隐私保护声明

1 概述

1.1 目标和责任

(1) 本隐私政策旨在说明我们的网站和关联网页、功能和内容（以下统称“网站”）上进行的个人信息处理活动的类型、范围和目的。无论使用何种域名、系统、平台和设备（如台式机或移动设备）显示所提供的网页，本隐私政策均适用。以简体中文语言呈现的本隐私政策仅适用于域名为www.heraeus.cn的相关网页。

如果贺利氏集团的任何其他网站、平台、小程序等有具体适用的其他版本的隐私政策，则相应的具体隐私政策优先适用。

(2) 本网站提供商以及数据隐私保护的责任方为 Heraeus Holding GmbH以及贺利氏（中国）投资有限公司（以下统称“贺利氏”、“提供商”或“我们”）。有关我们及联系方式的更多信息，请参阅我们网站上的 版本说明。

(3) 如有需要，可以通过电子邮箱：dataprotection@heraeus.com 联系我们的数据保护负责人。

(4) “用户”包括所有客户及其员工，以及我们网站的访问者。

(5) 贺利氏的产品及服务专门面向企业客户。儿童和青少年（18岁以下未成年人）不是贺利氏的网站（包括贺利氏网站上的广告和任何业务联系表）的目标受众。未成年人请勿填写或提交这些联系表给贺利氏。仅当未成年人通过贺利氏专门设立的申请门户申请贺利氏的工作、学徒或学生实习时，贺利氏才会要求未成年人提供个人信息，除此之外贺利氏不会在知情情况下收集未成年人的个人信息。

1.2 个人信息处理的原则

(1) 贺利氏仅在符合相关法律要求的前提下，本着合法、正当、必要和诚信原则，采取适当的技术和公司数据安全措施收集和处理用户的个人信息。

(2) 原则上，用户没有向我们提供个人信息的义务；但是，如果用户不提供所需的个人信息，我们可能无法提供某些服务或者只能在有限范围内提供。在用户使用网站上的某些选项和服务时，如发送电子邮件、求职或订阅服务等，基于用户的自愿并服务于用户认可的目的，我们可能会收集必要的个人信息，该等信息将仅限于在必要的目的与范围内使用。我们将采取合理措施确保我们不收集无关的个人信息。

(3) 一旦对于个人信息收集的指定目的不再必要，且删除不会与任何法定的保存义务发生冲突，用户的个人信息会被删除。

(4) 用户有权根据适用的法律法规保护自己作为个人信息主体的权利，包括但不限于：要求确认其个人信息处理情况；对基于同意而进行的个人信息处理活动，要求撤回其同意；在任何时候拒绝个人信息处理；要求对其个人信息进行删除、更正和限制使用。

1.3 安全措施

我们采取适当的技术性和组织性数据保护安全措施，以确保遵守适用的个人信息保护法律规定，并保护我们处理的个人信息免受意外或故意的操纵、丢失、破坏或未经授权的访问。

1.4 将数据传输到第三方和第三方提供商

(1) 贺利氏仅在符合法律规定的前提下向第三方传输个人信息。我们仅在必要时（例如：出于会计目的等）或出于履行对用户的合同义务或法律要求所需的其他必要目的时，将用户数据传输给第三方。

(2) 在我们通过分包商提供服务的情况下，我们将采取适当的法律预防措施以及适当的技术性和组织性措施，并根据适用的法律规定保护个人信息。

(3) 如果在本隐私政策的框架内，当需要将用户的个人信息传输至境外，我们将遵守适用的有关跨境传输方面的法律法规。

1.5 自动化决策

我们不会将用户个人信息用于任何自动化决策过程（包括分析）。

2 个人信息处理详情

2.1 收集访问数据

(1) 当用户访问我们的网站时，用户的浏览器会自动将某些信息传送给我们，这些信息包括：被访问网站和文件的名称、访问的日期和时间、传送的数据量、成功访问的报告、浏览器的类型和版本、用户的操作系统、引荐网址（URL）（是指用户在访问我们的网站之前访问过的网页）、用户的IP地址和请求的提供商。

(2) 我们对上述用户个人信息的处理系出于提供网站服务的技术必要性，个人信息处理将依法进行，以确保个人信息处理的安全性（如防范和识别网络攻击）。

(3) 对服务器日志文件中的个人信息的收集和存储系基于提供本网站的必要性。因此，用户可能无法要求删除、纠正或反对处理。

2.2 建立联系

(1) 当用户（通过联系表格或电子邮件）与我们建立联系后，为处理用户的请求，我们将存储和处理所有由此产生的包括个人信息（姓名、请求、具体联系方式）在内的请求。

(2) 用户信息可能被存储在我们的客户关系管理系统（“CRM系统”）中。

(3) 我们将基于适用的法定情形和依据进一步处理您的个人信息。

2.3 Cookies的使用；Cookie同意管理工具（Cookie Consent Management）

(1) 为了保障本网站以用户为导向且经济高效的运营之合法利益，我们使用保证在线平台正常运行所必需的Cookies。

(2) 根据相关法律规定，我们仅在用户明确同意（选择加入）的情况下使用非必要Cookies。我们基于用户的同意，存储Cookies或访问用户的终端设备的信息，以及为开展下文所述线上营销措施，处理存储在Cookies中的个人信息。

