Privacy Policy

Status of this privacy notice: 06.02.2026

Privacy policy of Mitutoyo Europe GmbH

We hereby inform you, in accordance with the requirements of the General Data Protection Regulation (GDPR), about the processing of your personal data and about your rights when using our website.

I. Controller for data processing within the meaning of Art. 4 No. 7 GDPR

1. Controller:

Mitutoyo Europe GmbH

Borsigstr. 8-10

41469 Neuss

Germany

Phone: +49 (0) 2137–1020

Fax: +49 (0) 2137–102351

Email: info@mitutoyo.eu

Managing Director: Mr. Raymond Joseph Penny

2. Data Protection Officer

If you have any questions on the subject of data protection, please contact us.

Mr. Stefan Kleinermann

Kleinermann & Sohn GmbH

Max-Planck-Str. 9

52499 Baesweiler

Germany

Phone: +49 (0) 2401 6054-0

Email: dsb@das-datenschutz-team.de

II. Scope and purpose of data processing

1. Access to our website

When you access our website, personal data relating to that access are automatically collected and processed by our web server (so-called server log files). The access data include the name of the retrieved web page, the date and time of access, and the IP address. We store the log file information for security reasons (e.g. to detect attacks on our website or to investigate misuse or fraud) and for error diagnostics.

The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, namely ensuring IT security and the provision of our website.

The data are deleted as soon as they are no longer required for the purpose for which they were collected. In the case of data collected for the provision of the website, this is usually the case within 7 days. Data whose further retention is required for evidential purposes are excluded from deletion until the respective incident has been finally clarified.

Recipients of the personal data are external service providers providing technical support within the framework of processing on our behalf, as well as internal departments in the context of providing our website.

2. Collection and processing of personal data

If you purchase products or services via our website, or if you have other questions/enquiries about our products, services, and performance, or about our company, the processing of your personal data is necessary. The legal basis for the processing of data transmitted by email, via our contact form, or by telephone is Art. 6 para. 1 lit. f GDPR (legitimate interest in answering your enquiry). If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Insofar as there is no statutory basis for the processing of personal data, we will obtain your consent; this will be apparent at the relevant points. The legal basis for processing operations for which we obtain your consent for specific processing purposes is Art. 6 para. 1 lit. a GDPR. The personal data transmitted by you, such as your name, address, email address, and telephone number, is stored and used by us for the purpose of performing our services and for individual communication with you, in compliance with the General Data Protection Regulation (GDPR).

We may transmit personal data within the scope of your contacting us to other offices within our Mitutoyo Group of companies, or grant them access to this data for processing. Insofar as this transfer is carried out for administrative purposes, the transfer of the data is based on our legitimate business and commercial interests (Art. 6 para. 1 lit. f GDPR).

3. Order of goods / online shop

If you place an order in our online shop, we store your necessary personal data for the purposes of:

Sending an order receipt and, where applicable, order confirmation, as well as status messages regarding the dispatch of the goods ordered

Payment processing

Issuing invoices for the goods ordered

Delivery of the goods you have ordered

Processing of cancellation, complaints and after-sales service

The legal basis is Art. 6 para. 1 lit. b GDPR (performance of a contract).

3.1. Customer account

You have the option of creating a customer account in our online shop. This is only possible in the B2B area. For this we require your personal data, which are evident from the input form. Mandatory fields are: your company, your surname, your customer number and your business e-mail address. In addition, a password freely chosen by you is required. The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual measures / performance of a contract). As part of the registration of a customer account, we store your IP address and the time of your access, in order to be able to provide evidence of the registration and to prevent misuse of the customer account.

3.2. Processing of orders

For the processing of orders, we process, among other things, the following personal data: customer data (company name, address, name of the person placing the order, e-mail address, telephone number, VAT ID, customer number), delivery address, type of payment / bank details, VAT ID, order data (products and quantities, prices and discounts, invoice and delivery status). The legal basis is Art. 6 para. 1 lit. b GDPR (performance of a contract).

3.3. Transmission of data / recipients of personal data

For the processing of your order, we also transmit your personal data to companies commissioned by us, such as transport/shipping companies and to payment service providers or banks for processing payments. The legal basis is Art. 6 para. 1 lit. b GDPR (performance of a contract).

3. Complaints / warranty processing

The personal data required in the context of a complaint and/or warranty processing are collected and processed solely for the respective purpose of handling the complaint / warranty claim. The data required for processing the complaint / warranty claim are apparent from the input form. The legal basis is Art. 6 para. 1 lit. b GDPR (performance of a contract).

In the course of a complaint and/or warranty processing, it may be necessary to transmit your data to one of our service partners, who will carry out the replacement / repair in our name. The legal basis for this is Art. 6 para. 1 lit. b GDPR (performance of a contract).

In the course of a complaint and/or warranty processing, it may also be necessary to transmit your personal data to the shipping/haulage company commissioned with the delivery. The legal basis for this is Art. 6 para. 1 lit. b GDPR (performance of a contract).

Data are not passed on to other third parties. Through technical and organisational measures, we ensure compliance with data protection requirements and also obligate our external service providers to do so.

