Privacy policy

Data protection at a glance

General information:

The following information provides a simplified overview of what happens to your personal data when you visit our website. Personal data includes all data that can be used for identifying you as a person. For detailed information on data protection, please read our Privacy Policy beneath this text.

Data collection on our website:

Who is responsible for collecting the data on this website?

The website operator processes the data on this website. You can find the contact details of the website operator in the Legal Information.

How do we collect your data?

Your data is collected when you disclose it to us. This could be data that you enter in a contact form, for example. Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (such as browser, operating system or time of website access). This data is collected automatically as soon as you enter our website.

What do we use the data for?

Some of the data is collected to ensure that the website is displayed without errors. Other data can be used for analysing your user behaviour.

What rights do you have regarding your data?

You have the right to obtain free of charge information about the origin, recipient and purpose of your stored personal data at any time. You also have the right to request the rectification, blocking or erasure of this data. You can contact us at any time about this topic as well as other questions relating to data protection at the address stated in the Legal Information. You further have the right to complain to the competent supervisory authority.

Analysis tools, advertising and tools by third-party providers

Microsoft Bookings

You can make appointments with us on our website. We use Microsoft Bookings for this. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, learn.microsoft.com/de-de/microsoft-365/bookings/.

For the purpose of booking an appointment, enter the requested data and the desired date in the form provided. The data entered will be used for the planning, realisation and, if necessary, follow-up of the appointment. 

The appointment data is stored for us on the servers of Microsoft Bookings, whose privacy policy you can view here: privacy.microsoft.com/de-de/privacystatement.

The data you enter will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Mandatory statutory provisions - in particular retention periods - remain unaffected.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in making appointments with interested parties and customers as uncomplicated as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. for device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:
learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses.

The company is certified in accordance with the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. 

Further information on this can be obtained from the provider at the following link:
www.dataprivacyframework.gov/participant/6474.

Google Analytics 

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is summarized in a user-ID and assigned to the respective end device of the website visitor. Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis. Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored. The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission.

Details can be found here:

https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards.

For more information, please contact the provider under the following link:

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

IP anonymization

Google Analytics IP anonymization is active. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

Browser plug-in

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link:

https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at:

https://support.google.com/analytics/answer/6004245?hl=en.

Contract data processing

We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards.

For more information, please contact the provider under thefollowing link:  https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active 

Google Ads

The website operator uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks. The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.

Details can be found here: https://policies.google.com/privacy/framework s and https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards.

For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active 

Google Conversion-Tracking

This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited

(“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the assistance of Google Conversion Tracking, we are in a position to recognize whether the user has completed certain actions. For instance, we can analyze the how frequently which buttons on our website have been clicked and which products are reviewed or purchased with particular frequency. The purpose of this information is to compile conversion statistics. We learn how many users have clicked on our ads and which actions they have completed. We do not receive any information that would allow us to personally identify the users. Google as such uses cookies or comparable recognition technologies for identification purposes. The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.

For more information about Google Conversion Tracking, please review Google’s data protection policy at: https://policies.google.com/privacy?hl=en

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards.

For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active 

Use of SalesViewer® technology:

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

General and mandatory information

Data protection:

The protection of your personal data is paramount to the operator of this website. We treat your personal data in strictest confidence and in accordance with data protection law as well as this Privacy Policy. Various personal data is collected when you use this website. Personal data includes data that can be used for identifying you as a person. This Privacy Policy explains which data we collect and what it is used for. It also explains how this is done and for which purpose. Please note that data transfer via the internet (e.g. when communication via email) can be subject to security gaps. It is impossible to fully protect data against third-party access.

Information on the controller:

The controller responsible for data processing on this website is: see Legal Information Phone: see Legal Information Email: info@rpa-datenschutz.de

The controller is the natural person or legal entity that solely or jointly with other parties decides about the purpose and means of the processing of personal data (e.g. name, email address, etc.).