(3) 如果用户不希望在用户电脑上存储Cookies，则可以在用户浏览器的系统设置中禁用相应选项。存储的Cookies仅包含用户在访问本网站时同意或拒绝使用Cookies的信息。如果用户以后想撤销此同意，只需在浏览器中删除Cookies即可。用户也可以在浏览器系统设置中删除保存的Cookies。但禁用Cookies可能会导致本网站的功能受限。当用户再次访问本网站时，我们将再次向用户征求使用Cookies的同意。

(4) 我们使用Cybot A/S公司（地址位于Havnegade 39, 1058 Copenhagen, Denmark）提供的Cookiebot，即Cookie同意管理工具（Cookie consent management）。Cookiebot采用技术上所需的Cookies（cookiebot cookie）来管理用户同意，以保存用户对使用Cookie的同意。此外Cookiebot不会处理任何个人信息。

(5) 我们获得用户的同意，以便我们能在www.heraeus.com域中的所有网页上使用Cookies。

2.4 谷歌标签管理器（Google Tag Manager）

我们使用谷歌标签管理器（Google Tag Manager）。该服务提供商是Google Ireland Limited（以下简称“Google”），地址：Gordon House, Barrow Street, Dublin 4, Ireland。

谷歌标签管理器是一种我们可以直接在用户的浏览器中（客户端标记）使用或间接基于云端（服务器端标记）使用的数据检测分析工具，以集成我们网站上的跟踪或统计工具及其他技术。谷歌标签管理器本身不创建用户配置文件，也不设置或存储Cookies，也不进行独立分析。谷歌标签管理器仅用于管理和显示通过它集成的工具，但在使用时会记录用户的IP地址。

有关用户个人数据处理的更多信息，请参阅：https://www.google.com/intl/de/tagmanager/use-policy.html

我们基于用户的同意，使用谷歌标签管理器。用户可以随时撤销同意。

2.5 谷歌分析（Google Analytics）；谷歌目标受众（Google Target Audience）

我们的网站直接在用户的浏览器（客户端跟踪）或间接在我们的网络服务器（服务器端跟踪）上使用网络分析服务谷歌分析。该服务提供商是Google。

网站运营商可以通过谷歌分析对网站访问者的行为模式进行分析。网站运营商接收各种使用数据，如页面浏览量、停留时间、使用的操作系统和用户来源。Google可能会在分配给相应用户或其终端设备的配置文件中汇总这些数据。

谷歌分析使用识别用户的技术（如Cookies或设备指纹识别）分析用户行为模式。我们使用人口统计学特征进行分析。

我们基于用户的同意，使用谷歌分析，用户可以随时撤销同意。

更多相关信息，请参阅：https://privacy.google.com/businesses/controllerterms/mccs/

用户可以随时拒绝谷歌分析对后续数据的收集和存储。用户可以通过下载并安装以下链接中的浏览器插件，以防止谷歌分析对此后数据的收集和存储：https://tools.google.com/dlpage/gaoptout?hl=de

存储在Google用户平台和事件平台上的、其与Cookie、用户识别码（如用户ID）或广告ID（如DoubleClick Cookies、安卓广告ID）相关的数据，将在26个月后被匿名化或删除。

更多相关信息，请参阅：https://support.google.com/analytics/answer/7667196?hl=en

我们使用谷歌分析（详情请参阅上文）组建目标群体，前提是用户已同意使用谷歌分析，向对本网站表现出兴趣或我们提供给Google（即“再营销”或“谷歌分析受众”）的具有某些特征（如根据所访问网页确定的对某些主题或产品感兴趣）的用户，展示在Google及其附属公司的广告服务内投放的广告。

我们使用再营销受众确保我们的广告符合用户的潜在兴趣。

我们基于用户的同意，对数据进行处理。

有关Google如何使用数据以及如何更改设置或选择退出的更多信息，请参阅：https://policies.google.com/technologies/partner-sites?hl=en（“Google在使用我方合作伙伴提供的网站或App时的数据使用”），https://www.google.com/policies/technologies/ads（“基于广告目的的数据使用”），https://www.google.de/settings/ads（“管理用于向您展示广告的信息”）。

2.6 谷歌人机验证（Google reCAPTCHA）

旨在保护本网站，以防被自动监视滥用或充斥垃圾邮件，我们使用Google人机验证（Google reCAPTCHA）（以下简称“人机验证”）。该服务提供商是Google。

我们使用人机验证检查本网站上的数据输入的操作是由人工完成还是由自动化程序完成。为此，人机验证会根据各种特征分析您的浏览行为。一旦您进入我们的网站，此分析就会自动开启。为了进行分析，人机验证将评估各种信息（如IP地址、您在本网站上的访问时长或所做的鼠标移动）。分析期间收集的数据将传输到Google。

