Privacy

Privacy Policy

1. Introduction

The following information is intended to provide you, as a “data subject,” with an overview of how we process your personal data and your rights under data protection laws. In general, you can use our website without providing any personal data. However, if you wish to use specific services offered by our company via our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to “Pokolm Frästechnik GmbH & Co. KG.” Through this Privacy Policy, we would like to inform you about the scope and purpose of the personal data we collect, use, and process.

As the data controller, we have implemented numerous technical and organizational measures to ensure the most comprehensive possible protection of the personal data processed via this website. Nevertheless, internet-based data transmissions may inherently contain security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, you are free to provide us with personal data via alternative channels, such as by phone or mail.

You, too, can take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. Therefore, we would like to provide you with some tips on how to handle your data securely:

Protect your account (login, user, or customer account) and your IT system (computer, laptop, tablet, or mobile device) with strong passwords.
Only you should have access to the passwords.
Make sure you only use your passwords for a single account (login, user, or customer account).
Do not use the same password for different websites, applications, or online services.
This is especially important when using publicly accessible IT systems or those shared with others: You must log out after every session on a website, application, or online service.

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name, or the names of relatives, but rather a mix of uppercase and lowercase letters, numbers, and special characters.

2. Data Controller

The controller within the meaning of the GDPR is:

Pokolm Frästechnik GmbH & Co. KG

Adam-Opel-Straße 5, 33428 Harsewinkel, Germany

Phone: +49 5247 9361-0

Fax: +49 5247 9361-99

Email: info@pokolm.com

Representatives of the data controller: Ulrich Wiehagen, Dennis Hamm, Sascha Leicht

3. Data Protection Officer

You can contact the Data Protection Officer as follows:

Thomas Otten

Phone: 05221/87292-08

Fax: 05221/87292-49

Email: datenschutz-pokolm@audatis.de

You may contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.

4. Definitions

This Privacy Policy is based on the terminology used by European legislators and regulators when enacting the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understand for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy policy, we use the following terms, among others:

1. Personal Data

Personal data is any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2. Data Subject

A data subject is any identified or identifiable natural person whose personal data is processed by the data controller (our company).

3. Processing

Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of making available, the alignment or combination, restriction, erasure, or destruction.

4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their future processing.

5. Profiling

Profiling is any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

6. Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure the personal data is not attributed to an identified or identifiable natural person.

7. Data Processor

A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

8. Recipient

A recipient is a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, regardless of whether they are a third party or not. However, public authorities that may receive personal data in the course of a specific investigative mandate under Union law or the law of the Member States are not considered recipients.

9. Third Party

A third party is a natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.

10. Consent

Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal Basis for Processing

Art. 6(1)(a) of the GDPR (in conjunction with § 25(1) of the TDDDG (formerly TTDSG)) serves as the legal basis for our company’s processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party—as is the case, for example, with processing operations required for the delivery of goods or the provision of other services or consideration—the processing is based on Art. 6(1)(b) of the GDPR. The same applies to processing operations necessary for the implementation of pre-contractual measures, such as in cases of inquiries regarding our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Article 6(1)(c) of the GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to were injured on our premises and their name, age, health insurance information, or other vital information subsequently had to be disclosed to a doctor, a hospital, or other third parties. In such cases, the processing would be based on Article 6(1)(d) of the GDPR.

Finally, processing operations could be based on Article 6(1)(f) of the GDPR. Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and fundamental freedoms of the data subject do not take precedence. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this regard, the legislator took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47, Sentence 2 of the GDPR).

Our services are generally intended for adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and adolescents, do not collect such data, and do not disclose it to third parties.

6. Transfer of Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only disclose your personal data to third parties if:

You have given us your explicit consent to do so pursuant to Art. 6(1)(a) of the GDPR,
the transfer is permitted under Article 6(1)(f) of the GDPR to protect our legitimate interests, and there is no reason to believe that you have an overriding legitimate interest in the non-disclosure of your data,
there is a legal obligation to disclose the data pursuant to Article 6(1)(c) of the GDPR, and
this is legally permissible and necessary under Article 6(1)(b) of the GDPR for the performance of contractual relationships with you.

As part of the processing operations described in this Privacy Policy, personal data may be transferred to the United States. Companies in the United States are deemed to provide an adequate level of data protection only if they have obtained certification under the EU-US Data Privacy Framework, thereby triggering the adequacy decision of the European Commission pursuant to Article 45 of the GDPR. We have explicitly stated this in the privacy policy for the relevant service providers. To protect your data in all other cases, we have entered into data processing agreements based on the European Commission’s Standard Contractual Clauses. If the Standard Contractual Clauses are insufficient to ensure an adequate level of security, your consent pursuant to Article 49(1)(a) of the GDPR may serve as the legal basis for the transfer to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.

7. Technology

7.1 Hosting by Strato

We host our website with Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter referred to as “Strato”).

When you visit our website, your personal data (e.g., IP addresses in log files) is processed on Strato’s servers.

