Data Protection
Data Protection Policy

Data Protection Policy for the website of Tadano Faun GmbH

Information about the processing of your data in accordance with Article 13 of the European General Data Protection Regulation (GDPR).

References to statutory provisions relate to the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) in the version applicable as of 25.05.2018.

I. Scope

This Data Protection Policy applies to the website of Tadano Faun GmbH ( and to the personal data collected via that website. For websites of other providers to which reference is made, by means of links for example, their own data protection information and policies apply.

II. Responsibility

The data controller (party responsible) for processing of personal data on this website is:

Tadano Faun GmbH
Faunberg 2
91207 Lauf an der Pegnitz, Germany

Commercial Register: Nuremberg District Court HRB 9954
VAT reg. no.: DE133514539

Management board: Jens Ennen (Chairman), Kozo Yoshida (Deputy Chairman), Klaus Kröppel, Thomas Urbanczyk

Contact details:

PO Box: 10 02 64
91192 Lauf an der Pegnitz, Germany
Tel.: +49 (0)9123 / 185 0
Fax: +49 (0)9123 / 753 20
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Important note:

For security reasons, we recommend sending emails in encrypted form only. There are considerable risks associated with the transfer of unencrypted messages. Please do not send us any sensitive data by unencrypted email.

III. Data protection officer

Tadano Faun GmbH

Corporate Data Protection

Faunberg 2
91207 Lauf an der Pegnitz, Germany

Tel.: +49 9123 185 5531

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Important note:

For security reasons, we recommend sending emails in encrypted form only. There are considerable risks associated with the transfer of unencrypted messages. Please do not send us any sensitive data by unencrypted email.

IV. How we handle your data

1) Personal data

According to Art. 4 GDPR, personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2) Collection and processing of your personal data

When you access our website, you send data to our web server through your web browser (as a technical necessity). The following data are recorded during an open connection for communication between your web browser and our web server:

  • Date and time of request
  • Name of the file requested
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Full IP address of the computer making the request
  • Data volume transferred

For reasons of technical security, in particular to avert attempts to attack our web server, these data are saved by us for a short time. We are not able to identify individuals using these data. At the latest after seven days, the data are anonymised at domain level by truncating the IP address, so that it is no longer possible to establish a link to an individual user. The data are also processed for statistical purposes in anonymised form; the data are not compared with other databases or passed on to third parties, including in the form of extracts.

With the exception of the data specified above, personal data are stored only when you provide them yourself, e.g. when registering, completing a survey or executing a contract, and even in those cases only if we are permitted to do so on the basis of the consent you have given us or of applicable legal regulations (you can find more information about this below in the “Legal basis for processing” section below).

You are not obliged either by law or contract to provide your personal data. It may be, however, that certain functions of our website depend on the provision of personal data. If you do not provide your personal data in these cases, the result may be that functions are not available or are only available to a limited extent. 

3) Purposes of use

We use the personal data collected when you visit our website to operate it in a way that is as convenient as possible for you and to protect our IT systems from attacks and other unlawful actions.

If you provide us with further personal data, e.g. in the context of registration, on a contact form, in a survey or to execute a contract, we use the data for the specified purpose, for purposes of customer administration and – if necessary – for purposes of processing and invoicing for any business transactions, to the extent necessary in each case. 

4) Transfer of personal data to third parties, “social plugins” and fan shop

Social plugins

When we use so-called “social plugins” from social networks such as Facebook, Twitter and Google+, we integrate them as follows:

When you visit our website, the social plugins are deactivated, i.e. no data is transmitted to the operators of these networks. If you wish to use one of the networks, click on the respective social plugin to establish a direct link to the server of the relevant network. 

If you have a user account on the network and you are logged in at the moment that you activate the social plugin, the network can associate your visit to our website with your user account. If you wish to avoid this, please log out of the network before activating the social plugin.

When you activate a social plugin, the network transmits the content that is made available as a result directly to your browser, which integrates it into our website. In this situation, data transmissions may also take place that are initiated and controlled by the respective social network. The data protection provisions of the network in question apply exclusively to your connection to a social network, the data transmissions that take place between the network and your system and the interactions on this platform.

The social plugin remains active until you deactivate it or delete your cookies (you can find further information about this in the “Cookies” section).

 When you click on a link to a website or activate a social plugin, it may be that personal data will reach providers in countries outside the European Economic Area which, from the perspective of the European Union (“EU”), cannot guarantee an “appropriate level of protection” that meets EU standards for processing personal data. Please think about this before you click on a link or a social plugin and thus trigger transmission of your data.

