Social Media Privacy Policy 

I. Registration on Social Media Platforms 

On the social media platforms where we present our company, users have the option to register by providing their personal data. The data is entered into an input form and transmitted to and stored by the platform provider. Registration on the respective social media platforms is done voluntarily by the user. We would like to point out that each user uses our social media profiles and their functions at their own responsibility. This applies in particular to the use of interactive features such as commenting, sharing, or rating. 

When visiting our social media profiles, the platform provider collects user information, such as the IP address, via the device used by the user. Our company is not involved in the processing of personal data during the use of interactive features or the registration process on the social media platforms. Information about the legal basis for data processing, the purpose of data processing, the duration of storage, requests for information, and options for objection and deletion can be found in the privacy policies of the respective platform providers. For all other processing of personal data, joint responsibility applies in accordance with Article 26 of the EU General Data Protection Regulation (GDPR). The privacy policy relevant to our company can be found in sections II to VI. 

II. Contact Details of the Controller 

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is: 

AMS Technologies AG
Represented by: Chief Executive Officer: Jan Meise Chief Operating Officer / Chief Financial Officer: Philipp Weber
Fraunhoferstraße 22
82152 Planegg / Martinsried
Germany
Tel.: +49 89 895 77-0
E-Mail: info@amstechnologies.com
Web : www.amstechnologies.com 

III. Contact Details of the Data Protection Officer 

You can reach the Data Protection Officer at the following contact details: 

AMS Technologies AG
Attn: Data Protection Officer
Fraunhoferstraße 22 
82152 Planegg / Martinsried 
Germany
Email: datasecurity@amstechnologies.com 

IV. General Information on Data Processing 

1. Scope of Processing of Personal Data 

The controller collects and uses personal data of its users (hereinafter also referred to as “data subject,” “affected person,” or “visitor”) only to the extent necessary to provide the social media page and enable user interaction. Your personal data is generally collected directly from you, for example, when you contact us. 

2. Legal Basis for the Processing of Personal Data 

If the controller obtains consent from the data subject for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis. 

For any potential transfer to an unsafe third country, processing is based on Article 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device, data processing is also based on Section 25(1) TTDSG (German Telecommunications-Telemedia Data Protection Act). 

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required for pre-contractual measures. 

If processing is necessary to fulfill a legal obligation to which the controller is subject, Article 6(1)(c) GDPR serves as the legal basis. If vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis. 

If processing is necessary to safeguard a legitimate interest of the controller or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override that interest, Article 6(1)(f) GDPR serves as the legal basis. 

If special categories of data under Article 9(1) GDPR are processed, one or more of the legal bases mentioned in this section in conjunction with one or more exceptions under Article 9(2) GDPR apply. If data is processed based on one of the legal bases mentioned here in conjunction with Article 9(2) GDPR, a separate notice will be provided for the respective processing (text block). 

3. Data Deletion and Storage Duration 

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies, or if consent given by the data subject is withdrawn, or if the data subject objects to the processing. Storage may also occur if required by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a legally mandated retention period expires, unless further storage is necessary for the conclusion or fulfillment of a contract. 

4. Necessity of Providing Personal Data 

The provision of your personal data is generally neither legally nor contractually required. There is no obligation to provide it. However, failure to provide certain data may result in your inability to use certain features or further processing on our social media pages. We recommend that you only provide personal data that is necessary, for example, to process your inquiry.

V. Rights of the Data Subject 

If we process personal data about you, you as the data subject have the following rights toward us as the controller: 

1. Right of Access (Art. 15 GDPR) 

You have the right, within the scope of applicable legal provisions, to obtain free information at any time about your collected and stored personal data. This includes, among other things, information about the purposes of processing, the origin and recipients of the data, the storage duration, and the existence of various rights. 

2. Right to Rectification (Art. 16 GDPR) 

You have the right to request the correction (including completion) of your data if the personal data processed about you is incorrect or incomplete for the purpose of processing. The controller must make the correction without delay. 

3. Right to Erasure (Art. 17 GDPR) 

You may request the deletion of your personal data at any time under the conditions of Art. 17 GDPR, unless circumstances exist that entitle or oblige the controller to continue processing your personal data (e.g., legal retention obligations). 

4. Right to Restriction of Processing (Art. 18 GDPR) 

If the legal requirements are met, you may request the restriction of the processing of your personal data to the extent provided by Art. 18 GDPR. 