人机验证分析完全在后台运行。当用户访问本网站时不会被告知正在进行的分析。

该服务涉及将用户的IP地址和Google提供人机验证服务所需的其他数据传输到Google。

有关谷歌人机验证的更多信息，请参阅：https://policies.google.com/terms?hl=en

2.7 Microsoft Dynamics 365 Cloud for Marketing

基于分析目的或与客户和潜在客户开展目标群体联络的目的，我们使用Microsoft Corporation提供的自动化系统“Microsoft Dynamics 365 Cloud for Marketing”开展营销活动。该服务提供商是Microsoft Deutschland GmbH，地址：Walter-Gropius-Straße 5, 80807 Munich, Germany（以下简称“微软”）。

特别是，我们使用该系统提供电子邮件通讯服务（例如：与提供下载有关），用于活动管理（例如：管理活动参与者），并提供登录页面和联系表格。

基于用户同意通过Microsoft Dynamics 365 Cloud for Marketing接收电子邮件通讯的基础上，我们将使用微软及系统、收集和分析统计数据以及记录电子邮件通讯的注册程序，用户可以随时撤销同意。我们使用对用户友好和安全的、用于维护我们的商业权益的以及符合用户期望的系统。

我们网站中集成的系统组件（如表格）使用用户电脑中的Cookies使我们能够分析本网站的使用情况。具体收集的信息包括：客户端ID、地理位置、浏览器类型、访问时长和访问页面。

假名电子邮件跟踪：统计信息还包括时事通讯是否被打开、何时被打开以及点击了哪些链接。虽然这些信息在技术上归于个人通讯接收者，但个人数据的分析已被禁用，关于时事通讯接收者的信息仅以假名方式进行分析，无法进行解密和归于个人用户。

双向选择和数据记录：订阅我们的时事通讯时须遵循双向选择程序。即，在订阅后用户会收到一封电子邮件，要求用户确认订阅。为避免使用他人电子邮箱地址订阅，此程序为必要流程。我们会对时事通讯的订阅情况进行记录，以便能够根据法律要求核实订阅程序。这包括记录订阅的时间、日期和确认，以及相应的IP地址。此外，电子邮件营销服务提供商处所存储的关于用户的数据更改情况也会被记录。

退订：用户可以随时退订时事通讯，即撤销接收同意。每份时事通讯的末尾都有一个退订链接。在用户取消订阅后，用于发送该时事通讯而经处理的个人信息将会被删除。

有关微软数隐私据保护的更多信息，请参阅微软的隐私政策：https://privacy.microsoft.com/en-US/privacystatement

有关该系统中Cookies使用的更多信息，请参阅：https://docs.microsoft.com/en-US/dynamics365/marketing/cookies

2.8 Microsoft Dynamics 365 CRM系统

基于管理客户和潜在客户（销售线索），并更快、更有效地处理用户请求，我们使用“Microsoft Dynamics 365 CRM系统”这一云服务，即数据在微软数据中心处理。该服务提供商是Microsoft Corporation（以下简称“微软”），地址：One Microsoft Way，Redmond，WA 98052-6399，United States。

我们仅将用户的个人信息用于请求的技术处理，我们不会将数据披露给第三方。

有关微软数据隐私保护的更多信息，请参阅微软的隐私政策：https://privacy.microsoft.com/en-US/privacystatement

2.9 铂金分析（Ptengine）

我们的网站使用 Ptmind Inc 公司（Ptmind）所提供的一项网页分析服务 Ptengine。Ptmind会使用 Cookie，会将 Cookie 生成的我们所提供网页的使用情况信息发送至位于中国的Ptmind服务器并保存在该处。

Ptmind受我们的委托使用该信息数据，用于分析用户对我们所提供网页的使用情况、总结网页活跃度报告并向我们提供其他与网页使用和互联网使用相关的服务。因此而收集的数据可被用于创建用户假名个人档案。

Ptmind 使用了第一方 Cookie(在用户电脑上 Ptengine 存储的小文本文件)。我们利用 Cookie获取信息，以便识别独立的访客、评估使用模式、执行流量分析、识别访客的偏好、诊断我们的服务器问题、分析趋势以及实现其他管理 Ptmind 产品和服务的功能。在用户计算机上的 Cookie 不包括个人可识别的信息，如姓名、电话号码、电子邮件地址或邮寄地址，Ptengine也不会将Cookies 与在其服务器或数据库中的个人可识别信息关联。IP地址被认为是个人信息，但并不是独立识别或公开的，而是以区域或城市的形式展示。

关于Ptmind的数据使用信息、设置和阻止方法的详细说明，请参阅下列网页： http://www.ptengine.cn/privacy/ (“隐私条款”)， http://www.ptengine.cn/gdpr/ (“Ptengine GDPR合规性”)， http://www.ptengine.cn/treaty/ (“Ptengine 使用条款”)， https://allaboutdnt.com (“All About DNT”)。

2.10 百度统计

我们的网站使用百度公司所提供的一项网页分析服务-百度统计。百度统计会将 Cookie 生成的我们所提供网页的使用情况信息发送至位于中国的百度服务器并保存在该处。

我们使用百度统计提供的信息数据，用于分析用户对我们所提供网页的使用情况、总结网页活跃度报告并向我们提供其他与网页使用和互联网使用相关的服务。因此而收集的数据可被用于创建用户假名个人档案。

