract fulfillment in order to prepare a quote and process the contract.

REHAU operates a Track&Trace platform that provides real-time shipping information for shipments. In this context, we also use your email address to share this information with you. Upon shipment of the goods, we will send you an automated email containing the shipping documents and a link to track your shipment via the Track&Trace platform. The legal basis for this use is the legitimate interest within the meaning of Art. 6(1)(f) GDPR, to enable you to track your shipment.

For the purpose of credit checks on our business partners, we process data that we receive from credit reporting agencies (such as Schufa) in accordance with legal requirements. Furthermore, to further minimize the risk of default, REHAU reserves the right to report payment histories with customers to a payment history pool maintained by a credit scoring company (Creditreform, Bisnode). This excludes payment histories involving natural persons.

To optimize financial transactions, REHAU reserves the right to assign receivables from its business customers to a refinancing company as part of receivables financing. In doing so, only company-related data (name of the debtor, reason, amount, due date of the receivable) will be disclosed for the purpose of receivables financing. To the extent necessary for verifying the receivable, the refinancing company will disclose the aforementioned company data to third parties for credit checks.

The legal basis for receivables financing/factoring, insofar as personal data is involved in exceptional individual cases, is Art. 6(1)(f) of the GDPR.

To the extent that data is collected directly for the purpose of processing an inquiry or executing a contract, REHAU will inform you in each case which data is strictly necessary. To the extent that the contracting party is not you yourself, but your employer or another third party contractually affiliated with you or your employer, data processing is carried out on the basis of Article 6(1)(f) of the GDPR. The data is processed to the extent that it is necessary for the performance of the contract or to fulfill further legal obligations and duties, e.g., under product liability law (e.g., duties to inform, educate, and warn).

To the extent that processing is based on Article 6(1)(f) of the GDPR, you may object to it at any time on grounds relating to your particular situation.

4.1.2. Communication

Microsoft Teams

REHAU uses Microsoft Teams to communicate effectively with you and exchange information. In some cases, it may be necessary to record or transcribe meetings to make important content and discussions available for future reference or for individuals who were not present. We would like to explain how we handle your personal data in connection with the recording of meetings.

Before each recording, the meeting moderator will inform you that the recording is about to begin. If you do not wish to be recorded, you have the option to turn off your camera.

The meeting moderator decides whether a recording is necessary, taking into account the interests of those involved. A recording or transcript may be necessary for the following reasons:

• Documentation and tracking of meeting content – evidentiary purposes
• Knowledge sharing and training purposes
• Providing the recording to participants who were not present
• Archiving information for future reference

The legal basis for the processing of your data is Article 6(1)(f) of the GDPR. Our legitimate interest lies in the effective conduct of meetings and the documentation of meeting content. You may object to the recording at any time for reasons arising from your particular situation. Please inform the meeting leader of this.

If you have activated your system’s video camera and the recording also includes this video content, this recording is based on your consent pursuant to Art. 6(1)(a) GDPR. By turning on your camera after the recording has started or by not turning off the camera once it is on, you consent to the recording of the video content.

You may revoke this consent at any time without providing a reason by deactivating the camera function on your device.

When recording meetings via Microsoft Teams, the following personal data may be collected:

• Personal master data such as name, display name, profile picture, and email address of participants
• Data regarding company affiliation and position within the company
• Audio and video data of participants; audio files are automatically transcribed
• Chat messages, preferred language, and files shared during the meeting
• Screen sharing and presented content
• Meeting metadata, e.g., date, time, meeting ID, phone numbers, location

We store your personal data only for as long as necessary for the purposes for which it was collected, or for as long as storage is required by law or under regulatory requirements. We delete or block your data as soon as it is no longer needed. Furthermore, we delete or block your data immediately upon withdrawal of your consent or in the event of a valid objection to the processing.

Please note that the recording is generally made available to every meeting participant. If the purpose of the recording is to inform third parties or other individuals about the content of the meeting, they will also receive the data. The respective recipient of the data is responsible for the further processing of the data, including its deletion. To the extent required by the purpose of the recording, the data may also be transferred to REHAU companies outside the European Economic Area. This is done either on the basis of an adequacy decision by the Commission or on the basis of standard contractual clauses that contain appropriate safeguards for the data subject.

Answering Machine Function

When the answering machine is used by REHAU Group employees, the message is automatically transcribed. The spoken text is sent as a file via email to the account holder and printed there in the original language and in an English translation. This email is subject to the retention period specified for emails.

WhatsApp Business

We offer you the option to contact REHAU Industrial Solutions via WhatsApp for any questions you may have. By contacting us via WhatsApp, you agree that we may receive your phone number and access to your WhatsApp profile (including your profile picture). Data processing for the purpose of contacting us is carried out in accordance with Art. 6(1)(a) of the GDPR based on your voluntary consent.

The personal data we collect through the use of WhatsApp is automatically deleted once your inquiry has been resolved. We generally assume that a matter is resolved 90 days after we have provided our final response, as no further inquiries are typically expected after this period has elapsed. You may also revoke your consent at any time by sending a message to your WhatsApp contact at REHAU.

