Data Privacy Policy

Data Privacy Policy

Privacy Policy for Websites


1 Information on the collection of personal data


(1) This Privacy Policy serves to inform you about the collection of your personal data when you use our website. Personal data is all data that refers to you personally, e.g. name, address, email addresses, user behaviour.


(2) The controller in terms of Art. 4 no. 7 of the EU General Data Protection Regulation (GDPR) is CRD GmbH & Co. KG, Brabus-Allee, 46240 Bottrop, Germany, (see the legal notice in our website). Our data protection officer is available under or by postal letter to our company (please add “Att: Data Protection Officer“).


(3) When you contact us by email or contact form, we will store the data you have disclosed to us there (your email address, possibly your name and telephone number) to answer your questions. We erase the data collected in this context when its storage is no longer necessary, or we restrict the processing of this data if statutory retention periods have to be observed.


(4) In case we have recourse to service providers which we have engaged to perform certain individual tasks in the context of the services we offer or in case we want to use your data for advertising purposes, we inform you about the details of the relevant processing activities below. In this context, we also inform you of the criteria which we have fixed for the duration of data storage.

2. Your rights


(1) As to the personal data concerning you, you are entitled to the following rights in the relationship with us:


–Right to information/ access (Art. 15 GDPR),

–Right to rectification or erasure (Art. 16 and Art. 17 GDPR),

–Right to restriction of processing (Art. 18 GDPR),

–Right to object to data processing (Art. 21 GDPR),

–Right to data portability (Art. 20 GDPR).


(2) Moreover, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 subs. 1 e) GDPR (data processing in the public interest) or Art. 6 subs. 1 f) GDPR (data processing based on the weighing of interests), including profiling based on those provisions (Art. 21 GDPR). If you object to the processing, we will only continue to process your data if we can prove mandatory legitimate reasons for the processing that override your interests, rights and freedoms or when the processing serves to establish, exercise or defend legal claims.


(3) If you have given your consent to our processing of your personal data, you have the right to withdraw this consent at any time. The withdrawal of your consent is however without prejudice to the lawfulness of the processing of your personal data that has taken place until the time of your withdrawal. Moreover, the withdrawal is without prejudice to any further processing of this data which is based on another legal basis such as for compliance with legal obligations.


(4) Finally, you have the right to lodge a complaint about our processing of your personal data with a data protection supervisory authority.


(5) We kindly ask you to communicate your claims or declarations to the following address if possible:

3. Collection of personal data when you visit our website


(1) When you use our website for mere information purposes which means when you do not register or otherwise disclose or transfer information to us, we only collect the personal data which your browser transfers to our server. If you want to visit our website, we collect the following data which is necessary for us in technical respect to display our website to you and ensure its stability and security (the legal basis for this is Art. 6 subs. 1 sentence 1 f) GDPR):
–IP address

–Date and time of the request

–Time zone difference compared to Greenwich Mean Time (GMT)

–Content accessed (specific page accessed)

–Access status / http status code

–Data volume transferred from time to time

–Website from which the request is made


–Operating system and its surface

–Language and version of the browser software.

(2) In addition to the aforesaid data, cookies are stored on your computer when you use our website. Cookies are small text files which are allocated to the browser you use and stored on your hard drive and which provide the body which places the cookie (here: our company) with certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to generally render the Internet presentation of services more user-friendly and more effective.

(3) Use of cookies:

a) This website uses the following types of cookies the extent and functionality of which are described in the following:


–Temporary cookies (see b)

–Persistent cookies (see c).


b)  Temporary cookies are deleted automatically as soon as you close the browser. They include in particular session cookies. These store a so-called session ID which enables various browser requests to be allocated to the same session. This allows recognition of your computer when you visit our website again. The session cookies are deleted when you log out or close the browser.


c)  Persistent cookies are deleted after three months at the latest. You can delete the cookies at any time in the security settings of your browser.


d)  You can configure your browser settings as you wish, and you can, for example, reject third-party cookies or all cookies. Please be aware that, in this case, you might be unable to use all functions and features of this website.


e)  We use cookies to be able to identify you when you visit our website again if you have an account with us. Otherwise, you have to log in anew for every visit.


f)  The flash cookies we use are not administered by your browser but by your flash plug-in. In addition, we use HTML5 storage objects which are stored on your terminal. These objects store the required data, regardless of the browser you use, and they do not expire automatically. If you do not want flash cookies to be administered, you have to install an appropriate Add-on, e.g. “Better Privacy” for Mozilla Firefox ( or the Adobe-Flash-Killer-Cookie for Google Chrome. You can prevent the use of HTML5 storage objects if you set your browser to private mode. We also recommend that you delete your cookies and the browser history manually at regular intervals.