5. Use of the “Anteros” shop system (INCONY)

Our online shop is provided using the “Anteros” shop system of the provider INCONY AG, Technologiepark 34, 33100 Paderborn, Germany (“INCONY”). In our online shop you can view and search products, place them in the basket and place orders. Depending on the type of use, the following personal data are processed:

Access data (e.g. IP address, date and time of the request, pages/products accessed, browser and device information, referrer URL)
Registration and account data (e.g. title, name, login credentials, contact details, customer number), if you create a customer account for the online shop
Order data (e.g. selected products, contents of the basket, delivery and invoice address, chosen shipping and payment method, prices, delivery status)
Communication data (e.g. content of enquiries via shop forms, support requests regarding orders)

The order data are transmitted to our CRM system (Salesforce) and ERP system (SAP) and stored and processed there. The legal basis for the data processing is Art. 6 para. 1 lit. b GDPR, insofar as the data are necessary for the initiation or performance of a contract with you (e.g. registration, order, delivery, payment processing). In all other respects, the data processing is carried out to safeguard our legitimate interests in a secure, functional and user-friendly online shop in accordance with Art. 6 para. 1 lit. f GDPR.

The Anteros shop system is provided by INCONY as a software solution with a web module for web shops. For this purpose, INCONY uses hosting infrastructure and technical services. Insofar as INCONY gains access to personal data in the context of the operation, maintenance and hosting of the shop system, this is done on the basis of a data processing agreement in accordance with Art. 28 GDPR.

INCONY processes these data exclusively in accordance with our instructions and using suitable technical and organisational measures to ensure data security. INCONY does not use the data independently for its own purposes (e.g. for its own advertising).

6. Hosting of our website

We host our website on our own web server located in Neuss (Germany).

7. Cookies

We use cookies on our website to make it generally more user-friendly, effective and secure, for example by speeding up navigation. We also use cookies to analyse visits to our website.

Under applicable law, we may store cookies on your device if they are strictly necessary for the operation of our website. For all other types of cookies, we require your consent, which you can give via our cookie banner when visiting our website.

We use different types of cookies. Some cookies are placed by third parties that appear on our pages. You can change or withdraw your consent at any time via the cookie banner on our website.

The use of cookies also depends on the settings of the web browser you use (e.g. Microsoft Edge, Google Chrome, Apple Safari, Mozilla Firefox). Most web browsers are preset to accept certain types of cookies automatically; however, you can usually change this setting. You can delete existing cookies at any time. Consent to, as well as the rejection or deletion of, cookies is tied to the device used and the respective web browser. If you use several devices and/or web browsers, you can make your decisions/settings separately on each of them.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of personal data using cookies for tracking/analysis purposes is, where you have given your consent, Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG.

Below you will find an overview of the cookies used, the providers of the cookies as well as the purpose and storage period.

Cookie details

Cookie-Type	Cookie-Name	Expires (Max-Age)	Purpose
Session cookie	JSESSIONID	Session	Mandatory cookie used to manage the browser session, enabling login and ordering functionality.
Session cookie	CONCRETE5	Session	Stores the PHP session ID to ensure proper technical operation of the website.
Persistent cookie	locale	6 months – 1 year	Stores the selected language so the correct language version is displayed on subsequent visits.
Session cookie	uc_session	Session	Stores consent information and ensures correct functioning of the Usercentrics consent management platform.
Session cookie	googtrans	Session	Stores the language selected by the user for website translation.
Persistent cookie	PREF	Up to 731 days	Stores language and display preferences for Google services.
Session cookie	YSC	Session	Tracks interaction with embedded YouTube videos.
Session cookie	__sak	Session	Stores temporary playback preferences for embedded YouTube videos.
Session cookie	LAST_RESULT_ENTRY_KEY	Session	Stores user settings when retrieving embedded YouTube content.
Session cookie	yt-player-bandaid-host, yt-player-bandwidth, yt-player-headers-readable	Session	Determines and optimises video playback quality.
Session cookie	yt-remote-cast-installed, yt-remote-connected-devices, yt-remote-device-id, yt-remote-fast-check-period, yt-remote-session-app, yt-remote-session-name	Session	Stores preferences related to embedded YouTube video players.
Session cookie	remote_sid	Session	Required for technical delivery of embedded YouTube videos.
Session cookie	test_cookie	1 day	Checks whether the user’s browser allows cookies.
Persistent cookie	VISITOR_INFO1_LIVE	183 days	Measures bandwidth to ensure optimal video playback quality.
Persistent cookie	YEC, _Secure-YEC	396 days	Stores preferences related to YouTube video playback.
Persistent cookie	DEVICE_INFO	179 days	Tracks interactions with embedded media content.
Persistent cookie	CGIC	183 days	Supports search optimisation within embedded services.
Session cookie	UULE	6 hours	Determines approximate geographic location for content delivery.
Session cookie	pm_sess	30 minutes	Maintains session consistency during browsing.
Persistent cookie	_ga	731 days	Distinguishes users for statistical analysis purposes.
Session cookie	_gid	1 day	Identifies users during the browsing session.
Session cookie	_gat	1 minute	Controls the request rate to Google Analytics.
Persistent cookie	FPID	731 days	Stores a unique identifier used for analytics requests.
Persistent cookie	FPLC	20 hours	Registers a unique identifier for statistical usage analysis.
Persistent cookie	_ga_<container-id>	731 days	Stores session state information for Google Analytics 4.
Persistent cookie	NID, ANID, IDE, AID, __gads	Up to 396 days	Used to display advertisements and measure advertising effectiveness.
Persistent cookie	1P_JAR	30 days	Collects information about website usage and advertising interactions.
Persistent cookie	_gcl_au, _gcl_aw, _gcl_gb, _gac_gb_<wpid>, FPGCLAW, FPGCLGB	90 days	Tracks advertising campaign performance and conversions.
Persistent cookie	UserMatchHistory	30 days	Enables reporting and campaign optimisation for LinkedIn advertising.
Persistent cookie	bcookie	731 days	Browser identifier used for security and fraud prevention.
Persistent cookie	li_sugr	90 days	Enables probabilistic identity matching outside the EU/EEA.
Persistent cookie	li_gc	6 months – 1 year	Stores consent preferences for LinkedIn cookies.
Persistent cookie	BizographicsOptOut	3653 days	Stores whether the user has opted out of targeted advertising.
Persistent cookie	lidc	1 day – 1 year	Ensures requests are routed to the correct LinkedIn data centre.
Persistent cookie	snitcher_device_id	6 months – 2 years	Assigns an anonymous identifier to recognise returning business visitors.
Third-party cookie	_cf_bm, _cfruid, cf_clearance, cf_chl_prog, cf_chl_2	Session / short-term	Ensures website security and protection against automated abuse.
Session cookie	_zendesk_session, _zendesk_shared_session, _zendesk_authenticated, _zendesk_nps_session	Session	Supports functionality of customer support services.
Persistent cookie	_zendesk_cookie, _zdshared_user_session_analytics, help_center_data	Up to 365 days	Stores preferences and usage analytics for customer support services.

