Privacy Policy
As of: July 14, 2026
The protection of personal data is of great importance to PI (Physik Instrumente) Ltd. UK, Trent House, University Way, Cranfield Technology Park, Cranfield, Bedford MK43 0AN, United Kingdom (hereinafter referred to as PI”). PI therefore processes personal data solely based on the statutory provisions, in particular on the basis of the EU General Data Protection Regulation (GDPR).
This Privacy Policy provides information about the most important aspects of data processing on the PI website https://www.physikinstrumente.co.uk (hereinafter referred to as the “Website”) and the use of its associated services.
The following sections explain in detail what types of personal data are processed when visiting and using this Website, for what purpose, and for how long this data is stored, as well as which rights visitors have concerning the processing of their personal data.
1.1 Person Responsible
Person responsible within the meaning of the GDPR:
PI (Physik Instrumente) Ltd. UK
Trent House, University Way,
Cranfield Technology Park,
Cranfield, Bedford MK43 0AN, United Kingdom
Phone: +44 1234 756 360
Email: uk@pi.ws
Website: www.physikinstrumente.co.uk
Contact information for PI’s Data Protection Officer:
Dr. Alexander Deicke
K11 Consulting GmbH
Kaffeeberg 11
71634 Ludwigsburg, Germany
Phone: +49 7141 9475321
E-Mail: datenschutzbeauftragter@k11consulting.de
Website: k11-consulting.com
1.2 Protection of Personal Data
PI implements appropriate technical and organizational security measures within the meaning of Art. 32 GDPR to ensure a level of data protection appropriate to the risk. These measures are designed in particular to safeguard personal data against accidental or unlawful deletion, alteration, or loss, as well as against unauthorized disclosure or access.
2.1 Server Log Files
Each time the website is accessed, only certain information is automatically collected and stored in so-called server log files, which are transmitted to the PI web server. This includes the type and version of the browser used, the operating system used, the referrer URL, the subpages visited, the date and time of access, the IP address, the Internet service provider, and similar technical data. This data is processed separately from other data. It is not possible to associate this data with a certain person.
This data is used by PI to maintain the functionality of the website, detect and resolve technical issues, and prevent or, if necessary, prosecute cases of misuse. In addition, the anonymized data is used for statistical analysis and to improve the website.
The legal basis for this data processing is Art. 6(1)(f) GDPR, based on PI’s legitimate interest in ensuring the smooth operation and security of the company’s internal IT systems. The collected data will be deleted after seven days at the latest, unless retention is required for evidentiary purposes. In such cases, it is stored until the respective incident has been fully resolved.
2.2 Contacting PI
When contacting PI via a form on the Website or by email, the personal data provided (name, email address, company, and content of the message) is collected and processed. This data is processed, stored, and used to respond to the respective inquiry, to establish contact with the person making the inquiry, and for related technical processing and administrative purposes.
The legal basis for processing this data is Art. 6(1)(b) GDPR (for contract-related contact) or Art. 6(1)(f) GDPR (in all other cases), depending on the nature of the respective contact.
The personal data entered in the contact form is processed not only to handle the respective inquiry, but also for internal analysis and improvement of PI’s services. In particular, this includes:
The evaluation of frequently asked questions
The identification of recurring inquiries
The statistical analysis of inquiries
The legal basis for this processing is PI’s legitimate interest under Art. 6(1)(f) GDPR, as it contributes to the continuous improvement of the services offered by PI.
Data received in the course of contacting PI will be deleted once it is no longer required for the purpose for which it was collected. This applies as soon as a request has been fully processed, and no further communication is necessary or desired by the person making the request.
PI reserves the right to store network data for a limited time and solely for the purpose of identifying fraud or misuse, such as detecting hacker attacks. Such data will be stored for a maximum of 30 days, unless there is a justified reason to retain it for a longer period.
2.3 Subscribing to the PI Newsletter
Visitors to the Website have the option to subscribe to the PI newsletter via the company website. Visitors who register for the email newsletter will regularly receive the current product catalog and marketing information. For this purpose, personal data such as email addresses and, where applicable, names are collected. After a visitor submits their email address, a confirmation email is sent requesting confirmation of the registration. Only upon confirmation is the email address stored, and it remains stored until the respective person unsubscribes from the newsletter.