If your inquiry is related to the preparation of a contract, the legal basis is Art. 6(1)(b) of the GDPR. In this case, we store your data for the duration of the statutory retention periods. In addition, the privacy policy of WhatsApp Inc. applies when using WhatsApp: https://www.whatsapp.com/legal

4.2. Use of the Supplier Portal

REHAU maintains a supplier portal. When registering as a supplier, you will be informed about the type and scope of data required for registration. The data is used for all business processes related to the procurement of goods and services, including quality assurance measures, management of supplier relationships, contract processing, risk management, use of information and communication systems, optimization of internal processes, and administration of the supplier portal. For these purposes, it may also be necessary for us to share your personal data with other companies within the REHAU Group and for these group companies to contact you.

4.3. Application Process (Art. 6(1)(b) GDPR)

Supplementary privacy notices apply to the application process, which will be provided separately as part of the application. The following notices also apply to all applications.

4.4. Participation in events and on-site visits (Art. 6(1)(f) GDPR)

We look forward to meeting you in person during an on-site visit or at one of our events. In doing so, we process your personal data to organize and conduct events and to provide you with informational materials. At events, we may forward the data to speakers and participants. This is important to ensure the smooth running of the event. We also use the data collected in this context to evaluate and follow up on our events. As a rule, you will receive further privacy notices when registering for an event.

REHAU also uses the features of Microsoft Forms to collect feedback. If you participate in such a survey, the privacy information from Microsoft Forms applies: https://privacy.microsoft.com/de-de/privacystatement

For the documentation of events as well as press and public relations work, photos and videos of the events may be taken. In doing so, personal (image) data is also processed. You may object to this processing at any time for reasons arising from your particular situation. In this case, we ask that you inform the photographers or event organizers of these reasons in advance. They will take your objection into account and take the necessary measures.

4.5. Use of Services (Consulting, Dealer Locator)

In addition to our products and system solutions, REHAU offers a wide range of services. These include consulting and support services, which we provide via phone, email, contact form, and, in some cases, on-site. With this service, we aim to assist you in selecting, implementing, and using REHAU systems.

As part of this service, the necessary data that you provide to us in connection with the service request—such as contact information / personal master data (last name, first name, address, email address, etc.)—may be stored along with the relevant products and the nature of the issue. This allows us to ensure that we can provide you with targeted advice in the event of any future inquiries based on your service history.

As part of the dealer search, we give you the option to provide your contact information directly to us and to a dealer of your choice for a contact method you have defined. The dealer processes this data under its own responsibility for the purposes of the inquiry. REHAU uses this data to verify the quality of the service provided by the dealer.

The basis for this storage is the legitimate interest in providing consistent and effective advisory services over time. Your data is stored exclusively in direct connection with the service case. To the extent that the service data is relevant for the defense against liability claims, particularly product liability claims, REHAU will also process it for this purpose. The data will be deleted when it is no longer necessary for this purpose, at the latest upon expiration of the applicable statute of limitations for such liability.

To the extent that the data is processed solely on the basis of Art. 6(1)(f) GDPR, you have the right to object to the storage for reasons relating to your personal circumstances.

Further specific data protection information can be found in the respective terms of use for the individual applications.

4.6. Access to the premises for the delivery of goods or the performance of a service or work

In this case, in addition to your data that is directly necessary for the performance of a contractual relationship, such as last name, first name, company, billing information, and vehicle identification data, we also collect the duration of your stay at REHAU based on Article 6(1)(f) of the GDPR. The aim is to know who is in the building or on the premises in the event of an emergency and a necessary evacuation. If you are visiting for business purposes, the duration of your stay may also be used to review and optimize internal processes, as well as to verify the accuracy of service details (e.g., invoices).

Video surveillance at our locations is conducted openly. Appropriate signs will inform you of this. This video surveillance serves to secure our production facilities and data processing systems. This ensures an even higher level of protection for personal data.

Cameras are also used at various locations to monitor logistics processes during the delivery of goods.

Based on legal requirements and Article 6(1)(f) of the GDPR to demonstrate compliance with safety obligations, the safety instructions provided to visitors are also documented.

Of course, you may object to this processing at any time on grounds arising from your particular situation, pursuant to Article 6(1)(f) of the GDPR.

4.7. Corporate Communications and Public Image (Article 6(1)(f) of the GDPR)

In connection with participation in events, visits to our trade show booth, and other events, photo and video recordings of these events are made for the purpose of documenting the event, for press and public relations, and for corporate communications. In doing so, personal (image) data is also processed.

The image material is published both electronically on social media such as Facebook and in print media. The legal basis for this processing is Art. 6(1)(f) GDPR for corporate communications and, where applicable, § 23 of the German Art Copyright Act (KunstUrhG).

