This Privacy Notice may be updated from time to time and updates will be published on this page. All updates are effective immediately when we publish them. We encourage you to read this Privacy Notice before using this website, our online shop at https://shop.penko.com or otherwise interact with us to understand how your personal data is used and the choices available to you.
This Privacy Notice was last amended on 18 July 2024.
In this Privacy Notice, we would like to inform you on the use of your personal data by Penko Engineering B.V., with registered address of Schutterweg 35, 6718 XC, Ede, The Netherlands, K.v.K. Utrecht nr 30067751,as the data controller, (hereafter “we”) in connection with your use of our website available at https://penko.com and our online shop at https://shop.penko.com (collectively, the “Services”).
Please read this Privacy Notice carefully to understand our policies and practices regarding the use of your personal data. By using our Services, you acknowledge that you have read and understood this Privacy Notice.
1. Collecting of personal data
Personal data collected by accessing this website
Our website (penko.com) and webshop (shop.penko.com) are accessible without prior registration. Our webshop is hosted by BigCommerce.com. We do not have access to, nor do we control your personal data collected because of accessing this website, including information regarding your browser and operating system as well as the IP address of the requesting computer to enable such access, unless you set up a MyETC account or place an order for Penko products. Please visit BigCommerce’s privacy notice to learn more about its data collection practices: https://www.bigcommerce.com/privacy/. MyETC is an added feature of this site that allows you to create an account. If you choose to open a MyETC account, we will collect the following data from you, through our third-party processor LoginRadius, for the purposes listed below:
|
Data Collected |
Purpose |
Legal bases for Collection |
|
First and last name* |
Account set up; Placing an Order |
Performance of a contract |
|
Email* |
Account set up; Placing an Order |
Performance of a contract |
|
Country* |
Account set up |
Performance of a contract |
|
Display name and password* |
Account set up |
Performance of a contract |
|
Organization, occupation, industry |
Marketing; Placing an Order |
Consent |
|
Address |
Placing an Order |
Performance of a contract |
|
Phone Number |
Placing an Order |
Performance of a contract |
|
Payment Information |
Placing an Order |
Performance of a contrat |
*Required to set up a MyETC account
We only receive fully anonymized data from BigCommerce for statistical purposes and to optimise our service.
Marketing You have the option to receive marketing emails from us if you create a MyETC account as you use the site. Marketing emails are sent via a third party, Robly Digital Marketing LLC (Robly). You can choose to receive or not to receive marketing emails, which include promotional materials, marketing materials, email offers, and newsletters from us (other than emails related to the completion of your registration, correction of user data, change of password and other similar communications essential to your transactions on the site) by adjusting your user preferences in your MyETC account profile. If you receive a marketing email, you can also opt out of receiving future emails using the unsubscribe process at the bottom of the email, by checking the relevant box located on the form on which we collect your data, or by sending us an email stating your request to shop@penko.com:
Personal data collected through the use of cookies and Google Analytics4
We collect your personal data through the use cookies and Google Analytics4 as described below in section 6.
Personal data collected by using and ordering our Services
If you order from us, we will collect personal data such as your name, email address, billing and delivery address from you, which we will use for the purpose of fulfilling your order. If you opt for creating a customer account, we will save the data for future orders using this account. Furthermore, we will provide you with information regarding your past orders within your account.
In case you contact us via email or via other means, we will use the personal data contained in your message for the purpose of responding to or otherwise handling your request.
2. Legal bases and purposes
When you visit our website and/or use our Services, most of the personal data we process is provided to us directly by you so that we can provide our Services to you. Your personal data is processed for our legitimate business interests, to comply with applicable law, for the performance of a contract with you, or in the event of direct marketing, with your consent, as outlined below, namely to:
- Enable you to conduct commercial transactions on the website, purchase and our sales management;
- Create and maintain your accounts;
- Send you a welcoming email and to contact you about your use of the Services; to respond to your emails, submissions, comments, requests or complaints; to perform after-sales services; to anticipate and resolve problems with our Service; to respond to customer support inquiries, for assistance with our product and Service development; and to inform you of updates to our products and Services;
- Request feedback and to enable us to develop, customize, and improve our Services;
- Conduct marketing analysis, monitor and analyse trends, to send you surveys or newsletters, to contact you about Services, products, activities, special events or offers and for other marketing, informational, product development and promotional purposes, and for profiling purposes, to send you discount codes;
- To facilitate contests, sweepstakes, and to contact you if you win a contest;
- To detect, prevent, and address technical issues;
- To detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity and to protect the rights and property of us and others;
- For compliance management;
- For other purposes about which we notify you in advance.