The use of Strato is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring the most reliable possible presentation, provision, and security of our website.

We have entered into a Data Processing Agreement (DPA) with Strato in accordance with Article 28 of the GDPR. This is a contract required by data protection law that ensures Strato processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

For more information on Strato’s privacy policy, please visit: https://www.strato.de/datenschutz/

8. Cookies

8.1 General Information on Cookies

Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

The cookie stores information that is derived from the context of the specific device used. However, this does not mean that we thereby gain direct knowledge of your identity.

We use cookies to make your experience on our site more enjoyable. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website at . These are automatically deleted when you leave our site.

In addition, to optimize user-friendliness, we also use temporary cookies that are stored on your device for a specific, predetermined period of time. If you visit our site again to use our services, the system automatically recognizes that you have already visited us and recalls the entries and settings you made, so you do not have to re-enter them.

We also use cookies to collect statistical data on the use of our website and to evaluate our offerings for the purpose of optimization. These cookies allow us to automatically recognize that you have previously visited our website when you return. The cookies set in this manner are automatically deleted after a defined period of time. The respective storage duration of the cookies can be found in the settings of the consent tool used.

9. Content of Our Website

9.1 Data Processing When Opening a Customer Account and for Contract Execution

In accordance with Art. 6(1)(b) of the GDPR, personal data is collected and processed when you provide it to us for the purpose of executing a contract or when opening a customer account. The data collected is indicated in the respective input forms. You may delete your customer account at any time, including by sending a message to the above-mentioned address of the controller. We store and use the data you provide for the purpose of contract fulfillment. After the contract has been fully executed or your customer account has been deleted, your data will be blocked in accordance with tax and commercial law retention periods and deleted upon the expiration of these periods, unless you have expressly consented to further use of your data or we have reserved the right to further use your data as permitted by law, about which we will inform you accordingly below.

9.2 Contacting Us / Contact Form

Personal data is collected when you contact us (e.g., via the contact form or email). The data collected when using a contact form is specified in the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your inquiry pursuant to Art. 6(1)(f) of the GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) of the GDPR. Your data will be deleted after your inquiry has been fully processed; this is the case when the circumstances indicate that the matter in question has been conclusively resolved and there are no legal retention obligations preventing deletion.

10. Advertising

10.1 Google AdSense

We have integrated Google AdSense into this website. The operator of the Google AdSense component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google AdSense is an online service that enables the placement of advertisements on third-party websites. Google AdSense is based on an algorithm that selects the advertisements displayed on third-party websites to match the content of the respective third-party website. Google AdSense allows for interest-based targeting of internet users, which is implemented by generating individual user profiles.

The purpose of the Google AdSense component is to display advertisements on our website. Google AdSense places a cookie on your computer. This cookie enables Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, to analyze the use of our website. Each time you visit one of the individual pages of this website operated by us that includes a Google AdSense component, the web browser on your IT system is automatically prompted by the respective Google AdSense component to transmit data to Alphabet Inc. for the purposes of online advertising and commission billing. As part of this technical process, Alphabet Inc. obtains personal data, such as your IP address, which Alphabet Inc. uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission billing.

Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic embedded in web pages to enable log file recording and analysis, thereby allowing for statistical evaluation. Using the embedded web beacon, Alphabet Inc. can determine whether and when a webpage was opened by your IT system and which links you clicked on. Web beacons are used, among other things, to evaluate the visitor traffic of a website.

Through Google AdSense, personal data and information—including the IP address, which is necessary for the collection and billing of the displayed advertisements—are transferred to Alphabet Inc. in the United States of America. This personal data is stored and processed in the United States of America. Alphabet Inc. may, under certain circumstances, disclose this personal data collected via the technical process to third parties.

These processing operations take place exclusively upon the granting of express consent in accordance with Art. 6(1)(a) of the GDPR.

The parent company, Google LLC, is a U.S. company certified under the EU-U.S. Data Privacy Framework. An adequacy decision pursuant to Article 45( ) of the GDPR is in place, meaning that the transfer of personal data may take place even without further guarantees or additional measures.

You can view the privacy policy and further information from Google AdSense at: https://www.google.de/intl/de/adsense/start/ and at https://www.google.com/policies/technologies/ads/

11. Plugins and Other Services

11.1 Yumpu FREE

To display the flipbooks integrated on our website, we use Yumpu FREE, a tool provided by i-magazine AG (Yumpu), Gewerbestrasse 3, 9444 Diepoldsau, Switzerland.

By using Yumpu, the content of PDF files is displayed as a flipbook that is freely accessible and readable directly in your web browser, without you having to download a PDF file.

To provide this service, your web browser retrieves the content directly from Yumpu. As with any website visit, Yumpu receives your IP address, information about your web browser, operating system, date and time of the visit, and so-called referrer data—i.e., information about which page you came from to reach the website containing the Yumpu components—provided that the referrer data is not masked by your browser.