Data is processed on the basis of the visitor’s consent in accordance with Art. 6(1)(a) GDPR. This consent can be revoked at any time with future effect.
Unsubscribing from the newsletter is possible via the link “Unsubscribe from newsletter” included in the footer of every email sent or by emailing enews@pi.ws. Once unsubscribed, the personal data associated with the newsletter dispatch will be immediately deleted.
3. Cookies
This Website uses cookies. These are small text files that are stored on visitors’ end devices either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of a visit, whereas persistent cookies remain stored on devices until they are manually deleted or are automatically deleted by the respective Internet browser.
Cookies may originate from PI (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites.
This Website uses technically necessary cookies, which are required for operating the website and its functions, as well as cookies for anonymized data collection for analytical purposes and marketing-related cookies that serve to display personalized content. Visitors have the option of configuring which cookie categories they wish to permit. Please note that not all Website functions may be available depending on certain settings.
The legal basis for the use of technically necessary cookies is Art. 6(1)(f) GDPR, based on PI’s legitimate interest in ensuring proper functionality of the Website. In the case of cookies that are not required, the legal basis is visitors’ consent pursuant to Art. 6(1)(a) GDPR.
Visitors may object to the use of non-essential cookies and prevent them from being used. Cookies that have already been set can be deleted at any time through browser settings or with the help of other software programs. This is possible in all commonly used Internet browsers. Some functions of this Website may not be fully available if the visitor has disabled cookie storage in their browser.
The use of non-essential cookies for this Website can be managed at any time via the cookie settings.
4. Trackers and Other Tools from Third-Party Providers
This website uses web analysis and tracking tools provided by third parties. Some of these third-party providers also process data in the USA. To the extent that personal data is transferred to recipients in third countries, in particular the USA, such transfers are made exclusively in compliance with the requirements of Art. 44 et seq. GDPR. In the absence of an adequacy decision, appropriate safeguards, in particular the European Commission’s standard contractual clauses, are used. To the extent that service providers are certified under the EU-U.S. Data Privacy Framework, the data transfer is carried out on the basis of the adequacy decision pursuant to Art. 45 GDPR.
As a basis for data processing with recipients located in third countries, so-called standard contractual clauses pursuant to Art. 46(2) and (3) GDPR are used by third-party providers working with PI. Standard contractual clauses (SCCs) are templates issued by the EU Commission and are intended to ensure that personal data continues to be protected according to European data protection standards, even when processed in third countries such as the USA. Under these clauses, third-party providers undertake to comply with the European level of data protection when processing personal data, even if this data is processed outside the EU. These clauses are based on the implementing decision of the EU Commission, which can be found at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?eliuri=eli%3Adec_impl%3A2021%3A914%3Aoj&locale=en.
The transfer of personal data in connection with the use of these services will only occur based on your explicit consent pursuant to Art. 49(1)(a) GDPR in conjunction with Art. 6(1)(a) GDPR.
4.1 Google Tag Manager
This website uses Google Tag Manager, a tag management system provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables the integration of tracking and analytics tools as well as other technologies on websites. The tool does not create usage profiles, store cookies, or conduct independent analyses, but rather serves solely to manage and deploy the tools integrated through it. However, Google Tag Manager captures the IP addresses of visitors, which may consequently be transferred to Google’s parent company in the USA.
The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the efficient, secure, and centrally manageable integration and administration of the services used on the website. If such consent has been obtained, processing takes place exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the Telecommunications Digital Services Data Protection Act (TDDDG). The consent can be revoked at any time with future effect.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
4.2 Google Analytics
This website uses functions of Google Analytics, a web analytics service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of visitors on the website. In doing so, the website operator receives various usage data (e.g., page views, length of stay, operating systems used, and the origin of visitors). This data is assigned to the respective end device. It is not assigned to a user ID.
In addition, Google Analytics can record mouse and scroll movements as well as clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected datasets and uses machine-learning technologies in its data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies and device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this service is based on the visitor’s consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. The consent can be revoked at any time with future effect.
The transfer of data to the USA is based on the EU standard contractual clauses. For further information, see https://business.safety.google/adscontrollerterms/sccs/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780. Data is transferred on the basis of the DPF certification; the SCCs have been agreed as an additional contractual safeguard.
