Privacy Policy and Information pursuant to Articles 13 and 14 GDPR

As of 14 July 2025, Version 1.0

Information on the Handling of your Personal Data

  1. An initial overview

When collecting your data, we must inform you in a clear and understandable manner about how your personal data will be handled. Here you will find a brief overview and detailed information in the following sections about,

 

  • who our company is and how you can contact us or our responsible persons; we will provide you with the relevant contact details there;
  • for what purpose we will use your personal data;
  • which categories of personal data we process from you;
  • on what legal basis we process your personal data;
  • How long we will store your personal data;
  • Which recipients may receive your personal data;
  • Whether the personal data will be transferred to a country outside the EU;
  • That you have fundamental rights in the area of data protection, e.g. with regard to:
    • Information
    • Correction
    • Deletion
    • Restriction of processing
    • Data portability
    • Objection or
    • Detailed information on automated decision-making.
  • In addition, you will find further information on the handling of data from external and internal applicants,
  • on the handling of data in connection with the use of our websites and online presence on social media sites,
  • on the handling of data in connection with the use of video conferencing,
  • and on the use of cloud services.

Please note that personal data is required for our business operations. Without personal data, we are unable to fulfil your requests, manage you as a contractual partner or provide you with information about our activities, services or our company. Naturally, we will only collect the data necessary for these purposes. Should we request additional data from you, we will inform you of this and point out that the provision of this information is voluntary. We do not engage in any automated decision making, including profiling, as referred to in Article 22 GDPR.

Data protection is very important to us. We would therefore like to provide you with comprehensive and understandable information about how we process your personal data – naturally in compliance with the applicable legal provisions, such as the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable German data protection laws. We have defined how we handle personal data in our data protection management system and act accordingly.

If you believe that our privacy policy could be improved, we would be delighted to receive your comments and suggestions.

In addition, you have the option at any time to contact us directly or the responsible data protection supervisory authority (State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, PO Box 20 04 44 40102 Düsseldorf, telephone: 0211/384 24-0, fax: 0211/384 24-999, email: poststelle@ldi.nrw.de, https://www.ldi.nrw.de) at any time and lodge a complaint there if necessary.

Our privacy policy and other information on data protection are regularly reviewed and updated as part of our data protection management system. The current version is published on this page.

 

  1. Detailed Information

Contact Details

Contact details of the controller:

 

ZBT – Zentrum für BrennstoffzellenTechnik GmbH

Carl-Benz-Straße 201

47057 Duisburg

+49-203-7598-0

info@zbt.de

 

Contact details of the data protection officer

A legally required data protection officer has been appointed for our company and can be contacted by post at the above address of the responsible party with the addition of DATA PROTECTION or by email at the email address: angelika.galley@daproserv.com.

 

  1. Purposes of Data Processing

The specific data we process and the purposes for which we use it depend on the services you use with us. Details on the purposes of our data processing can be found in the respective contract documents, forms, declarations of consent and other information provided to you in this context. This data protection information is part of our contract texts, website or other documents that we provide or have provided to you. Essentially, we process personal data for the following purposes as standard:

  • Customer and supplier relationship management
  • Applicant management
  • Employee management
  • Order management
  • Operation of the website www.zbt.de
  • Publications on our websites and social media portals
  • Management of training and event participants
  • Management of other cooperation and business partners

In addition, we process your data in the following cases for the purpose of

  • Sending (by post, email, etc.) company information, provided you have given us your consent to do so
  • Communication (analogue and digital)
  • Obtaining information from credit agencies
  • Using your email address for marketing purposes, newsletters, etc., provided you have given us your consent to do so
  • fulfilling legal requirements, such as tax laws, compulsory insurance, etc.
  • fulfilling legal security, control and reporting obligations
  • archiving data for backup and to fulfill documentation obligations
  • disclosure in the context of official/judicial measures
  • conducting video conferences

 

  1. Data Categories

Depending on your use of our services or the contractual relationship we have with you, the categories of personal data we may process about you are as follows:

  • Master data (e.g. name, telephone number, email address, postal address, etc.) of customers (including potential customers), suppliers and service providers (including potential suppliers and service providers), from other cooperation and business partners, from employees within the scope of their employment relationship, from applicants, training and event participants, other interested parties and other categories of persons associated with the aforementioned persons who may be involved within the scope of their respective affiliations (e.g. family members, employees of service providers and/or suppliers, etc.)
  • Contact details for the above categories of persons (addresses, telephone numbers, email addresses, etc.)
  • Interaction data for the above categories of persons (interests, orders, participation in training courses and events of all kinds, etc.)
  • Bank details and data on payments and, if applicable, creditworthiness
  • Usage data on websites and customer portals offered by us (IP address, time of page views, pages visited, etc.)
  • Consent data, for documenting consents granted/revoked

 

  1. Legal Basis

If you are employed by us, we process your personal data for the establishment, implementation and termination of the associated contractual relationship on the basis of Art. 6 (1) lit. b in conjunction with Art. 88 GDPR and §26 BDSG.

If we are in another contractual relationship or communicate within the framework of pre-contractual measures, the processing of personal data is carried out for the purpose of implementing the relevant contracts, measures and activities within this framework. This processing is based on Art. 6 (1) lit. b GDPR.

In addition, we process your data for the purposes listed below on the basis of the following legal grounds:

  • Customer management (Art. 6 (1)(b) GDPR)
  • Supplier management (Art. 6 (1)(b) GDPR)
  • Management of cooperation partners (Art. 6 (1)(b) GDPR)
  • Employee management (Art. 6 (1)(c) GDPR); Art. 6(1)(b) in conjunction with Art. 88 GDPR and Section 26 BDSG.]
  • Applicant management (Art. 6 (1) (a) and (b) GDPR in conjunction with Art. 88 GDPR, Section 26 BDSG)
  • Administration (Art. 6 (1) (c) GDPR)
  • Operation and hosting of the company’s websites, in particular to provide you with the requested page content and to ensure the necessary security during their operation (Art. 6 (1) (f) GDPR)
  • Publication of photos on the websites and social media portals (Art. 6 (1) (a) GDPR), provided you have given us your consent
  • Market and opinion research (Art. 6 (1) (a) GDPR), provided you have given us your consent
  • Use of your email address for marketing purposes, newsletters (Art. 6 (1) (a) GDPR), provided you have given us your consent
  • Fulfilment of legal requirements, such as tax laws, etc. (Art. 6 (1) (c) GDPR)
  • Fulfilment of legal control and reporting obligations (Art. 6 (1) (e) GDPR)
  • Archiving data for backup purposes (Art. 6 (1) (c) and, where applicable, (f) GDPR)
  • Fulfilment of documentation obligations (Art. 6 (1) (c) GDPR)
  • Disclosure in the context of official/judicial measures (Art. 6 (1) (e) GDPR)

In the event that we process further personal data about you on the basis of Art. 6 (1) lit. f GDPR – in the sense of a balancing of interests – we will inform you separately in advance.

 

  1. Storage of Data

We only process and store your data for as long as is necessary for our activities and purposes or as required by legal retention obligations (e.g. HGB, AO, etc.). In individual cases, this may mean that personal data is stored for several years.

 

  1. Recipient

As a general rule, your personal data will only be made available to internal or external recipients who need it to fulfil contractual or legal obligations or to perform their duties. This means that it will only be passed on or disclosed

  • to entities that process data as processors or in joint responsibility with us (e.g. in the areas of HR, maintenance, accounting, data disposal, marketing, information and communication technology, website administration and hosting, applicant management, etc.)
  • in the event of a legitimate interest, to authorities, lawyers, associations, courts, experts, credit agencies, debt collection companies, etc.
  • in the event of a legal obligation, to authorities, public bodies, social security institutions, etc.
  • to other possible third parties if you have given us your express consent to do so.

Furthermore, we will not disclose your data to third parties.

Service providers that we have commissioned within the scope of order processing or in terms of joint responsibility may only use the data for the purposes for which we have passed it on to them. This is generally regulated by contract with these service providers, and data processing there is subject to the same framework conditions as at our company.

  1. Data transfer outside the EU

Data is not usually transferred to locations in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries). However, when data is collected in connection with visits to our websites, the use of cloud services and visits to our social media pages, data transfer to third countries (including unsafe third countries) cannot be ruled out. Please refer to the relevant information in this privacy policy.

 

  1. Rights of Data Subjects

You can assert your data protection rights against us under certain conditions:

  • You have the right to obtain information about your data stored by us in accordance with the provisions of Art. 15 GDPR – with restrictions, if applicable.
  • If your data stored by us is inaccurate or incorrect, you can request that it be corrected in accordance with Art. 16 GDPR.
  • In accordance with Art. 17 GDPR, you can request that the personal data stored about you be deleted. However, this only applies if there are no other legal provisions that prevent deletion.
  • If the requirements of Art. 18 GDPR are met, you can request that the processing of your data be restricted.
  • Under certain circumstances, you have the right to request that we provide you with your personal data under the conditions of Art. 20 GDPR.
  • You have the right to revoke your consent at any time with effect for the future in accordance with Art. 7 (3) GDPR. From this point on, your personal data will no longer be processed for the purposes to which you object. The objection can be made informally.
  • Within the framework of existing contractual relationships with our customers and business partners, we send customer information, specifically contract- and/or service-related information, by email to the contact email addresses stored with us. This includes, for example, current technical information. If you do not wish to receive this information, you can notify us at any time by emailing info@zbt.de or by clicking on the unsubscribe link provided in every customer information email. If you would like to designate another or additional contact person from your company to receive the information, please send us an email at info@zbt.de.
  • You have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
  • If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without you having to specify a particular situation.