3. Retention
Your personal data will be retained if is necessary for the aforementioned purposes or as required by applicable law – in particular any statutory duty to preserve records.
If you opt for creating a customer account, we will retain your personal data until you decide to delete your account.
Please refer to section 6 below on cookies and the cookie chart for retention periods of cookies.
4. Transfer to third parties
We use affiliates and third parties as data processors for the processing of your personal data on our behalf. The confidentiality and protection of your personal data will be safeguarded by written agreements with these data processors.
Depending on the method of payment chosen by you, your personal data may be transferred to third parties as follows:
▪ If you pay by credit card, your data will be directly provided to Visa, Discover, American Express, or Mastercard for the purpose of payment processing to. You will be informed thereof when choosing this payment method.
▪ If you pay via PayPal, your data will be directly provided to PayPal (Europe) S.à r.l. et Cie, S.C.A for the purpose of payment processing to.
When we transfer your personal data from the European Economic Area to countries that have not been deemed to provide an adequate level of protection, we will either rely on a derogation applicable to the specific situation, or we employ data processing agreements based on the EU Standard Contractual Clauses to help ensure that your data is protected wherever it is transferred. You may request a copy of such a transfer mechanism by contacting our Data Protection Officer in accordance with section 10 below.
5. Direct marketing
We will use your email address for transactional emails regarding your orders (including sending you contractual information and shipping and other status notices), for important notices regarding your customer account, and to respond to requests from you.
If we have received your email address in the context of a previous order, and if you have not objected, we may also send you information on similar products and services. You may object to such use of your email address at any time. We will inform you about this right to object when we receive your email address and in each email that we send.
6. Cookies
Cookies are small text files which may be stored on your computer when you visit our website in particular for the purpose of attributing the access to multiple web pages or files to the same user. We use cookies to implement the shopping cart and the ordering process as well as for the login to your customer account. In addition, we use cookies in the context of Google Analytics as described below.
Functional cookies are necessary to enable your visit to the website and do not require your consent. For example, we use functional cookies to allow our systems to uniquely identify you during a session or while you are logged into the website or using a service (e.g., shopping cart). All other cookies require your consent. If at any time you want to change your cookie settings, including withdrawing your consent to this processing, we encourage you to do this via our cookie banner or on your device according to the settings of your internet browser.
|
Type of Cookie |
Name |
Purpose |
Duration |
|
Essential |
Shop_token |
To allow you to make purchases through the site. |
As long as necessary for the purpose for which it was provided |
|
Essential |
Shop_order_token |
To represent the order – only seen with single page express checkout |
As long as necessary for the purpose for which it was provided |
|
Essential |
Shop_session_token |
To allow you to make purchases through the site. |
As long as necessary for the purpose for which it was provided |
|
Essential |
Xsrf-token |
A token to avoid cross-site request forgery, also known as one-click attack or session ridding (CSRF) |
As long as necessary for the purpose for which it was provided |
|
Essential |
Athena_short_visit_id |
Used to store a visitor’s ID |
As long as necessary for the purpose for which it was provided |
|
Essential |
Shopper-pref |
Used to store essential shopper preferences such as currency |
As long as necessary for the purpose for which it was provided |
|
Essential |
Fornax_anonymousId |
Platform performance and analytics |
As long as necessary for the purpose for which it was provided |
|
Essential |
Lr-user-token |
Persist log-in state |
As long as necessary for the purpose for which it was provided |
|
Essential |
Store-visitor |
Allows you to make purchases through the site |
As long as necessary for the purpose for which it was provided |
|
Essential |
Shop_session_rotation_token |
Essential for security; used for cart/checkout sessions |
As long as necessary for the purpose for which it was provided |
|
Essential |
lastVisitedCategory |
Tracks last visited category to build product breadcrumbs |
As long as necessary for the purpose for which it was provided |
|
Essential |
Recently_Viewed_Products |
Keeps track of products which the user has viewed to show recently viewed items |
As long as necessary for the purpose for which it was provided |
|
Essential |
Tracking-preferences |
Used to store shopper tracking preferences when consent manager is enabled to help determine what type of non-essential scripts will load based on user consent |
As long as necessary for the purpose for which it was provided |
|
Essential |
Bc_consent |
Used to determine if the shopper has consented to tracking when the consent manager is enabled |
As long as necessary for the purpose for which it was provided |
|
Consent Required – Analytics/Marketing |
_ga |
