Support

Support

Configure your individual carpet, order samples or contact us directly!
Personal advice
Phone: +49 711 34 02-0
[email protected]
Contact form Find a showroom or dealer
Configure a carpet Order a sample

Legal Notice

1. Introduction

With the following information, we would like to provide you—as a "data subject"—with an overview of how your personal data is processed by us, OBJECT CARPET GmbH (hereinafter referred to as “OBJECT CARPET”), and inform you about your rights under applicable data protection laws.

In general, the use of our website is possible without submitting personal data. However, if you wish to use special services provided by our company via our website, it may become necessary to process personal data. If such processing is required and there is no legal basis for it, we will always obtain your explicit consent.

The processing of personal data—such as your name, address, or email address—is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR) and any applicable national data protection regulations relevant to OBJECT CARPET.

This privacy policy is intended to inform you about the type, scope, and purpose of the personal data we collect, use, and process.

As the controller responsible for data processing, we have implemented numerous technical and organizational measures to ensure that your personal data is protected as comprehensively as possible. Nevertheless, internet-based data transmissions may have inherent security gaps, meaning absolute protection cannot be guaranteed. Therefore, you are free to transmit personal data to us by alternative means, such as by telephone or postal mail.

You can also take simple, effective steps to protect your own data from unauthorized access by third parties. For this reason, we offer you the following best practices for handling your data securely:

  • Protect your account (login, user, or customer account) and your IT system (e.g., computer, laptop, tablet, or mobile device) with secure passwords.
  • Only you should have access to your passwords.
  • Ensure that you use each password exclusively for a single account.
  • Avoid using the same password across different websites, applications, or online services.
  • Especially when using public or shared IT systems, always log out of websites, applications, or online services after each session.

Additional information on how to create strong passwords is available from the German Federal Office for Information Security, see here.

2. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:
OBJECT CARPET GmbH
Marie-Curie-Str. 3
73770 Denkendorf
Germany
Phone: +49 711 34 02-0
Fax: +49 711 34 02-155
Email: [email protected]

3. Data Protection Officer

You can contact our Data Protection Officer by email at [email protected] or by postal mail using the address provided above (please add the note “To the Data Protection Officer”).

You may contact our Data Protection Officer at any time with questions, suggestions, or concerns regarding data protection.

4. Definitions

This Privacy Policy is based on the terms used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our intention is to ensure that this Privacy Policy is easily understandable for the general public as well as for our customers and business partners. To achieve this, we would like to begin by explaining the terminology used.

This Privacy Policy uses the following terms, among others:

a. Personal Data

Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified—directly or indirectly—particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

b. Data Subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c. Processing

Processing refers to any operation or set of operations performed on personal data, whether or not by automated means. This includes collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing (by transmission, dissemination, or otherwise making available), aligning, combining, restricting, erasing, or destroying personal data.

d. Restriction of Processing
The marking of stored personal data with the aim of limiting its future processing.

e. Profiling
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person—particularly to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f. Pseudonymization

Processing personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable individual.

g. Processor

A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

h. Recipient

A natural or legal person, public authority, agency, or another body to which personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a particular inquiry under Union or Member State law shall not be regarded as recipients.

i. Third Party

A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

j. Consent

Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

5. Legal Basis for Processing

Article 6(1)(a) GDPR, in conjunction with Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TDDDG, formerly TTDSG), serves as the legal basis for processing operations for which we obtain your consent for a specific purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party—as is the case with processing operations required for the delivery of goods or the provision of other services—the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations required to carry out pre-contractual measures, such as inquiries about our products or services.

If we are subject to a legal obligation that requires the processing of personal data—such as for fulfilling tax obligations—this processing is based on Article 6(1)(c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This could occur, for example, if a visitor is injured on our premises and their name, age, health insurance data, or other vital information must be shared with a doctor or hospital. In this case, processing would be based on Article 6(1)(d) GDPR.