To the extent that it is practically possible and legally reasonable, a notice regarding the photo and video recordings will be provided again at each individual event. If the processing of the images is based on Art. 6(1)(f) of the GDPR, you may object to this use at any time for reasons arising from your particular situation. You may exercise this right by informing the photographer of these reasons in advance; he will take this into account in his work. We will be happy to provide you with event-specific details regarding this.

4.8. Compliance, Law Enforcement, and Prevention of Criminal Offenses (Art. 6(1)(f) GDPR)

To the extent required by law, REHAU uses personal data to assert legal claims and to defend itself in legal disputes. Within the scope of the company’s compliance requirements, the data may also be used to prevent, investigate, or deter criminal offenses.

For this purpose, in addition to the data categories mentioned above—to the extent they are necessary for the purpose—creditworthiness data, visit data, account data, as well as correspondence, purchasing, and sales data are also used. REHAU also uses an internal whistleblower system for named and anonymous reports of compliance violations. This data is deleted or fully anonymized in accordance with applicable legislation or immediately after the respective case is closed.

Security is generally also ensured by systems for building and facility security as well as for securing our data processing facilities, such as access controls or video surveillance. The aforementioned controls are conducted openly at our locations. You can obtain further detailed information on this on-site.

We further process your personal data in connection with the standard checks of business partners conducted as part of compliance requirements. To the extent that we have not requested your personal data directly from you, we have collected it from publicly accessible sources and databases as part of our due diligence process. The data collected from these sources is processed exclusively for this purpose and deleted as soon as it is no longer necessary for this purpose. The processing is based on Art. 6(1)(c) GDPR, insofar as the due diligence is based on legal requirements, or on Art. 6(1)(f) GDPR, the company’s legitimate interest in assessing its business partners to reduce risks. If the processing is based on Art. 6(1)(f) GDPR, you may object to it on grounds relating to your particular situation.

4.9. Marketing Communications and Market Research

To the extent permitted by law under Article 6(1)(f) of the GDPR or if you give us your consent (Article 6(1)(a) of the GDPR), we process your data for marketing communications, customer satisfaction surveys, promotional campaigns, the conduct of sweepstakes, and other market and competitive analyses. This allows us to further improve our product and service offerings and act in a more targeted manner.

In the course of these activities, the data required for this purpose, such as contact details / personal master data (last name, first name, company, address, phone number, IP address, email address, etc.), may be processed. Only to the extent that appropriate consent has been given will we also process additional data, (1) which you provide to us for this purpose, such as interests, personal preferences, professional situation, or (2) which we collect through analysis, individual measurement, storage, and evaluation of open rates and click-through rates in recipient profiles for the purpose of designing future newsletters or other communications, will be processed.

In the case of an existing customer relationship or to the extent you have consented to it, you will generally receive the aforementioned information via email. In addition, for business partners who are not consumers, the information is provided by telephone or in writing.

Within the scope of legitimate interest, we analyze the data available to us (e.g., regarding business transactions, contracts, inquiries, and other relevant business behavior) to further develop our products, services, and business processes, as well as for market research.

For all of the aforementioned purposes, it may be necessary for us to share your personal data with third parties who assist us in pursuing our objectives as part of data processing on our behalf. Data may also be shared with other companies within the REHAU Group in order to better address your needs or to continuously improve our products and services.

Of course, we respect your decision if you do not wish to provide us with your personal data to support our customer relationship—in particular for direct marketing or market research . You may therefore object at any time to the use of your data for direct marketing purposes in accordance with Art. 21(2) GDPR, or revoke your consent at any time in accordance with Art. 7(3) GDPR with future effect. You may send a revocation of consent or an objection to processing to any of the contact options listed in the legal notice. You can also unsubscribe from newsletters at any time via the unsubscribe link at the bottom of each email.

4.10. Surveys

We use the “Microsoft Forms” tool for external surveys and inquiries, such as evaluating completed campaigns, registering for company events, etc. Microsoft Forms is a service provided by Microsoft Ireland Operations Limited. Data from users in the European Union is processed within the European Economic Area (EEA).

However, it may be necessary for the provision of the service and for support purposes that data be processed at the headquarters of Microsoft Inc. in the United States. We have agreed with Microsoft on the EU Standard Contractual Clauses for any necessary data transfers to third countries (see Section 6). To ensure adequate data protection, Microsoft has implemented technical and organizational measures. In particular, data transmitted via Forms is encrypted. Furthermore, Microsoft has contractually committed to challenging requests for data disclosure from U.S. authorities in court to the extent possible. Microsoft acts as a data processor. For more information on data protection at Microsoft, visit https://privacy.microsoft.com/de-de/privacystatement.

When using Microsoft Forms, various types of data are processed. The scope of the data depends on the questions asked and any uploads from additional services. Generally, this involves the following personal data:

• Last name, first name
• Email address
• Preferred language
• Status (optional, if stored in Microsoft 365)
• Date and time the questionnaire was opened
• Date and time the response was submitted

If you participate in an anonymous survey, your response will not contain any contact information and cannot be traced back to you. The data from surveys/forms/questionnaires (questions and answers) is stored in the Microsoft Cloud and accessed from there by the project team. In general, all personally identifiable data is deleted within one year after the purpose for which it was collected no longer applies.