5. Right to Notification (Art. 19 GDPR) 

If your personal data has been disclosed to recipients by the controller, the controller is obliged to inform them of your requests regarding rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You may request that the controller inform you about these recipients. 

6. Right to Data Portability (Art. 20 GDPR) 

If you have provided us with personal data and the processing is carried out by automated means based on your consent or a contract, you have the right, within the scope of Art. 20 GDPR, to receive the data you provided in a commonly used, machine-readable format, provided this does not adversely affect the rights and freedoms of others. If you request the direct transfer of the data to another controller, this will only be done if technically feasible. 

7. Right to Object (Art. 21 GDPR) 

You have the right to object at any time to the processing of your data if the processing is based on a balancing of interests. This applies if the controller bases the processing on public interest or legitimate interest (see Art. 6(1)(e) and (f) GDPR). The prerequisite is that you provide reasons arising from your particular situation that outweigh the controller’s interest. The controller will then no longer process your personal data unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. 

Article 21(2) GDPR provides a specific, differing rule if your personal data is used for direct marketing purposes. In this case, you have the right to object to the processing of your personal data for such marketing at any time without further requirements. Your personal data will no longer be processed for direct marketing purposes. If profiling is associated with direct marketing, you may also object to this. You may exercise your right to object in connection with the use of information society services by means of automated procedures using technical specifications. 

8. Automated Individual Decision-Making (Art. 22 GDPR) 

According to Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning you or similarly significantly affects you. Exceptions may apply if appropriate safeguards are in place to protect your rights and freedoms, and if the decision is necessary for entering into or performing a contract, is authorized by law, or you have explicitly consented. 

9. Right to Withdraw Consent (Art. 7(3) GDPR) 

You have the right to withdraw your consent to data processing at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. You may submit your withdrawal via email or post to the controller. 

10. Right to Lodge a Complaint with a Supervisory Authority 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, particularly in the Member State of your residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR. The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision. However, if you are located in another federal state or outside Germany, you may also contact the relevant data protection authority there. 

VI. Contact via Email 

1. Description and Scope of Data Processing 

Email addresses are provided on our social media pages and in our email signatures, allowing users to contact us. In this case, the personal data transmitted with the email will be stored. There is no disclosure of this data to third parties. The data is used exclusively for processing the conversation. 

2. Legal Basis for Data Processing 

The legal basis for processing data transmitted via email is Article 6(1)(f) GDPR. If the email contact is aimed at concluding a contract, the legal basis is Article 6(1)(b) GDPR. 

3. Purpose of Data Processing 

The processing of personal data is solely for handling the contact request. This also constitutes the necessary legitimate interest in processing the data. 

4. Duration of Storage 

The data will be deleted once it is no longer necessary for the purpose for which it was collected. For personal data sent via email, this is the case when the conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the relevant matter has been conclusively resolved. 

5. Right to Object and Removal Option

If a user contacts us via email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of the contact will be deleted. 

VII. Contact via a Social Media Platform (Contact Form, Chat) 

On some social media platforms, it is possible to contact us directly through the service (e.g., via a contact form or chat). If a user uses this option, the data entered in the input form is processed by the respective service, transmitted to us, and stored on the systems of the platform provider. Using a social media platform to contact us is voluntary. The processing of personal data in the context of such contact is generally subject to the privacy policies of the respective service. 

1. Description and Scope of Data Processing

To process your inquiry, it may be necessary for your personal data to be processed internally by AMS Technologies AG. The following rules apply to internal processing of your message at AMS Technologies AG: 

2. Legal Basis for Data Processing 

The legal basis for processing data to handle a user inquiry is Article 6(1)(f) GDPR. If the contact aims to conclude a contract, the legal basis is Article 6(1)(b) GDPR. 

3. Purpose of Data Processing 

The internal processing of personal data received through social media contact options is solely for handling the inquiry. 

4. Duration of Storage 

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data entered in the contact form, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the relevant matter has been conclusively resolved. 

5. Right to Object and Removal Option 

If a user's personal data is processed internally by AMS Technologies AG for the purpose of handling an inquiry, the user may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored internally in the course of the contact will be deleted. 