Finally, processing operations may be based on Article 6(1)(f) GDPR. This legal basis applies to processing that is not covered by any of the aforementioned bases if the processing is necessary for the purposes of legitimate interests pursued by our company or a third party, provided these are not overridden by the interests or fundamental rights and freedoms of the data subject. The European legislator explicitly mentions this in Recital 47, Sentence 2 GDPR, stating that a legitimate interest may be assumed if you are a customer of our company.

6. Disclosure of Data to Third Parties

We do not disclose your personal data to third parties for any purposes other than those listed below.

We only share your personal data with third parties if:

  • You have given your express consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG,
  • The disclosure is necessary under Article 6(1)(f) GDPR to safeguard our legitimate interests and there is no reason to believe that you have an overriding interest in the non-disclosure of your data,
  • A legal obligation exists under Article 6(1)(c) GDPR, or
  • It is lawful and necessary for the performance of a contract with you pursuant to Article 6(1)(b) GDPR.

To safeguard your data and, where applicable, allow data transfers to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission’s standard contractual clauses. Where these clauses are insufficient to ensure an adequate level of protection, your consent in accordance with Article 49(1)(a) GDPR may serve as the legal basis for such data transfers. This does not apply where the European Commission has issued an adequacy decision under Article 45 GDPR for the respective third country.

As described in this Privacy Policy, personal data may be transferred to the United States. U.S.-based companies only have an adequate level of data protection if they are certified under the EU-U.S. Data Privacy Framework. For relevant service providers, we explicitly note such certification in this policy. In all other cases, data transfer is based on standard contractual clauses or your explicit consent in accordance with Article 49(1)(a) GDPR, unless an adequacy decision under Article 45 GDPR applies.

7. Technology

7.1 SSL/TLS Encryption

This website uses SSL or TLS encryption to ensure secure data processing and protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the padlock symbol in your browser.

We use this encryption technology to safeguard the data you transmit to us.

7.2 Data Collection When Visiting the Website

When you visit our website for informational purposes only—meaning you do not register or otherwise transmit information to us, nor provide consent to data processing—we collect only the data that your browser automatically transmits to our server (so-called server log files). Each time you or an automated system accesses a page on our site, general data and information are collected and stored in our server log files. This data may include:

  • Browser types and versions used,
  • The operating system used by the accessing system,
  • The referring website (referrer),
  • Subpages accessed on our website,
  • Date and time of access,
  • An Internet Protocol address (IP address),
  • The internet service provider of the accessing system.

We do not use this information to identify you. Instead, it is used to:

  • Deliver website content correctly,
  • Optimize the website and related advertising,
  • Ensure the long-term functionality of our IT systems and website technology,
  • Provide necessary information to law enforcement authorities in the event of a cyberattack.

The data is evaluated statistically to enhance data protection and security within our company and to ensure an optimal level of protection for the personal data we process. Server log file data is stored separately from any personal data you may provide.

The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes listed above.

8. Cookies

8.1 General Information on Cookies

Cookies are small files automatically created by your browser and stored on your device (e.g., laptop, tablet, smartphone) when you visit our site.

Cookies contain information associated with your specific device. However, this does not mean that we obtain knowledge of your identity.

We use cookies to enhance your experience on our website. For example, we use session cookies to recognize that you have already visited certain pages on our site. These are automatically deleted once you leave our website.
We also use temporary cookies to improve user-friendliness. These remain on your device for a specified period. When you revisit our site to use our services, it will automatically recognize that you have visited us before and recall your previous inputs and settings so you do not have to re-enter them.

Additionally, we use cookies to collect statistics on website usage and to optimize our offerings for you. These cookies allow us to recognize repeat visits. They are automatically deleted after a set period. The specific storage durations of cookies can be found in the settings of our consent management tool.

8.2 Legal Basis for Using Cookies

Cookies required for the proper functioning of the website are processed in accordance with Article 6(1)(f) GDPR, reflecting our legitimate interest and that of third parties.
All other cookies are only used with your explicit consent, as obtained through our opt-in cookie banner in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG.

9. Our Activities on Social Media

To communicate with you and inform you about our services on various social media platforms, we maintain official pages on those networks. When you visit one of our social media pages, we are jointly responsible with the respective platform provider for any data processing that occurs, as defined under Article 26 GDPR.

Please note that we are not the original providers of these platforms—we merely use them under the conditions made available to us by each provider. Consequently, your data may be processed outside the European Union (EU) or the European Economic Area (EEA), which may present data protection risks. For example, exercising your rights (e.g., access, erasure, objection) may be more difficult, and the processing may serve the provider’s purposes—particularly advertising or usage behavior analysis—over which we have no influence.

User profiles may be created by the providers using cookies or by associating your behavior with an existing social media account.

These data processing activities are based on our legitimate interests and those of the platform providers in accordance with Article 6(1)(f) GDPR—specifically, to communicate with you and keep you informed in a modern, effective manner. If the platform requires your consent for certain processing, the legal basis is Article 6(1)(a) GDPR in conjunction with Article 7 GDPR.

Please note that we do not have access to the full scope of data processed by the platform providers. Therefore, to exercise your rights (e.g., access, rectification, deletion), we recommend contacting the respective provider directly.

Further information on how your data is handled on these platforms is provided in each provider’s privacy notice.

10. Web Analytics

10.1 Meta Pixel (formerly Facebook Pixel)

We use the "Facebook Pixel" from Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Meta"). With your explicit consent, this tool allows us to track user behavior after interacting with Meta ads (e.g., clicks or views). It helps us measure ad effectiveness and optimize future campaigns.

Data collected by the Meta Pixel includes:

  • IP address,
  • Device details,
  • Browser activity,
  • Website interactions (e.g., page views, conversions).

This data is processed and stored by Meta, which may associate it with your Meta profile and use it for personalized advertising in line with Meta’s Data Policy: https://www.facebook.com/about/privacy/.

Data is retained for 180 days unless the user returns to the website, restarting the retention period.

This processing is carried out exclusively based on your explicit consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG).

Meta is certified under the EU-U.S. Data Privacy Framework. Therefore, personal data may be transferred to the U.S. based on an adequacy decision (Article 45 GDPR).

 

10.2 Google Analytics 4 (GA4)

Our website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

In this context, pseudonymized user profiles are created and cookies are used (see section on "Cookies"). The data collected may include:

  • Temporarily captured IP address (without long-term storage),
  • Location data,
  • Browser type/version,
  • Operating system,
  • Referrer URL (previous page),
  • Time of the server request.

This pseudonymized data may be transmitted to and stored on servers operated by Google in the United States.

The data is used to evaluate website usage, compile reports on website activities, and provide additional services related to internet usage and website optimization. Data may also be transferred to third parties if required by law or if third parties process this data on behalf of Google.

These processing activities are carried out solely with your explicit consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG.

Google’s default data retention period for Google Analytics is 14 months. Personal data is deleted once it is no longer needed for processing purposes.

Google LLC is certified under the EU-U.S. Data Privacy Framework, allowing data transfers based on the adequacy decision pursuant to Article 45 GDPR.

More information on GA4 and data protection is available here:
https://support.google.com/analytics/answer/12017362?hl=en

 

10.3 Hotjar

We use the analytics tool Hotjar, provided by Hotjar Ltd., Level 2, St Julian’s Business Centre, 3 Elia Zammit Street, St Julian’s STJ 1000, Malta.

Hotjar helps us understand user behavior on our site by recording mouse movements, scroll depth, and click activity. It generates “heatmaps” to show which areas are most frequently viewed or interacted with. Additionally, Hotjar can measure how long users stay on a page, where they drop off, and gather direct feedback through surveys.

Cookies are used to recognize repeat visits and determine whether Hotjar functions are enabled for a given browser. These cookies remain on your device until deleted.

You can configure your browser to notify you of cookie use and permit them only in specific cases. Disabling cookies may affect site functionality.

This data is processed exclusively with your explicit consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG.

For more information on Hotjar’s privacy policy:
https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar

 

10.4 Matomo

We use Matomo, a web analytics service provided by InnoCraft Ltd., 150 Willis St, Wellington 6011, New Zealand.

Matomo helps us collect, analyze, and evaluate data on how visitors use our website (e.g., which pages are accessed, how often, and for how long). This information supports website optimization and cost-benefit analysis of advertising.

The software runs on our own servers, and all log files containing personal data are stored securely and locally.

A cookie is placed on your device, and every visit triggers the transmission of information—including your IP address—to our server. This allows us to analyze user origin, visit frequency, and interaction patterns.

We do not share this data with third parties. It is processed only with your explicit consent under Article 6(1)(a) GDPR and Section 25(1) TDDDG.
Matomo’s privacy policy: https://matomo.org/privacy/

 

11. Partner and Affiliate Programs

11.1 DoubleClick by Google

This website includes components of DoubleClick by Google, a brand of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, which provides specialized online marketing solutions for advertisers and publishers.

Each interaction with a DoubleClick component (e.g., an ad impression or a click) triggers data transfers to the DoubleClick server. If accepted, a cookie is placed on your device. The purpose of this cookie is to optimize and display advertising tailored to your interests. It also prevents the same ad from appearing multiple times.

DoubleClick uses a cookie ID to manage these processes—for example, to ensure that the same ad is not shown repeatedly. This ID also allows DoubleClick to track whether a specific ad was clicked on and if a resulting conversion occurred.

DoubleClick cookies do not contain personally identifiable data. They may, however, include campaign identifiers used to determine which ad campaigns a user has interacted with.

When a page containing a DoubleClick component is accessed, your browser automatically connects to Google's servers. In doing so, Google receives data such as which of our web pages you have visited. Google may use this information to generate reports and to calculate advertising commissions.

These data processing operations occur exclusively with your explicit consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG.

Google LLC is certified under the EU-U.S. Data Privacy Framework, which permits data transfers to the U.S. under Article 45 GDPR without additional safeguards.

Google’s privacy policy is available at: https://www.google.com/intl/en/policies/

 

12. Plugins and Other Services

12.1 Adobe Fonts

We use Adobe Fonts by Adobe Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA, to ensure consistent and appealing typography across our website.

When you access our site, your browser downloads the required web fonts into its cache to display text and fonts properly. During this process, your browser connects to Adobe’s servers.

The following data may be processed:

  • IP address,
  • Time required to download fonts,
  • Duration from download to application of fonts,
  • Detection of any installed ad blockers,
  • Browser and operating system versions.

If your consent is requested, the legal basis for processing is Article 6(1)(a) GDPR and Section 25(1) TDDDG. Otherwise, the use is based on our legitimate interest in a consistent presentation of our website (Article 6(1)(f) GDPR).
Adobe Inc. is certified under the EU-U.S. Data Privacy Framework, which allows data transfers under Article 45 GDPR.

Adobe's privacy policy:
https://www.adobe.com/privacy.html

 

12.2 Google Maps

We integrate Google Maps (API), a service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Maps is used to visually display geographic information—such as our business location. When you visit pages that include Google Maps, information like your IP address is transferred to Google’s servers in the U.S. Google also loads web fonts, images, and scripts from its services to render maps.

If you are logged into a Google account, data may be directly linked to your profile. To prevent this, log out before visiting our website.

Disabling JavaScript in your browser will prevent Google Maps from functioning.

This processing is based solely on your explicit consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG).
Google LLC is certified under the EU-U.S. Data Privacy Framework.

Google’s privacy policy: https://www.google.com/policies/privacy/

 

12.3 YouTube (Embedded Videos)

We embed YouTube videos provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA—a subsidiary of Google Ireland Limited.

When you access a page with a YouTube video, your browser automatically loads the YouTube component. YouTube and Google are then informed which specific subpage you visited.