用于百度统计分析的 Cookie 不包括个人可识别的信息，如姓名、电话号码、电子邮件地址或邮寄地址，百度统计也不会将Cookies 与在其服务器或数据库中的个人可识别信息关联。IP地址被认为是个人信息，但并不是独立识别或公开的，而是以区域或城市的形式展示。

百度统计不会将 Cookie 用于本隐私政策所述目的之外的任何用途。您可根据自己的偏好管理或删除 Cookie。您可以清除计算机上保存的所有 Cookie，大部分网络浏览器都设有阻止 Cookie 的功能。但如果您这么做，则需要在每一次访问我们的网站时亲自更改用户设置，但您可能因为该等修改，无法登录或使用依赖于Cookie的百度提供的服务或功能。除非经过最终用户本人事先授权同意，百度公司不会向除百度关联公司以外的第三方共享最终用户的个人信息，但经过处理无法识别特定个人且不能复原的除外。

您可以通过更改您的浏览器设置限制百度公司对Cookie的使用。以百度浏览器为例，您可以在百度浏览器右上方的下拉菜单的“浏览器设置”中，通过“隐私设置——清除浏览数据”，选择清除您的Cookie。

关于百度统计的数据使用信息、设置和阻止方法的详细说明，请参阅下列百度网页： https://tongji.baidu.com/web/help/article?id=330&castk=eb924ue7f172a8dc2d635

3 隐私政策的变更

(1) 我们保留更改本隐私政策的权利，以适应法律情况的变化或我们的服务和个人信息处理的变化。

(2) 如果需要取得用户同意，或者隐私政策的内容包含用户同意的合同内容，则我们会在经用户同意的情况下进行更改。

(3) 请您定期了解隐私政策的内容与更新。

最后更新日期：2022年 9月 26日

2.1. Hosting & CDN

We host our website externally and use a content delivery network (CDN) to provide our website quickly, reliably and securely.

• Amazon Web Services
  We use the services and infrastructure of Amazon Web Services to operate our website and its components. Provider is Amazon Web Services, EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter referred to as “Amazon”).
  When you visit our website, Amazon records various logfiles, including your IP addresses. Amazon is used on the basis of Art. 6 (1) (f) GDPR. We have a legitimate interest in a secure, fast and efficient provision of our website by a professional provider.
  We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.
  The data transfer to the United States is based on the Standard Contract Clauses of the EU Commission. You can find the details here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/
• Fastly
  We use the Content Delivery Network (CDN) Fastly. Provider is Fastly, Inc., 475 Brannan St 300, San Francisco, United States (hereinafter referred to as “Fastly”).
  Fastly is a globally distributed content delivery network. For the technically necessary transactions, the information transfer between your browser and our website is routed via Fastly's content delivery network. Fastly is used on the basis of our legitimate interest in displaying our website as quickly, uninterrupted, error-free, and secure as possible (Art. 6 (1) (f) GDPR).
  We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.
  The data transfer to the United States is based on the Standard Contract Clauses of the EU Commission. You can find the details here: https://www.fastly.com/de/data-processin
  The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail

2.2. Data processing on this website

• When accessing our website, information is automatically transmitted from your browser to us; this includes the name of the website and files that are accessed, the date and time they are accessed, the quantity of data transmitted, reports about successful access, the browser type and version, your operating system, the referrer URL (the page you visited prior to visiting our website), your IP address and the requesting provider.
• The processing of your above-mentioned personal data is technically necessary for offering our website as a service to you and is carried out based on our legitimate interests in accordance with Art. 6 (1) (f) GDPR regarding the operation of our website and, to ensure the safeguarding of the security of the processing (e.g., to prevent and identify cyber-attacks).
• The collection and storage of your personal data in log files is necessary for the provision of the website. For this reason, you may not request the deletion or correction of this data or object to its processing.

2.3. Contacting us

• When you contact us (via contact form, e-mail or telephone) the request including all resulting personal data (name, request, contact details) will be stored and processed by us for the purpose of processing your request.
• This data is processed based on Art. 6 (1) (b) GDPR if the request is related to the fulfillment of an order or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if applicable.
• Your information may be stored in our customer relationship management systems (“CRM systems”). The legal basis for the further processing of your data is the preparation of a business transaction (in accordance with Art. 6 (1) (f) GDPR).

2.4. Consent Management for data processing and use of cookies

• We use a Consent Management Platform (CMP) called CookieFirst to obtain the legally required consent for the use of cookies and other technologies, e.g. objects in local and session storage, and to legitimize the subsequent data processing via consent, if required. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. You can find more information here: https://cookiefirst.com
• We use the CMP to fulfill legal obligations. Data processing is based on Art. 6 (1) (c) GDPR.
• In Detail, we use CookieFirst to obtain your valid consent for the use and storage of information on the device you use to access our website as well as for a subsequent data processing via consent, if required, and to properly document this we use a consent management platform.
• When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies and information and for data processing on the basis of your consent. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies and information to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.
• Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
  1. Your consent status or the withdrawal of consent
  2. Your IP address
  3. Information about your Browser
  4. Information about your Device
  5. The date and time you have visited our website
  6. The webpage URL where you saved or updated your consent preferences
  7. The approximate location of the user that saved their consent preference
  8. A universally unique identifier (UUID) of the website visitor that clicked the cookie banner
• We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.

