Privacy Policy


1. Data protection at a glance


General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. Detailed information on data protection can be found in this privacy policy.


Data collection on this website


Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Their contact details can be found in the section "Information on the responsible body" in this privacy policy.


How do we collect your data?
Your data is collected, firstly, because you provide it to us. This could include, for example, data that you enter into a contact form.
Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you access this website.


What do we use your data for?
Some data is collected to ensure the website functions correctly. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other inquiries.


What rights do you have regarding your data?
You have the right to obtain information free of charge at any time regarding the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data.
Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time with regard to this and other questions concerning data protection.


Analytics tools and third-party tools

When you visit this website, your browsing behavior may be statistically analyzed. This is primarily done using so-called analytics programs. You can find detailed information about these analytics programs in this privacy policy.


2. Hosting

We host the content of our website with the following provider:


IONOS

The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter referred to as IONOS). When you visit our website, IONOS collects various log files, including your IP address. For details, please see the IONOS privacy policy.
https://www.ionos.de/terms-gtc/terms-privacy.


The use of IONOS is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website possible. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.


Order processing
We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a legally required contract under data protection law, which ensures that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.


3. General information and mandatory disclosures


Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that data transmission over the internet (e.g., when communicating via email) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.


Note regarding the responsible body

The responsible body for data processing on this website is:


PHI Technik für Fenster und Türen GmbH
Lerchenfeld 5 – 7
91457 Markt Erlbach
Telephone: 09106 92 99 0
E-mail:info@phi-info.de


The responsible entity is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).


Data Protection Officer

We have appointed a data protection officer for our company.


Data Protection Officer:
IfS Sicherheitstechnik GmbH

At Leite 16

96193 Wachenroth DE

datenschutzbeauftragter@ifs-infoweb.de


Storage duration

Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you submit a legitimate request for erasure or withdraw your consent to data processing, your data will be deleted, provided we have no other legally permissible grounds for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the data will be deleted once these grounds cease to apply.


General information on the legal basis for data processing on this website


If you have consented to data processing, we process your personal data on the basis of Article 6(1)(a) GDPR or Article 9(2)(a) GDPR if special categories of data pursuant to Article 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing also takes place on the basis of Article 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g., via device fingerprinting), data processing additionally takes place on the basis of Section 25(1) of the German Telemedia Act (TMG). You may withdraw your consent at any time.
If your data is required for the performance of the contract or for taking steps prior to entering into a contract, we process your data on the basis of Article 6(1)(b) GDPR. Furthermore, we process your data if it is necessary for compliance with a legal obligation, on the basis of Article 6(1)(c) GDPR.
Data processing may also be based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Information on the applicable legal bases in each individual case is provided in the following paragraphs of this privacy policy.


Recipients of personal data

As part of our business activities, we collaborate with various external parties. This sometimes requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Article 6(1)(f) GDPR, or if another legal basis permits the data transfer. When using data processors, we only transfer our customers' personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.


Revocation of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. The legality of data processing carried out before the revocation remains unaffected by the revocation.


Right to object to data processing in special cases and to direct marketing (Art. 21 GDPR)

If data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you; this also applies to profiling based on these provisions. The specific legal basis for each processing operation can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishing, exercising or defending legal claims (objection pursuant to Art. 21 para. 1 GDPR).
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be processed for direct marketing purposes (objection pursuant to Article 21(2) GDPR).


Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement.


Right to data portability

You have the right to receive the data that we process automatically based on your consent or in fulfillment of a contract, either for yourself or for a third party, in a commonly used, machine-readable format.


Information, correction and deletion

Under applicable legal provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin and recipients and the purpose of the data processing, and, if applicable, a right to rectification or erasure of this data.


Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. This right exists in the cases mentioned in your submission.


SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content.


Objection to advertising emails

The use of contact details published within the scope of the legal notice obligation for sending unsolicited advertising is prohibited.


4. Data collection on this website


Cookies

Our website uses so-called "cookies". Cookies are small data packets and do not harm your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies).

Cookies can originate from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them. Other cookies can be used to analyze user behavior or for advertising purposes.

Cookies that are necessary for carrying out electronic communication, providing certain functions you have requested, or optimizing the website (essential cookies) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. If consent to the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG); this consent can be revoked at any time.

You can configure your browser to notify you when cookies are set and to allow cookies only in individual cases, to exclude the acceptance of cookies in certain cases or in general, and to activate the automatic deletion of cookies when closing the browser.