IP Anonymization
Google Analytics IP anonymization is activated. Within the member states of the European Union or other states that are contracting parties of the Agreement on the European Economic Area, Google already truncates IP addresses, i.e., anonymizes them, before they are transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the website operator, Google will use this information to evaluate the use of the website by visitors, to compile reports on website activities, and to provide the website operator with further services connected with website and internet usage. The IP addresses transmitted by browsers in the context of Google Analytics will not be merged with other data from Google.
Browser Plugin
The collection and processing of data by Google can be prevented by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Data is stored for 14 months.
For further information on the handling of user data by Google Analytics, see Google’s Privacy Policy.
4.2.1 Google Signals
The Google Signals extension is used as part of Google Analytics. When a user visits the PI website, Google Analytics collects, among other things, the visitor’s location, search history, and YouTube history, as well as demographic data (visitor data). This data may be used for personalized advertising through Google Signals. If a visitor has a Google account, the visitor data from Google Signals is linked to the respective Google account and used for personalized advertising. The data is also used to generate anonymized statistics on the visitor’s usage behavior.
4.3 Microsoft Advertising (Formerly Bing Ads)
This website uses Microsoft Advertising, an online advertising program provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
Microsoft Advertising enables the website operator to display ads in the Bing search engine or on third-party websites when users enter specific search terms into Bing (keyword targeting). Furthermore, targeted ads can be displayed based on user data held by Microsoft (e.g., location data and interests) (audience targeting). PI can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of ads and how many ads resulted in corresponding clicks.
The PI website uses Universal Event Tracking (UET) from Microsoft Advertising. This enables pseudonymous identifiers to be collected in order to track the actions visitors take on the website after clicking on an ad in Microsoft Advertising. UET collects IP addresses (anonymized), device identifiers, information about device and browser settings, the Microsoft Click ID (stored in cookies), the duration of the visit to the website, which sections of the website were accessed, which ad brought visitors to the website, and which keyword they clicked on.
The use of this service is based on the visitor’s consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. The consent can be revoked at any time with future effect.
The transfer of data to the USA is based on the EU standard contractual clauses. For further information, see https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/6474.
4.4 Google Ads
This website uses Google Ads, an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables the website operator to display ads in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted ads can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). PI can quantitatively evaluate this data by, for example, analyzing which search terms triggered the display of ads and how many ads resulted in corresponding clicks.
The use of this service is based on the visitor’s consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. The consent can be revoked at any time with future effect.
The transfer of data to the USA is based on the EU standard contractual clauses. For further information, see https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
4.4.1 Google Ads Remarketing
This website uses features of Google Ads Remarketing, a marketing tool provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads Remarketing allows users who interact with PI’s online offerings to be assigned to specific target groups so that they can subsequently be shown interest-based ads on the Google Display Network (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device features. In this way, interest-based, personalized advertising messages — tailored based on the visitor’s previous usage and browsing behavior on one device (e.g., cell phone) — can also be displayed on another device belonging to the same person (e.g., tablet or PC).
Visitors who have a Google Account can opt out of personalized advertising by clicking the following link: https://adssettings.google.com/anonymous?hl=en.
The use of this service is based on the visitor’s consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. The consent can be revoked at any time with future effect.
For more information on Google Conversion Tracking, see Google's Privacy Policy at https://policies.google.com/technologies/ads?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
4.4.2 Google Conversion Tracking
This website uses Google Conversion Tracking, an analytics tool provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Conversion Tracking enables Google and PI to determine whether visitors have performed specific actions. For example, it is possible to analyze which buttons on the PI website are clicked and how often, as well as which products were viewed or purchased particularly frequently. This information is used to generate conversion statistics. In this way, PI learns how many people clicked on PI ads and what actions they took, but does not receive any personally identifiable information. Google itself uses cookies or similar recognition technologies for identification purposes.
The use of this service is based on the visitor’s consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TDDDG. The consent can be revoked at any time with future effect.
Further information on Google Conversion Tracking can be found in the Google Privacy Policy at https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
4.5 ClickDimensions
This website uses ClickDimensions, a web analytics service provided by ClickDimensions LLC., 5901 Peachtree Dunwoody Road, NE, Suite B500, Atlanta, GA 30328, USA.