Participation in our surveys is voluntary. To the extent that consent is granted through participation in the survey, the legal basis is then Article 6(1)(a) of the GDPR. Consent that has been granted may be revoked at any time with future effect. Revocation or refusal to grant consent will not result in any disadvantages.

Personal data processed in connection with participation in Microsoft Forms surveys and forms is generally not disclosed to third parties, unless the data is specifically intended for disclosure or is necessary to fulfill the purpose. Data may be disclosed to external service providers engaged to fulfill the purpose, provided such disclosure is limited to the specific purpose.

4.11. Compliance with Legal Obligations (Art. 6(1)(c) GDPR)

REHAU is subject to a variety of legal obligations regarding the processing and retention of personal data. These include, B. commercial and tax retention regulations under the German Commercial Code and the German Fiscal Code.

To comply with these obligations, we process your data to the extent necessary and, where applicable, disclose it to the relevant authorities in accordance with statutory reporting requirements.

4.12. Other Purposes of Processing

Data processing also takes place within the framework of quality management, to determine and improve customer satisfaction, to further develop products and services, to conduct research and development, and to improve IT security and IT operations. The latter point also includes processing to detect and prevent unauthorized access to personal data.

The legal basis for the processing of this data is Art. 6(1)(f) of the GDPR. Unless consent has been provided, no conclusions regarding individual natural persons are generally drawn from this processing.

In individual cases, you may object to this processing for reasons arising from your particular situation.

4.13. Disclosure of Data to Third Parties

For the aforementioned purposes, the data may be disclosed to third parties who assist the controller in pursuing the stated purposes. Such disclosure occurs either within the framework of commissioned processing as defined in Article 28 of the GDPR, joint responsibility pursuant to Article 26 of the GDPR, or as data transfer in connection with the commissioning of specialized services.

Regarding data transfers to recipients in third countries (see Section 6 below).

5. Duration of Storage

We store your personal data only for as long as is necessary for the purposes for which it was collected or for as long as storage is required by law or under official regulations. We delete or block your data as soon as it is no longer needed.

Furthermore, we will delete or block your data immediately upon revocation of your consent or in the event of a legitimate objection to the processing.

6. Planned data transfer to third countries

For the purposes stated in this Privacy Policy, we may transfer your personal data to other REHAU companies. These other companies may use your personal data in their own interest for the same purposes as we do. In particular, they may process your personal data for the stated purposes in their own interest. Within the REHAU Group, employees only have access to your personal data to the extent necessary for the performance of their duties.

Data transfers to branches outside the European Economic Area are made either on the basis of an adequacy decision by the Commission (Art. 45(3) GDPR) or on the basis of standard contractual clauses (Art. 46(2)(c) GDPR) that contain appropriate safeguards for the data subject. The text of the standard contractual clauses is published at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data -protection/standard-contractual-clauses-scc_de.

We may also disclose your personal data to third parties outside the REHAU group of companies in order to utilize technical or organizational services that we require for the fulfillment of the aforementioned purposes or our other business activities. Our service providers are contractually obligated to process personal data exclusively on our behalf and in accordance with our instructions. We also require our service providers to comply with technical and organizational measures that ensure the protection of personal data. If the service providers are located in countries where applicable laws do not provide a level of personal data protection comparable to European law, we will contractually ensure that the service providers in question comply with the legally required level of data protection (standard contractual clauses). You can obtain further information on this from our Data Protection Officer.

7. Online Data Use / Visiting Our Websites

Below you will find information about what data we may collect when you visit our websites and how we handle it. REHAU websites may contain links to websites of other providers to which this privacy policy does not apply.

When you visit our website, we store information about the browser and operating system you are using, the date and time of your visit, and your IP address. This data is necessary for the functioning of the pages, in particular to ensure a smooth connection and to guarantee reasonable use of our website. We cannot link this data to you.

Without your cooperation, we do not collect any personal data via our websites. You alone decide whether or not you wish to disclose such data to us, for example, as part of a registration, order, or survey.

In addition, we use the following technologies on our website in particular:

7.1. Chatbot

When you use our “Chatbot” service (for example, via our website https://www.rehau.com or within mobile apps), personally identifiable data, including chat histories, IP addresses, and cookies, is collected and stored by the service providers Amazon Web Services, Inc. and Google Ireland Limited. This information is necessary for the provision of the service. For more information, please visit https://aws.amazon.com/de/privacy/ and https://policies.google.com/privacy/.

7.2. Google Analytics Web Analytics Service

If you consent in the cookie consent pages on our website, this website uses Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses cookies, which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie regarding your use of this website is generally transmitted to a Google server in the United States and stored there. REHAU has enabled IP anonymization on this website; therefore, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the link http://tools.google.com/dlpage/gaoptout?hl=de.

