Privacy Policy

We are very pleased about your interest in our company. Data protection is of particular importance to the management of daenet. As a rule, you can use daenet’s internet pages without disclosing any personal information. However, if you want to make use of specific services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no other legal basis for such processing, we will generally ask for your consent.

The processing of your personal data, such as your name, address, email address, or telephone number is always done in line with the EU General Data Protection Regulation (GDPR) and in accordance with specific national data protection regulations that are applicable for daenet GmbH. We use this privacy policy to provide information about the nature, scope, and purpose of the personal data we collect, use, and process. We also use it to inform you of your rights.

As the data controller responsible for processing the personal data it obtains, daenet GmbH has implemented numerous technical and organisational measures to ensure that all personal data processed via this website is protected as completely as possible. Nevertheless, there may be security gaps when transmitting data online and therefore absolute protection cannot be guaranteed. For this reason, you are always free to transmit personal data to us by alternative means, for example by telephone.

We would like to point out that our processing may also take place outside the European Union (EU) and thus beyond the scope of GDPR (cf.European Court of Justice (ECJ), Schrems II, C-311/18).This may put your data at risk because exercising your rights on the basis of GDPR could be more difficult. However, we assure you that we will do everything in our power to guarantee the best possible protection of your data.

Our hope is to meet the requirements for transparency. If you have any questions or comments regarding this privacy policy, please use the contact options shown in our Site Notice.

Table of Contents

  • Data Controller
  • Overview of data processing
  • Applicable legal bases
  • Security measures
  • Transmission and disclosure of personal data
  • Data processing in third countries
  • Use of cookies
  • Commercial and business services
  • Provision of online services and web hosting
  • Blogs and publication media
  • Contact
  • Communication via Messenger
  • Video conferencing, online meetings, webinars and screen sharing
  • Application procedure
  • Cloud services
  • Advertising communication via email, post, fax or telephone
  • Reach measurement, monitoring, analysis, optimisation
  • Online marketing
  • Affiliate programmes and affiliate links
  • Presence in social networks (social media)
  • Plug-ins and embedded features/content
  • Deletion of data
  • Changes and updates to this privacy policy
  • Rights of data subjects
  • Definition of terms

Controller

daenet Gesellschaft für Informationstechnologie mbH

Mr Stefan Aevermann
Hanauer Landstr. 204
60314 Frankfurt

Authorized representative: Mr Stefan Aevermann
Email address: info@daenet.de Phone: +49 (69) 242408 - 21

Legal Notice: https://daenet.de/en/imprint/

Overview of data processing

The table below summarises the types of data processed and the purposes for which they are processed and refers to the data subjects.

Types of data processed

  • Master data (names, addresses, etc.).
  • Applicant data (e.g. personal details, postal and contact addresses, the documents associated with the application and the information contained therein, such as the cover letter, curriculum vitae, certificates, and other information about their person or voluntarily provided by applicants with regard to a specific position or qualification).
  • Content data (e.g. text input, photographs, videos).
  • Contact data (e.g. email address, phone numbers).
  • Meta/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. pages visited, interest in content, time spent on certain pages).
  • Contract data (e.g. subject of the contract, duration, customer category).
  • Payment data (e.g. bank details, invoices, payment history).

Special categories of data

  • Data with information about racial and ethnic origin.

Categories of data subjects

  • Employees (e.g. employees, applicants, former employees).
  • Applicants.
  • Business and contractual partners.
  • Prospective customers.
  • Communication partners.
  • Customers.
  • Users (e.g. website users, users of online services).

Purposes of the processing

  • Providing online services and user-friendliness.
  • Conversion tracking.
  • Application process (justification and possible subsequent implementation as well as possible subsequent termination of the employment relationship).
  • Office and organisational procedures.
  • Direct marketing (e.g. by email or post).
  • Feedback (e.g. collecting feedback via an online form).
  • Interest- and behaviour-based marketing.
  • Contact requests and communication.
  • Profiling (creation of user profiles).
  • Remarketing.
  • Reach measurement (e.g. Access statistics, recurring user detection).
  • Security measures.
  • Tracking (e.g. interest-/behaviour-related profiling, use of cookies).
  • Contractual services.
  • Managing and responding to requests.