If visitors to this website have consented to the use of marketing cookies, ClickDimensions links visitor data in an anonymized form with IP address lists of known companies. This linkage allows visitors to this website and their behavior on the site to be connected with specific companies.
The use of this service is based on the visitor's consent in accordance with Art. 6(1)(a) GDPR. The consent can be revoked at any time with future effect.
The transfer of data from this website to ClickDimensions can be prevented by only accepting technically necessary cookies in the cookie settings.
For further information, see the ClickDimensions Privacy Policy.
4.6 HubSpot
This website uses HubSpot, a web analytics service provided by HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA.
If visitors to this website have consented to the use of marketing cookies, HubSpot automatically collects data using tracking technologies such as cookies and tracking pixels. These cookies or similar technologies (e.g., web beacons and JavaScript) are used to analyze trends, administer the website, track visitors’ navigation on the website, and gather aggregated demographic data about the visitors.
The use of this service is based on the visitor's consent in accordance with Art. 6(1)(a) GDPR. The consent can be revoked at any time with future effect.
The transfer of data from this website to HubSpot can be prevented by only accepting technically necessary cookies in the cookie settings.
For further information, see the HubSpot Privacy Policy.
4.7 Powermail
This Website uses the form plugin Powermail, an extension of the TYPO3 content management system. Powermail enables the convenient provision of contact and inquiry forms.
The collected personal data (e.g., name, email address, message content, and IP address) is only stored for as long as is required to process the respective inquiry. This data is deleted at regular intervals (approx. every month or two) in the TYPO3 system. The storage period in the CRM system may be longer if necessary for continued customer care or to comply with legal retention obligations.
Personal data is processed in order to respond to inquiries and to optimize services. Depending on the form, the processing may be carried out on one of the following legal bases:
Fulfillment of a contract or pre-contractual measure in accordance with Art. 6(1)(b) GDPR
Legitimate interest in accordance with Art. 6(1)(f) GDPR
Consent in accordance with Art. 6(1) (a) GDPR
The data collected using Powermail is processed directly on the PI web server. In general, this data is not passed on to external third parties unless necessary to respond to an inquiry or if there is a corresponding legal obligation. However, it may be transferred to various in-house systems and be processed there in accordance with the respective country’s requirements.
4.7.1 Use of CAPTCHA and reCAPTCHA
PI uses the reCAPTCHA service integrated in Powermail to protect forms from automated spam inquiries. The CAPTCHA logic of the TYPO3 Powermail extension is also used. reCAPTCHA is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
4.7.2 Google reCAPTCHA
This website uses Google reCAPTCHA (hereinafter “reCAPTCHA”), a security service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to verify whether data entered on this website (e.g., in a contact form) is being entered by a human or by an automated program. To this end, reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis begins automatically as soon as a person visits the website. For the analysis, reCAPTCHA evaluates various pieces of information (e.g., IP address, time spent on the website, and mouse movements). The data collected during the analysis is transmitted to Google.
The reCAPTCHA analyses are performed automatically in the background without any separate user interaction.
In this context, Google acts solely as a data processor within the meaning of Art. 28 GDPR and will not use the data collected in this manner for its own purposes. The use of the tool is based on a Data Processing Agreement (DPA) with Google.
The storage and analysis of the data are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated surveillance and from spam. The use of this service is based on the visitor’s consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Consent may be revoked or modified at any time, with effect for the future, via the cookie settings. The lawfulness of the processing carried out prior to revocation remains unaffected.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
4.7.3 TYPO3-Powermail-CAPTCHA
In addition, the CAPTCHA logic of the TYPO3 Powermail extension is used. This is run entirely on the PI web server without requiring external services for providing or verifying the CAPTCHA.
Data is processed on the basis of PI’s legitimate interest in accordance with Art. 6(1)(f) GDPR. The data is stored in an internal database, where entries remain for a maximum of 48 hours before being automatically deleted.
During use, a cookie may be set to ensure the correct assignment of the CAPTCHA response. In doing so, information such as the session ID and generation time is stored. Session information is already stored when the form is loaded, before the visitor begins filling it out. This is technically necessary to ensure effective spam prevention.