The data we collect at the user and results level, which is linked to cookies, user IDs, and advertising IDs, is automatically deleted after 14 months. The retention period for the user ID is reset to 14 months for each new event (e.g., page view) by this user on our website. Standard aggregated Google Analytics reports are not affected by this.

For more information on terms of use and privacy, please visit https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.

Please note that on our website, Google Analytics has been extended with the code “gat._anonymizeIp();” to ensure the anonymized collection of IP addresses (so-called IP masking).

7.3. Google Tag Manager

Google Tag Manager is a solution used to manage website tags via an interface. The Tag Manager itself does not collect any personal data. The tool triggers other tags and is therefore necessary for REHAU to provide a telemedia service that you have expressly requested. Google Tag Manager itself does not access personal data.

If deactivation has been performed at the domain or cookie level, this setting remains in effect for all tracking tags implemented with Google Tag Manager. Google’s privacy policy regarding this tool can be found here: https://policies.google.com/privacy?hl=de

7.4. Google Ads Remarketing

If you consent in the cookie landing pages on our website, our website uses the functions of Google Ads Remarketing. We use this to advertise this website in Google search results as well as on third-party websites. The provider is Google Ireland Limited. For this purpose, Google places a cookie in your device’s browser, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited. Further data processing only takes place if you have consented to Google linking your internet and app browsing history to your Google Account and using information from your Google account to personalize ads that you view on the web. In this case, if you are logged into Google while visiting our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. To do this, Google temporarily links your personal data with Google Analytics data to form audiences. You can permanently disable the setting of cookies for ad preferences by downloading and installing the browser plug-in available at the following link: https://adssettings.google.com/authenticated?hl=de

Alternatively, you can visit the Digital Advertising Alliance at www. aboutads.info to learn about the use of cookies and adjust your settings accordingly. Finally, you can configure your browser to notify you when cookies are set and decide individually whether to accept them, or to block the acceptance of cookies in specific cases or generally. If you do not accept cookies, the functionality of our website may be limited.

Further information and the privacy policy regarding advertising and Google can be viewed here: https://policies.google.com/technologies/ads?hl=de

7.5. Google reCAPTCHA

We use Google’s reCAPTCHA service in our contact forms, which you can use to submit service and information requests to REHAU.

The purpose of this query is to detect malicious attacks on our websites by distinguishing human input from automated, machine-generated input. The use of this application is necessary for the provision of the service that REHAU offers via its contact forms and is therefore based on Art. 6(1)(b) of the GDPR. It is necessary for the provision of the service, as otherwise the website would not be sufficiently protected against automated spying, misuse, and spam. The use is therefore also in the interest of the service recipients. To this end, your input is transmitted to Google and processed there. The IP address and, if applicable, other data used by Google for the service are transmitted to Google.

The use of Google reCAPTCHA is inextricably linked to Google Fonts. When you use Google reCAPTCHA, fonts are loaded via a Google server without us or you being able to prevent it. Google Fonts are fonts provided by Google Inc. For the European region, the company Google Ireland Limited is responsible. You can read details regarding data protection issues related to Google Fonts at https://developers.google.com/fonts/faq/ privacy.

In principle, Google Fonts does not process more or different personal data than is necessary for the use of Google reCAPTCHA. The legal basis for the use of Google Fonts in connection with the use of reCAPTCHA is the legitimate interest in preventing automated spying, misuse, and spam.

Please note, therefore, that you can only use our contact forms if you consent to the use of Google reCAPTCHA (and Google Fonts) to protect the site. In exceptional cases, this may involve processing your data in countries outside the European Union (so-called third countries) that do not have an adequate level of data protection. To ensure an adequate level of data protection when transferring personal data even in this case, we take additional measures in accordance with Art. 44 et seq. of the GDPR and thus ensure that the transfer is generally permissible (e.g., by entering into EU Standard Contractual Clauses).

For more information about Google reCAPTCHA and the privacy policy, please visit https:// www.google.com/recaptcha/intro/v3.html or https://www.google.com/privacy.

The controller responsible for this data processing is Google Ireland Limited. The following data is transmitted to the controller for the independent provision of the service “Defense against malicious attacks”: your web request, IP address, browser type, browser language, date and time of your request, and one or more cookies that may identify your browser.

If you do not consent to the use of Google reCAPTCHA, you must not fill out the contact forms in which Google reCAPTCHA is used. If you wish to use REHAU’s services without the use of Google reCAPTCHA, you are welcome to send us an email or a letter at any time; we will then handle your request by other means.

7.6. Facebook Plugin

If you consent in the cookie landing pages on our website, we use the “Visitor Action Pixel” from Facebook Inc. on our website. This allows us to track user behavior after they have been redirected to the provider’s website by clicking on a Facebook advertisement. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising campaigns. The data collected is anonymous to us, meaning it does not allow us to identify individual users. However, the data is stored and processed by Facebook, allowing a connection to the respective user profile and enabling Facebook to use the data for its own advertising purposes in accordance with the Facebook Data Use Policy: https://de-de.facebook.com/about/privacy/

The data may enable Facebook and its partners to display advertisements both on and off Facebook. A cookie may also be stored on your computer for these purposes.