Applicable legal bases

Below we provide the legal foundations in GDPR which allow us to process your personal data. Please note that, in addition to GDPR, there may be data protection laws that apply in the country where you reside or where you/we are registered as businesses. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 clause 1 lit. a GDPR): You have given your consent to the processing of your personal data for one or more specific purposes.
  • Contract fulfilment and pre-contractual inquiries (Art. 6 para. 1 clause 1 lit. b. GDPR): The processing necessary to fulfil a contract to which you are a party or in order to undertake checks prior to accepting an offer to enter into a contractual relationship with you.
  • Legal obligation (Art. 6 para. 1 clause 1 lit. c. GDPR): The processing is necessary to fulfil a legal obligation to which we are subject.
  • Legitimate interests (Art. 6 para. 1 clause 1 lit. f. GDPR): Processing is necessary to safeguard our legitimate interests or those of a third party unless your interests, fundamental rights, and freedoms which require the protection of your personal data outweigh them.
  • Art. 9 para. 1 clause 1 lit. b GDPR (application procedure as a pre-contractual check or as part of a contractual relationship):Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from you in the context of the application process so that we or you can exercise the rights we/you are entitled to or fulfil the responsibilities we/you are required to meet under social security and social protection laws, it is processed in accordance with Art. 9 para. 2 lit. b. GDPR. If the vital interests of applicants or other persons require protection, then it is processed in accordance with Art. 9 para. 2 lit. c. GDPR. If it is processed for healthcare or occupational medicine purposes, to assess your ability to work, for medical diagnostics, care, or treatment in the healthcare or social services sectors, or for the administration of systems and services in the same, then it is processed in accordance with Art. 9 para. 2 lit. h. GDPR.In the case you share special categories of data and give your consent voluntarily, it may be processed on the basis of Art. 9 para. 2 lit. GDPR.– .

National data protection regulations in Germany: In addition to the data protection regulations under GDPR, Germany has its own data protection laws. This includes, in particular, the Law on the Protection against the Abuse of Personal Data in the Processing of Data (BDSG). In particular, the BDSG contains special rules on your right to information about the data we have on file about you, the right to have it erased and the right to object to its collection and retention. It also contains rules governing the processing of specific categories of personal data, processing of data for other purposes, its transmission, and its use in automated decision-making in individual cases, including profiling. It also regulates the processing of data for the purposes of the employment relationship (§26 BDSG), in particular with regard to the hiring, implementation, or termination of employment and the consent of employees. In addition, state data protection laws may apply in the individual federal states of Germany.

Security measures

In accordance with the legal requirements, We take appropriate technical and organisational measures to ensure a level of protection commensurate with the risk, taking into account the state of the art, the cost of implementation, and the nature, extent, circumstances and purposes of the processing, the different probabilities of unauthorised access, and the extent of the threat to the rights and freedoms of natural persons.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling both physical access to the data and associated access, input, transmission, security of availability, and its separation. We have also established procedures which guarantee that you can exercise your rights, delete data, and react to risks concerning the data. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly defaults.

Truncating the IP address

If we are able to do so, or if it is not necessary to store the IP address, we will truncate or have your IP address truncated. In the case of IP address truncation, also known as IP masking, the last octet, i.e., the last two numbers of an IP address, is deleted (the IP address in this context is a unique identifier associated with an internet connection by the online access provider). Truncating the IP address is intended to prevent identification of a person or make it much more difficult to identify a person on the basis of their IP address.

SSL encryption (https)

In order to protect your data transmitted to us online, we use SSL encryption. You can recognise encrypted connections by the prefix “https://” in the URL in the address line of your browser.

Transmission and disclosure of personal data

As part of our processing of personal data, data will be transferred to or disclosed to other entities, companies, legally independent organisational units, or persons. Recipients of this data may include payment institutions in connection with payment transactions, service providers entrusted with IT tasks, or service and content providers integrated into a website. In such a case, we observe the legal requirements and in particular conclude corresponding contracts or agreements with the recipients to protect your data.

Data transfer within the group of companies

We may transfer personal data to other companies within our group of companies or grant them access to these data. Where such disclosure is made for administrative purposes, the transfer of data shall be based on our legitimate commercial and business interests or shall take place where it is necessary to fulfil our obligations under the contract or where consent or legal authorisation is obtained from the data subject.

Data processing in third countries

If we process data either in a third country (i.e., a country outside the European Union (EU), the European Economic Area (EEA)) or in the context of using third-party services, or disclose or transmit data to other persons, offices or companies, this shall be carried out only in accordance with the legal requirements.

