Data protection statement - website
As of: June 2026
§ 1 Controller
The controller within the meaning of Art. 4 No. 7 GDPR is:
Messer SE & Co. KGaA
Messer-Platz 1
65812 Bad Soden am Taunus
Germany
Phone: +49 6196 7760-0
E-mail: corporate.office@messergroup.com
Further information can be found in our imprint.
§ 2 Data Protection Officer
You can contact our data protection officer at:
Messer SE & Co. KGaA
Datenschutzbeauftragter
Messer-Platz 1
65812 Bad Soden am Taunus
E-mail: datenschutz.mg@messergroup.com
§ 3 General information on data processing
We process personal data exclusively in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications-Digital-Services-Data Protection Act (TDDDG).
Personal data is any information relating to an identified or identifiable natural person.
Insofar as we process personal data, this is done exclusively for the purposes described in this data protection notice.
§ 4 Categories of recipients
In the course of providing our website and services, personal data may be transferred to the following categories of recipients:
• IT & Hosting Service Providers
• Cloud and infrastructure service providers
• Communication and CRM service providers
• Analysis and marketing service providers
• Applicant management service provider
• Affiliated companies of the Messer Group
• Authorities and public bodies in case of legal obligation
• Consultants, auditors and lawyers
Insofar as external service providers process personal data on our behalf, this is done on the basis of order processing agreements in accordance with Art. 28 GDPR.
§ 5 Your rights
You have the following rights vis-à-vis us:
• Right to information pursuant to Art. 15 GDPR
• Right to rectification in accordance with Art. 16 GDPR
• Right to erasure in accordance with Art. 17 GDPR
• Right to restriction of processing in accordance with Art. 18 GDPR
• Right to data portability in accordance with Art. 20 GDPR
• Right to object according to Art. 21 GDPR
• Right to revoke consent given in accordance with Art. 7 (3) GDPR
• Right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR
To exercise your rights, simply send a message to:
datenschutz.mg@messergroup.com
§ 6 Automated Decisions
Automated decision-making, including profiling, within the meaning of Art. 22 GDPR does not take place.
§ 7 Visiting our website
When you visit our website, the following data is automatically processed:
• IP address
• Date and time of access
• Browser type and version
• Operating System
• Referrer URL
• Pages viewed
• Amount of data transferred
• HTTP Status Code
Purposes
• Provision of the website
• Ensuring IT security
• Attack detection and abuse prevention
• Error analysis
• System Stability
Legal basis
Art. 6 para. 1 lit. f GDPR.
Our legitimate interest is to ensure that our website is provided in a secure, stable and functional manner.
Storage period
Server log data is generally deleted after 30 days, provided that there are no security incidents or legal retention obligations to the contrary.
§ 8 Hosting and technical infrastructure
In particular, we use the following service providers to provide our website:
• IBM Cloud
• Kyndryl Deutschland GmbH
• Microsoft Ireland Operations Limited
• Cloudflare Inc.
Purposes
• Hosting
• Operation of the website
• Load balancing
• IT Security
• DDoS protection
Legal basis
Art. 6 para. 1 lit. f GDPR.
Storage period
The storage period depends on the respective log and security concepts of the systems used and is usually a maximum of 30 days.
§ 9 Contacting Us
If you contact us by e-mail, telephone, contact form or other means of communication, we will process your information to process your request.
Processed data
• Name
• Company
• E-mail address
• Phone number
• Content of the inquiry
Legal basis
• Art. 6 (1) (b) GDPR
• Art. 6 (1) (f) GDPR
Legitimate interest
Efficient communication with prospects, customers, suppliers and business partners.
Storage period
Enquiries will generally be deleted after processing has been completed, provided that there are no statutory retention obligations.
§ 10 Consent Management
We use HubSpot Consent Management to manage and document your consents.
Processed data
• Consent status
• Time of consent
• Browsing data
• Device Information
• IP address
Legal basis
• Art. 6 (1) (c) GDPR
• Art. 6 (1) (f) GDPR
Storage period
Consent logs are stored for up to three years.
Revocation
You can revoke or change your consent at any time via the link "Cookie settings" in the footer of our website.
§ 11 Cookies and similar technologies
Our website uses cookies, local storage and similar technologies.
Technically required technologies
These include, in particular:
• Session cookies
• Load balancing cookies
• Security cookies
• Consent cookies
• Authentication cookies
Legal basis
Section 25 (2) TDDDG and Art. 6 (1) (f) GDPR.
Unnecessary technologies
Analytics, marketing, and personalization technologies are used solely on the basis of your consent.
Legal basis
Section 25 (1) TDDDG and Art. 6 (1) (a) GDPR.
§ 12 HubSpot CRM, Analytics, Forms, and Live Chat
We use services provided by HubSpot Ireland Limited, Dublin, Ireland.
HubSpot is used in particular for:
• Customer Relationship Management (CRM)
• Contact management
• Marketing Automation
• Website analytics
• Forms
• Live Chat
Processed data
• Contact Information
• Communication data
• Usage Data
• Site interactions
• IP address
• Device Information
Legal basis
• Art. 6 (1) (a) GDPR
• Art. 6 (1) (b) GDPR
• Art. 6 (1) (f) GDPR
Legitimate interest
Efficient customer communication, optimisation of our online offers and processing of enquiries.
Storage period
The data will be deleted as soon as the respective purpose no longer applies and there are no legal retention obligations. Analysis data is regularly anonymized or deleted after a maximum of 13 months.
§ 13 Google Tag Manager
We use Google Tag Manager.
Google Tag Manager is used exclusively for the technical management of website tags.
Legal basis
Art. 6 (1) (a) GDPR.
Storage period
Google Tag Manager does not store personal data independently.
§ 14 Google Ads and Conversion Tracking
We use Google Ads and Google Conversion Tracking.
Purpose
• Measuring the success of advertising campaigns
• Reach analysis
• Optimizing our marketing efforts
Legal basis
Art. 6 (1) (a) GDPR.
Storage period
The storage period depends on the settings of Google services and is usually a maximum of 13 months.
§ 15 LinkedIn Insight Tag
We use LinkedIn Ireland Unlimited Company's LinkedIn Insight Tag.
Purpose
• Campaign Analytics
• Conversion measurement
• Reach optimization
Legal basis
Art. 6 (1) (a) GDPR.
Storage period
The storage period is based on LinkedIn's specifications.
§ 16 Google Maps
We use Google Maps to display interactive maps.
The cards will only be loaded after your consent.
Legal basis
Art. 6 (1) (a) GDPR.
Storage period
The storage period is based on Google's specifications.
§ 17 YouTube
We embed YouTube videos.
Videos will only be loaded after your consent.
Legal basis
Art. 6 (1) (a) GDPR.
Storage period
The storage period is based on the specifications of Google/YouTube.
§ 18 Google Fonts
If fonts are loaded from servers of Google Ireland Limited, this will only take place after your consent.
Legal basis
Art. 6 (1) (a) GDPR.
Note
If fonts are hosted locally on our servers, no personal data will be transmitted to Google.
§ 19 Podcasts (Podigee)
To provide podcasts, we use Podigee.
Processed data
• IP address
• Usage Data
• Device Information
Legal basis
Art. 6 (1) (a) GDPR.
Storage period
The storage period depends on the specifications of the service provider.
§ 20 Career Portal and Applications
For our career portal, we use Teamtailor AB, Sweden.
Processed data
• Technical usage data
• Application data
• Communication data
Legal basis
• Art. 6 (1) (b) GDPR
• Section 26 BDSG
• Art. 6 (1) (f) GDPR
Storage period
Application documents are generally deleted six months after completion of the application process, unless there are longer statutory retention obligations or consent for a talent pool has been obtained.
For the Talent Pool, storage is carried out exclusively on the basis of your consent.
For further information, please refer to the separate data protection information for applicants.
§ 21 Newsroom Subscriptions and Press Distribution Lists
You can subscribe to information from Messer via our newsroom. These include, in particular:
• Press releases
• Technical Articles
• the customer magazine "Gases for Life"
• Annual Reports
If you fill out the relevant form in the newsroom, we will process the data you provide, in particular:
• Salutation
• First and last name
• Company or publisher
• E-mail address
• Phone number (optional)
• selected areas of interest or subscription categories
• optional messages in the comment field
The processing is carried out for the purpose of providing you with the information you have requested, as well as to manage your subscription.
Legal basis
The processing is carried out on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.
If you make specific press, interview or publication requests in the comment field, the processing will also be carried out on the basis of Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR to process your request.
Revocation and cancellation
You can revoke your consent at any time with effect for the future or unsubscribe from individual categories of information.
The revocation can be made in particular via the unsubscribe options contained in the respective messages or by sending a message to the contact addresses provided.
This does not affect the lawfulness of the processing carried out until the revocation.
Storage period
Your data will be stored for as long as the respective subscription exists.
After revocation or cancellation, your data will be deleted, provided that there are no statutory retention obligations to the contrary and no further communication or business relationship exists.
Recipients
For the administration of the newsroom and the communication processes, IT, hosting and communication service providers used by us may have access to the data. Insofar as they act as processors, this is done on the basis of Art. 28 GDPR.
§ 22 Intra-Group Data Transfers
Within the Messer Group, personal data may be transmitted to other companies of the Messer Group to the extent necessary for internal administrative purposes, IT support, compliance purposes, legal advice or the processing of enquiries.
Legal basis
Art. 6 para. 1 lit. f GDPR.
Legitimate interest
Efficient and secure group-wide organization and administration.
§ 23 International Data Transfers
When using individual services, personal data may be transferred to countries outside the European Economic Area.
This applies in particular:
• HubSpot (US)
• Google (USA)
• LinkedIn (USA)
• Cloudflare (US)
The transfer will be carried out exclusively in compliance with Art. 44 et seq. GDPR.
In particular, the following guarantees are used for this purpose:
• EU-U.S. Data Privacy Framework
• EU Standard Contractual Clauses
• Other suitable safeguards in accordance with the GDPR
Information on the guarantees used can be provided on request.
§ 24 Right of appeal
You have the right to complain to a data protection supervisory authority about the processing of your personal data.
§ 25 Changes to this data protection notice
We reserve the right to amend this data protection notice if this becomes necessary due to legal, technical or organisational changes.
The current version is available on our website.