7.7. Facebook Remarketing

If you consent in the cookie consent pages on our website, we use the “Custom Audiences” remarketing feature from Facebook Inc., USA, on our website. This feature serves the purpose of targeting website visitors with interest-based advertising on the Facebook social network. To this end, Facebook’s remarketing tag has been implemented on the website. When you visit the website, this tag establishes a direct connection to Facebook’s servers. This transmits information to Facebook’s servers regarding which of our pages you have visited. Facebook associates this information with your personal Facebook user account. When you visit the Facebook social network, you will then be shown personalized, interest-based Facebook ads.

You can disable the “Custom Audiences” remarketing feature. For more information on the collection and use of data by Facebook, your rights in this regard, and options for protecting your privacy, please refer to Facebook’s privacy policy at https://de-de.facebook.com/about/privacy/.

7.8. Facebook Lead Ads

If you consent in the cookie landing pages on our website, we use Facebook Lead Ads to collect contact information from users who are interested in our products and services on Facebook. This expands the interaction options available in our Facebook ads, particularly by allowing users to request further information about our products and services via a contact form. When a prospective customer submits such a form, the data provided by the user is stored as a lead on Facebook and transmitted to us. We use this data solely for the purpose specified in the Lead Ad. This may include, for example, the name for personalized communication, the email address to send the requested product information, or the phone number to contact the user by phone. You can obtain further information directly from Facebook at https://de-de.facebook.com/about/privacy/.

7.9. LinkedIn Ads

If you consent in the cookie consent pages on our website, we use so-called website conversion tracking on our website using the LinkedIn Insight Tag from LinkedIn Ads. LinkedIn Ads is the advertising platform of LinkedIn Ireland Unlimited Company. The LinkedIn Insight Tag enables us to analyze the behavior of users who land on our website via our ads within the LinkedIn advertising network and subsequently optimize our website and advertising efforts.

When you interact with our ads within the LinkedIn advertising network, we only learn about the aggregate behavior of all users and do not collect any personal data in the process. Please note that IP addresses are always transmitted with every HTTP request (e.g., when data is sent from your browser to a third-party provider such as LinkedIn) and we have no knowledge of how third-party providers use the IP address. The collection of IP addresses can be completely blocked in certain browsers.

Please note that your data is generally transferred to a LinkedIn server in the United States of America, outside the EEA, and stored there. To protect your data, we have accepted LinkedIn’s “Data Processing Terms,” in which LinkedIn also commits to acting in accordance with European data protection regulations regarding your data. We would like to point out that in a third country such as the United States of America, no adequate data protection safeguards or an adequate level of data protection can be guaranteed.

You can find LinkedIn’s Data Processing Terms at the following link: https://de.linkedin.com/legal/l/dpa

You can find LinkedIn’s Privacy Policy at the following link: https://de.linkedin.com/legal/privacy-policy

Data processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in optimizing our website and advertising measures. The legal basis for the use of LinkedIn Ads’ website conversion tracking on our website is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time by changing your cookie settings on our website accordingly.

7.10. LinkedIn Matched Audiences

If you consent in the cookie consent pages on our website, we use the retargeting feature of LinkedIn Ads on our website. In doing so, we create custom audiences (“Matched Audiences”) based on the behavior of users who have interacted with our website, our content on LinkedIn (e.g., company page) or with our advertising within the LinkedIn advertising network, in order to display personalized advertising to these users within the LinkedIn advertising network or to exclude specific target groups from our advertising campaigns. To protect the privacy of individual users, the retargeting audience must consist of at least 300 users before personalized advertising can be displayed to them.

In addition, we use the Customer Match feature of LinkedIn Ads to create custom audiences based on our customer data. This feature enables us to reach potential or existing customers with personalized advertising within the LinkedIn advertising network.

The legal basis for using the retargeting and customer match features of LinkedIn Ads is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time by changing your cookie settings on our website accordingly.

You can find LinkedIn’s privacy policy at the following link: https://de.linkedin.com/legal/privacy-policy

7.11. YouTube Plugin

If you consent in the cookie pop-ups on our website, we use plugins from YouTube LLC (represented by Google Inc.) . In this case, as soon as you use our website, a connection to the YouTube servers is established and the plugin is displayed. This transmits information to the YouTube server regarding which of our pages you have visited. If you are logged in to YouTube as a member, YouTube associates this information with your personal user account.