If you are logged in to YouTube, the visit is linked to your account. If you do not want this, please log out before accessing the content.

Even without interaction, YouTube receives information about your site visit if you are logged in at the time.

This processing only takes place with your consent under Article 6(1)(a) GDPR and Section 25(1) TDDDG.

YouTube is covered by Google LLC’s certification under the EU-U.S. Data Privacy Framework.

Privacy policy: https://www.google.com/policies/privacy/

12.4 Google Tag Manager

This website uses the Google Tag Manager service, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google corporate group, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool enables the implementation and management of website tags (i.e., keywords embedded in HTML elements) via an interface. The use of Google Tag Manager allows us to track, in an automated manner, which buttons, links, or personalized images you have actively clicked, thereby helping us identify which content on our website is of particular interest to you.

The tool may also trigger other tags that may collect data. However, Google Tag Manager itself does not access this data. Any deactivation performed at the domain or cookie level remains effective for all tracking tags implemented using Google Tag Manager.

These processing activities occur solely based on your explicit consent pursuant to Article 6(1)(a) GDPR and Section 25(1) of the TDDDG.

Google LLC, as the parent company, is certified under the EU-U.S. Data Privacy Framework. An adequacy decision under Article 45 GDPR is therefore in place, allowing data transfers without the need for additional safeguards.

For more information, please refer to: https://www.google.com/intl/de/policies/privacy/

 

12.5 Xandr

We use services provided by Xandr Inc., 28 West 23rd Street, Fl 4, New York, NY 10010, USA, on our website.

Xandr assists us in optimizing our advertising campaigns, targeting specific audiences, and measuring ad performance. Xandr uses cookies for data collection and processing.

The following data may be collected via cookies:

  • Browser Information: Type, language, settings, cookie data, and ad interaction information.
  • Device Information: OS version, connection type, brand, model, identifiers (e.g., IDFA, AAID), and IP address.
  • Location Data: Derived from device settings or IP address.
  • Digital Activity Data: Browsing history, ad views/clicks, search history, interaction timestamps, and in-game or online behavior.
  • Inferences and Segmentation: Derived or provided by third parties for profiling or audience segmentation.
  • Ad Performance Data: Types of ads, impressions, clicks, and conversions.
  • Network Provider Info
  • Hashed Email Addresses or derivatives
  • Sensitive Personal Data, including precise location data.

These data processing activities are carried out exclusively based on your explicit consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG.

Data transfers to the United States are based on Standard Contractual Clauses (SCCs). Data is deleted once the purpose no longer applies or consent is withdrawn — typically within 3 to 60 days, but up to 18 months for fraud prevention and security. Aggregated data is deleted after 2 years at the latest.

More information: https://about.ads.microsoft.com/en-us/solutions/xandr/platform-privacy-policy

 

12.6 YouTube (Videos)

Our website integrates components of YouTube. YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, is operated as a subsidiary of Google Ireland Limited.

YouTube is a video portal that allows users to upload and view content for free. When accessing a page with a YouTube video, your browser automatically connects to YouTube to retrieve video components and may also load other Google services (WebFonts, Video, Photos).

If you are logged into YouTube while accessing such a page, YouTube will associate your visit with your account, regardless of whether the video is played. If you do not wish for this association, you must log out of your YouTube account before visiting our website.

Processing occurs only upon your explicit consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG.

Google LLC is certified under the EU-U.S. Data Privacy Framework. Thus, an adequacy decision under Article 45 GDPR permits data transfers.

YouTube’s privacy policy: https://www.google.de/intl/de/policies/privacy/

 

12.7 Google Ads

Google Ads, operated by Google Ireland Limited, is implemented on this website. The service supports targeted advertisements and conversion tracking.

We use device-crossing remarketing functions to display relevant ads to users based on their prior engagement with our site. Ad placement and targeting are managed independently by Google. As website operators, we receive no personal user data—only anonymized analytics.

Ad delivery involves the use of ad server cookies for performance metrics such as impression count and click tracking. Cookies do not serve personal identification purposes.