2.5. Use of cookies

• We only use non-essential cookies, if you have given your express consent (opt-in) in accordance with Section Art. 5 (3) Directive 2002/58/EC (also known as “ePrivacy Directive” hereinafter referred to as “ePD“) and the respective national law that has implemented Art. 5 (3) ePD, e.g., Section 25 German Telecommunications-Telemedia Data Protection Act (TTDSG). In addition, if you do not want to have cookies or other information stored on your computer you can deactivate the corresponding option in your system settings on their browser. Stored cookies can also be deleted in the browser’s system settings. Disabling cookies or similar technologies may limit the functionalities of this website.
• If you have consented to the storage of cookies and information on your device or to the access to information stored on your device, both activities are carried out on the basis of Section Art. 5 (3) ePD.
• We obtain user-consent to use cookies on all websites within the domain heraeus-comvance.com
• You can change your cookie settings here: https://www.heraeus-comvance.com/en/services/cookie-information/

2.6 Google Tag Manager

• We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).
• The Google Tag Manager is a tool that we can use either directly in your browser (client-side tagging) or indirectly cloud-based (server-side tagging) to integrate tracking or statistical tools and other technologies on our website. No user profiles are created by the Google Tag Manager itself, no cookies are set or stored and no independent analyzes are carried out. The Google Tag Manager only serves to manage and display the tools integrated via it. When using the Google Tag Manager, however, your IP address is recorded, which can also be transmitted to Google's parent company in the United States.
• With regard to the processing of users' personal data, reference is made to the following information on Google services. You can find usage guidelines here: https://www.google.com/intl/de/tagmanager/use-policy.html
• The Google Tag Manager is used based on your consent under Art. 6 (1) (a) GDPR and Section Art. 5 (3) ePD. The consent can be revoked at any time for the future.

2.7. Google Analytics

• This website uses functions of the web analysis service Google Analytics either directly in your browser (client-side tracking) or indirectly on our webserver (server-side tracking). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).
  Google Analytics enables the website operator to analyze the behavior of website visitors.
• The website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their device.
• The aim of using Google Analytics is to enable the user to be recognized for the purpose of analyzing user behavior through the use of various technologies (e.g., cookies or device fingerprinting). We use demographic characteristics for our analyses. The information collected by Google about the use of our website is usually transmitted to a Google server in the USA and stored there.
• The use of Google Analytics is based on your consent according to Art. 6 (1) (a) GDPR and Section Art. 5 (3) ePD. The consent can be revoked at any time for the future.
• We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.
• Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/. You can object to the collection and storage of data at any time with effect for the future. You can object to the future collection and storage of your data by Google Analytics by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout.
• Data stored by Google at the user and event level that is linked to cookies, user identifiers (e.g., User ID) or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) are anonymized after 26 months or deleted. You can find details on this under the following link: https://support.google.com/analytics/answer/7667196
• You can find more information about the use of data by Google as well as settings and opt-out options on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when using the websites or apps of our partners”), https://www.google.com/policies/technologies/ads (“Use of data for advertising purposes), https://www.google.de/settings/ads (“Managing information that Google uses to show you advertising”).

2.8 Google Target Audience

• We use Google Analytics (for details please see above) to form target groups, provided you have given your consent to the use of Google Analytics, in order to show the ads that are displayed within the advertising services of Google and its affiliates only to those users who have either shown an interest in our website or who have certain characteristics (e.g., interests in certain topics or products determined from websites visited) and that we have sent to Google (so-called “remarketing” or “Google Analytics Audiences”).
• We use Remarketing Audiences to ensure that our ads correspond to the potential interests of users.
• The data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.
• We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.
• You can find more information about the use of data by Google as well as settings and opt-out options on Google’s websites: https://policies.google.com/technologies/partner-sites (“Use of data by Google when using the websites or apps of our partners”), https://www.google.com/policies/technologies/ads (“Use of data for advertising purposes), https://www.google.de/settings/ads (“Managing information that Google uses to show you advertising”).

2.9. Google Display & Video 360

• This website uses functions of Google Display and Video 360 The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).
• We use the Google online marketing service “Display & Video 360” to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). Display & Video 360 differs from other services in that it shows real time advertisements based on your presumed interests. This allows us to show ads for and within our website in a more targeted manner so that we only show you those ads that potentially correspond to their interests. When you are shown an ad for products that you have been viewing on other websites, this is referred to as “remarketing”. For these purposes, upon accessing our websites and other websites on which the Google Advertising Network is active, Google will immediately run a code and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") will be incorporated into the website. With their help, an individual cookie, i.e., a small file, will be saved on the user’s device (comparable technologies may also be used instead of cookies). This file keeps a record of which websites you have visited, what content you are interested in and what offers you have clicked on, as well as technical information about the browser and operating system, websites that have referred you, access duration, and other information regarding the use of our website.
• The above information may also be linked with such information from other sources by Google. If you subsequently visit other websites, you may be shown advertisements tailored to your presumed interests on the basis of your user profile.
• Your data is processed pseudonymously within the Google Advertising Network. This means that Google does not store and process, for example, your name or email address but instead processes the relevant data using cookies within the pseudonymous user profile. In other words, from the perspective of Google, the ads are not managed and displayed for a person who is concretely identifiable, but rather for the person with the cookie, irrespective of who this person is. This does not apply if you have expressly permitted Google to process the data without pseudonymization. The information about you collected by Google Marketing Services is transmitted to Google and stored on Google servers in the U.S.
• The use of Google Remarketing is based on your consent according to Art. 6 (1) (a) GDPR and Section Art. 5 (3) ePD. The consent can be revoked at any time for the future.
• We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.
• You can find more information about the use of data by Google as well as setting and opt-out options in Google’s privacy policy (https://policies.google.com/technologies/ads) as well as the settings for showing ads by Google (https://adssettings.google.com/authenticated).

