Privacy Policy
1. Introduction
With the following information we would like to give you, as a "data subject", an overview of how we process your personal data and of your rights under data protection law. It is generally possible to use our website without entering personal data. However, if you wish to make use of particular services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for it, we generally obtain your consent.
The processing of personal data — such as your name, address or e-mail address — is always carried out in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to UPC-Marathon GmbH. By means of this privacy policy we inform you about the scope and purpose of the personal data we collect, use and process.
As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection possible of the personal data processed via this website. Nevertheless, internet-based data transmissions can have security gaps, so absolute protection cannot be guaranteed. For this reason you are free to transmit personal data to us by alternative means, for example by telephone or post.
You too can take simple measures to protect yourself against unauthorised access to your data by third parties. We would therefore like to give you a few tips on how to handle your data securely:
- Protect your accounts and your IT systems (computer, laptop, tablet or mobile device) with secure passwords to which only you have access.
- Use a separate password for each account, application or online service, and do not reuse the same password across different websites or services.
- When using publicly accessible or shared IT systems, always log out after using a website, application or online service.
- Passwords should consist of at least 12 characters and should not be easy to guess: avoid common words, your own name or the names of relatives, and use upper and lower case letters, numbers and special characters.
2. Controller
United Process Controls GmbH
Im Pfingstwasen 1
D-73035 Göppingen, Germany
T: +49 7161 94888 0
M: [email protected]
Managing directors: Board of Directors of Nitrex Group
3. Data Protection Officer
For any privacy request, please contact us using the details in section 2.
4. Definitions
This privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance. We use the following terms, among others, in this privacy policy:
- Personal data — any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Data subject — any identified or identifiable natural person whose personal data is processed by the controller.
- Processing — any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Restriction of processing — the marking of stored personal data with the aim of restricting its future processing.
- Profiling — any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- Pseudonymisation — the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures.
- Processor — a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Recipient — a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
- Third party — a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- Consent — any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
5. Legal Bases for Processing
Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific purpose.
Where the processing of personal data is necessary for the performance of a contract to which you are a party — as is the case, for example, for processing operations necessary for the supply of goods or the provision of another service — the processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations necessary to carry out pre-contractual measures, for example in the case of enquiries about our products or services.
Where our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1)(c) GDPR.
In rare cases the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. The processing would then be based on Art. 6(1)(d) GDPR.
Finally, processing operations may be based on Art. 6(1)(f) GDPR. This legal basis applies to processing that is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
6. Transmission of Data to Third Parties
Your personal data is not transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:
1. you have given us your express consent in accordance with Art. 6(1)(a) GDPR,
2. the disclosure is permitted under Art. 6(1)(f) GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
3. there is a legal obligation for disclosure pursuant to Art. 6(1)(c) GDPR, or
4. this is legally permissible and necessary for the processing of contractual relationships with you pursuant to Art. 6(1)(b) GDPR.
Recipients may include our hosting and CDN providers (processors), the form processor, other Nitrex / Aichelin Group companies where required to handle your request, and authorities where legally obliged.
As part of the processing operations described in this privacy policy, personal data may be transferred to the USA (e.g. Cloudflare). To protect your data, we rely on adequacy decisions of the European Commission pursuant to Art. 45 GDPR (e.g. the EU–US Data Privacy Framework) or, where these do not apply, on data processing agreements based on the European Commission's standard contractual clauses. Where these are not sufficient, your consent may serve as the legal basis for a transfer pursuant to Art. 49(1)(a) GDPR. We do not sell your personal information.
7. Technology
7.1 SSL/TLS Encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content that you send to us as the operator. You can recognise an encrypted connection by "https://" in the address bar of your browser and by the lock symbol. We use this technology to protect your transmitted data.
7.2 Data Collection When Visiting the Website (Server Log Files)
If you use our website only for information purposes — i.e. you do not register or otherwise transmit information to us — we only collect the data that your browser transmits to our server (in so-called "server log files"). Each time you access a page, the following general data and information may be recorded:
1. the browser type and version used,
2. the operating system used by the accessing system,
3. the website from which an accessing system reaches our website (referrer),
4. the sub-pages accessed on our website,
5. the date and time of access,
6. an Internet Protocol (IP) address, and
7. the internet service provider of the accessing system.
When using this general data and information we do not draw any conclusions about your person. Rather, this information is required to deliver the content of our website correctly, to optimise the content of our website, to ensure the permanent functionality of our IT systems and the technology of our website, and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack. The data of the server log files are stored separately from any personal data provided by a data subject. The legal basis is Art. 6(1)(f) GDPR; our legitimate interest follows from the purposes listed above.