Fan shop

The fan shop is managed by TFG FanShop UG (limited liability).

In order to process your order, TFG FanShop UG works with the following service provider(s) who help it to execute concluded contracts in whole or in part: DHL, FedEx, Heidelpay, PayPal, Tesch mediafinanz GmbH and TM3 Software.

You can find further information about this in the “Legal basis for processing” section).

5) Analysis of usage date; use of analytical tools

We want to coordinate the content of our website as closely as possible with your interests and improve our service as a result. We use the following analytical tool(s) to identify usage preferences and particularly popular areas of the website: Google Analytics and Google Tag Manager.

During use of these analytical tools, data may be transmitted to servers located in the USA and processed there. Please note the following: From the perspective of the European Union, the USA does not have an “appropriate level of protection” that meets EU standards for processing personal data. This level of protection may be achieved by individual companies, however, by certification under the so-called “EU-U.S. Privacy Shield”.

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is saved that will prevent recording of your data on future visits to the website: Deactivate Google Analytics Deactivate Google Analytics Deactivate Google Analytics Deactivate Google Analytics

Below you will find information about the providers of the analytical tools used by us and the respective opt-out options: Google Inc. (“Google”)

Google is certified under the EU-U.S. Privacy Shield.

You can prevent transmission of your data and its recording and processing by Google. Google provides information about this via the following link:

Our website also uses Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tool Manager only implements tags. This means: no cookies are used and no personal data is collected. The Google Tool Manager activates other tags, which may in turn collect data. However, Google Tag Manager does not access these data. If deactivation has been implemented at domain or cookie level, it remains in place for all tracking tags, provided that they were set up with Google Tag Manager.

6) Targeting and retargeting

No targeting or retargeting technologies are used.

7) Information about cookies

I. Functions and use of cookies

Cookies are small files that are stored on your desktop, laptop or mobile device when you visit a website. From these we can recognise if there has already been a connection between your device and our website, for example, or which language or other settings you prefer. Cookies may also include personal data.

 When you use our website, you agree to the use of cookies.

You can also visit our website without agreeing to the use of cookies. In other words, you can reject their use and delete cookies at any time by adjusting the settings on your device accordingly.

This is done as follows:

  • The default setting of most browsers is to accept cookies automatically. You can change this default setting by activating the *Do not accept cookies* option.
  • You can delete existing cookies at any time. You can find out how this works individually in your browser or device manufacturer’s operating instructions.
  • You can find information about deactivating local shared objects under the following link: Information about deactivating local shared objects
  • As with cookies, rejecting or erasing them is linked to the device and the browser used. You therefore have to reject or erase cookies for each of your devices and, if you use more than one browser, each of your browsers.

If you decide to object to the use of cookies, it may be that some of the functions of our website may not be available or individual functions may only be available to a limited extent.

We divide cookies into the following categories: 

Essential cookies (type 1)

 These cookies are essential for the functions of the website. Without them, we may not be able to offer some of the services to you, for example.

Functional cookies (type 2)

These cookies make it easier to use the website and improve its functions. For example, we save your language settings in functional cookies. 

Performance cookies (type 3)

These cookies collect information about how you use our website. In this way, we can identify which parts of our website are particularly popular and thus improve our service to you. Please also read the section “Analysis of usage data” in our Data Protection Policy.

Third-party cookies (type 4)

These cookies are set up by third parties, e.g. social networks such as Facebook, Twitter and Google+, the content of which you can integrate using the “social plugins” offered on our website. More detailed information about the use and function of the social plugins is available in our Data Protection Policy.

II. We use the following cookies on our website





By means of a session cookie, shopware determines whether the respective user has an active shopping basket and whether the user is logged in. It therefore acts as a means of identification for the browser and the server.

Type 1


In addition, shopware generates an individual CSRF cookie when a customer visits our shop so that he or she can use the individual areas of the shop. Further information:

Type 1


Stores the user’s language settings.

Type 2


Stores a shopware login token to recognise the customer and customise the shop, even if the customer has not yet logged in.

Type 2


In the browser’s local storage, information about “recently viewed items” is also stored.

Type 2

Browser Local Storage

In the browser’s local storage, information about “recently viewed items” is also stored.

Type 2


ga-disable-UA-60838025 Stores information about whether Google Analytics Tracking has been deactivated for the site

Type 2


Stores information about whether Google Analytics Tracking has been deactivated for the site

Type 2


Stores information about whether Google Analytics Tracking has been deactivated for the site

Type 2


Stores the user’s Joomla session ID.