(Optional, if available: "We use a consent management tool from [provider] to manage your consents.")


Consent management tool (Termly)

We use the consent management tool Termly (Termly Inc., 8 The Green, Suite A, Dover, DE 19901, USA).

Termly is used to obtain your consent to the storage of certain cookies or the use of certain technologies and to document it in compliance with data protection regulations.

The following data is processed:

  • IP address
  • Browser information
  • Consent status
  • Timestamp

    • The legal basis is Art. 6 para. 1 lit. c GDPR (fulfillment of legal obligations) and Art. 6 para. 1 lit. f GDPR (legitimate interest in legally compliant consent management).

    Data transfer to the USA cannot be ruled out.


    Server log files

    The provider of the pages automatically collects and stores information in server log files, which your browser automatically transmits to us (browser type, operating system, referrer URL, hostname, time, IP address).
    The data is collected on the basis of Art. 6 para. 1 lit. f GDPR.


    Contact form

    If you send us inquiries via contact form, your information from the inquiry form, including the contact details you provided there, will be stored for processing purposes.
    Legal basis: Art. 6 para. 1 lit. b GDPR (contractual/pre-contractual) or Art. 6 para. 1 lit. f GDPR (legitimate interest) or Art. 6 para. 1 lit. a GDPR (consent), if requested.


    Inquiries via email, telephone or fax

    When you contact us by email, telephone or fax, your request, including all resulting personal data (name, request), will be stored and processed for the purpose of handling your request.
    Legal basis: Art. 6 para. 1 lit. b GDPR or Art. 6 para. 1 lit. f GDPR or Art. 6 para. 1 lit. a GDPR, if requested.


    5. Analytics tools and advertising


    IONOS WebAnalytics

    This website uses the analytics services of IONOS WebAnalytics. The provider is 1&1 IONOS SE, Elgendorfer Straße 57, 56410 Montabaur.
    The analyses can include visitor numbers and behavior, visitor sources, visitor locations, and technical data. According to IONOS, data collection is completely anonymized; IONOS WebAnalytics does not store cookies.
    Legal basis: Art. 6 para. 1 lit. f GDPR; if consent has been requested: Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.
    Further information:    https://www.ionos.de/terms-gtc/datenschutzerklaerung/


    Order processing:     AVV concluded.


    Google Analytics

    This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

    Google Analytics allows you to analyze the behavior of website visitors. This includes recording page views, time spent on the site, origin, and information about the device and browser used. Google may then combine this data into a profile.

    Google Analytics uses technologies such as cookies and device fingerprinting. The information collected is generally transferred to and stored on Google servers; transfer to the USA is possible.

    The usage takes place solely on the basis of your consent (Article 6 paragraph 1 letter a GDPR and Section 25 paragraph 1 TDDDG). Consent can be withdrawn at any time.

    We have the function IP anonymization Activated. We have concluded a data processing agreement with Google.

    Further information: https://policies.google.com/privacy?hl=de


    Google Ads

    We use Google Ads. Google Ads allows us to display advertisements in the Google search engine or on third-party websites. Depending on your consent, cookies/technologies may be used to, for example, measure the effectiveness of ads (conversion tracking) and optimize campaigns.

    The usage takes place solely on the basis of your consent (Article 6 paragraph 1 letter a GDPR and Section 25 paragraph 1 TDDDG). Consent can be withdrawn at any time.

    Further information: https://policies.google.com/privacy?hl=de


    Meta Pixel (Facebook Pixel)

    This website uses the Meta Pixel for conversion tracking. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

    This allows the behavior of website visitors to be tracked after they have been redirected to this website by clicking on a meta ad. This enables the effectiveness of meta ads to be evaluated.

    The data collected is anonymous to us; however, Meta may link the data to your Meta account and use it for its own purposes. Data transfer to the USA cannot be ruled out.

    The usage takes place solely on the basis of your consent (Article 6 paragraph 1 letter a GDPR and Section 25 paragraph 1 TDDDG). Consent can be withdrawn at any time.


    Further information: https://www.facebook.com/privacy/policy/


    Meta Ads

    We use meta ads to promote our offers on Facebook and Instagram. In this context, depending on your consent, data may be processed for audience targeting, reach measurement, and ad optimization (e.g., via pixel/conversion API, if used).

    The usage takes place solely on the basis of your consent (Art. 6 para. 1 lit. a GDPR). Consent can be withdrawn at any time.