Conversion tracking sets a cookie upon ad click to determine if a user engages with the offer. These cookies expire after 90 days.

Google may process data on U.S. servers, including IP address, device ad ID, and technical details. We only receive aggregated, non-identifiable data from Google.

You may deactivate remarketing functions via browser settings. All features require your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG.

Google LLC is certified under the EU-U.S. Data Privacy Framework.
Privacy policy: https://policies.google.com/technologies/ads?hl=de

 

12.8 Google Fonts

We use Google Fonts from Google Ireland Limited to ensure uniform font rendering on our website.

Your browser sends HTTP requests to Google Fonts’ Web API, which includes your IP address, requested URL, user agent, and browser/OS information.

These operations occur only with your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG. Data may be transferred to U.S. servers if necessary. Google LLC is certified under the EU-U.S. Data Privacy Framework.

More information: https://developers.google.com/fonts/faq/privacy?hl=de

12.9 LinkedIn Insight Tag

We use the LinkedIn Insight Tag, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

The tool supports targeted ads, conversion tracking, and retargeting on third-party sites. It sets cookies and establishes a connection to LinkedIn servers.

 

LinkedIn and we are jointly responsible for data collection on our site. However, LinkedIn is solely responsible for further processing. If logged into LinkedIn, user visits may be linked to accounts. LinkedIn may also process IP addresses and timestamps for profiling.

You may deactivate tracking via ad preferences. Data may be transferred to servers outside the EU, particularly the U.S. LinkedIn Corporation is certified under the EU-U.S. Data Privacy Framework.

Legal basis: Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be revoked at any time.
More info: https://www.linkedin.com/help/linkedin/answer/a1444756

 

12.10 Lead Forensics

We use Lead Forensics (Lead Forensics Ltd., 3000 Lakeside, North Harbour, Portsmouth PO6 3EN, United Kingdom), a B2B lead generation tool.

It identifies visiting companies by matching IP addresses against its database, providing company names, decision-maker contact info, industry, and revenue data. IP addresses are anonymized post-processing.

Legal basis: Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be revoked at any time.
Privacy policy: https://www.leadforensics.com/privacy-policy/

12.11 zenloop

We use the zenloop platform (SaaS.group zenloop GmbH, Attilastraße 18, 12529 Schönefeld) for customer feedback collection and survey distribution.

Personal data such as names may be included in responses. Data is processed and stored by zenloop.

Legal basis: Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be withdrawn at any time.
More info: https://www.zenloop.com/de/legal/privacy/

13. Data Subject Rights

You have the following rights under the GDPR:

13.1 Right to confirmation - To verify if personal data is being processed.
 
13.2 Right of access (Art. 15 GDPR) - To access personal data and copies thereof.
 
13.3 Right to rectification (Art. 16 GDPR) – To correct inaccurate or incomplete data.
 
13.4 Right to erasure (Art. 17 GDPR) - To request deletion where legally permissible.
 
13.5 Right to restriction (Art. 18 GDPR) - To restrict processing under legal conditions.
 
13.6 Right to data portability (Art. 20 GDPR) - To receive data in a structured format and transfer to another controller.
 
13.7 Right to object (Art. 21 GDPR) - To object to processing based on legitimate interest or public task.
 
13.8 Right to withdraw consent - At any time with future effect.
 
13.9 Right to lodge a complaint – With a supervisory data protection authority.

14. Routine Erasure and Blocking of Data

We store personal data only for as long as required to fulfill the storage purpose or as mandated by law. Once the purpose ceases or legal retention periods expire, data is routinely erased or blocked.

15. Duration of Data Retention

Data is stored for the duration of applicable statutory retention periods. After this period, data is deleted unless required for contractual purposes.

16. Validity and Amendments

This Privacy Policy is current as of April 9, 2025. Legal or technical developments may necessitate changes. The latest version can be accessed at: https://www.object-carpet.com/de/unternehmen/ueber-object-carpet/datenschutz

OSZAR »