4.8 Microsoft Clarity
This website uses Microsoft Clarity, a web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
If visitors to this website have consented to the use of analytical cookies, the information collected about them through these cookies is processed by Microsoft to better understand visitor behavior and optimize the offers on this website. Microsoft Clarity’s technology gives those responsible at PI a better understanding of the visitor experience (e.g., how much time visitors spend on which pages, which links they click, and how they interact with the website through mouse movements, scrolling, and clicks).
Microsoft Clarity uses cookies and similar technologies to collect information about visitor behavior and end devices, in particular IP address (recorded and stored in anonymized or shortened form), device type, screen size, browser information, operating system, session duration, interactions with the website, country location, and preferred language. The information is processed in pseudonymized or anonymized form and is not used to identify individual visitors.
The use of this service is based on the visitor's consent in accordance with Art. 6(1)(a) GDPR. The consent can be revoked at any time with future effect.
Data may be transferred to Microsoft servers located outside the European Union (in particular in the USA). Such transfers are carried out on the basis of appropriate safeguards in accordance with Art. 46 GDPR, such as the EU Standard Contractual Clauses or applicable data transfer frameworks.
For further information, see the Microsoft Privacy Policy.
4.9 Ahrefs
This website uses Ahrefs Web Analytics, an analytics service provided by Ahrefs Pte. Ltd., 16 Raffles Quay #33-03 Hong Leong Building, Singapore 048581. Ahrefs Web Analytics tracks, among other things, the page visited, the referring page, browser and device information, and the approximate location based on the IP address. The IP address is not stored. Ahrefs Web Analytics does not set cookies, does not collect personal data, and does not transfer data to Singapore. It is not possible to identify individual visitors.
The legal basis for the use of Ahrefs Web Analytics is Art. 6(1)(1)(f) GDPR. For further information, see the Ahrefs Privacy Policy.
4.10 LinkedIn
This website uses the LinkedIn Insight Tag, a tracking tool provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
4.10.1 Data Processing Via LinkedIn Insight Tag
The website operator uses the LinkedIn Insight Tag to collect information about visitors to the PI website. If a website visitor is registered with LinkedIn, the website operator can, among other things, analyze the visitors’ key professional data (e.g., career level, company size, country, location, industry, and job title) and, based on this, better tailor the website to specific target groups. Furthermore, the LinkedIn Insight Tag can be used to measure whether visitors make a purchase or take another action on the PI website (conversion tracking). Conversion tracking can also be performed across devices (e.g., from a PC to a tablet). The LinkedIn Insight Tag also offers a retargeting feature that allows targeted advertisements to be displayed to visitors outside the website; however, according to LinkedIn, the recipients of these advertisements are not identified.
LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser characteristics, and time of access). IP addresses are truncated or (if used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted from LinkedIn after seven days. The remaining pseudonymized data will be deleted within 180 days.
The website operator cannot link the data collected by LinkedIn to specific individuals. LinkedIn stores the personal data it collects from website visitors on its own servers in the USA and uses it for its own advertising purposes. For further information, see the LinkedIn Privacy Policy.
4.10.2 Legal Basis
The use of the above-mentioned service is based exclusively on Art. 6(1)(a) GDPR and § 25 TDDDG. Consent that has been given may be revoked or modified at any time, effective in the future, via the website’s cookie settings. The lawfulness of the processing carried out prior to revocation remains unaffected. Unless consent has been obtained, the use of this service is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in effective advertising measures, including those on social media.
The transfer of data to the USA is based on the EU standard contractual clauses. For further information, see https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5448.
4.10.3 Objection to the Use of LinkedIn Insight Tag
You can opt out of LinkedIn’s analysis of usage behavior and targeted advertising via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on the PI website to your LinkedIn account, you must log out of your LinkedIn account before visiting the PI website.
4.11 YouTube
This website embeds videos from YouTube, a video portal operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit a webpage that includes a YouTube video, a connection is established with YouTube’s servers. In the process, the YouTube server is informed which page of the PI website was visited. If the visitor is logged into their YouTube account, YouTube can directly associate the browsing behavior with their personal profile. This can be prevented by logging out of the YouTube account.
YouTube is used on the PI website in enhanced privacy mode. According to YouTube, videos played in enhanced privacy mode are not used to personalize browsing behavior on YouTube. Ads displayed in enhanced privacy mode are also not personalized. No cookies are set in enhanced privacy mode. Instead, what is known as local storage elements are stored in the user’s browser; similar to cookies, these contain personal data and can be used for recognition purposes. For more information on enhanced privacy mode, see https://support.google.com/youtube/answer/171780.