Withdrawing your consent to data processing:

Many data processing activities are only possible with your explicit consent. You can withdraw previously issued consent at any time. To do so, it is sufficient to email us an informal notification. Your withdrawal does not affect the legitimacy of the data processing activities performed until the date of withdrawal.

Right to complain to the competent supervisory authority:

In the event of violations of data protection laws, the data subject has the right to complain to the competent supervisory authority. The competent supervisory authority which deals with data protection is the federal data protection officer of the federal state where the company is domiciled. For a list of data protection officers and their contact details, go to www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

Right to data portability:

You have the right to request for data that we automatically process based on your consent or for the fulfilment of a contract to be transferred to you or a third party in a standard machine-readable format. If you request the direct transfer of the data to another controller, this shall only be done insofar as it is technically possible.

SSL and/or TLS encryption:

This website uses SSL and/or TLS encryption for security purposes and to protect the transfer of confidential contents, such as orders or enquiries that you send to us, the website operator. You can recognise an encrypted connection by the address bar of your browser changing from "http://" to "https://” and by the lock symbol in your browser bar.

When SSL and/or TLS encryption is active, data that you transfer to us cannot be read by third parties.

Information, blocking, erasure:

In accordance with the applicable legal provisions, you have the right, at any time, to free of charge information about your stored personal data, its origin and recipient and purpose of the data processing activities and possibly also the right to rectification, blocking or erasure of this data. You can contact us at any time about this topic as well as other questions relating to personal data at the address stated in the Legal Information.

Objection to advertising emails:

We herewith object to the use of contact data published in accordance with obligations to disclose legal information on websites for any advertising and information that we have not explicitly requested. The operators of the websites explicitly reserve the right to take legal action against any deliveries of unwanted advertising information, such as via spam emails.

Data protection officer:

Mandatory data protection officer

We have appointed a data protection officer for our company.

RPA Datenschutz + Compliance GmbH, represented by Henning Koch and Ilja Borchers Hauser Gasse 19b 35578 Wetzlar Phone: +49 (0) 6441 67100 0 Email: info(at)rpa-datenschutz(dot)de

 

Data collection on our website
Cookies:

The website uses cookies in some parts. Cookies do not damage your computer and do not contain any viruses. Cookies are used for creating a more user-friendly, effective and secure website. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are session cookies. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can adjust your browser so that you are informed when cookies are installed and can permit cookies only in individual cases, generally block the acceptance of cookies in certain cases and activate the automatic deletion of cookies when closing the browser. The functionality of this website can be restricted if you deactivate cookies.

Cookies that are required for performing an electronic communication process or for providing certain functions selected by you (e.g. shopping basket function) are stored on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in storing cookies for the fault-free, optimised provision of its services. Other cookies (e.g. cookies for analysing your surfing behaviour) that may be stored are described separately in this Privacy Policy.

Required cookies

Analysis cookies

Deactivate Google cookies

Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141USA (hereinafter Hubspot CRM). Hubspot CRM enables us, among other things, to manage existing and potential customers and customer contacts. With the help of Hubspot CRM, we are able to record, sort and analyse customer interactions via email, social media or telephone across various channels. The personal data collected in this way can be analysed and used for communication with potential customers or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyse the user behaviour of our contacts on our website. The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG (German Telecommunications-Telemedia Data Protection Act, abbreviated in German to TTDSG), insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Details can be found in Hubspot’s privacy policy:
https://legal.hubspot.com/privacy-policy.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:
https://legal.hubspot.com/dp-eu-data-transfers.  

The company is certified in accordance with the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards.

Further information on this can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000TN8pAAG&status=Active

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Server log files:

The website provider automatically collects and stores information in so-called server log files that your browser automatically transfers to us. They include:

Browser type and version

Operating system

Referrer URL

Hostname of the accessing computer

Time of server query

IP address

This data is not combined with other data sources. 

The basis for these data processing activities is Art. 6 (1) lit. f GDPR, which permits the processing of data for the fulfilment of a contract or precontractual measures.