2.10. Google (re)marketing services

• This website uses functions of Google Analytics Remarketing. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”).
• Google Remarketing analyzes your user behavior while visiting our website in order to classify you into certain advertising target groups in order to show you suitable web messages when you visit other online offers (remarketing or retargeting).
• Furthermore, the advertising target groups created with Google Remarketing can be linked to Google's cross-device functions. In this way, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
• If you have a Google account, you can object to personalized advertising using the following link: https://www.google.com/settings/ads/onweb/
• The use of Google Remarketing is based on your consent according to Art. 6 (1) (a) GDPR and Section Art. 5 (3) ePD. The consent can be revoked at any time for the future.
• We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.
• Further information and the data protection regulations can be found in Google's data protection declaration at: https://policies.google.com/technologies/ads

2.11. Friendly Captcha

• We use the service "Friendly Captcha" (www.friendlycaptcha.com) on our website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
• Friendly Captcha is a protective solution designed to make the use of our website by automated programs and scripts (known as "bots") more difficult.
• Friendly Captcha does not set or read any cookies on the visitor's end device. For more information on data protection when using Friendly Captcha, please refer to https://friendlycaptcha.com/legal/privacy-end-users/.
• The legal basis for processing is our legitimate interests in protecting our website from abusive access by bots, including spam protection and defense against attacks (e.g., mass requests), based on Article 6 (1) (f) GDPR.
• We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.

2.12. LinkedIn Lead Gen Form 

• We use the service Lead Gen Forms, provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
  Lead Gen Forms are ad placements that allow contact forms to be integrated into sponsored content directly on the platform. We use the data you provide there to process your request for information. This data is transmitted to us by LinkedIn.
• The processing of the data is based exclusively on your consent according to Art. 6 (1) (a) GDPR. You can revoke this consent for the future at any time. For this purpose, a communication by email to covantics@heraeus.com is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
• The data you entered will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.
• The specific purpose of the data processing of the respective Lead Gen Forms is explicitly listed in the context of the advertisement (e.g., sending product information or contacting you for the purpose of answering your inquiry).

2.13. LinkedIn Insight Tag

• We use the service LinkedIn Insight Tag, provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”), to measure conversions.This tool creates a cookie on your web browser. We set the cookie exclusively with your consent in accordance with Section Art. 5 (3) ePD. The processing of the data is based exclusively on your consent (Art. 6 (1) (a) GDPR).
• We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.
• The cookie enables the collection of data regarding LinkedIn member’s visits on our website including the URL, referrer, IP address, device, and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or hashed (when used for reaching LinkedIn members across devices), and LinkedIn members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days.
• LinkedIn does not share any personal data with us but offers anonymous reports on website audience and display performance.
• LinkedIn members can control the use of their personal data for advertising purposes through their account settings: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest
• You u can object to the analysis of user behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
• Further information on data protection at LinkedIn can be found in LinkedIn's data protection information: https://www.linkedin.com/legal/privacy-policy

2.14. LinkedIn Retargeting

• We use the LinkedIn remarketing provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”), to display our advertising to a dedicated target group.
• We use LinkedIn to show the advertisements displayed within LinkedIn advertising services and its affiliates only to those users who have also shown an interest in our website or who have certain characteristics (e.g., interests in specific themes or products that are determined from the websites visited), which we submit to LinkedIn (so-called "remarketing"). We use LinkedIn to ensure that our ads correspond to the potential interests of users.
• In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. We can use this data to display targeted advertising outside of our website without identifying you as a website visitor.
• The processing of the data is based exclusively on your consent (Art. 6 (1) (a) GDPR). You can revoke this consent for the future at any time by changing the cookie settings: https://www.heraeus-comvance.com/en/services/cookie-information/
• LinkedIn members can control the use of their personal data for advertising purposes through their account settings: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest
• Further information on data protection at LinkedIn can be found in LinkedIn's data protection information: https://www.linkedin.com/legal/privacy-policy

2.15. Microsoft Dynamics 365 Cloud for Marketing

• We use the Microsoft Dynamics 365 Cloud for Marketing automation system provided by Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany (hereinafter referred to as “Microsoft”) to carry out marketing campaigns, for analysis purposes and for target group-specific contact with customers and potential customers. The data is processed within the European Union.
• In particular, we use the system to send email communications (e.g., in connection with the provision of downloads), for event management (e.g., to manage event participants) and to provide landing pages and contact forms.
• The use of Microsoft and the system, the collection and analysis of statistics and the logging of the registration procedure for communication by email are carried out based on your consent to receive email communication via Microsoft Dynamics 365 Cloud for Marketing according to Art. 6 (1) (a) GDPR, according to Art. 6 (1) (f) GDPR regarding the download of Whitepapers and according to Section Art. 5 (3) ePD regarding the use of cookies. The consent can be revoked at any time for the future. We are interested in a user-friendly and secure system that both serves our business interests and also meets the expectations of users.
• We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.
  System components integrated in our website (e.g., forms) use so-called “cookies” that are stored on the user’s computer and enable us to analyze the use of the website.
• In particular, the following information is collected: client ID, geographical location, browser type, duration of the visit and pages accessed.
• Pseudonymized email tracking: The statistical information collected also includes whether the newsletter was opened, when it was opened, and which links you clicked on. While this information can technically be attributed to individual newsletter recipients, the analysis of personal data has been deactivated and information about newsletter recipients is only analyzed pseudonymously and cannot be decrypted and attributed to individual users.
• Double opt-in and recording of data: Subscribing to our newsletter is subject to a so-called double opt-in process. This means that after subscribing for our newsletter you receive an email in which you are asked to confirm your subscription. Such confirmation is necessary to ensure that people do not subscribe using someone else’s email address. The newsletter subscription is logged so the subscription process can be verified in accordance with legal requirements. This includes recording the date and time of the subscription and the confirmation as well as the IP address. The changes to your data saved by the email marketing service provider are also logged.
• Unsubscribe: You can unsubscribe from the newsletter at any time, i.e., you can revoke your consent to receive it. There is an unsubscribe link at the end of each newsletter. Your personal data that has been processed in connection with the mailing of the newsletter will be deleted after you unsubscribe.
• Further data privacy information can be found in the Microsoft privacy policy at https://privacy.microsoft.com/en-US/privacystatement
• Further information about the use of cookies in connection with the system can be found at https://docs.microsoft.com/en-US/dynamics365/marketing/cookies

2.16. YouTube

• We embed videos from the YouTube website. The operator of the YouTube is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
• When you visit a page of our website in which a YouTube video is embedded, YouTube is technically informed which of our pages you have visited.
• YouTube also uses technologies that make it possible to obtain information about visitors to this website. This information is used, among other things, to compile video statistics in order to improve the user-friendliness of the website and prevent attempted fraud.
• If you are logged into your YouTube account while visiting our site, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
• We use YouTube based on our legitimate interest in an appealing presentation of our website in accordance with Art. 6(1)(f) GDPR. If a corresponding consent has been given, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section Art. 5 (3) ePD, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time with effect for the future.
  Further information on data processing by YouTube can be found in YouTube's data protection regulations: https://policies.google.com/privacy?hl=en

2.17 Wistia

• We embed videos from the Wistia website. The operator of Wistia is Wistia, Inc. 120 Brookline St Cambridge, MA, 02139-4503 United States.
• When you visit a page of our website in which a Wistia video is embedded, Wistia automatically receives and records information on their server logs including data related to media viewing, listening to, or accessing (including when you stop and start media, how many and which media of a particular Wistia customer you watched, and how many times you watched, listened to, or accessed particular media), data related to use of Wistia services, IP address, device, “cookie” information, and the page you requested.
• We use Wistia based on our legitimate interest in an appealing presentation of our website in accordance with Art. 6 (1) (f) GDPR. If a corresponding consent has been given, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section Art. 5 (3) ePD, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time with effect for the future.
• Further information on data processing by Wistia can be found in Wistia’s data protection regulations: https://wistia.com/privacy
• The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail

• We use the Microsoft Dynamics 365 CRM system from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, United States (hereinafter referred to as “Microsoft”) as a cloud service, i.e., the data is processed at Microsoft data centers.
• We use your data solely for the technical processing of requests and we do not disclose the data to third parties.
• In particular, we use the system to manage customers and prospective customers (leads) and to process user requests faster and more efficiently. The use of the system is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR.
• We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.
• The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail
• Further data privacy information can be found in the Microsoft privacy policy at https://privacy.microsoft.com/en-US/privacystatement
   

• We maintain several presences in social networks and platforms in order to be able to communicate with active customers, interested parties and users who are active there and to provide information to users there about our services.
• Please note that user data may be processed outside of the European Union and Switzerland. This may imply risks for users because, for example, it could be more difficult to enforce user rights.
• In addition, user data is generally processed for market research and advertising purposes. For example, user behavior and the resulting information about the user’s interests can be used to create user profiles. The user profiles can, in turn, be used to place advertisements, for example, within and outside of platforms that are supposedly in line with user interests. For these purposes, cookies that record the user’s behavior and interests are generally stored on the user’s computer. In addition, data can also be stored in the user profiles separately from the users' devices (in particular if the users are members of the relevant platforms and are logged in to them).
• The personal data of users is processed on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR in providing effecting information to users and communicating with users. If the users are asked to consent to data processing by the respective providers (i.e., give their consent, for example, by clicking a check box or pressing a button), the legal basis of the processing is consent according to Art. 6 (1) (a) GDPR.
• For a detailed overview of the processing and opt-out options discussed in this paragraph, see the information from the provider in the following links:
  