Google Analytics4 – used to calculate visitor session, campaign data and track site usage for analytics reporting. Information stored anonymously and assigned a randomly generated number to identify unique visitors |
2 years |
|
Consent Required – Marketing |
_gat |
Installed by Google Analytics4 to throttle the request rate to limit collection of data on high traffic sites |
2 years |
|
Consent Required – Analytics |
_gid |
Installed by Google Analytics4 and used to store information on how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected includes the number of visitors, the source from where they come, and the pages visited in an anonymous form |
2 years |
|
Consent Required – Analytics |
Microsoft Clarity: _clck; clsk; CLID; ANONCHK; MR; MUID; SM |
Calculates visitor, session, and site usage based on non-personally identifiable information, which we use to improve our site. |
13 months |
|
Consent Required – Marketing |
Meta Pixel (_fbc; presence; xs; c_user; sb; datr) |
Improve the functionality of Facebook |
90 to 400 days, depending on the cookie |
|
Consent Required – Analytics |
Atlassian: Ajs_user_id; ajs_group_id; ajs_anonymous_id |
Statistical analysis |
Persistent or 1 year, depending on the cookie |
|
THIRD-PARTY COOKIES
|
||||
|
Type of Cookie |
Name |
Purpose |
Duration |
Categories of personal data processed |
|
Meta Pixel |
_fbc; presence; xs; c_user; sb; datr |
This tool helps gauge ad success, understand user activity, and tailor ads to relevant audiences. It works by using cookies and tracking pixels to collect data on your interactions with our site and ads.
|
Marketing |
|
|
Microsoft Clarity and Microsoft Advertising |
_clck; _clsk; CLID; ANONCHK; MR; MUID; SM |
This tool captures how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve our products/services, to determine the popularity of products/services and online activity. Website usage data is captured using first and third party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally we use this information for site optimization, fraud/security purposes, and advertising. Microsoft privacy policy available at https://privacy.microsoft.com/en-US/privacystatement |
User behavior, interaction; analytics |
|
7. Google Analytics4
We make use of Google Analytics4, a web analytics service provided by Google, Inc. („Google“). Google Analytics4 uses cookies for analysing the use of our website by you. The information regarding your use of the website collected with the help of such cookies will typically be transferred to a server of Google located in the EU. Google Analytics4 does not log or store IP addresses from EU-based servers. Google will use this information as our data processor in order to analyse your use of our website, and to compile reports on the website activities and provide further services regarding the web and internet use to us. The truncated email address transferred in the context of Google Analytics will not be combined with other data of Google.
You may prevent the collection of data gathered with the help of cookies regarding your use of our website through Google, and the further processing of such data through Google by visiting this website for more details: [GA4] Activate Google signals for Google Analytics 4 properties - Analytics Help .
Furthermore, you may prevent the collection of data through Google Analytics by clicking the following link: <javascript:gaOptout()>. This will set an opt-out cookie that will prevent any future data collection when you visit our website.
You can find further information to the terms and conditions and privacy regarding Google Analytics at https://www.google.de/intl/en/policies/ . In this context, we would like to point out that we use Google Analytics with the parameter “anonymizeIp” in order to ensure that the IP addresses collected are truncated and thereby anonymised (so-called IP masking).
8. Security
The security of your personal data is very important to us. We take technical and organizational measures to protect your personal data and ensure a level of security appropriate to the risk. While we take reasonable efforts to guard personal data, we knowingly collect directly from you, no security system is impenetrable. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with section 10 below.
9.. Data protection rights
You may at any time request from us access to your personal data processed by us as well as rectification or erasure of such personal data or restriction of processing concerning such data. If you have given us consent to process your personal data, you may withdraw such consent at any time with regard to future processing. You may also request information on the appropriate or suitable safeguards regarding transfers to third countries and a copy of the underlying contractual agreements or provisions.
You also have a right to object to the processing of your personal data. If the processing is based on your consent or on a contract, and where such processing is carried out by automated means, you may also have the right to receive your personal data which you have provided to us and have the right to transmit it to another data controller, where technically feasible (data portability).
Please contact our Data Protection Officer in accordance with section 10 below if you would like to exercise your rights.
Furthermore, you have the right to lodge a complaint with a supervisory authority.
10. Contact; data protection officer
For our contact details, please refer to penko.com
In addition, you may directly contact our data protection officer:
Dr. Sebastian Kraska Rechtsanwalt, Dipl.-Kfm.
Externer Datenschutzbeauftragter
IITR GmbH
Marienplatz 2
80331 München
Tel. +49 89 1891 7360