8. Use of website plug-ins / third-party providers / analytics and tracking technologies

8.1 Consent management “UserCentrics”

To obtain and document your consent to the storage of cookies requiring consent, we use the consent management technology of UserCentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany (“UserCentrics”). When you access our website, a connection is established to UserCentrics’ servers in order to obtain and record your consent or withdrawal of consent for the use of cookies. For this purpose, your IP address, information about your browser and device, and the time of your visit to the website are transmitted. UserCentrics then stores a cookie in your browser in order to be able to assign the consent you have given, or its withdrawal. The data processing is carried out to fulfil our legal obligation on the basis of Art. 6 para. 1 lit. c GDPR in conjunction with Section 25 TDDDG. We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR.

8.2 Google Tag Manager

We use Google Tag Manager (GTM) on our website. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). With the help of this tool, we can integrate codes and services on our website. Google Tag Manager itself does not create user profiles, carry out independent analyses/evaluations, or store cookies; it serves solely to manage and deploy the tools integrated via GTM. However, the tool collects your IP address, which may also be transmitted to servers in the USA.

We have concluded a data protection agreement with the provider in accordance with Art. 28 GDPR. We point out that on 10 July 2023 the EU Commission adopted an adequacy decision (Art. 45 GDPR) for the USA. Google LLC is certified under the new EU–US Data Privacy Framework. As Google’s servers are distributed worldwide and a transfer to other third countries (e.g. Singapore) cannot be completely ruled out, we have additionally concluded the EU standard contractual clauses with the provider.

Use of this service is based on your consent given via our cookie banner (consent tool) pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. You can withdraw your consent at any time with effect for the future by accessing the cookie settings in our cookie banner (consent tool) and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until its withdrawal remains unaffected.

Further information on the provider’s data protection can be found at https://policies.google.com/?hl=en.

8.3 Google Analytics 4

Provided that you have given us your consent via our cookie banner, we use “Google Analytics 4”, a web analytics service provided by Google LLC, on our website. The controller for users in the EU / EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Analytics uses cookies that enable an analysis of your use of our website. In “Google Analytics 4”, IP address anonymisation is activated by default. Due to IP anonymisation, your IP address is shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

During your visit to the website, your user behaviour is recorded in the form of “events”. Events may include:

Page views
Start of the session
Pages of our website visited
Your “click path” (interaction with our website)
Scrolls (whenever a user scrolls to the end of the page (90%))
Clicks on external links
Internal searches
Interaction with videos
File downloads
Ads viewed / clicked
Language setting
Your approximate location (region)
Date and time of the visit
Your IP address (in truncated form)
Technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
Your internet service provider
The referrer URL (via which website / which advertising medium you came to this website)

On our behalf, Google uses this information to evaluate your pseudonymous use of our website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns. We have concluded a data protection agreement with the provider in accordance with Art. 28 GDPR. We point out that on 10 July 2023 the EU Commission adopted an adequacy decision (Art. 45 GDPR) for the USA. Google LLC is certified under the new EU–US Data Privacy Framework. As Google’s servers are distributed worldwide and a transfer to other third countries (e.g. Singapore) cannot be completely ruled out, we have additionally concluded the EU standard contractual clauses with the provider.

The data we send and which are linked to cookies are automatically deleted after 14 months. The maximum lifetime of Google Analytics cookies is 2 years. Deletion of data whose retention period has been reached takes place automatically once a month. The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG.

You can withdraw your consent at any time with effect for the future by accessing the cookie settings in our cookie banner (consent tool) and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until its withdrawal remains unaffected.

Further information on the terms of use of Google Analytics and on data protection at Google can be found at:

google.com/analytics/terms/default.html and https://policies.google.com/?hl=en.

8.4 Microsoft „Clarity“

We use the “Clarity” service on our website. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

“Clarity” is a tool for analysing user behaviour on our website. “Clarity” records, in particular, mouse movements and creates a graphical representation of which parts of the website users scroll to most frequently (heatmaps). “Clarity” can also record sessions so that we can view the website usage in the form of videos. In addition, we receive information about general user behaviour within our website.

“Clarity” uses technologies that enable the recognition of users for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). Your personal data may be stored on the servers of Microsoft (Microsoft Azure Cloud Service) in the USA. We point out that on 10 July 2023 the EU Commission adopted an adequacy decision (Art. 45 GDPR) for the USA. Microsoft is certified under the new EU–US Data Privacy Framework. We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR. As Microsoft’s servers are distributed worldwide and a transfer to other third countries (e.g. Singapore) cannot be completely ruled out, we have additionally concluded the EU standard contractual clauses with the provider.