    LinkedIn Insight Tag (LinkedIn Insights)

    This website uses the LinkedIn Insight Tag. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

    Using the Insight Tag, we receive information about visitors to our website, particularly for measuring reach and optimizing LinkedIn campaigns. LinkedIn can associate your visit to this website with your user account if you are logged in to LinkedIn.

    We generally only receive aggregated reports from LinkedIn; data transfer to third countries (e.g., USA) is possible.

    The usage takes place solely on the basis of your consent (Article 6 paragraph 1 letter a GDPR and Section 25 paragraph 1 TDDDG). Consent can be withdrawn at any time.

    Further information: https://www.linkedin.com/legal/privacy-policy


    6. Newsletter


    Newsletter data

    If you wish to subscribe to the newsletter offered on the website, we require an email address from you, as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis.

    We use this data exclusively for sending the requested information and do not pass it on to third parties.

    Legal basis: Your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time, for example via the "Unsubscribe" link in the newsletter.

    The data you provide to us for the purpose of receiving our newsletter will be stored until you unsubscribe and will be deleted after you unsubscribe.
    After you unsubscribe, your email address may be stored on a blacklist if this is necessary to prevent future mailings (legitimate interest, Art. 6 para. 1 lit. f GDPR). This storage is not time-limited; you can object to it.


    Newsletter distribution to existing customers

    If you order goods or services from us and provide your email address, this email address may subsequently be used to send you newsletters, provided we inform you of this beforehand. In such a case, the newsletter will only contain direct advertising for our own similar goods or services.
    Legal basis: Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG.
    You can unsubscribe at any time (link in the newsletter).


    CleverReach

    We use CleverReach to send our newsletter. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany.

    CleverReach is a service that can be used to organize and analyze newsletter distribution (e.g., open and click rates). The data is stored on CleverReach's servers.

    Legal basis: Consent (Art. 6 para. 1 lit. a GDPR). Consent can be withdrawn at any time.
    Order processing:     We have a data processing agreement (DPA) with CleverReach.
    Further information:    https://www.cleverreach.com/de/datenschutz/


    7. Applications (via email)

    We offer you the opportunity to apply to us via email.


    Scope and purpose of data processing

    If you send us an application by email, we process the personal data you provide (e.g. name, contact details, cover letter, CV, certificates, qualifications, photo if applicable and other information you provide) for the purpose of carrying out the application process.

    The data will be processed solely for the purpose of reviewing your application and deciding whether to establish an employment relationship.


    Legal basis

    The legal basis for processing your application data is:

    • Section 26 Paragraph 1 BDSG (Initiation of an employment relationship)
    • Article 6 paragraph 1 letter b GDPR
    • possibly Art. 6 para. 1 lit. a GDPR, if you give your consent for longer storage (e.g. inclusion in an applicant pool)

      • If special categories of personal data within the meaning of Art. 9 GDPR are transmitted (e.g. health data or information on severe disability), the processing is carried out on the basis of § 26 para. 3 BDSG.


      Recipients of the data

      Your application data will only be forwarded internally to the responsible persons tasked with processing your application (e.g., management, HR). It will not be shared with third parties.


      Storage duration

      Your application data will be deleted no later than six months after the application process has been completed, provided that no employment relationship is established and there are no legal retention obligations to the contrary.

      If you have expressly consented to being included in an applicant pool, we will store your data in accordance with the consent you have given. You can revoke this consent at any time with effect for the future.

      If an employment relationship is established, the data will be transferred to the personnel file – insofar as this is necessary and permissible.


      Safety notice

      Please note that applications submitted via email may be unencrypted. If you require encrypted transmission, please contact us beforehand.


      8. Plugins and Tools


      YouTube with enhanced privacy

      This website embeds videos from YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

      When you visit one of our pages that includes embedded YouTube videos, a connection is established to YouTube's servers. This informs the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

      We use YouTube in enhanced privacy mode. According to YouTube, this does not set cookies for personalization; however, local storage elements may be used.

      The use of YouTube is in our legitimate interest in presenting our online content in an appealing way. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG. This consent can be revoked at any time.

      Further information:
      https://policies.google.com/privacy?hl=de
      https://support.google.com/youtube/answer/171780


      8. Status / Update

      This privacy policy will be amended as needed, e.g. in the event of technical changes to the website or changes in legal requirements.


      As of [17.02.2026]