Newsletter

Newsletter data:

If you wish to subscribe to the newsletter offered on the website, we require your email address as well as information that enables us to check that you are the owner of the email address you have stated ad that you agree to receive the newsletter. Other data is not collected or only on a voluntary basis. This data is used exclusively for sending the requested information. We do not transfer it to third parties.

The data entered in the newsletter subscription form is processed exclusively on the basis of your consent (Art. 6 (1) lit. a GDPR). You can withdraw your consent to store the data, email address and its use for sending the newsletter at any time, such as via the “Unsubscribe” link in the newsletter. Your withdrawal does not affect the legitimacy of the data processing activities performed until the date of withdrawal. We store the data you provide to us for the purpose of receiving the newsletter until you unsubscribe from the newsletter and then delete it. This does not affect data that is stored by us for other reasons (e.g. email addresses for the member area).

INXMAIL:

This website uses the services of INXMAIL for sending the newsletter. The provider is Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, GERMANY

Inxmail is a service for organising and analysing the dispatch of newsletters, etc. When you enter data for the purpose of receiving the newsletter (e.g. email address), this is stored on the Inxmail servers in Germany.

We can analyse our newsletter campaigns with the help of Inxmail. When you open an email sent with Inxmail, a file contained in the email (web beacon) links to the Inxmail servers in Germany. This makes it possible to determine if a newsletter message has been opened and which links have been clicked on. Technical information is also collected (e.g. time of query, IP address, browser type and operating system). This information cannot be allocated to the respective newsletter recipient. It is exclusively used for the statistical analysis of newsletter campaigns. The results of these analyses can be used for adjusting future newsletters to better match the interests of the recipients.

If you do not want your data to be analysed by Inxmail, you have to unsubscribe from the newsletter. We provide a link for you to do so in every newsletter message. You can also unsubscribe from the newsletter directly on the website.

The data is processed on the basis of your consent (Art. 6 (1) lit. a GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. Your withdrawal does not affect the legitimacy of the data processing activities performed until the date of withdrawal.

We store the data you provide to us for the purpose of receiving the newsletter until you unsubscribe from the newsletter and then delete it from our servers as well as the Inxmail servers. This does not affect data that is stored by us for other reasons (e.g. email addresses for the member area).

Conclusion of a data processing agreement We have concluded a data processing agreement with Inxmail in which we oblige Inxmail to protect the data of our customers and not to transfer it to third parties.

Plugins and tools

YouTube with expanded data protection integration

Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google Marketing Network. As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account. Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud. Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control. The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards.

For more information, please contact the provider under the following link:

https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active

Facebook

We have integrated elements of the social network Facebook on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.

An overview of the Facebook social media elements is available under the following link:

https://developers.facebook.com/docs/plugins/.

If the social media element has been activated, a direct connection between your device and the Facebook server will be established. As a result, Facebook will receive information confirming your visit to this website with your IP address. If you click on the Facebook Like button while you are logged into your Facebook account, you can link content of this website to your Facebook profile. Consequently, Facebook will be able to allocate your visit to this website to your user account. We have to emphasize that we as the provider of the website do not receive any information on the content of the transferred data and its use by Facebook.

For more information, please consult the Data Privacy Policy of Facebook at:

https://de-de.facebook.com/privacy/explanation.

If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6 Sect. 1 lit. a GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement.

The wording of the agreement can be found under:

https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission.

Details can be found here:

www.facebook.com/legal/EU_data_transfer_addendum,

de-de.facebook.com/help/566994660333381 and

https://www.facebook.com/policy.php.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an

agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards.

For more information, please contact the provider under the following link:

www.dataprivacyframework.gov/s/participant-search/participantdetail?

contact=true&id=a2zt0000000GnywAAC&status=Active

Instagram

We have integrated functions of the public media platform Instagram into this website. These functions are being offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If the social media element has been activated, a direct connection between your device and Instagram’s server will be established. As a result, Instagram will receive information on your visit to this website. If you are logged into your Instagram account, you may click the Instagram button to link contents from this website to your Instagram profile. This enables Instagram to allocate your visit to this website to your user account. We have to point out that we as the provider of the website and its pages do not have any knowledge of the content of the data transferred and its use by Instagram.