4. Use of Google Analytics


(1) This website uses Google Analytics which is a web analysis service of Google Inc. (”Google”). Google Analytics uses so-called “cookies“ which are small text files that are stored on your computer and enable to analyse how you use the website. The information generated by the cookie about how you use this website is, as a rule, transferred to a server of Google in the USA and stored there. However, if the IP anonymisation feature is activated on this website, Google will shorten your IP address within the EU Member States or in other countries party to the Agreement on the European Economic Area before it is transferred. Only in exceptional cases will the full IP address be transferred to a server of Google in the USA and shortened there. Google, acting on instruction and behalf of the operator of this website, uses this information to analyse how you use the website, to compile reports about the website activities and render further services relating to the use of the website and the use of the Internet to the website operator.


(2) The IP address which is transferred by your browser in the context of Google Analytics will not be combined with other data of Google.


(3) You can set your browser software to prevent the storage of cookies; please be aware that in this case you might be unable to use all functions and features of the website without restrictions. You can also prevent the collection and transfer of the data generated by the cookie regarding your use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link:


(4) This website uses Google Analytics with the supplementary feature “_anonymizeIp()“. This makes sure that only shortened IP addresses are processed further, which prevents IP addresses from being allocated to specific persons. This means that, if and to the extent the data collected from you refer to you personally, allocation of the data to you personally is prevented right from the beginning and the personal data is thus deleted immediately.


(5) We use Google Analytics to be able to analyse and continuously improve the use of our website. The statistics we gain thereby help us to improve our presentation and services and to offer you as the user a more interesting design. As to the exceptional cases where personal data is transferred to the USA, Google has agreed to respect and comply with the EU-US Privacy Shield, The legal basis for the use of Google Analytics is Art. 6 subs. 1 sentence 1 f) GDPR.


(6) Information provided by the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use:, general information on privacy:, and Privacy Policy:


(7) This website uses Google Analytics also for the purposes of cross-device analysis of visitors, i.e. when they access the website from different terminals, which is implemented by means of a user ID. You can deactivate this analysis of your user behaviour in your customer account under “My data”, “personal data”.

5. Security measures


(1)  Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood of risk realization and the varying severity of the risks for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures in accordance with Art. 32 GDPR to ensure a level of security appropriate to the risk.

(2)  These measures include in particular but are not limited to the ability to ensure the confidentiality, integrity and availability of data by controlling physical access to the data as well as actual data access, data entry, data transfer, and the ability to ensure data availability and data separation. In addition, we have established procedures which ensure the protection of the rights of data subjects, the erasure of data and reaction to an endangerment of the data. Moreover, we consider the protection of personal data already in the development and/or selection of hardware, software and processes, according to the principle of data protection by design and by default (Art. 25 GDPR).

6. Cooperation with processors and third parties


(1)  Where we disclose, transfer or otherwise grant access to, data to other persons and companies (processors or third parties) in the context of our data processing, this is in all cases done on the basis of a statutory authorisation (e.g. where the transfer of data to third parties such as payment services providers is necessary for contract performance according to Art. 6 subs. 1 b) GDPR, or when you have given your consent to the processing, or the processing is necessary for compliance with a legal obligation or the processing is carried out for the purposes of our legitimate interests, e.g. when we engage agents, web hosting companies etc.).

(2)  When we engage third parties to process data based on a so-called contract for data processing on behalf, this is done on the basis of Art. 28 GDPR.

7. Transfer to third countries


If we process data in a third country, i.e. a country outside the European Union (EU) or the European Economic Area (EEA) or such data processing in a third country occurs in the context of services provided by third parties engaged by us or in the context of disclosure or transfer of data to third parties, this is done only if this is required for the performance of our (pre-)contractual duties or based on your consent or to comply with a legal obligation or for the purposes of our legitimate interests. Subject to any existing statutory or contractual authorisations, we only process data, or have data processed, in a third country if the special requirements under Art. 44 et seqq. GDPR are satisfied. This means that the processing is based, for instance, on special safeguards such as the official recognition that the data protection level in the third country satisfies EU standards (which is for instance the case with the “Privacy Shield” for the USA) or on compliance with special officially recognized contractual obligations (so-called standard contractual clauses).