Data Protection Statement

§ 1 PRINCIPLES

1. Thank you for visiting the website of Messer SE & CO. KGaA (hereinafter referred to as "Messer") and for your interest in our company and our products. In the following, we would like to briefly explain to what extent, how and for what purpose we process your personal data, how we protect your personal data and what it means for you when you use our online services.
   Personal data is all information that can be related to you personally, e.g. name, address, e-mail addresses, telephone numbers or user behaviour. In addition, purely technical data that can be assigned to you is also considered personal data.
2. The responsible person pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is:

   Messer SE & Co. KGaA
   Messer-Platz 1
   65812 Bad Soden
   info@messergroup.com
   +49 6196 7760-0

   See also our imprint.

3. You can reach our data protection officer at:

   Messer SE & Co. KGaA
   Messer-Platz 1
   65812 Bad Soden
   Phone: +49 6196 7760-0
   E-mail: datenschutz.mg@messergroup.com

4. When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your first and last name, if applicable, and your telephone number) will be stored by us in order to answer your questions. The information provided when contacting us is processed on the basis of Art. 6 Subpara. 1 lit. f GDPR. This authorisation permits the processing of personal data within the scope of the "legitimate interest" of the responsible party, insofar as your fundamental rights, freedom or interests do not prevail. Our legitimate interest is to process the contact. You can object to this data processing at any time if there are reasons which exist in your particular situation and which speak against the data processing. An e-mail to the data protection officer is sufficient for this purpose.
5. If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the respective storage period.
6. In principle, your personal data is processed by IBM Deutschland GmbH (hereinafter referred to as "IBM"), which we have entrusted with the processing of your data. IBM has been carefully selected and commissioned for this purpose, is also bound by Messer's instructions and is regularly monitored.

§ 2 YOUR RIGHTS

1. You have the following rights in relation to personal data relating to you:
   • Right of access (Art. 15 GDPR)
   • Right to rectification (Art. 16 GDPR) or deletion (Art. 17 GDPR)
   • Right to restriction of processing (Art. 18 GDPR)
   • Right to data portability (Art. 20 GDPR)
   • Right to object to processing (Art. 21 GDPR)
2. You have the right to request information from us at any time about the data we have stored about you, as well as its origin, recipients or categories of recipients to whom this data is passed on and the purpose for which it is stored. If you request us, your contact person at Messer or our data protection officer in writing and/or by e-mail to correct, stop using or delete your personal data, we will of course do so without delay.
3. If you have given your consent to the processing of your data, you may revoke this consent at any time with effect for the future (Art. 7 No. 3 GDPR). The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
4. Insofar as we base the processing of your personal data on the balance of interests pursuant to Art. 6 Subpara. 1 lit. f GDPR, you may in principle object to the processing.
5. You can exercise your rights by sending an email to: datenschutz.mg@messergroup.com.
6. We further inform you that the provision of your personal data on this website is generally neither legally nor contractually required. You are not obliged to provide personal data on this website unless we indicate this in individual cases in this data protection declaration. Nevertheless, the provision of the functions of this website and the execution of an order requires the processing of your personal data.
7. You also have the right to complain to a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).

   The contact details of the supervisory authorities can be found at:

   https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/AufsBehoerdFuerDenNichtOeffBereich/AufsichtsbehoerdenNichtOeffBereich_liste.html

§ 3 COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE

1. During the mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display and administer our website and to ensure its stability and security. The legal basis for this processing is Art. 6 Subpara. 1 lit. f GDPR. This authorisation permits the processing of personal data within the scope of the "legitimate interest" of the controller, insofar as your fundamental rights, freedom or interests do not prevail. Our legitimate interest is the easier administration, the user-friendly provision of the website and the possibility to detect, ward off and prosecute hacking as well as misuse. You can object to this data processing at any time if there are reasons which exist in your particular situation and which speak against the data processing. An e-mail to the data protection officer is sufficient for this purpose.
   
   Automatically collected personal data:

   • IP address
   • Date and time of the request
   • Time zone difference from Greenwich Mean Time (GMT)
   • the search term, if you come to our site via a search engine
   • Files you have downloaded from our site (e.g. PDF or Word documents)
   • Content of the request (concrete page)
   • Access Status/HTTP Status Code
   • Amount of data transmitted in each case
   • Website from which the request comes
   • Browser
   • Operating system and its interface
   • Language and version of the browser software.
   • The server log files with the above data are automatically deleted after 30 days. We reserve the right to store the server log files for longer if facts exist that suggest the assumption of unauthorised access (such as an attempt at hacking or a so-called DDOS attack).
      