When using the plugin, for example, after clicking the play button on a video, this information is also associated with your user account. You can prevent this association by logging out of your YouTube user account and other user accounts of YouTube LLC and Google Inc. before using our websites and by deleting the corresponding cookies from these companies. Further information on data processing and privacy notices from YouTube (Google) can be found at: https://policies.google.com/privacy?hl=de

7.12. Microsoft Plugin

If you consent in the cookie consent pages on our website, our website uses conversion tracking from Microsoft Corporation. In this process, Microsoft Bing Ads sets a cookie on your computer if you have reached our website via a Microsoft Bing ad. Microsoft Bing and we can thus recognize that someone has clicked on an ad, been redirected to our website, and reached a predefined landing page (conversion page). We only receive the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information regarding the user’s identity is shared. If you do not wish to participate in this tracking process, you can also refuse the placement of the cookie required for this purpose—for example, by using a browser setting that generally disables the automatic placement of cookies. For more information on data protection and the cookies used by Microsoft Bing, please visit the Microsoft website: https://privacy.microsoft.com/de-de/privacystatement/

7.13. Outbrain

If you consent in the cookie consent pages on our website, we use technology from the provider Outbrain UK Ltd. on our website to direct our users to related content within our website and on third-party websites that may also be of interest to them. The additional reading recommendations integrated by Outbrain—for example, below an article—are determined based on the content the user has previously read. Outbrain uses cookies to display this interest-based additional content. To anonymize the IP address, the last octet of the IP address is removed to ensure full anonymization.

You can opt out of Outbrain’s tracking for the display of interest-based recommendations at any time at https://my.outbrain.com/recommendations-settings/home.

7.14. Adform

If you consent in the cookie landing pages on our website, the technology of Adform A/S, Denmark, is used on this website. This system uses cookies for tracking and managing digital advertising campaigns. Adform does not store any personal data such as names, email addresses, or other personal details by setting cookies. All information is strictly anonymized and contains technical details such as the frequency and date of ad displays, the browser used, or the operating system installed. It is not possible to identify you personally from this data. Since IP addresses are considered personal data in Germany, Adform never stores full IP addresses in Germany but truncates the last octet to comply with data protection regulations.

You can revoke your consent at any time. To do so, use this link: https://site.adform.com/privacy-policy-opt-out. This will store a so-called opt-out cookie on your device, which signals to the technical systems that no further data may be collected and no cookies may be set in the future.

7.15. REHAU Account / cidaas

If you use our “REHAU Account” service (for example, via https://accounts.rehau.com or within mobile apps), the personal data necessary for providing the service will be collected and stored. The underlying service—product name “cidaas”—is provided by our data processor Widas ID GmbH.

For more information, please visit: https://www.cidaas.com/de/datenschutzhinweise/

7.16. Cloudflare

When you use our “REHAU Account” service (for example, via https://accounts.rehau.com or within mobile apps), personal data, including anonymized IP addresses and cookies, is collected by the service provider Cloudflare Inc., USA, and stored for up to seven days. This information is necessary to enhance the security of the service and is collected exclusively for this purpose. For more information, please visit: https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies and https://www.cloudflare.com/de-de/privacypolicy/

7.17. Hotjar

If you consent in the cookie consent pages on our website, we use Hotjar on our website, a behavioral analytics service provided by Hotjar Limited, Malta (hereinafter referred to as “Hotjar”), to statistically analyze user behavior on our website using heatmaps ( “heatmap”) and session recordings, and subsequently optimize our website. In doing so, Hotjar stores its own cookies, including those named _hjSessionUser_<site-id> to distinguish individual users and their sessions and events on our website, and _hjSession_<site-id> to identify events within a session, in the domain of our website (so-called first-party cookies) in your browser.

When you interact with our website, the following data, among others, is collected by Hotjar:

• URLs of the pages you visit on our website
• Information about your Internet Service Provider’s IP address (anonymized)
• Information about the device you are using (e.g., model, version, category)
• Information about the browser you are using (e.g., name, version, language)
• Information about the operating system you are using (e.g., name, version)
• Information about the time of your page view and duration of your visit to our website
• Information about your user behavior (e.g., click behavior, mouse movements, keystrokes)
• Information about your approximate location (country only)
• Information about your screen resolution
• Information about your referral source (e.g., the website through which you arrived at our website)

Please note that IP addresses are always transmitted with every HTTP request (e.g., when data is sent from your browser to a third-party provider such as Hotjar) and we have no knowledge of how third-party providers use the IP address. The collection of IP addresses can be completely blocked in certain browsers, such as Apple’s Safari (“iCloud Private Relay”) and Mozilla’s Firefox (“Firefox Private Network”).

Please note that your data is generally transferred to a Hotjar server within the EEA and stored there. To protect your data, we have entered into a direct customer agreement with Hotjar by signing the “Data Processing Agreement,” in which Hotjar also commits to acting in accordance with European data protection regulations regarding your data.

This processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in optimizing our website. The legal basis for the use of Hotjar on our website is your consent in accordance with Art. 6(1)(a) GDPR. You may withdraw your consent at any time by changing your cookie settings on our website accordingly.

In addition, you can prevent Hotjar from collecting data by adjusting the relevant settings at the following link: https://www.hotjar.com/policies/do-nottrack/. Hotjar’s privacy policy can be found at the following link: https://www.hotjar.com/legal/policies/privacy/

7.18. SalesViewer

On this website, data is collected and stored using SalesViewer technology from SalesViewer GmbH based on the legitimate interests of the website operator (Art. 6(1)(f) GDPR) for marketing , market research, and optimization purposes.