7.3 Content Delivery Network — Cloudflare
Our website uses functions of Cloudflare. The provider is Cloudflare, Inc., 665 3rd St. #200, San Francisco, CA 94107, USA. Cloudflare offers a globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our website is routed via the Cloudflare network. This enables Cloudflare to analyse the data traffic between users and our website in order to detect and ward off attacks on our services. Cloudflare may use technically necessary cookies to optimise security and performance. Cloudflare collects statistical data about visits, including: the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL, IP address and the requesting provider. The legal basis is our legitimate interest in operating our online offering securely and reliably (Art. 6(1)(f) GDPR). We have concluded a data processing agreement with Cloudflare on the basis of the GDPR. Cloudflare, Inc. is certified under the EU–US Data Privacy Framework; this is an adequacy decision pursuant to Art. 45 GDPR, so personal data may be transferred to the USA without further guarantees.
7.4 Hosting
Our website and content management system (Strapi) are hosted by 〔hosting provider, location〕. The provider processes the access data described above on our behalf in order to operate and deliver the website. We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR. The legal basis is our legitimate interest in a secure and efficient provision of our website (Art. 6(1)(f) GDPR).
8. Cookies
8.1 General Information
Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses. Our website uses a strictly necessary, functional cookie (`NEXT_LOCALE`) that stores your selected language so the site displays correctly. It contains no personal identifier and is not used for analysis or advertising. Any cookies or technologies that are not strictly necessary are only used once you have given your consent via our consent management platform (see section 8.4).
8.2 Legal Basis
The data processed by cookies which are required for the proper functioning of the website is necessary to safeguard our legitimate interests in accordance with Art. 6(1)(f) GDPR. For all other cookies or technologies, you give your consent via the consent banner within the meaning of Art. 6(1)(a) GDPR.
8.3 Browser Settings
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Cookie management is explained on the support pages of the common browsers: Google Chrome, Apple Safari, Mozilla Firefox and Microsoft Edge. If you deactivate cookies, the functionality of our website may be limited.
8.4 Consent Management Platform — Usercentrics
We use the consent management platform "Usercentrics" from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. Usercentrics is used to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies, and to document this consent in accordance with data protection regulations. When you visit our website, the following personal data may be processed: consent or revocation of consent; IP address (shortened/anonymised); information about the browser; information about the device; time of the visit; URL of the page visited; and a consent ID. The processing is carried out to fulfil our legal obligations pursuant to Art. 6(1)(c) GDPR in conjunction with Art. 7(1) GDPR. Your consent status is stored in your browser so that the website can automatically read and follow it on subsequent requests and future sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years and then deleted. The functionality of the website is not guaranteed without this processing. Usercentrics acts as our processor and data processing takes place exclusively within the European Union. Further information is available at https://usercentrics.com/privacy-policy/.
9. Contact and Request Forms
9.1 Contact / Request for Quote
Our "Contact" and "Request for Quote" forms open your own email program and send your message to [email protected] / [email protected]. Personal data (e.g. name, e-mail, company, message) is processed solely to respond to and handle your enquiry. The legal basis is our legitimate interest in responding to your request (Art. 6(1)(f) GDPR) or, where your request is aimed at concluding a contract, Art. 6(1)(b) GDPR. The data is deleted after your request has been dealt with, unless statutory retention obligations apply.
9.2 Service / Registration Forms
For service requests (e.g. probe registration), the data you enter (e.g. name, e-mail, request details) is transmitted to 〔form processor〕 in order to process your request. The legal basis is Art. 6(1)(b) and (f) GDPR. The data is deleted after your request has been dealt with, unless statutory retention obligations apply.
10. Your Rights as a Data Subject
10.1 Right to confirmation. You have the right to request confirmation from us as to whether personal data concerning you is being processed.
10.2 Right of access. You have the right to obtain free information about the personal data stored about you and a copy of this data, in accordance with the statutory provisions.
10.3 Right to rectification. You have the right to request the correction of inaccurate personal data concerning you and the completion of incomplete data.
10.4 Right to erasure. You have the right to demand that we erase the personal data concerning you without undue delay, provided that one of the reasons provided by law applies and processing is not necessary.
10.5 Right to restriction of processing. You have the right to request that we restrict processing where one of the statutory conditions is met.
10.6 Right to data portability. You have the right to receive the personal data you provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller where technically feasible.
10.7 Right to object. You have the right to object at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. We will no longer process the data unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms.
10.8 Withdrawal of consent. You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
10.9 Complaint to a supervisory authority. You have the right to lodge a complaint with a supervisory authority. The authority competent for us is the *Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)*, Düsseldorf.
To exercise any of these rights, please contact us using the details in section 2.
11. Routine Storage, Deletion and Blocking
We process and store your personal data only for the period required to achieve the purpose of storage, or as provided for by the legal regulations to which our company is subject. Once the purpose of storage ceases to apply or a prescribed retention period expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.
12. Duration of Storage
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the period expires, the corresponding data is routinely deleted, provided it is no longer required for the fulfilment or initiation of a contract.
13. Changes to this Privacy Policy
This privacy policy is currently valid and has the status: June 2026. We may amend this privacy policy as our website and our services develop, or due to changed legal or regulatory requirements. The current version is always available on our website.