If you wish to exercise any of the above rights, please contact us in writing at the above address of the controller (see contact details) or contact us directly by email at info@zbt.de.

 

  1. Additional information regarding data from external and internal applicants

Data relating to you as an individual is generally collected directly from you – for example, as part of the application process – on the basis of Art. 88 GDPR and Section 26(1) BDSG.

In addition, we may also have received data from third-party sources pursuant to Art. 14 GDPR (e.g. job boards such as Indeed, Stepstone or similar recruitment agencies, as well as personnel consultants).

We may also process personal data that we have lawfully obtained from publicly accessible sources (e.g. professional social networks).

The categories of personal data processed from applicants include, in particular, your master data (such as first name, surname, name affixes, nationality, personnel number), contact details (such as private address, (mobile) telephone number, email address) and data relating to the entire application process (cover letter, CV, employment or other references, proof of qualifications).

If you have voluntarily provided special categories of personal data (such as health data, degree of disability, religious affiliation) in your application letter or during the application process, this data will only be processed if you have expressly consented to this (Art. 9 (2) (a) GDPR).

We process personal employee and applicant data on the basis of and in compliance with the European General Data Protection Regulation (EU GDPR), the Federal Data Protection Act (BDSG) and all other relevant provisions of German labor law (e.g. AGG, BetrVG, SGB, etc.).

The processing of your personal data within the scope of the application process primarily serves to carry out the application procedure, in particular to determine the extent to which you are suitable for the advertised position. The processing of your applicant data is necessary for the decision on the establishment of an employment relationship. The primary legal basis for this is Art. 88 GDPR in conjunction with Section 26 (1) BDSG.

 

10.1 Data transfer for internal and external applicants:

Within our company, only those persons and departments who need your personal data to make a decision about your employment and to fulfil our legal and contractual obligations will receive it. Outside our company, we only disclose your personal data to entities that process this data as processors (applicant management).

Notwithstanding this, we will only transfer your personal data – e.g. to investigative authorities – if we are legally obliged to do so.

 

10.2 Storage period for internal and external applicants:

Personal applicant data transmitted to us will be deleted as soon as it is no longer required for the above-mentioned purposes, at the latest after 6 months. This does not apply if you have expressly agreed to a longer storage period, if storage is necessary for evidence purposes, or if legal regulations prevent deletion. For example, we retain your applicant data for as long as there is a possibility that you may assert legal claims against us, e.g. due to a violation of provisions of the General Equal Treatment Act (AGG).

However, if your application leads to the establishment of an employment contract with you, your data will be stored for the purposes of standard administrative and organizational processes and for the performance of the employment relationship until the end of the employment relationship.

 

  1. Additional information on the collection and storage of personal data when visiting our websites:

When you visit our websites, the browser used on your device automatically sends information to the server of our website and our customer portal. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • Host name of the requesting computer,
  • Date and time of access,
  • Website from which access is made (referrer URL),
  • Browser used, browser version and operating system of your computer

We process the aforementioned data for the following purposes:

  • Ensuring smooth connection to the website,
  • Ensuring comfortable use of our website,
  • Evaluating system security and stability, and
  • For other administrative purposes.

The legal basis for data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the operation of our website and the associated presentation of our company. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

Your data will be deleted as soon as it is no longer required for the specified purposes, at the latest after 6 months.

 

11.1 Cookies, analytics tools, plugins and other third-party elements

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall.

Information is stored in the cookie that is related to the specific device used. However, this does not mean that we immediately obtain knowledge of your identity.

Our website uses cookies to the following extent:

  • Transient cookies (temporary use)
  • Persistent cookies (time-limited use)

Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to the website.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser’s security settings.

 

11.1.1 Required first-party cookies

The use of our necessary first-party cookies serves, on the one hand, to make the use of our website more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again. This data is deleted after 6 months at the latest.

We process your data on the basis of our legitimate interest in the external presentation of our company via the website you have accessed and to promote user-friendliness. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completely disabling cookies may mean that you cannot use all the features of our website.

This stored information is stored separately from any other data transmitted to us. In particular, cookie data is not linked to your other data (e.g. contact enquiries or online applications).

 

11.1.2 Third-party cookies, plugins and other third-party elements

The third-party cookies, plugins and other third-party elements listed below and used by us are only used with your express consent and thus on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future. Failure to give or revocation of consent may result in the website not being displayed correctly or you not being able to use all the functions of the website.

We use third-party cookies, plugins or other third-party elements to ensure that our website is designed to meet your needs and is continuously optimized.

The respective functional descriptions, any recipients of the data, information on possible transfers to a third country and the storage period can be found in the following notes on the individual processing procedures involving third-party cookies, plugins or other third-party elements.

 

Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’), on our website, provided that you give us your consent in accordance with Art. 49 (1) (a) GDPR. Cookies are used in this context. The information generated by the cookie about the use of the online offer by the users is usually transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our online offer by the users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with IP anonymization enabled. This means that the IP address of users is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there.

The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software settings; accordingly, Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by refusing to give their consent or by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on data use by Google, settings and objection options can be found in Google’s privacy policy (https://policies.google.com/privacy) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

Google is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection.

Users’ personal data is deleted or anonymized after 14 months.

 

Google Maps

We use Google Maps, a map service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’), on our website, provided that you give us your consent in accordance with Art. 49 (1) (a) GDPR. To use the functions of Google Maps, it is necessary to store your IP address. This information about the use of the online offer by users is usually transferred to a Google server in the USA and stored there.

When you visit a website on our website that contains Google Maps, your browser establishes a direct connection to Google’s servers, provided that you have consented to the use of Google Maps. Until you consent to the use of Google Maps, the service will not be loaded and no connection to Google’s servers will be established.

The map content is transmitted directly from Google to your browser and integrated into the website. Therefore, we have no influence on the scope of the data collected by Google in this way. To the best of our knowledge, this includes at least the following data:

  • Date and time of the visit to the website in question,
  • Internet address or URL of the website accessed,
  • IP address, (start) address entered for route planning.

We have no influence on the further processing and use of the data by Google and therefore cannot accept any responsibility for this.

Google is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.

The terms of use for Google Maps can be found at https://www.google.com/intl/de_de/help/terms_maps.html.

 

Google Tag Manager

We use Google Tag Manager, a tag management system for integrating tracking or statistics tools from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’), on our website, provided that you give us your consent in accordance with Art. 49 (1) (a) GDPR. Google Tag Manager itself does not create user profiles, does not store cookies to our knowledge, and does not perform any independent analyses. It is used solely for the administration and display of the tools integrated via it. According to its own information, Google Tag Manager does not collect IP addresses or other personal data (https://support.google.com/tagmanager/answer/9323295?hl=de).

Google is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.

 

Google reCAPTCHA

We use Google reCAPTCHA on our website, an automated test provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’), to distinguish humans from machines based on different interaction patterns and associated parameters. To do this, reCAPTCHA analyses the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website, provided you have consented to the use of reCAPTCHA. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, length of time the website visitor stays on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not specifically or repeatedly informed that an analysis is taking place.

Google is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection.

 

  1. Online presence on social media sites

We maintain online presences within social networks and platforms such as LinkedIn, YouTube and X (formerly Twitter) in order to communicate with customers, interested parties and users who are active there and to inform them about our services and our company. With regard to the operation of these online presences, we are jointly responsible with the aforementioned providers.

We would like to point out that, especially on LinkedIn, X (formerly Twitter) and YouTube, user data may be processed outside the European Union. This may pose risks for users, as it could, for example, make it more difficult to enforce their rights.

Furthermore, user data is generally processed by the platforms for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by users (in particular if users are members of the respective platforms and are logged in to them). We do not have any access to the actual usage data. We only use general usage statistics to check the effectiveness of usage.

The processing of users’ personal data is based on our legitimate interests in effectively informing users and communicating with them in accordance with Art. 6 (1) lit. f GDPR.

For a detailed description of the respective processing operations and the options for objection (opt-out), we refer to the information provided by the providers linked below.

In the case of requests for information and the assertion of user rights, we would also like to point out that these can be most effectively asserted with the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. However, if you still need help, you can contact us.

 

  1. Rights of use Imprint data

We expressly object to the use of our contact data published within the scope of the imprint obligation by third parties for the purpose of sending unsolicited advertising and information materials.

We expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, for example through spam emails.

 

  1. Creation

This privacy policy was created by:

Dapro Serv GmbH Telefon: +49 (0) 241-55967796

Auf der Hüls 128 E-Mail: info@daproserv.com

52068 Aachen Web: www.daproserv.com