The use of Yumpu is based on our legitimate interest in presenting our website and products in an attractive manner, in accordance with Article 6(1)(f) of the GDPR.

For more information about Yumpu, please visit: https://www.yumpu.com/de/publishing-software/free.

12. Your Rights as a Data Subject

12.1 Right to Confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

12.2 Right of access (Article 15 of the GDPR)

You have the right to receive from us, at any time and free of charge, information regarding the personal data stored about you, as well as a copy of this data in accordance with legal provisions.

12.3 Right to rectification Art. 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

12.4 Erasure Art. 17 GDPR

You have the right to request that we erase personal data concerning you without undue delay, provided that one of the grounds provided for by law applies and insofar as processing or storage is not necessary.

12.5 Restriction of Processing Art. 18 GDPR

You have the right to request that we restrict processing if one of the legal requirements is met.

12.6 Data Portability Art. 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller to whom the personal data has been provided, without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability under Article 20(1) of the GDPR, you have the right to have your personal data transmitted directly from one controller to another, provided that this is technically feasible and does not adversely affect the rights and freedoms of others.

12.7 Objection under Article 21 of the GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Article 6(1)(e) (data processing in the public interest) or (f) (data processing based on a balancing of interests) of the GDPR.

This also applies to profiling based on these provisions within the meaning of Article 4(4) of the GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

In certain cases, we process personal data for the purpose of direct marketing. You may object at any time to the processing of your personal data for such marketing purposes. This also applies to profiling to the extent that it is related to such direct marketing. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.

In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you that we carry out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures that use technical specifications.

12.8 Withdrawal of Consent

You have the right to withdraw your consent to the processing of personal data at any time with future effect.

12.9 Complaint to a supervisory authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

13. Validity and Changes to the Privacy Policy

This Privacy Policy is currently valid and is dated April 2026.

Due to the ongoing development of our website and services, or due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy. You can access and print the current version of the Privacy Policy at any time on the website at "https://www.pokolm.com/en/privacy".

This Privacy Policy was created with the support of the data protection software: audatis MANAGER.

Name	Consent-Banner accepted
Provider	format h digital GmbH
Purpose	Stores the user's consent status regarding the services used on the site.
Privacy Policy	https://www.pokolm.com/en/privacy
Cookie Name	cookiebanner.version, cookiebanner.services.accepted
Cookie Validity	1 year

Accept	OnOff
Name	Google Analytics
Provider	Google Ireland Ltd.
Purpose	To identify users and sessions and to distinguish between known and new users. An ID can be saved for 24 hours after the last activity. Other cookies are used to monitor the number of Google Analytics server requests, especially when using the Google Tag Manager. Information about the traffic source or campaign that directed users to the website is also stored. Historical cookies, such as those from older Urchin versions of Google Analytics, may be used to distinguish between new sessions and visits. In addition, cookies are updated each time data is sent to the Google Analytics server.
Privacy Policy	https://privacy.google.com/take-control.html
Cookie Name	_ga, _ga_, _gid, _gat, __utma, __utmt, __utmb, __utmc, __utmz
Cookie Validity	Up to 2 years

Accept	OnOff
Name	Youtube
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Used to store preferences such as preferred language, viewing options or SafeSearch settings, as well as playback and analysis of embedded YouTube videos, including tracking viewed content and estimating bandwidth. A unique ID can be registered to enable location-based tracking using GPS and statistics can be generated about content usage. Consent for marketing purposes is stored, ensuring GDPR compliance of the website. Metadata cookies are used to protect the privacy of YouTube visitors.
Privacy Policy	https://privacy.google.com/take-control.html
Cookie Name	GPS, VISITOR_INFO1_LIVE, PREF, YSC, DEVICE_INFO, LOGIN_INFO, VISITOR_PRIVACY_METADATA
Cookie Validity	Up to 10 years

Accept	OnOff
Name	Yumpu Player
Provider	https://www.yumpu.com/
Purpose	For integrating instructions, magazines, brochures or catalogs on our website. Using Yumpu, PDF files are displayed as a so-called flipbook and displayed in the web browser without having to load a PDF file.
Privacy Policy	https://www.yumpu.com/de/info/privacy_policy
Cookie Name	yp-reg-ab, ypsession, ypsession, yumpu_slc, yumpu_slc
Cookie Validity	Up to a year

Accept	OnOff
Name	JivoChat
Provider	https://www.jivochat.com/files
Purpose	We pass these cookies on to our live chat provider (JivoChat) after you submit a chat message. They contain data about when the chat started and how long it lasted, the visitor's origin and how many pages they viewed before the chat started. Additionally, this information is used to analyze the performance of the CMW Lab Support Team.
Privacy Policy	https://www.jivochat.com/files/privacy_policy.pdf
Cookie Name	jv_enter_ts, jv_pages_count, jv_utm, jv_visits_count, jv_refer
Cookie Validity	1 year