2. We also use cookies to put individual requests you make on our website into a common context. Cookies are data that a web server places on your IT system or stores in your browser during your visit to our website, which provides certain information to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer. They are only used to make our website more user-friendly, safer and more effective. We only use cookies if you have consented to us doing so, unless the cookie is absolutely necessary for the functioning of our website (e.g. language setting on the website). When you visit our website for the first time, we will therefore ask you whether we may also use cookies that are not necessary.

   Where specific data processing steps use cookies (e.g. Piwik Pro and YouTube videos), we explain below on which legal basis we base the respective data processing.

   The data processing based on required cookies is based on Art. 6 Subpara. 1 lit. f GDPR. This authorisation permits the processing of personal data within the scope of the "legitimate interest" of the controller, insofar as your fundamental rights, freedom or interests do not prevail. Our legitimate interest is the provision of special functionalities, the user-friendly design of the website, the integrity as well as the security of the website.

3. Use of Cookies:
   1. This website uses the following types of cookies, the scope and functionality of which are explained below:
      - Transiente Cookies (see 2)
      - Persistente Cookies (see 3)
      - Third-Party-Cookies (see 4).
   2. Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
   3. Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
   4. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies (cookies from third-party providers, such as YouTube) or all cookies. Please note that you may then not be able to use all the functions of this website.
   5. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you regularly delete your cookies and browser history manually.

§ 4 USE OF SOCIAL-MEDIA-LINKS

1. We currently use the following social media links: Facebook, Twitter, Xing, LinkedIn. Through links, we offer you the opportunity to interact and communicate with the social media and other users so that we can improve our offer and make it more interesting for you as a user. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the social media provider. You can identify the social media provider by marking the box with its initial letter or logo. We give you the opportunity to communicate directly with the social media provider via the button. Only if you click on the marked box and thereby activate it, will the social media provider receive the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under § 3 of this declaration is transmitted. By activating the link, your personal data is transmitted to the respective social media provider and stored there (in the case of US providers, possibly in the USA). Since the social media provider collects the data in particular via cookies, we recommend that you delete all cookies via the security settings of your browser.
2. We have no influence on the data collected and data processing procedures, nor are we aware of the scope of data processing, the purposes of processing or the storage periods. We also have no information on the deletion of the collected data by the social media provider. In this regard, please contact the social media provider. Against this background, we recommend that you read the current data protection notices of the aforementioned social media providers.
3. The data transfer takes place regardless of whether you have an account with the social media provider and are logged in there. If you are logged in to the social media provider, the data we collect may be directly assigned to your account with the social media provider. We recommend that you log out regularly after using a social network, but especially before activating the button, as this may help you to avoid being assigned to your profile with the social media provider.
4. The legal basis for this processing is Art. 6 Subpara. 1 lit. f GDPR. This authorisation permits the processing of personal data within the scope of the "legitimate interest" of the controller, insofar as your fundamental rights, freedom or interests do not prevail. Our legitimate interest is the implementation of links to social media sites.
5. The data is not stored by us. Information on the storage period as well as further information on the purpose and scope of the data collection and its processing by the social media provider can be found in the data protection declarations of these providers communicated below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.
6. Addresses of the respective social media providers and URL with their data protection notices:

• Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin D2 Ireland; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084;
• Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland; twitter.com/de/privacy;
  Twitter also processes your personal data in the USA and other countries and has subjected itself to EU-US-Privacy-Shield: www.privacyshield.gov/participant;
• Xing SE, Dammtorstraße 30, 20354 Hamburg, DE; www.xing.com/privacy;
• LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2 Ireland; www.linkedin.com/legal/privacy-policy.

§ 5 INTEGRATION OF VON YOUTUBE-VIDEOS

1. We have integrated YouTube videos into our online offer, which are stored on www.YouTube.com and can be played directly from our website, in order to make the website offer attractive and informative. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transmission.
2. By visiting the YouTube website or by playing the videos, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned under § 3 of this declaration is transmitted. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your YouTube profile, we recommend that you log out before clicking on the Play button.
3. The legal basis for this processing is Art. 6 Subpara. 1 lit. f GDPR. This authorisation permits the processing of personal data within the scope of the "legitimate interest" of the controller, insofar as your fundamental rights, freedom or interests do not prevail. Our legitimate interest is the implementation of YouTube.
4. The data is not stored by us. Information on the storage period and further information on the purpose and scope of data collection and processing by YouTube can be found in the provider's data protection declarations provided below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA.

§ 6 QUESTION AND COMMENTS

1. We take data protection very seriously. If you have any questions or suggestions regarding data protection at Messer, please feel free to contact our data protection officer by e-mail at the e-mail address given in § 1.
2. We reserve the right to adjust and update this privacy policy as necessary. Updates to this privacy policy will be posted on our website. Changes will apply from the time they are published on our website. We therefore recommend that you visit this page regularly to find out about any updates that have been made.

* * * * *

Status: 2021-08