  Facebook / Instagram (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland)
  Privacy policy: https://www.facebook.com/privacy/policy
  Opt-out: https://www.facebook.com/privacy/center
  
  Google / YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
  Privacy policy: https://policies.google.com/privacy  
  Opt-out: https://adssettings.google.com/authenticated
  
  X (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States)
  Privacy policy: https://twitter.com/de/privacy
  Opt-out: https://twitter.com/personalization
  
  LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
  Privacy policy: https://www.linkedin.com/legal/privacy-policy
  Opt-out: https://www.linkedin.com/psettings/guest-controls
  
  XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
  Privacy policy/opt-out: https://privacy.xing.com/
   
• Please note that if you are looking for information or asserting your rights, it is best to contact the respective provider directly. Only the providers have access to your data and can take appropriate measures and provide information. You can contact us if you still need assistance.

• We collect feedback from our customers at regular intervals and on various occasions. We use your data to contact you to ask you to take part in the survey. Participation in customer surveys is always voluntary.
• We use the following survey tools (data processors) to conduct customer surveys:
  Survey Monkey software of the provider SurveyMonkey Europe UC (Shelbourne Road, Dublin, Ireland). Please note their privacy policy and find more information about it at the following link: https://en.surveymonkey.com/mp/legal/privacy/
• The legal basis for data processing is out legitimate interest in accordance with Art. 6 (1) (f) GDPR.
• We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.
• For the purpose of conducting the survey, in most cases we create an ID for your questionnaire, through which we can assign your answers to a specific process and thus usually also to your person. In doing so, we do not transmit your personal data to the provider of the survey tool. If the invitation to the survey already takes place via the provider's software, we transmit your business contact data to the provider in advance: First name, last name, company name, e-mail address.
• Personal data, e.g., your interest in products, your assessment of your experience with Heraeus or your telephone number for queries, may also be collected in the course of the survey. We will use your answers to continuously improve our offer - if necessary, also in cooperation with you. In the course of this, we will contact you - if there is a reason to do so, for example because you have expressed a wish, a suggestion or an expectation. If, as part of the survey, you take part in a raffle offered by us, we may also use your data to contact you as part of the raffle in order to inform you of any prize that may have been won and to coordinate the further procedure in this regard with you.
• If you would like your answers to be deleted after the survey has started or even after you have sent them, you can inform us of this at any time - for example, in response to your invitation to the survey. We will then immediately delete your answers from the survey tool and - provided they have been forwarded and there are no legal requirements to the contrary - from our systems. Irrespective of this, your data will be deleted at the latest in accordance with the statutory deletion periods stored in our systems.

• We collect feedback from our customers at regular intervals and on various occasions. We use your data to contact you to ask you to take part in the survey. Participation in customer surveys is always voluntary.
• We use the following survey tools (data processors) to conduct customer surveys:
  Dynamics Customer Voice" of the provider Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA) - hereinafter "Microsoft" - as a cloud service.
  Users can find further information on data protection in Microsoft's privacy policy at https://privacy.microsoft.com/en-gb/privacystatement
• The legal basis for data processing is out legitimate interest in accordance with Art. 6 (1) (f) GDPR.
• We have entered into a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR for the use of the aforementioned service.
• For the purpose of conducting the survey, in most cases we create an ID for your questionnaire, through which we can assign your answers to a specific process and thus usually also to your person. In doing so, we do not transmit your personal data to the provider of the survey tool. If the invitation to the survey already takes place via the provider's software, we transmit your business contact data to the provider in advance: First name, last name, company name, e-mail address.
• Personal data, e.g., your interest in products, your assessment of your experience with Heraeus or your telephone number for queries, may also be collected in the course of the survey. We will use your answers to continuously improve our offer - if necessary, also in cooperation with you. In the course of this, we will contact you - if there is a reason to do so, for example because you have expressed a wish, a suggestion or an expectation. If, as part of the survey, you take part in a raffle offered by us, we may also use your data to contact you as part of the raffle in order to inform you of any prize that may have been won and to coordinate the further procedure in this regard with you.
• If you would like your answers to be deleted after the survey has started or even after you have sent them, you can inform us of this at any time - for example, in response to your invitation to the survey. We will then immediately delete your answers from the survey tool and - provided they have been forwarded and there are no legal requirements to the contrary - from our systems. Irrespective of this, your data will be deleted at the latest in accordance with the statutory deletion periods stored in our systems.

• We reserve the right to change the privacy policy in order to adapt to changes in the legal situation or to changes in our services and data processing. However, this only applies to policies regarding data processing.
• If the consent of the user is required or if elements of the privacy policy contain components of the contract agreed the user, the changes will only be made with the user's consent.
• Users are requested to familiarize themselves regularly with the content of the privacy policy.
  
  Last updated: January 2025
  Version: Heraeus-Comvance-web-1.0