VIII. Facebook (a Product of Meta) 

Name and Address of the Controllers: 

The joint controllers for the operation of this Facebook page, within the meaning of the GDPR, are: 

Meta Platforms Ireland Limited (hereinafter “Facebook” or “Meta”)
4 Grand Canal Square Grand Canal Harbour
Dublin 2 Ireland

and

Our company (see Section II above)

 1. Information About Our Facebook Page

2. Processing of Personal Data by Meta

Meta Platforms, Inc. is the U.S.-based parent company of Meta Platforms Ireland Limited. From a data protection perspective, the parent company is located in a third country. The European General Data Protection Regulation (GDPR) requires that the transfer of personal data to a third country or international organization is only permitted if an adequate level of data protection comparable to the GDPR is ensured. Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the EU and the U.S. that aims to ensure compliance with European data protection standards for data processing in the U.S. (based on an adequacy decision by the EU Commission under Art. 45(1), (3) GDPR). 

Each company certified under the DPF commits to complying with these standards. You can find the list of certified companies here: https://www.dataprivacyframework.gov/list. 

You can search for the provider name and view the certification directly. Meta processes user data for purposes including: 

• Advertising (analysis, creation of personalized ads) 
• Creation of user profiles
• Market research

Meta uses cookies (small text files stored on users’ devices) to store and further process this information. If the user has a Facebook profile and is logged in, the storage and analysis also occur across devices. If you have questions about your rights with respect to Facebook, please contact Facebook directly. 

Your general rights under the GDPR are outlined in Section IV of this privacy policy. If data access requests are directed to us as the page operator, we are obligated by our agreement with Meta to forward these requests — whether from individuals or authorities — to Meta within 7 days. 

This is also stipulated in the Controller Addendum. If you no longer wish for the data processing described here to occur, please disconnect your user profile from our page by using the “Unlike this Page” function. 

Meta’s privacy policy contains further information on data processing: 

• https://www.facebook.com/about/privacy/
• Opt-out options: https://www.facebook.com/settings?tab=ads

3. Statistical Data (Insights) 

Facebook “Insights” are statistical data in various categories that are made available to us. These statistics are generated and provided by Facebook. As the page operator, we have no influence over the generation and presentation of these statistics. This function cannot be disabled to prevent data collection and processing. 

For a selected time period, Facebook provides us with the following data related to our page: 

• Total number of page views
• “Likes”
• Page activity
• Post interactions
• Reach
• Video views
• Post reach
• Comments
• Shared content
• Replies
• Gender distribution
• Geographic origin (country and city)
• Language
• Shop views and clicks
• Route planner clicks
• Phone number clicks
• Data on linked Facebook groups 

We use this data to make our Facebook page more attractive to users (e.g., tailoring content based on age and gender distribution, scheduling posts, optimizing visuals for devices). 

According to Facebook’s terms of use, which every user agrees to when creating a profile, we can identify subscribers and fans of the page and view their profiles and other shared information. 

X. LinkedIn 

Name and Address of the Controllers:

LinkedIn Corporation (hereinafter “LinkedIn”)
1000 West Maude Avenue Sunnyvale
CA 94085 USA 

and 

Our company (see Section II above) 

1. Information About Our Use of LinkedIn 

We operate this page to promote our services and products and to engage with you. Further information about us and our activities can be found on our website. As the operator of the LinkedIn page, we have no interest in collecting or further processing your personal data for analysis or marketing purposes. The operation of this LinkedIn page, including the processing of users’ personal data, is based on our legitimate interest in providing a modern and supportive means of information and interaction for and with our users and visitors, pursuant to Art. 6(1)(f) GDPR. 

2. Processing of Personal Data by LinkedIn 

LinkedIn Corporation is a company based in the USA, which means that the transfer of your personal data to a third country cannot be ruled out. The European General Data Protection Regulation (GDPR) requires that the transfer of personal data to a third country or international organization is only permitted if an adequate level of data protection comparable to the GDPR is ensured. LinkedIn is certified under the EU-U.S. Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the U.S. (based on an adequacy decision by the EU Commission under Art. 45(1), (3) GDPR). 

Each company certified under the DPF commits to complying with these standards. You can find the list of certified companies here: https://www.dataprivacyframework.gov/list. You can search for the provider name and view the certification directly. If you are logged into your LinkedIn account, LinkedIn can associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your LinkedIn account. If you have questions about your rights with respect to LinkedIn, please contact LinkedIn directly. Your general rights under the GDPR are outlined in Section IV of this privacy policy. 

Further information on how LinkedIn handles user data can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy