Privacy Notice

Last updated: July 2026

1. General Information

The protection of personal data is important to us. In this Privacy Notice, we inform you about which
personal data is processed when you visit our website, for what purposes such processing takes place,
on which legal bases the processing is carried out, and what rights you have.

Personal data means any information that can be used to identify you personally or that relates to an
identified or identifiable natural person. This includes, for example, your name, address, email address,
telephone number, IP address, or information about your use of our website.

If you are redirected from our website to external websites or services via links, please refer to the
respective privacy information provided by those third-party providers. External content and services
are subject to the privacy notices and policies of the respective providers.

2. Controller

The controller responsible for data processing on this website is:

Bode GmbH
Kirchweg 114
24558 Henstedt-Ulzburg
Germany
Phone: +49 4193 982-0
Email: dsb@bode.eu

The controller is the natural or legal person who, alone or jointly with others, determines the purposes
and means of the processing of personal data.

3. Data Protection Officer

We have appointed a Data Protection Officer for our company.

Ms Cagla Bond
bk systems Datenschutz GmbH
Marie-Curie-Str. 1 – 3
24568 Kaltenkircheng
Deutschland
E-Mail: dsb@bode.eu

4. General Legal Bases for Processing

We process personal data only where there is a legal basis for doing so. Depending on the specific
processing activity, the following legal bases may apply in particular:

  • Article 6(1)(a) GDPR, where you have given us your consent to the processing of your personal data.
  • Article 6(1)(b) GDPR, where processing is necessary for the performance of a contract or in order to
    take steps prior to entering into a contract.
  • Article 6(1)(c) GDPR, where processing is necessary for compliance with a legal obligation.
  • Article 6(1)(f) GDPR, where processing is necessary for the purposes of our legitimate interests or
    the legitimate interests of a third party, provided that your interests, fundamental rights and freedoms
    do not override those interests.

Where we use cookies or comparable technologies that are not strictly technically necessary, this is done
only on the basis of your consent pursuant to Section 25(1) of the German Telecommunications Digital
Services Data Protection Act, abbreviated as TDDDG, and Article 6(1)(a) GDPR.
Technically necessary storage or access operations are carried out on the basis of Section 25(2) TDDDG.

5. Retention Period

Unless a more specific retention period is stated in this Privacy Notice, personal data will remain with
us until the purpose for which it was collected no longer applies.

If you submit a legitimate request for erasure or withdraw your consent to processing, your data will be
deleted unless we have other legally permissible grounds for retaining your personal data. Statutory
retention obligations, in particular retention periods under commercial or tax law, remain unaffected.

6. Your Rights

Within the scope of the applicable legal provisions, you have the following rights at any time:

  • Right of access to your stored personal data pursuant to Article 15 GDPR
  • Right to rectification of inaccurate personal data pursuant to Article 16 GDPR
  • Right to erasure of personal data pursuant to Article 17 GDPR
  • Right to restriction of processing pursuant to Article 18 GDPR
  • Right to data portability pursuant to Article 20 GDPR
  • Right to object to certain processing activities pursuant to Article 21 GDPR
  • Right to withdraw consent previously given pursuant to Article 7(3) GDPR

If you withdraw your consent, the lawfulness of processing carried out before the withdrawal remains
unaffected.

To exercise your rights or if you have any further questions regarding data protection, you may contact
us or our Data Protection Officer at any time.

7. Right to Lodge a Complaint with the Competent Supervisory Authority

If you believe that the processing of your personal data violates data protection law, you have the right
to lodge a complaint with a data protection supervisory authority.

The supervisory authority generally responsible for our company is:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Holstenstraße 98
24103 Kiel
Germany
Website:

https://www.datenschutzzentrum.de/

8. Security of Data Transmission

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, our website uses SSL or TLS
encryption. You can recognize an encrypted connection by the fact that the address line of your browser
begins with “https://” and by the lock symbol displayed in your browser.

When SSL or TLS encryption is enabled, the data you transmit to us cannot easily be read by third parties.

Please note that data transmission over the internet, especially communication by email, may have security
vulnerabilities. Complete protection of data against access by third parties is not possible.

9. Hosting

Hosting by Hostinger

Our website is operated by an external hosting provider. The provider is:

Hostinger International Limited
61 Lordou Vironos Street
Lumiel Building, 4th floor
6023 Larnaca
Cyprus

When our website is accessed, Hostinger processes technical data that is necessary for the provision,
security and stability of the website. This may include, in particular, the following data:

  • IP address of the accessing device
  • Date and time of access
  • Pages and files accessed
  • Amount of data transferred
  • Referrer URL
  • Browser type and browser version
  • Operating system used
  • Hostname of the accessing device

The processing is carried out for the purpose of securely, stably and efficiently providing our website,
ensuring system security, technical administration, error analysis and preventing misuse.

The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the secure, reliable and
efficient provision of our online offering.

Where Hostinger processes personal data on our behalf, we have entered into a data processing agreement
with Hostinger pursuant to Article 28 GDPR.

Hostinger is based in Cyprus and therefore within the European Union. If, in connection with the provision
of hosting services, personal data is transferred to countries outside the European Union or the European
Economic Area, such transfer takes place only on the basis of appropriate safeguards within the meaning
of Articles 44 et seq. GDPR.

Further information on data processing by Hostinger is available at:

https://www.hostinger.com/de/legal/datenschutzerklaerung
.

10. Server Log Files

When you visit our website, technical access data is automatically processed in so-called server log files.
This data is transmitted automatically by your browser.

Server log files may include, in particular, the following information:

  • IP address
  • Date and time of the server request
  • Requested URL
  • Referrer URL
  • Browser type and browser version
  • Operating system used
  • Hostname of the accessing device

This data is processed for the technical provision of the website, to ensure stability and security,
and for error analysis.

The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the secure and error-free
provision of our website.

This data is not combined with other data sources.

11. Cookies and Comparable Technologies

Our website uses cookies and comparable technologies. Cookies are small text files that are stored on
your device. Comparable technologies may include, for example, local storage, session storage, pixels
or scripts.

Some cookies and technologies are technically necessary for our website to function properly. Others are
used for analysis, optimization of our online offering, integration of external services or display of
external content.

Technically necessary cookies and technologies are used on the basis of Section 25(2) TDDDG. The
subsequent processing of personal data is carried out on the basis of Article 6(1)(f) GDPR, insofar as
it is necessary for the secure and functional provision of our website.

Non-essential cookies and comparable technologies are used only if you have given your prior consent.
The legal basis is Section 25(1) TDDDG and Article 6(1)(a) GDPR.

You may withdraw or change your consent at any time via the cookie settings on our website.

Further details on the cookies and services used on our website can be found in our Cookie Policy.

12. Consent Management

Complianz

We use the Complianz consent management solution on our website to obtain, manage and document consents
for cookies and comparable technologies.

In this context, in particular, your consent decision, the selected cookie categories, the time of consent,
technical browser information and, where applicable, a shortened IP address may be processed.

The processing is carried out to comply with legal documentation obligations on the basis of
Article 6(1)(c) GDPR and on the basis of our legitimate interest in legally compliant consent management
pursuant to Article 6(1)(f) GDPR.

13. Contacting Us

If you contact us by contact form, email, telephone or any other means, we process the information you
provide in order to handle your inquiry and any follow-up questions.

This may include, in particular, your name, contact details, your message and any other information you
voluntarily provide.

If your contact request relates to a contract or pre-contractual measures, the legal basis is
Article 6(1)(b) GDPR. In all other cases, processing is based on our legitimate interest in properly
handling your inquiry pursuant to Article 6(1)(f) GDPR. If you have given consent, the legal basis is
Article 6(1)(a) GDPR.

The data will be deleted once the purpose of processing no longer applies, you request deletion, or you
withdraw consent previously given. Statutory retention obligations remain unaffected.

14. Applications

If you apply for a position with us, we process the personal data that you provide to us as part of the
application process.

This may include, in particular, your name, address, contact details, CV, certificates, qualifications,
professional background, salary expectations and other application documents.

Processing is carried out for the purpose of conducting the application process and deciding whether to
establish an employment relationship. The legal basis is Section 26 of the German Federal Data Protection
Act, abbreviated as BDSG, and Article 6(1)(b) GDPR.

If you give us consent to store your application documents for a longer period, processing is carried out
on the basis of Article 6(1)(a) GDPR.

Your application data will be disclosed only to persons involved in processing your application. Disclosure
to third parties takes place only where permitted by law, where you have consented, or where this is
necessary for the application process.

If no employment relationship is established, we will delete your application data after completion of
the application process, provided that no statutory retention obligations or legitimate interests remain.
As a rule, deletion takes place no later than six months after completion of the application process.

If you send your application by email, please note that email communication may have security vulnerabilities.

15. Technical Provision and Language Management

WordPress

Our website is based on the WordPress content management system. WordPress is used for the technical
creation, administration and provision of our website.

During operation, technically necessary data may be processed and technically required cookies may be set.
Processing is carried out on the basis of Article 6(1)(f) GDPR. Our legitimate interest lies in the secure,
stable and user-friendly provision of our website.

Polylang

We use Polylang to manage different language versions of our website. A technically necessary cookie may
be stored in order to remember your language preference.

The use of Polylang is based on Section 25(2) TDDDG. The subsequent processing of personal data is based
on Article 6(1)(f) GDPR. Our legitimate interest lies in providing a user-friendly multilingual website.

16. Google Services

Google APIs

We use Google APIs provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
in order to access additional services and data of Google Ireland Limited.

In this context, your IP address in particular may be transmitted to Google Ireland Limited. Where we use
additional Google services, you will find separate information on these services in this Privacy Notice.

The use of Google APIs is based on our legitimate interest in the technical optimization and functional
provision of our online offering pursuant to Article 6(1)(f) GDPR.

The specific retention period for the processed data is determined by Google Ireland Limited and cannot
be influenced by us.

Further information is available at:

https://policies.google.com/privacy
.

Google Fonts

We use Google Fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
to display fonts on our website.

When the fonts are loaded, your browser establishes a connection to Google servers. In particular, your
IP address is transmitted to Google.

Google Fonts is used on the basis of your consent pursuant to Article 6(1)(a) GDPR and Section 25(1)
TDDDG.

You may withdraw your consent at any time via the cookie settings.

Where personal data is transferred to countries outside the European Economic Area, in particular to the
United States, such transfer is carried out on the basis of the adequacy decision of the European Commission
pursuant to Article 45(1) GDPR, provided that the respective recipient is certified under the EU-U.S.
Data Privacy Framework.

Where no adequacy decision exists or a recipient is not appropriately certified, transfer will take place
only on the basis of appropriate safeguards within the meaning of Articles 44 et seq. GDPR, in particular
on the basis of the European Commission’s Standard Contractual Clauses pursuant to Commission Implementing
Decision EU 2021/914.

The Standard Contractual Clauses can be accessed here:

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914
.

Where required, we additionally obtain your consent for transfers to third countries pursuant to
Article 49(1)(a) GDPR. We point out that third-country transfers may involve risks, for example access
by public authorities, over which we have no influence.

The specific retention period for the processed data is determined by Google and cannot be influenced
by us.

Further information is available at:

https://policies.google.com/privacy
.

Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House,
Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyze the use of our website. This may include processing page views,
time spent on the website, interactions, technical device information, browser information and referring
pages.

Google Analytics uses cookies or comparable technologies. It is used only on the basis of your consent
pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG.

You may withdraw your consent at any time via the cookie settings.

Further information on data processing by Google is available at:

https://policies.google.com/privacy
.

Google reCAPTCHA

We use Google reCAPTCHA provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4,
Ireland. reCAPTCHA is used to determine whether entries on our website, for example in a contact form,
are made by a human or by an automated program.

For this purpose, Google reCAPTCHA may process various information, in particular IP address, time spent
on the website, mouse movements, keyboard entries, browser information, operating system information and,
where applicable, cookies.

Where consent is required, Google reCAPTCHA is used on the basis of your consent pursuant to
Article 6(1)(a) GDPR and Section 25(1) TDDDG. In other cases, it is used on the basis of our legitimate
interest in protecting our website against misuse and automated entries pursuant to Article 6(1)(f) GDPR.

Further information on Google reCAPTCHA is available at:

https://policies.google.com/privacy

and

https://policies.google.com/terms
.

17. Content Delivery Networks

Cloudflare CDNJS

We use CDNJS for the proper delivery of content on our website. CDNJS is a service provided by
Cloudflare, Inc. and functions on our website as a content delivery network, abbreviated as CDN.

A CDN helps to deliver content from our online offering, in particular files such as graphics or scripts,
more quickly using regionally or internationally distributed servers.

When you access such content, a connection is established to servers of Cloudflare, Inc. In this context,
your IP address and, where applicable, browser data such as your user agent are transmitted. This data is
processed exclusively for the delivery of content and to maintain the security and functionality of CDNJS.

The use of CDNJS is based on our legitimate interest in the secure, efficient and optimized provision of
our online offering pursuant to Article 6(1)(f) GDPR.

Where personal data is transferred to countries outside the European Economic Area, in particular to the
United States, such transfer is carried out on the basis of the adequacy decision of the European Commission
pursuant to Article 45(1) GDPR, provided that the respective recipient is certified under the EU-U.S.
Data Privacy Framework.

Where no adequacy decision exists or a recipient is not appropriately certified, transfer will take place
only on the basis of appropriate safeguards within the meaning of Articles 44 et seq. GDPR, in particular
on the basis of the European Commission’s Standard Contractual Clauses pursuant to Commission Implementing
Decision EU 2021/914.

The Standard Contractual Clauses can be accessed here:

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914
.

The specific retention period for the processed data cannot be influenced by us and is determined by
Cloudflare, Inc.

Further information is available at:

https://www.cloudflare.com/privacypolicy/
.

AWS CloudFront

We use AWS CloudFront for the proper delivery of content on our website. AWS CloudFront is a service
provided by Amazon Web Services, Inc. and functions on our website as a content delivery network,
abbreviated as CDN.

A CDN helps to deliver content from our online offering, in particular files such as graphics or scripts,
more quickly using regionally or internationally distributed servers.

When you access such content, a connection is established to servers of Amazon Web Services, Inc. In this
context, your IP address and, where applicable, browser data such as your user agent are transmitted.
This data is processed exclusively for the delivery of content and to maintain the security and functionality
of AWS CloudFront.

The use of AWS CloudFront is based on our legitimate interest in the secure, efficient and optimized
provision of our online offering pursuant to Article 6(1)(f) GDPR.

Where personal data is transferred to countries outside the European Economic Area, in particular to the
United States, such transfer is carried out on the basis of the adequacy decision of the European Commission
pursuant to Article 45(1) GDPR, provided that the respective recipient is certified under the EU-U.S.
Data Privacy Framework.

Where no adequacy decision exists or a recipient is not appropriately certified, transfer will take place
only on the basis of appropriate safeguards within the meaning of Articles 44 et seq. GDPR, in particular
on the basis of the European Commission’s Standard Contractual Clauses pursuant to Commission Implementing
Decision EU 2021/914.

The Standard Contractual Clauses can be accessed here:

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914
.

The specific retention period for the processed data cannot be influenced by us and is determined by
Amazon Web Services, Inc.

Further information is available at:

https://aws.amazon.com/privacy/
.

18. Social Media and External Links

Our website may contain links to our profiles on social networks, for example LinkedIn, Instagram,
Facebook or Xing.

If you click on these links, you leave our website. The respective provider is generally responsible for
the processing of personal data on the relevant platform.

Where social network content is embedded directly on our website, for example posts, feeds, buttons or
similar elements, a connection to the servers of the respective provider may already be established when
such content is loaded. In this context, personal data such as your IP address, browser information and
information about your visit to our website may be processed.

Such content is embedded, where required, only on the basis of your consent pursuant to Article 6(1)(a)
GDPR and Section 25(1) TDDDG. You may withdraw your consent at any time via the cookie settings.

19. Whistleblower Portal

Our website may provide a link to a whistleblower portal. If you click on this link, you leave our
website. The privacy information provided within the whistleblower portal applies to the processing of
personal data in connection with that portal.

Where we process personal data in connection with a report under the German Whistleblower Protection Act,
abbreviated as HinSchG, such processing is carried out for the purpose of receiving, reviewing and handling
the respective report.

The legal basis is compliance with legal obligations pursuant to Article 6(1)(c) GDPR in conjunction
with the requirements of the German Whistleblower Protection Act. Where special categories of personal
data are processed, this is done in accordance with Article 9 GDPR.

Personal data processed in connection with a report will be stored only for as long as necessary to handle
the report, comply with legal obligations, or establish, exercise or defend legal claims.

20. Objection to Unsolicited Advertising Emails

We hereby object to the use of contact data published in the context of legal notice obligations for the
purpose of sending unsolicited advertising or informational materials.

We expressly reserve the right to take legal action in the event of unsolicited advertising information,
for example spam emails.

21. Updates and Changes to this Privacy Notice

We reserve the right to amend this Privacy Notice so that it always complies with current legal
requirements or to reflect changes to our services in this Privacy Notice, for example when new services
are introduced.

The current Privacy Notice applies to each subsequent visit to our website.