Sustainability Report 2023

Data protection

We welcome your interest in our website https://www.sustainabilityreport.zeppelin.com (“Website”) and would like to make your visit as enjoyable as possible. The operator of this Website and the controller for the processing of your personal data through this Website is Zeppelin GmbH, Graf-Zeppelin-Platz 1,  85748 Garching near Munich, phone: +49 89 32 000-0, e-mail: datenschutz@zeppelin.com

Alongside easy, efficient operability, we consider the protection of your personal data to be a top priority. The protection of your privacy is a key concern for us when processing personal data and we take this into account in all our business processes. 

Therefore our processing of personal data collected during a visit to our Website always takes place in line with the respective provisions governing data protection.

This data protection statement will tell you which of your personal data are collected and retained when you visit our Website or use our services offered through the Website. You will also receive information on how and on what legal basis your data are used, what rights you have with regard to the use of your data, and which contact methods are available to you.

1. Processing of personal data and purposes of the processing

When visiting our Website

You can visit our Website without disclosing information regarding your identity. When you open our Website, your browser information will however be automatically sent to our Website servers, and temporarily stored in a log file. Your identity is not disclosed by this information.

The following information is recorded without your consent, and is retained until it is automatically erased after six months:

These data are collected and processed to enable use of our Website (connecting). These data are retained exclusively for technical reasons, and at no point are they attributed to a specific person. The collection of these data serves to ensure system security and stability, as well as technical administration of the network infrastructure. The legal basis to this extent is point (f) of Article 6 (1) GDPR. Our legitimate interest in data processing lies in ensuring that our Website functions properly, and that communication through the Website is properly handled. In relation to the foregoing, we cannot attribute this information to you personally.

We also use cookies and web analysis services for our Website (see clause 2).

2. Cookies

We use cookies on our Website. These are small files which your browser automatically creates and which are stored on your terminal (PC, laptop, tablet, smartphone, etc.) when you visit our Website.

Cookies are used to make your visit to our Website easier and more enjoyable. This is why we use session cookies to detect that you have already visited individual pages on our Website, or that you have already signed into your customer account. They are automatically deleted after you leave our Website.

Insofar as you have given us your consent to this, We use temporary cookies to enhance user-friendliness. These are stored on your terminal for a specific period. If you visit our site again to use our services, the system automatically detects that you have visited us previously, as well as your input and settings so that you do not need to enter them again. the legal basis for this is point (a) of Article 6 (1) GDPR. You may revoke your consent at any time using our cookie settings.

We also use cookies to record statistics regarding the use of our Website, and to analyze these for the purposes of optimizing our Website to meet your needs, and to show information which is specifically tailored to your interests. If you visit our Website again, these cookies allow us to automatically see that you have visited the Website previously. These cookies are automatically deleted after a defined period.

Most browsers automatically accept cookies. You can configure your browser in such a way that no cookies are stored on your computer, or so that a prompt appears before a new cookie is created. Completely disabling cookies may, however, lead to some of the functions of our Website being lost.

OneTrust

We use OneTrust (a tool from OneTrust Technology Limited, 82 St. John Street

Farringdon, London EC1M 4JN, UK) as a cookie and consent management tool.

With the help of the OneTrust Cookie Compliance Tool, you can consent to the storage of cookies in a legally compliant manner or declare your withdrawal of consent. At the same time, your consent is documented, and the setting of cookies is technically controlled. Cookies are used to store your cookie settings on our websites. This means that your cookie settings can be retained when you visit our platforms again, as long as you do not delete the cookies beforehand. You can adjust your settings at any time.

We also use the OneTrust Consent Manager, which allows you to give your consent on our website and manage it in the Preference Center at any time. Your consent will also be documented in a legally compliant manner.

The legal basis for the aforementioned processing of personal data is Article 6 (1) (f) GDPR. Our legitimate interest is to obtain legally required consent automatically and document it in a legally compliant manner.

Google Analytics

In order to tailor our Website to your needs and for continuous optimization of the site, we use Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (https://www.google.de/contact/impressum.html). Pseudonymized user profiles are created and cookies used in this context. The information generated by the cookie through your use of the Website, e.g.

is transferred to a Google server in the USA and stored there. The information is used to analyze use of the Website. This information may also be sent to third parties, insofar as this is a statutory requirement. Your IP address is never combined with other Google data. IP addresses are rendered anonymous to prevent attribution (IP masking).

The transfer of personal data to the USA will only take place with your express prior consent. The legal basis for the storage of cookies and further analysis of the data over a period of two months is the consent that is granted (point (a) of Article 6 (1) GDPR). You can withdraw your consent at any time in the cookie settings

Google Retargeting/Remarketing

On this website, we use the remarketing function or “similar audiences” function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://www.google.de/contact/impressum.html). The purpose of this function is to present you, as a visitor to our website, with interest-based advertising as part of the Google network. When you visit the website, your browser stores cookies, which are small text files, on your computer; these make it possible to recognize you when you access websites that belong to the Google advertising network. On these websites you can then be presented with advertisements based on content you have previously accessed on websites that use the Google remarketing function.  According to its own statements, Google does not combine the data collected as part of remarketing with any of your personal data that may be stored by Google. In particular, according to Google, pseudonymization is used for remarketing. Your data will also be processed by Google in the USA. Your data will only be transferred to the USA with your express consent.

The use of the remarketing function or “similar target groups” function is based on the consent you have given. The legal basis is point (a) of Article 6 (1) GDPR. You can withdraw your consent at any time in the cookies settings.

Use of Google AdWords conversion tracking

We use Google AdWords – another offer from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to draw attention to our attractive offers by means of advertising materials (so-called Google AdWords) on external websites. These advertising materials are delivered by Google via so-called “ad servers.” Ad Server cookies are used to evaluate performance parameters such as ad impressions, clicks and conversions. This allows us to determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. If you access our website via a Google ad, a cookie is stored on your PC by Google AdWords. These cookies generally lose their validity after 30 days and are not intended to identify you personally. The following analysis values are generally stored for this cookie, whereby the data is also processed by Google in the USA:

These cookies allow Google to recognize your Internet browser. If a user visits certain pages of an AdWords customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user has clicked on the ad and has been forwarded to this page. Each AdWords customer is assigned a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. We do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations made available by Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials; in particular we cannot identify users based on this information. Your data will only be transferred to the USA after granting of your express consent. The legal basis for the storage of cookies by Google is the consent that is granted (point (a) of Article 6 (1) GDPR). You can withdraw your consent at any time in the cookies settings.

You can find further information and view the Google Privacy Policy at: https://www.google.de/policies/privacy.

Google Tag Manager

This website uses Google Tag Manager, a solution offered by Google Ireland Limited (Gordon House, Barrow St, Dublin 4, Ireland). Google Tag Manager allows various codes and services to be managed and more easily integrated into the website. Google Tag Manager is a cookie-free domain that requires transmission of the IP address to Google and triggers other tags that may collect data under certain circumstances. Google Tag Manager does not access these data. Insofar as a deactivation has been implemented by the user on a domain or cookie level, this applies to all tracking cookies that are implemented with Google Tag Manager. Your IP address can also be processed by Google in the USA. To ensure an adequate level of data protection, we have concluded the so-called standard contractual clauses with Google.

The legal basis for the aforementioned processing of personal data is point (f) of Article 6 (1) GDPR.

3.  Data security

All data sent by you personally, including your payment details, are transferred using the generally accepted and secure SSL (Secure Socket Layer) standard. SSL is a reliable and proven standard which is used e.g. in online banking.

A secure SSL connection can be identified by the “s” suffixed to the http (i.e. https://...) in the address bar of your browser or by the lock icon in the lower pane of your browser.

We also take suitable technical and organizational security measures to protect your retained personal data against destruction, loss, alteration or unauthorized disclosure or access. Our security measures are continuously improved in line with technological development.

4.  Rights of data subjects

As a data subject in the sense of the GDPR, you are entitled to the following rights. To assert these rights, please contact us on:

dataprivacy@zeppelin.com or in writing to the above address of Zeppelin GmbH.

Right of access

Pursuant to Article 15 GDPR, we must provide information about your personal data that we process.

Right to rectification

If the information concerning you is no longer correct, you can request a correction in accordance with Article 16 GDPR. If your data is incomplete, you can request completion.

Right to restriction of processing

In accordance with Article 18 GDPR, you have the right to request a restriction of the processing of your personal data.

Right to erasure

In accordance with Article 17 GDPR, you may request the erasure of your personal data.

Right to data portability

Pursuant to Article 20 GDPR, you have the right to receive personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format. Within the limits of Article 20(1) GDPR, you also have the right to transfer those data to another controller nominated by you.

Withdrawal of consent

You also have the right at any time to withdraw the provided declaration of consent with regard to data protection with immediate effect. The withdrawal of consent does not affect the legality of any processing based on the consent which took place up to the withdrawal thereof.

5.  Automated individual decision-making or profiling measures

We do not use automated processing methods for decision-making – including profiling.

6.   Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data infringes on data protection law, in accordance with Article 77 (1) GDPR you have the right to lodge a complaint with a data protection supervisory authority of your choice. This also includes the data protection supervisory authority responsible for the controller: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Postfach 10 29 32, 70025 Stuttgart. You can use the following email address for email communication with the supervisory authority: poststelle@lfdi.bwl.de.

7.   Storage period for personal data/erasure of personal data

In general, we erase or render anonymous your personal data as soon as they are no longer necessary in relation to the purposes for which we have collected or otherwise processed them in accordance with the foregoing clauses, unless continued storage of your personal data is required to fulfill a legal obligation. Further information about the corresponding deletion periods can be found in the description of the individual data processing operations.

8.   Disclosure of data to third parties/recipients of data

The personal data that we collect and retain shall never be used by us for sale, trade or loan. We will only pass on your data to third parties if we are legally obliged or to assert a claim, in the exercise or defense of legal claims, to investigate unlawful use of our Website or products, or for prosecution of a claim (insofar as there are reasonable grounds to suspect unlawful or unfair conduct). Data may also be disclosed for the enforcement of Terms and Conditions of Use or other agreements. We are also obliged to grant access to certain public bodies on request. These include law enforcement authorities, authorities which prosecute administrative offenses, and tax authorities. These data are disclosed on the basis of our legitimate interest in combating misuse, the prosecution of offenses, and the securing, assertion and enforcement of claims. The legal basis is point (f) of Article 6 (1) GDPR.

We rely on contractually bound third-party companies and external service providers (“processors”) to supply our range of products and services. In such cases, personal data are disclosed to these processors to enable further processing thereof. These processors are carefully selected and regularly checked to ensure that your privacy remains protected. The processors may only use the data for the specified purposes, and are also contractually obliged to handle your data in compliance with this data protection statement and the German data protection laws.

9.   Contact method/data protection officer

You can contact us through our data protection officer as follows with regard to access to your personal data, to have inaccurate data corrected, blocked or erased, or if you have further questions regarding the use of your personal data.

Zeppelin GmbH
Data Protection Officer
Graf-Zeppelin-Platz 1
85748 Garching near Munich
Tel: +49 89 32 000-0
Fax: +49 89 32 000-482
Email: dataprivacy@zeppelin.com   

Please note that access can only granted if you give us, in full: your first name and surname, your current and, if necessary, previous address, your date of birth, and your email address. This information is used exclusively for alignment purposes, which in turn ensures that no unauthorized third party can obtain your personal data. Any product, operation, and/or contract numbers which we have sent to you are also useful and helpful, but not necessary, in enabling us to identify the relevant data quicker.

As of: July 2023

Download
GRI Index