For this purpose, a JavaScript-based code is used to collect company-related data and track its usage. The data collected using this technology is encrypted using a one-way function that cannot be reversed (so-called hashing). The data is immediately pseudonymized and is not used to personally identify visitors to this website.

The data stored within SalesViewer is deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing its deletion.

You may object to the collection and storage of data at any time with future effect by clicking this link https://www.salesviewer.com/de/opt-out/ to prevent SalesViewer from collecting data on this website in the future. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you must click this link again.

7.19. Other Cookies

Cookies are small text files that are usually placed on your computer by a website. Cookies serve a variety of purposes. However, they are never technically risky, as they lack any “active” capability. They cannot, therefore, execute malicious applications. They contain almost exclusively information necessary for convenient internet use. Additionally, we have set a time limit for the deletion of cookies. Without your renewed consent, these will be stored for a maximum of 12 months from the date of initial collection. To this end, we take technical measures to ensure automatic deletion.

Classic examples of cookie functions: login data, saving shopping cart items, user analysis, form fields. Information that can be stored in cookies includes: lifetime, server name, unique ID, content data.

Use of Cookies:

• Function
  Functional or session cookies are purely technical cookies that are necessary for the proper functioning of our website.

We use all other cookies only if you have consented via our Consent Manager splash screens. We have structured these cookies as follows:

• Statistics
• Marketing
• Other

Statistics or tracking cookies are used to analyze user behavior when visiting our website—naturally in a completely anonymized form. This provides REHAU and, where applicable, the responsible entity with valuable information on how the website is used, enabling REHAU and, where applicable, the responsible entity to better tailor it to the interests of visitors.

In addition to our own cookies, we use third-party cookies to display personalized advertising on our website and others. This process is called “retargeting.” It is based on your activity on our website.

Furthermore, the plugins used on our website use their own cookies. You can find information about the types and purposes of these cookies on the third-party providers’ websites listed.

7.20. consentmanager

We have integrated the consent management tool “consentmanager” (www.consentmanager.net) from Jaohawi AB, Sweden, into our website to request consent for data processing or the use of cookies or similar functions. consentmanager allows you to grant or deny your consent for specific functionalities either in full or on a case-by-case basis for individual features of our website. This applies, for example, to the integration of external elements or streaming content, statistical analysis, audience measurement, or personalized advertising.

You can also change the settings you have selected at a later time. The purpose of integrating consentmanager is to allow users of our website to decide on the aforementioned matters and to offer them the option to change settings they have already selected while continuing to use our website. In the course of using consentmanager, personal data as well as information about the end devices used, such as the IP address.

The legal basis for the processing is Art. 6(1)(c) in conjunction with Art. 6(3)(a) in conjunction with Art. 7(1) of the GDPR, as well as, alternatively, Art. 6(1)(f). By processing the data, consentmanager assists us (the controller under the GDPR) in fulfilling our legal obligations (e.g., the obligation to provide evidence). Our legitimate interests in the processing lie in the storage of user settings and preferences regarding the use of cookies and other functionalities. consentmanager stores your data for as long as your user settings are active. Two years after the user settings are configured, consent is requested again. The user settings you have configured are then stored again for this period.

You may object to the processing. Your right to object applies for reasons arising from your particular situation. To object, please contact us via email at info@consentmanager.net.

8. Data Security

We have technical and organizational security measures in place to safeguard the security of your personal data and to protect your personal data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure, or access.

9. Your Rights

Compliance with data protection regulations is monitored by the following authorities, which anyone may contact:

Data Protection Officer of REHAU Industrial Solutions SE & Co. KG:

Dr. Alexander Walter
REHAU Industries SE & Co. KG
Rheniumhaus
Helmut-Wagner-Str. 1
95111 Rehau
Germany

Phone: +49 9283 770
Email: datenschutz@rehau.com

Lead supervisory authority within the meaning of Art. 56 GDPR:

Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach
Germany

You also have the option to verify REHAU’s compliance with data protection regulations yourself. To this end, you have the following rights:

• Right to information
• Right to access the data processed about you
• Right to object
• For all processing operations based on Art. 6(1)(f) GDPR (see above), you may object to the processing for reasons arising from your particular situation.
• Right to object to direct marketing
• You have the right to object at any time to the processing of your data for the purpose of direct marketing. This also applies to profiling associated with such direct marketing.
• Right to rectification, erasure, and restriction
• Right to data portability
• Right to lodge a complaint with a supervisory authority

If you have any questions regarding these rights in connection with the processing of your personal data, you may contact our Data Protection Officer, who is also available to assist with requests for information, suggestions, or complaints. Upon request, REHAU will inform you in writing as soon as possible, in accordance with applicable law, whether and which personal data we have stored about you. Should incorrect information be stored despite our efforts to ensure data accuracy and up-to-date status, we will correct it at your request.