After a YouTube video is played, additional data processing operations may be triggered over which the website operator has no control.
The use of YouTube is in the interest of presenting PI’s online offerings in an appealing manner. This constitutes a legitimate interest of the company within the meaning of Art. 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent that has been given may be revoked or modified at any time, effective in the future, via the website’s cookie settings. The lawfulness of the processing carried out prior to revocation remains unaffected.
For more information on data protection on YouTube, see the Google Privacy Policy.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
4.12 Dealfront
Our website uses the technologies of Dealfront (Dealfront Finland Oy as part of Dealfront Group GmbH) to analyze visitor behavior.
Address: Dealfront Finland Oy, Kalevankatu 6, 00100, Helsinki, Finland, Dealfront Group GmbH, Durlacher Allee 73, 76131 Karlsruhe, Germany
In this process, the IP address of a visitor is processed. This processing has the purpose of helping us understand which businesses (B2B) are visiting our site, by enriching IPs with associated information such as the company name or industry code. To do this, at the beginning of the visitor’s session, their IP address and corresponding session data is matched against a large whitelist of known companies.
To increase data protection of our visitors we have turned on “IP address anonymisation”, so that only shortened values instead of the actual IP addresses will be stored. We will not store the actual IP address anywhere in our systems, including logs. This anonymisation makes it impossible to connect outside IP address information later, preventing identification of an individual person.
As part of this processing, first-party cookies are used to analyze visitor behavior. The information collected through these cookies is processed by Dealfront only if visitors to this website have given their prior consent to the use of analytical cookies in accordance with Art. 6(1)(a) GDPR
Whenever we process website traffic data in optimizing our products, services, sales and marketing. The use of this service is based on the visitor’s consent in accordance with Art. 6(1)(a) GDPR. This consent can be revoked at any time with future effect. The data will be deleted as soon as it is no longer required for its intended purposes. Statutory retention obligations can lead to a longer retention period of the data in question. We have concluded a data processing agreement with Dealfront in order to ensure compliance with applicable data protection standards.
Further information can be found on Dealfront’s website.
5. Chatbot
PI uses the chatbot provided by LoyJoy GmbH, Kapuzinerstr. 20, 48149 Münster, Germany, to enhance its offering and provide various services, e.g., service chats, product consultations, initial contact, and marketing campaigns such as competitions.
The chatbot processes the following data:
Browser used and device type, visitor interactions, which may include personal data such as messages entered, contact details such as name, address, email address, or telephone number, service chat inquiries, product consultations, participation in competitions, and registrations.
5.1 Purpose of processing
The data collected by PI is used to enable the company to provide and improve its services and, following aggregation and anonymization, to conduct performance and success measurements.
5.2 Legal basis of the processing
Legitimate interest (Art. 6(1)(f) GDPR): Processing is based on PI’s legitimate interest in effective customer communication, support provision, and continuous improvement of its services.
Consent (Art. 6(1)(a) GDPR): Where website visitors have granted their consent, processing will be performed on this basis.
Performance of contract (Art. 6(1)(b) GDPR): When processing is necessary for the performance of a contract or pre-contractual measures.
5.3 Retention periods
Live chats: Data is stored for seven days.
Interactions with the chatbot: Data is retained for 30 days.
5.4 Cookies and local storage
PI uses optional local storage technologies (e.g., local storage) on end devices to store the chat content for up to 14 days. This enables users to continue the chat seamlessly. The retained data can be deleted at any time via the browser settings.
5.5 Transfer to third parties
Personal data may be transferred to data processors who assist PI in service provision. These data processors are contractually bound to uphold data protection standards in accordance with the GDPR.
5.6 Use of Cloudflare
As part of chatbot operations, PI uses the services of Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare provides protective functions for the web application (web application firewall). Data transmitted between the respective visitor’s browser and the chatbot server travels via Cloudflare’s infrastructure and is analyzed there to protect against attacks.
5.7 Transfer of data to third countries
Cloudflare operates servers within the European Union so that personal data is generally processed within the EU. However, personal data may be transferred to the USA in individual cases, such as when visitors from these regions access the PI chatbot. In such cases, Cloudflare ensures an adequate level of data protection pursuant to Art. 45 GDPR though certification under the EU-U.S. Data Privacy Framework (DPF).