Where consent is obtained via our cookie banner, the use of the service is based exclusively on Art. 6 para. 1 lit. a GDPR and Section 25 TDDDG. Consent can be withdrawn at any time. If no consent is obtained, use of this service is based on Art. 6 para. 1 lit. f GDPR. As website operators, we have a legitimate interest in effective user analysis, optimisation and the economic operation of our online presence.

Further information on “Clarity” data protection can be found at https://learn.microsoft.com/en-us/clarity/faq. An opt-out option is available at https://choice.microsoft.com/en-US/opt-out.

8.5 Use of Microsoft cloud services (OneDrive)

For processing and internal administration of your order data, we use the cloud services Microsoft 365 and the cloud storage OneDrive, provided by Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (subsidiary of Microsoft Corp., USA). Processing takes place predominantly within the so-called EU Data Boundary, i.e. in data centres within the EU/EFTA.

We store and process the data collected in the web shop (e.g. contact details, invoice data, communication content) in the Microsoft cloud in order to ensure efficient, cross-location processing of our business transactions and the safeguarding of our data. The legal basis is Art. 6 para. 1 lit. b GDPR (performance of a contract) and Art. 6 para. 1 lit. f GDPR (our legitimate interest in a modern and secure IT infrastructure).

Within the EU Data Boundary, Microsoft generally processes data within the EU/EFTA. In certain cases (e.g. support services, security and telemetry data), however, a transfer to third countries such as the USA cannot be completely ruled out.

We point out that on 10 July 2023 the EU Commission adopted an adequacy decision (Art. 45 GDPR) for the USA. Microsoft is certified under the new EU–US Data Privacy Framework. We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR. As Microsoft’s servers are distributed worldwide and a transfer to other third countries (e.g. Singapore) cannot be completely ruled out, we have additionally concluded the EU standard contractual clauses with the provider.

Further information on the provider’s data protection can be found at https://www.microsoft.com/en-us/privacy/privacystatement.

8.6 Use of an ERP system (SAP)

To handle our business processes and manage your order data, we use the ERP system of the provider “SAP”, SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf.

The data collected in our online shop (e.g. company name, address, order data, payment information) are transferred to our SAP system in order to technically process your order, to issue invoices and to fulfil our contractual obligations towards you. The legal basis is Art. 6 para. 1 lit. b GDPR (performance of a contract) and Art. 6 para. 1 lit. f GDPR (our legitimate interest in efficient and central management of our business processes). We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR.

8.7 Flockler

To embed posts of our social media content on our website, we use the “Flockler” service of the provider Flockler Oy, Rautatienkatu 26 B 32, 33100 Tampere, Finland.

When a page with Flockler elements is called up, a connection is established to Flockler’s servers. Your IP address is transmitted in order to deliver the content to your browser. In addition, the embedded networks (e.g. LinkedIn, Instagram, Facebook) may load their own content, during which data may be transmitted to these services. Flockler itself does not store personal data of visitors, does not set cookies and does not process IP addresses.

Use is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR (e.g. via our cookie consent banner) or on our legitimate interest in an appealing design of our online offering pursuant to Art. 6 para. 1 lit. f GDPR.

The provider primarily processes data on servers within the EU/EEA. We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR. Insofar as, through the embedding of content (e.g. LinkedIn posts, Instagram posts), data are transmitted to servers of the platform operators in the USA, this is based on the EU Commission’s standard contractual clauses and/or on the basis of the EU–US Data Privacy Framework.

Further information on the provider’s data protection can be found at https://flockler.com/gdpr.

8.8 Links to social media pages

We have placed social media logos of Facebook / Instagram / YouTube / LinkedIn (hereinafter “providers”) on our website, which link to our respective profiles with the providers and enable you to follow us there.

Facebook is a service of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. In the EU, this service is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (both hereinafter referred to as “Facebook”).

Provider’s privacy information: https://www.facebook.com/about/privacy

Instagram is a service of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA. In the EU, this service is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Provider’s privacy information: https://privacycenter.instagram.com/policy/

YouTube is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In the EU, this service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Provider’s privacy information: https://policies.google.com/privacy?hl=en

LinkedIn is a service of LinkedIn Corporation, 1000 W Maude, Sunnyvale, CA 94085, USA. In the EU, this service is operated by LinkedIn, Sendlinger Str. 12, Hofstatt, 80331 Munich.

Provider’s privacy information: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

For data protection reasons, we have only implemented links to our respective profiles with the providers. This means that no data about you are transmitted to the providers as long as you do not click the respective social media logo. As soon as you click the link we have placed to our respective profile, you will be redirected to the provider’s website, which results in data being transmitted to the provider concerned. We have no influence on this transmission and collection of data, which may be personal data, by the providers. Likewise, we have no knowledge of the specific purposes of these data processing operations or their scope and storage period. Whether the providers carry out erasures, create or assign profiles or use anonymisation is also unknown to us and beyond our control.

If, when you click the link implemented on our website, you are logged in to one of the above providers, the data collected by the provider when its website is called up will be directly assigned to your profile there.

The processing of users’ personal data is based on our legitimate interest in effective information and communication with users pursuant to Art. 6 para. 1 lit. f GDPR. If users are asked by the respective providers to consent to data processing (i.e. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 lit. a GDPR in conjunction with Art. 7 GDPR.