Type 3


If a customer adds a product to the notepad, a cookie with the name “sUniqueID” is created to store the content of the notepad.

Type 3

_ga, _gid, __utma, __utmb, __utmc, __utmt, __utmz

Stores information for Google Analytics. For further information about the type, use and purpose of the cookies, please click on the following link:

Type 4


datr, fr, sb, wd


Facebook social media plugin

Type 4

8) Newsletter

If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.

The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

9) Pardot/Salesforce

Pardot is the maker of a web marketing automation suite. We use Pardot’s suite to gather information about visitors to our website. Personal information is stored in Pardot/Salesforce when our visitors complete forms such as when they subscribe to receive email communications from us. Pardot gathers non-personal information such as IP address, operating system, web browser, and web pages visited.
For further information please visit

10) Security

We implement technical and organisational security measures to protect the data about you that we manage from manipulation, loss, destruction and access by unauthorised persons. We are continuously improving our security measures in accordance with technological progress.

For security reasons and to protect transmission of personal data and other confidential content (e.g. orders or questions to the data controller), this website uses SSL and TLS encryption. You can recognise an encrypted connection by the string “https://” and the padlock icon on your browser bar. 

11) Legal basis of processing

If you have given us your consent to process your personal data, this represents the legal basis for processing (Art. 6 (1) (a) GDPR).

For processing personal data to initiate or fulfil a contract with you, Art. 6 (1) (b) GDPR is the legal basis.

Insofar as processing of your personal data is necessary to fulfil our legal obligations (e.g. retention of data), we are authorised to do so by Art. 6 (1) (c) GDPR.

We also process personal data for purposes of pursuing our legitimate interests and the legitimate interests of third parties pursuant to Art. 6 (1) (f) GDPR. Such legitimate interests include maintenance of the function of our IT systems, but also marketing of our own and third-party products and services and the necessary legal documentation of business contacts.  

12) Erasure of your personal data

IWe erase your IP address and the name of your Internet Service Provider, which we only save for security reasons, after seven days. Otherwise we erase your personal data as soon as the purpose for which we have collected and processed the data no longer applies. Beyond this time, storage takes place only if this is required in accordance with the laws, ordinances or other legal regulations of the European Union or a Member State of the European Union to which we are subject.


V. Your rights

As a user of our website, you have various rights under the GDPR, which are set out in particular in Art. 15 to 21:

1) Right to information

You may demand information about your personal data processed by us under Art. 15 GDPR. Your application for information should provide precise information about your request in order to make it easier for us to compile the data required. Please note that your right to information may be restricted under certain circumstances by legal regulations (in particular Section 34 GDPR and Art. 10 of the Bavarian Data Protection Act).

2) Right to rectification

If the information about you is not (or no longer) accurate, you may demand rectification under Art. 16 GDPR. If your data are incomplete, you may demand completion.

3) Right to erasure

You may demand erasure of your personal data under the conditions of Art. 17 GDPR. Your right to erasure depends, among other things, on whether the data about you are still required by us to fulfil statutory duties.

4) Right to restriction of processing

Under the provisions of Art. 18 GDPR, you have the right to demand restriction of processing of the data relating to you.

5) Right to notification

If you have asserted your right to rectification, erasure or restriction of processing in respect of the data controller, the latter is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves to be impossible or involves a disproportionate amount of work. You have the right to information about such recipients under the provisions of Art. 19 GDPR.

6) Right to data portability

Under the provisions of Art. 20 GDPR, you have the right to receive the personal data that you have provided to us in a structured, standard and machine-readable format or to demand transmission to another data controller, provided that this is technically feasible.

7) Right to object

Under Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. We cannot always comply, however, if we are subject to statutory regulations concerning fulfilment of our processing obligations, for example.

8) Right to withdrawal

You have the right to withdraw the consent that you have given to process your data from that point forward, in accordance with the provisions of Art. 7 GDPR. If consent is withdrawn, we shall erase the data concerned immediately, insofar as further processing cannot be justified on a legal basis for processing without consent. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of that consent up to the point of withdrawal.

9) Right to lodge a complaint

If you believe that the processing of your personal data breaches statutory provisions, you have the right to lodge a complaint with the relevant data protection supervisory authority (Art. 77 GDPR).

VI. Alterations to this Data Protection Policy

We may alter this Data Protection Policy at any time by publishing the amended version on this website, including enforcement of the amended version.

Date of publication: 25.05.2018



Data protection portal

Get information here how we protect your data.

Data protection portal