Every individual has the right, for reasons arising from their particular situation, to object at any time to the processing of their personal data performed on the basis of Art. 6(1)(f) GDPR.
5.8 Automated individual decision-making and profiling
Neither automated decision-making nor profiling pursuant to Art. 22 GDPR is performed.
6.1 Which Data is Processed, and Where Does it Come From?
Personal data is generally collected by the applicants themselves in the form of application documents and sent to us. During the subsequent recruitment process, additional personal information may be obtained from job interviews.
In particular, this includes the respective applicant’s basic details (e.g., first name, last name, suffix, date of birth, gender, nationality), contact information (e.g., home address, (cell) phone number, email address), and application documents (e.g., cover letter, resume/CV detailing educational and professional background, references, headshots, and additional information on marital status, residency status, social security number, previous employment history, and, where applicable, information on the legal guardians for minors).
6.2 For Which Purposes and on What Legal Basis is the Data Processed?
PI collects and processes personal data submitted during the application process for the purpose of carrying out the recruitment procedure. This includes all information provided by applicants to PI as part of their application documents and personal interviews, in particular their name, address, contact information, and resume.
If the application process results in the decision to enter into a working relationship, PI will subsequently process the personal data collected as part of the interview process to then facilitate the establishment of the employment relationship. Employees will receive separate information regarding this processing at the beginning of their employment relationship.
In the case of internal applications, personal data is processed within PI and shared within the corporate group for information purposes. The personal data will be used exclusively for processing the application and will not be shared with third parties outside of the corporate group.
The legal basis for this data processing is Art. 6(1)(b) GDPR for the purpose of establishing an employment relationship and Art. 6(1)(a) GDPR when the applicant has given consent to share their personal data within the PI Group.
In the following specific cases, personal data is processed to safeguard legitimate interests of PI or third parties, including:
Defense against asserted legal claims arising from the recruitment process
Burden of proof in proceedings under the General Act on Equal Treatment (AGG)
Screening against so-called EU terrorist lists in accordance with the European Counter-Terrorism Regulations 2580/2001 and 881/2002
Internal statistical purposes using anonymized data
The legal basis in these cases is Art. 6(1)(f) GDPR.
6.3 Who Are Recipients of Personal Data?
PI ensures that personal data is treated confidentially and is not disclosed to third parties. Access to the data is granted only to individuals within the PI Group who are involved in the decision-making process or who require the data to fulfill legal obligations.
6.4 Transferring Data Within the PI Group
Application data may be shared with companies within the PI Group if the applicant is recommended for another open position within the Group.
Such data is shared exclusively within the PI Group and transmission is limited to a closed applicant management system. Data processing and transmission occur solely within the European Union.
By providing consent for the processing of their personal data, applicants also agree to this internal transfer of their data within the PI Group. The purpose of this transfer is to consider their application for other suitable roles within the PI Group.
6.5 How Long is Applicants’ Personal Data Stored?
Application documents are retained only for as long as is necessary to complete the recruitment process. Without explicit consent to longer retention periods, the application data is deleted no later than six months after conclusion of the recruitment process.
With appropriate consent, application data is stored for a total period of 24 months following the end of the recruitment process. After this period, the data is deleted unless there has been contact between the applicant and PI during this period, the applicant reapplies within this timeframe, or there are additional reasons for a longer storage period.
7. General Information on the Storage Period of Personal Data
Personal data is only stored for as long as is necessary for the purposes for which it was collected. The specific retention period depends on the type of data and the respective processing purpose.
Contact inquiries: Data resulting from inquiries is stored for up to seven years, unless it becomes unnecessary for further communication or documentation at an earlier point. The legal basis for this retention is the statutory retention obligations, in particular § 147 of the German Fiscal Code (AO) and § 257 of the German Commercial Code (HGB).
Access data and log files: These are stored for a maximum of 15 days to ensure the security and proper functionality of our Website. They are automatically deleted afterward. No backups are created for these logs.
This information is processed solely to analyze the usage of this Website and to optimize its contents. Data collection and storage are carried out via the respective external tools used (e.g., Google Tag Manager and Google Analytics). The data protection settings configured there and the respective providers’ retention periods apply.