If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6 (1) (a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media. Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement.

The wording of the agreement can be found under:

https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission.

Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum,

https://privacycenter.instagram.com/policy/ and

https://de-de.facebook.com/help/566994660333381.

For more information on this subject, please consult Instagram’s Data Privacy Declaration at:

https://privacycenter.instagram.com/policy/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards.

For more information, please contact the provider under the following link:

https://www.dataprivacyframework.gov/s/participant-search/participant/detail?contact=true&id=a2zt0000000GnywAAC&status=Active

X (formerly Twitter)

We have integrated functions of the social media platform X (formerly Twitter) into this website. These functions are provided by the parent company X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The branch Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible for the data processing of individuals living outside the United States.

If the social media element has been activated, a direct connection between your device and X’s server will be established. As a result, X (formerly Twitter) will receive information on your visit to this website. While you use X (formerly Twitter) and the “Re-Tweet” or “Repost” function, websites you visit are linked to your X (formerly Twitter) account and disclosed to other users. We must point out, that we, the providers of the website and its pages do not know anything about the content of the data transferred and the use of this information by X (formerly Twitter).

For more details, please consult the X (formerly Twitter) Data Privacy Declaration at:

https://twitter.com/en/privacy.

If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6(1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:

https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

You have the option to reset your data protection settings on X (formerly Twitter) under the account settings at https://twitter.com/account/settings.

LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Any time you access a page of this website that contains elements of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is notified that you have visited this website with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account at the time, LinkedIn will be in a position to allocate your visit to this website to your user account. We have to point out that we as the provider of the websites do not have any knowledge of the content of the transferred data and its use by LinkedIn. If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6 (1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission.

Details can be found here:

https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=en.

For further information on this subject, please consult LinkedIn’s Data Privacy Declaration at:

https://www.linkedin.com/legal/privacy-policy.

Handling of applicant data

You can use the career section on our website and/or submit applications per email.

The personal data (master data, contact details, attachments such as cover letter, CV, certificates, etc.) of applicants is collected and processed for the purpose of handling the application process.

The data may be processed electronically. This is particularly the case when an applicant transfers corresponding application documents to the controller, such as per email or through an online form on the website. The data entered by you in the application form is collected in our application management system. You receive a confirmation email after you send the form.

If you have applied per email or post, the relevant information is collected and your documents are scanned. We then professionally destroy the original paper documents so that your data is secure. We only use information that you have provided in your application, professional networks (such as XING or LinkedIn) or job fairs.

If the controller concludes an employment contract with an applicant, the transferred data is stored for the purpose of processing the employment relationship in accordance with the legal requirements. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted 90 days after the announcement of the decision not to recruit the applicant, unless the controller has other opposing legitimate interests. Within this meaning, other legitimate interests are, for instance, the duty to provide evidence in proceedings in accordance with the General Sex Discrimination Act (Allgemeines Gleichbehandlungsgesetz – AGG).

Art. 6 (1) lit. f GDPR is the legal basis for the collection and processing of the data.

When you apply online, you can give your explicit consent for us to store and use your data even after the conclusion of the current application process (inclusion in the talent pool and consideration for other positions in our company). By giving this consent, you enable us to inform you about new vacancies that may be of interest to you and/or open vacancies. Your data is included in the talent pool solely on the basis of your explicit consent (Art. 6 (1) lit. a GDPR). Giving your consent is voluntary and does not affect the ongoing application process. You can withdraw your consent at any time. In this case, the data will be irrevocably deleted from the talent pool, unless there are legal obligations to store it. The data from the talent pool is irrevocably deleted no later than two years from the date on which you gave your consent.

Data transfer to third parties

The data transferred during your application is transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which provides HR and application management software (https://www.personio.com/legal-notice/). In this context, Personio is our processor in accordance with Art. 28 GDPR. These processing activities are based on a data processing agreement between us, the controller, and Personio.