For a detailed description of the respective forms of processing and the options to object (opt-out), we refer to the privacy notices and information provided by the operators of the respective networks. In the event of access requests and the exercise of data subject rights, we also point out that these can be asserted with the respective providers, as they have access to the users’ data and can take appropriate measures and provide information.

8.9 Google Ads

We use Google Ads, an online advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to display interest-based advertisements and to measure the effectiveness of our marketing campaigns. In this context, we use functionalities such as conversion tracking and remarketing.

For these purposes, Google uses cookies and similar technologies that enable the storage of information on, and access to information from, your terminal device. In this context, personal data may be processed, including in particular your IP address, device and browser information, unique identifiers (such as cookie IDs), and information about your interaction with our website (e.g. pages visited, clicks, and conversions).

This enables Google to recognize users across different websites and devices and to assign user actions to specific advertising campaigns. The information collected may also be used by Google for its own purposes, such as improving its services and creating user profiles, in accordance with Google’s own data protection policies.

The storage of and access to information on your terminal device takes place exclusively on the basis of your consent pursuant to Section 25 para. 1 TDDDG. The subsequent processing of your personal data is carried out on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Google acts as an independent controller within the meaning of the GDPR with regard to the described processing activities. Further information on how Google processes personal data can be found in Google’s privacy policy at: https://policies.google.com/privacy

Personal data may be transferred to third countries, in particular to the United States. Where applicable, such transfers are based on the European Commission’s adequacy decision for the EU-US Data Privacy Framework, provided that the recipient is certified under this framework. In addition, Standard Contractual Clauses pursuant to Art. 46 GDPR may be used as appropriate safeguards.

However, it cannot be excluded that authorities in third countries may access the transferred data without providing a level of data protection equivalent to that in the European Union. In particular, there may be limited legal remedies available to data subjects.

Your consent is voluntary and can be withdrawn at any time with effect for the future. You can withdraw your consent or adjust your preferences at any time via our consent management tool. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Further information on the storage duration of cookies and similar technologies can be found in our consent management tool.

8.10 Google Syndication

Our website may use Google Syndication technologies (e.g. for the delivery of advertisements via the Google Display Network), a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to deliver, manage and optimise advertising content.

For these purposes, Google uses cookies and similar technologies that enable the storage of information on, and access to information from, your terminal device. In this context, personal data may be processed, including in particular your IP address, device and browser information, unique identifiers (such as cookie IDs), and information about your interaction with advertisements (e.g. impressions, clicks, and conversions).

This enables Google to recognise users across different websites and devices and to analyse and optimise the performance and reach of advertising campaigns. The information collected may also be used by Google for its own purposes, such as improving its services and creating user profiles, in accordance with Google’s own data protection policies.

Further information on the storage duration of cookies and similar technologies can be found in our consent management tool.

8.11 Google Translate

We use Google Translate, a translation service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to provide automated translations of website content.

When you use the translation function, the content you access (including text input, if applicable) may be transmitted to Google and processed there in order to generate the translation. In this context, personal data may be processed, including in particular your IP address, device and browser information, and the content submitted for translation.

The use of Google Translate may involve the transfer of data to Google servers, including servers located outside the European Union. Please note that we have no influence on the scope of data processing carried out by Google.

The storage of and access to information on your terminal device, if applicable, takes place exclusively on the basis of your consent pursuant to Section 25 para. 1 TDDDG. The subsequent processing of your personal data is carried out on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Further information on the storage duration of cookies and similar technologies can be found in our consent management tool.

8.12 YouTube Videos

Our website embeds videos from YouTube, a video platform provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Videos are only loaded after you have provided your consent.

When you access a page on which a YouTube video is embedded, a connection to Google’s servers is established. In this process, personal data may be processed, including in particular your IP address, device and browser information, and information about your interaction with the video (e.g. playback, clicks, viewing duration). If you are logged into your Google account, this data may be associated with your user profile.

YouTube uses cookies and similar technologies to store and access information on your terminal device and to analyse user behaviour. The information collected may also be used by Google for its own purposes, such as improving its services and creating user profiles, in accordance with Google’s own data protection policies.

Further information on the storage duration of cookies and similar technologies can be found in our consent management tool.

8.13 LinkedIn Insight Tag

We use the LinkedIn Insight Tag, a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"), to analyse the effectiveness of our marketing campaigns and to display interest-based advertisements.

For these purposes, LinkedIn uses cookies and similar technologies that enable the storage of information on, and access to information from, your terminal device. In this context, personal data is processed, including in particular your IP address, device and browser information, unique identifiers (such as cookie IDs), and information about your interaction with our website (e.g. page visits, clicks, and conversions).

This enables LinkedIn to recognise users across different websites and devices and to assign user actions to specific advertising campaigns. The information collected may also be used by LinkedIn for its own purposes, such as improving its services and creating user profiles, in accordance with LinkedIn’s own data protection policies.

LinkedIn and we act as joint controllers within the meaning of Art. 26 GDPR with regard to certain processing activities, in particular in the context of conversion tracking. The respective responsibilities are defined in an agreement on joint controllership, which can be accessed here: https://legal.linkedin.com/pages-joint-controller-addendum

Further information on how LinkedIn processes personal data can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy

Further information on the storage duration of cookies and similar technologies can be found in our consent management tool.

8.14 Zendesk

For customer communication and support purposes, we use Zendesk, a customer service platform provided by Zendesk, Inc., 989 Market Street, San Francisco, CA 94103, USA.

When you contact us (e.g. via contact form, email, or support request), the data you provide, including your contact details and the content of your request, is processed via Zendesk. In this context, personal data may be processed, including in particular your name, email address, communication content, IP address, and metadata related to the communication process.

Zendesk enables us to efficiently handle customer inquiries and improve our support processes. The processing of personal data is carried out on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your request is related to the performance of a contract or pre-contractual measures. In all other cases, processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in providing an effective customer support system.

Zendesk acts as a processor within the meaning of Art. 28 GDPR. We have concluded a data processing agreement (Data Processing Agreement) with Zendesk in accordance with Art. 28 GDPR.

Your data will be stored only for as long as necessary to process your request and to comply with statutory retention obligations.

Further information on how Zendesk processes personal data can be found in Zendesk’s privacy policy at: https://www.zendesk.com/company/privacy-and-data-protection/

8.15 Snitcher

We use Snitcher, a B2B analytics and lead generation service provided by Snitcher B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands, to identify companies that visit our website and to analyse business-related website usage.

For this purpose, Snitcher processes information about website visitors, including in particular IP addresses, company-related data, device and browser information, and information about visited pages and interactions on our website. Snitcher uses this information to determine whether a visitor can be associated with a company and to provide aggregated insights into business visitors.

The processing of personal data is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in analysing the use of our website by business customers, optimising our online offering, and supporting our sales activities. Our interest is limited to the identification of company-related visits; no direct identification of natural persons is intended.

Snitcher acts as a processor within the meaning of Art. 28 GDPR. We have concluded a data processing agreement (Data Processing Agreement) with Snitcher in accordance with Art. 28 GDPR.

Personal data may be transferred to third countries outside the European Union. Where applicable, such transfers are based on Standard Contractual Clauses pursuant to Art. 46 GDPR as appropriate safeguards.

Your data will be stored only for as long as necessary to fulfil the purposes described above and to comply with statutory retention obligations.

Further information on how Snitcher processes personal data can be found in Snitcher’s privacy policy at: https://www.snitcher.com/privacy-policy/

8.16 Matterport

Our website may use Matterport to provide interactive 3D visualisations, a service provided by Matterport, Inc., 352 E. Java Dr., Sunnyvale, CA 94089, USA. Content is only loaded after you have provided your consent.

When you access a page on which Matterport content is embedded, a connection to Matterport’s servers is established. In this process, personal data is processed, including in particular your IP address, device and browser information, and information about your interaction with the embedded content (e.g. navigation within the 3D tour, viewing duration, and interactions).

Matterport uses cookies and similar technologies to store and access information on your terminal device and to analyse user behaviour. The information collected may also be used by Matterport for its own purposes, such as improving its services and creating user profiles, in accordance with Matterport’s own data protection policies.

Matterport acts as an independent controller within the meaning of the GDPR with regard to the described processing activities. Further information on how Matterport processes personal data can be found in Matterport’s privacy policy at: https://matterport.com/legal/privacy-policy

Further information on the storage duration of cookies and similar technologies can be found in our consent management tool.

8.17 Flippingbook

We use Flippingbook to display digital publications on our website, a service provided by Flippingbook Limited, Arch. Makariou III & Kalograion 4, Nicolaou Pentadromos Center, Block B, 2nd floor, Office 204, 6016 Larnaca, Cyprus. Content is only loaded after you have provided your consent.

When you access a page on which Flippingbook content is embedded, a connection to Flippingbook’s servers is established. In this process, personal data is processed, including in particular your IP address, device and browser information, and information about your interaction with the embedded content (e.g. pages viewed, navigation behaviour, and viewing duration).

Flippingbook uses cookies and similar technologies to store and access information on your terminal device and to analyse user behaviour. The information collected may also be used by Flippingbook for its own purposes, such as improving its services and creating user profiles, in accordance with Flippingbook’s own data protection policies.

Flippingbook acts as an independent controller within the meaning of the GDPR with regard to the described processing activities. Further information on how Flippingbook processes personal data can be found in Flippingbook’s privacy policy at: https://flippingbook.com/privacy-policy

Further information on the storage duration of cookies and similar technologies can be found in our consent management tool.

8.19 Akismet

We use Akismet, an anti-spam service provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, to protect our website from spam and abusive submissions.

When you submit content on our website (e.g. via comment forms or contact forms), the data you enter, including your name, email address, IP address, and the content of your message, may be transmitted to Akismet and processed there to determine whether the submission is legitimate or constitutes spam.

Akismet acts as an independent controller within the meaning of the GDPR with regard to the described processing activities. Further information on how Akismet processes personal data can be found in Automattic’s privacy policy at: https://automattic.com/privacy/

Your data will be processed only for as long as necessary to fulfil the purposes described above and to ensure the security of our website.

8.20 Acuity Scheduling

We use “Acuity Scheduling”, a cloud-based scheduling and appointment management service provided by Squarespace, Inc., 225 Varick Street, 12th Floor, New York, NY 10014, USA, to allow customers to book appointments online and to manage our appointment scheduling.

When you book an appointment via Acuity Scheduling, the data you provide, including your name, contact details (e.g. email address, phone number), and any additional information requested in the booking form, is transmitted to and processed by Acuity Scheduling.

The processing of personal data is carried out on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your request is related to the performance of a contract or pre-contractual measures (e.g. booking an appointment). In all other cases, processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in providing an efficient and user-friendly appointment booking system.

Acuity Scheduling acts as a processor within the meaning of Art. 28 GDPR. We have concluded a data processing agreement (Data Processing Addendum) with Squarespace/Acuity Scheduling in accordance with Art. 28 GDPR.

Personal data may be transferred to third countries, in particular to the United States. Where applicable, such transfers are based on Standard Contractual Clauses pursuant to Art. 46 GDPR as appropriate safeguards, as part of the International Data Transfer Agreement offered by Squarespace.

Your data will be stored only for as long as necessary to fulfil the purposes described above and to comply with statutory retention obligations.

Further information on how Squarespace/Acuity Scheduling processes personal data can be found in Squarespace’s privacy policy at: https://www.squarespace.com/privacy

8.21 JSDelivr

We use jsDelivr, a content delivery network (CDN) and open-source hosting service provided by jsDelivr Ltd., 140, 28th Street, Nicosia, Cyprus, to deliver JavaScript, CSS, fonts, and other static resources on our website.

When you access a page on our website, a connection to jsDelivr’s servers is established and your browser loads resources from jsDelivr. In this process, personal data is processed, including in particular your IP address, device and browser information, and information about the requested files.

The processing of personal data is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in ensuring fast, secure, and efficient loading of our website through the use of a content delivery network. These interests are considered to override any conflicting interests of data subjects, as the processing is limited to the technical delivery of static resources and does not involve tracking or profiling for marketing purposes.

jsDelivr acts as a processor within the meaning of Art. 28 GDPR. We proceed on the basis that jsDelivr acts as a processor. Where technically and contractually feasible, we have concluded a data processing agreement in accordance with Art. 28 GDPR.

Personal data may be transferred to third countries outside the European Union, including via jsDelivr’s CDN partners (e.g. Cloudflare, Akamai, Fastly). Where applicable, such transfers are based on Standard Contractual Clauses pursuant to Art. 46 GDPR as appropriate safeguards.

Your data will be processed only for as long as necessary to fulfil the purposes described above and to ensure the technical delivery of static resources.

Further information on how jsDelivr processes personal data can be found in jsDelivr’s privacy information at: https://www.jsdelivr.com/privacy

8.22 gstatic.com

Our website uses resources from gstatic.com, a content delivery network (CDN) and static content hosting service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), to deliver JavaScript, CSS, fonts, images, and other static resources.

When you access a page on our website, a connection to gstatic.com’s servers is established and your browser loads resources from gstatic.com. In this process, personal data is processed, including in particular your IP address, device and browser information, and information about the requested files.

Google acts as a processor within the meaning of Art. 28 GDPR. We have concluded a data processing agreement (Data Processing Addendum) with Google in accordance with Art. 28 GDPR.

Your data will be processed only for as long as necessary to fulfil the purposes described above and to ensure the technical delivery of static resources.

Further information on how Google processes personal data can be found in Google’s privacy policy at: https://policies.google.com/privacy

Processing is carried out exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR.

8.23 FriendlyCaptcha

We use FriendlyCaptcha, a privacy-friendly anti-bot service provided by FriendlyCaptcha GmbH, Schwanenstraße 15, 10119 Berlin, Germany, to protect our website from automated abuse and spam.

When you interact with forms or protected elements on our website (e.g. contact forms, comment forms, or registration forms), FriendlyCaptcha may process information about your browser and device to verify that you are a human user and not an automated bot. In this process, personal data may be processed, including in particular your IP address, device and browser information, and cryptographic proof-of-work data.

The processing of personal data is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in ensuring the security and integrity of our website and in preventing automated abuse, spam, and bot attacks. These interests are considered to override any conflicting interests of data subjects, as the processing is limited to bot detection and does not involve tracking or profiling for marketing purposes. FriendlyCaptcha is designed to be privacy-friendly and does not transmit data to third parties for marketing purposes.

FriendlyCaptcha acts as a processor within the meaning of Art. 28 GDPR. We have concluded a data processing agreement with FriendlyCaptcha in accordance with Art. 28 GDPR.

As FriendlyCaptcha is based in the European Union, no transfer of personal data to third countries is required for the core functionality.

Your data will be processed only for as long as necessary to fulfil the purposes described above and to ensure the security of our website.

Further information on how FriendlyCaptcha processes personal data can be found in FriendlyCaptcha’s privacy policy at: https://friendlycaptcha.com/privacy/

8.24 Embedding of services and content of third parties

It may happen that third-party content, for example RSS feeds or graphics from other websites, is embedded within our pages. This is done on the basis of our legitimate interest (optimisation and the economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f GDPR). This always presupposes that the providers of this content (hereinafter “third-party providers”) perceive the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore required to display this content. We endeavour to use only content whose respective providers use the IP address solely to deliver the content. However, we have no influence if third-party providers store the IP address, for example for statistical purposes. Insofar as this is known to us, we will inform users accordingly.

9. Newsletter

After you have expressly registered for our newsletter, you will receive regular offers by email. When you register for our newsletter, we store your IP address, and the date and time of your registration. This serves as evidence in the event that a third party misuses your email address and subscribes to our newsletter without your knowledge. No further data are collected by us. The data collected in this way are used exclusively for sending our newsletter. There is no transfer to third parties.

You can unsubscribe from our newsletter at any time. Details can be found in the confirmation e-mail and in each individual newsletter. As part of the registration process, your consent is obtained for the processing of data and reference is made to this privacy notice. The legal basis for the processing of data after registration for the newsletter by the user is, where consent has been given by the user, Art. 6 para. 1 lit. a GDPR. The data are deleted as soon as they are no longer required for the purpose for which they were collected. Your e-mail address is therefore stored for as long as the newsletter subscription is active.

9.1. Data transfer for newsletter dispatch / use of “Salesforce”

For sending newsletters and managing our newsletter subscribers, we use a service provided by “salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich”. The legal basis for the use of this service provider is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the most reliable possible sending of our newsletters and the management of our newsletter subscribers.

The service enables us to organise and analyse our newsletter dispatch. Through the analysis we can evaluate how many recipients have opened the newsletter and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on this website) has taken place after a link in the newsletter has been clicked.

These data serve exclusively the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you do not wish analysis by “Salesforce”, we kindly ask you to unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter. You can also withdraw your consent to receiving the newsletter at any time with the unsubscribe button at the bottom.

We have concluded a data protection agreement in accordance with Art. 28 GDPR with the provider. It cannot be ruled out that data will be processed on the provider’s servers in the USA. Salesforce is certified under the EU–US Data Privacy Framework (DPF), which ensures an adequate level of protection. In addition, the EU Commission’s standard contractual clauses (SCC) (Art. 46 para. 2/3 GDPR) apply.

10. Publication of job advertisements

You have the option of applying for advertised vacancies in our company by e-mail. If you apply for an advertised vacancy, your application data will be collected and processed electronically within our Mitutoyo Group for the purpose of handling the application procedure. Access to the application data is restricted to employees or department managers involved in the application process. If your application results in the conclusion of an employment contract, your transmitted data may be stored in your personnel file for the purpose of the usual organisational and administrative processes, in compliance with the applicable legal provisions. Under data protection law, the collection of data necessary for establishing the employment relationship is permitted under Section 26 para. 1 sentence 1 BDSG in conjunction with Art. 88 para. 1 GDPR. If you voluntarily provide us with information about yourself beyond what is necessary, this is done on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR. As part of the processing, your data may be transferred to persons within our Mitutoyo Group, as well as to service providers who are contractually bound and obliged to maintain confidentiality and who perform partial tasks of data processing.

If an application is rejected, we delete the data transmitted to us six months after the notification of the rejection. The data will not be deleted if statutory provisions, for example due to evidential obligations under the AGG, require longer storage of up to six months or until legal proceedings have been concluded.

If we offer you the opportunity to be included in our talent pool (applicant pool), we require your voluntary consent for this, for example by ticking the corresponding consent box. Your application will be stored in the talent pool (applicant pool) for a maximum of 12 months, after which we will delete your data automatically. The legal basis for this is Art. 6 para. 1 lit. a GDPR (your consent). You can withdraw your consent at any time pursuant to Art. 7 para. 3 GDPR by notifying us, with effect for the future.

Our “Privacy Notice for Applicants” can be found at https://mitutoyo.eu/legal/privacy-policy-1/privacy-notice-applicants.

11. Rights of data subjects

Under the General Data Protection Regulation (GDPR), you have so-called “data subject rights”. These include, in particular, the following in relation to us:

Right to information at the latest at the time of collection pursuant to Art. 13 GDPR, which we fulfil by means of this privacy notice
Right of access pursuant to Art. 15 GDPR
Right to rectification of your data pursuant to Art. 16 GDPR
Right to erasure pursuant to Art. 17 GDPR
Right to restriction of processing pursuant to Art. 18 GDPR
You have the right, under the statutory conditions, to object to the processing of your personal data concerning you (Art. 21 GDPR) on grounds relating to your particular situation.
Furthermore, pursuant to Art. 7 para. 3 GDPR you have the right to withdraw your consent, once given, at any time. As a result, we may no longer continue the data processing that was based on this consent in the future. The lawfulness of processing carried out on the basis of the consent until its withdrawal remains unaffected.
Where applicable: Right to data portability pursuant to Art. 20 GDPR

We will assist you in asserting your rights in accordance with the GDPR and other legal provisions.

For requests regarding the exercise of your rights, please contact the office of our company specified above. Please understand that, also in the interest of the rights of other persons, we can only provide personal information if you can identify yourself appropriately.

You also have the right to lodge a complaint with a supervisory authority of your choice pursuant to Art. 77 GDPR. The supervisory authority responsible for data protection for our company is: The State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Kavalleriestr. 2–4, 40213 Düsseldorf, Telephone: 0211/38424-0, E-mail: poststelle@ldi.nrw.de.

12. Data security

Your personal data are transmitted in encrypted form via TLS over the Internet when you use our contact form and application form. We protect our website and other systems through technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons.

13. Erasure and restriction (blocking) of personal data

Erasure and restriction (blocking) of your personal data take place after the purpose has ceased to apply, provided they are no longer required for the performance or initiation of a contract, taking into account statutory retention periods under laws and/or tax codes.

14. Contact options

You have the option of contacting us by telephone, email and/or via contact forms. In this case, the data you provide will be stored for the purpose of processing your contact request. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis is Art. 6 para. 1 lit. b GDPR. Within the scope of your contact, your personal data may be forwarded internally to the relevant department for processing. Your data will not be passed on to external third parties. The data are deleted as soon as they are no longer required for the purpose for which they were collected and no statutory retention periods prevent deletion.

14.1. Salesforce contact forms

We provide contact forms on our website that you can use to contact us electronically. If you use a contact form, the data you enter are transmitted to us via a secure connection and stored in our “Salesforce” CRM system in order to process your enquiry. Mandatory fields are indicated accordingly in the input form.

15. Links to websites of other providers

If we provide links to websites of other companies/organisations, the privacy notices and policies of those websites apply. We have no influence on whether these providers comply with data protection regulations.

16. Changes and updates to this privacy notice

This privacy notice may be updated due to changes in the data processing activities we carry out, changes in legislation, court rulings, changes to our company’s contact information, etc. We therefore ask you to inform yourself regularly about the content of this privacy notice.