The retention duration depends on the respective privacy policy of the analytics tools in use. Such data is generally stored for a maximum of three years, but never beyond the withdrawal of the corresponding consent. If individuals wish to have their personal data deleted earlier, they may revoke their consent at any time via the cookie settings, effective for the future, or contact the person responsible specified in section 1.
Furthermore, personal data will be retained if PI is legally obliged to do so or if such storage is necessary to assert, investigate, or defend legal claims. In such cases, the data will be stored until the conclusion of the respective proceeding or until the statute of limitations for potential claims has expired.
8. Rights of Data Subjects
The GDPR grants the following rights in relation to the processing of personal data:
- Right of access (Art. 15 GDPR)
Data subjects have the right to obtain from us confirmation as to whether or not personal data concerning them is being processed. Where this is the case, they have the right to access the personal data and information specified in greater detail in Art. 15 GDPR.
- Right to rectification (Art. 16 GDPR)
Data subjects have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning them and the completion of incomplete data, provided the legal requirements for this are met.
- Right to erasure (Art. 17 GDPR)
Data subjects have the right to request from us the erasure of personal data concerning them without undue delay, where one of the grounds listed in Art. 17 GDPR applies and insofar as the processing or storage is not required.
- Right to restriction of processing (Art. 18 GDPR)
Data subjects have the right to request restriction of processing from us where one of the conditions listed in Art. 18 GDPR is fulfilled.
- Right to data portability (Art. 20 GDPR)
Data subjects have the right to receive the personal data concerning them in a structured, commonly used, and machine-readable format, or to request that this data be transmitted to a third party, provided the conditions listed in Art. 20 GDPR are met.
- Right to object (Art. 21 GDPR)
Data subjects have the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them, where such processing is carried out by us based on Article 6(1)(f) GDPR. They may object at any time to the processing of their personal data for direct marketing purposes, including profiling related to such marketing.
- Right of withdrawal (Art. 7 GDPR)
Data subjects have the right to withdraw their consent to the processing of their personal data at any time, with effect from the date of withdrawal. The lawfulness of any processing carried out prior to the withdrawal remains unaffected.
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Data subjects have the right to lodge a complaint with a supervisory authority if they believe that the processing of personal data relating to them by PI infringes this regulation. As a rule, they may contact the supervisory authority of their usual place of residence, place of work, or PI’s company headquarters.
9. Employee Login
The log in area of this Website is accessible exclusively to PI employees. During login, the access data entered (username and password) as well as any technical information such as the login timestamp are processed. This field is a user attribute and remains unchanged as long as the person in question does not log in for an indefinite period of time. No IP address is explicitly stored as part of the login process. However, it can be reproduced in the access log and is deleted after 15 days with the corresponding entries. This data is used solely for authentication and security system purposes.
The legal basis for this processing is PI’s legitimate interest according to Art. 6(1)(f) GDPR in securing the area for PI employees.
In case of questions regarding the processing of personal data in connection with the employee login, the Data Protection Officer named in Section 1 should be contacted.
10. Download Area
In the download area, visitors are requested to provide certain personal data to be able to download content made available by PI. This includes the following information:
Name
Salutation
Company
Address
Country
Email address
Phone number
This data is processed solely for the purpose of displaying the content and for follow-up contact related to the inquiry. Providing this information is necessary to enable content downloading and to ensure that PI can contact the person requesting information if needed.
There is currently no automated deletion of the data collected as part of the download area; however, it is stored in accordance with the statutory requirements. Generally, this data is retained for a maximum of twelve months to enable PI to provide the respective person additional relevant information or offers. After this period has expired, the data will be deleted unless it is still required to fulfill contractual obligations or to defend against legal claims. If individuals would like to have their personal data deleted earlier, they can contact the responsible person as defined in the GDPR listed in Section 1.
11. Contact
For questions on the use of cookies on this Website or to assert data protection rights, PI may be contacted at any time using the contact details provided:
PI (Physik Instrumente) Ltd. UK
Trent House, University Way,
Cranfield Technology Park,
Cranfield, Bedford MK43 0AN, United Kingdom
Phone: +44 1234 756 360
Email: uk@pi.ws
Website: www.physikinstrumente.co.uk