Except as expressly provided or required by law, we only process or have the data processed in third countries with a recognised level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 of the GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Use of cookies

Cookies are text files that contain data from visited websites or domains and which are stored on the user’s computer by a browser. A cookie is primarily used to store information about a user during or after their visit to an site. Such stored information may include, for example, language settings on an website, login status, a shopping basket, or the location where a video was viewed. The term cookies also includes other technologies that perform the same functions as cookies (e.g. if user information is stored using pseudonym online identifiers, also known as “user IDs”).

A distinction is made between the following types of cookies and functions:

  • Session cookies: Session cookies are deleted as soon as you leave the site and close your browser.
  • Persistent cookies: Persistent cookies are saved even after the browser has been closed.For example, the login status can be saved or preferred content can be displayed directly when you return to the site.Likewise, your interests may be stored in a cookie of this nature and used for measuring reach or marketing purposes.
  • First-party cookies: First-party cookies are ones we set ourselves.
  • Third-party cookies: Third-party cookies are mainly used by advertisers to process user information.
  • Essential cookies: Cookies may be absolutely essential for a website to operate properly (e.g. to save logins or other user input or for security reasons).
  • Statistics, marketing, and personalisation cookies: Cookies are usually also used to measure reach and when your interests or behaviour on individual sites (e.g. viewing certain content, using functions, etc.) are stored in a user profile. Such profiles are used to provide information and content that is appropriate to your potential interests. This known as tracking your potential interests. Insofar as we use cookies or tracking technologies, we will inform you separately of these in our privacy policy or when we obtain your consent to use them.

Notes on legal bases: The legal basis on which we process your personal data with the help of cookies depends on whether we ask you for your consent. If this is so, and you agree to use cookies, the legal basis for processing your data is your consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g. the operation of our site as a business and its improvement) or if the use of cookies is necessary to fulfil our contractual obligations.

Retention period: If we do not otherwise provide you with explicit information on the storage duration of persistent cookies (e.g. when we ask you to opt into the use of cookies), you can assume that they will be stored for up to two years.

General information on your right to revoke your consent and object (opt-out): Depending on whether we are processing your data based on your consent or on some other legal basis, you have the option, at any time, to revoke your consent or to object to the processing of your data by means of cookie technologies (collectively referred to as “opting out”). You may declare your objection by using your browser settings to disable cookies; this may also limit the functionality of our site. You can also object to the use of cookies especially for online marketing and tracking purposes using a variety of services at https://optout.aboutads.info and https://www.youronlinechoices.com. In addition, you may receive further objection notices within the context of the information provided by service providers and the cookies they use.

Processing of cookie data on the basis of consent: Before processing data obtained through cookies, we will ask your consent, which you can revoke at any time. Before such consent is obtained, the only cookies that will be used are those which are absolutely necessary to operate our site.

  • Types of data processed: usage data (visited web pages, content interest, access times), meta/communication data (device information, IP addresses).
  • Data subjects: Users (e.g. website users, users of online services).
  • Legal bases: Consent (Art. 6 para. 1 clause 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 clause. 1 lit. f. GDPR).
  • Cookie settings, opting out:We use the WordPress cookie opt-in plugin from Borlabes Cookie.Here you can view and change your cookie settings.

Commercial and business services

We process data belonging to you, our contractual and other business partners such as customers and interested parties, within the context of contractual and comparable legal circumstances as well as related measures and within the context of communication with the contractual partners (or pre-contractual), e.g. to deal with enquiries.

We process this data in order to fulfil our contractual obligations, to secure our rights, and to perform the administrative tasks associated with this information as well as organize our business activities. We only pass on this data to third parties within the framework of applicable laws to the extent necessary for the aforementioned purposes or to fulfil our legal obligations or with your consent (e.g. to telecommunications, transport, and other support services involved as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). We will inform you about any other forms of processing, e.g. for marketing purposes, within the scope of this Privacy Policy.

We will inform you beforehand or as part of the data collection process, e.g. in online forms, by special labelling (e.g. colours) or symbols (e.g. asterisks or the like), or in person about the types of data required for the aforementioned purposes.

We will delete this after our statutory warranty and comparable obligations have expired, i.e., in principle after 4 years, unless the data is in your account, e.g., as long as they have to be kept for legal data retention reasons (e.g., for tax purposes usually 10 years). Data disclosed to us within the scope of an order you place will be deleted by us as specified in the order, in principle after the order is completed.

If we use third-party providers or platforms to provide our services, their terms and conditions and privacy policies apply.

Business analyses and market research:For business reasons and in order to be able to identify market trends and your wishes, we analyse data on business transactions, contracts, enquiries, etc. available to us; such data may concern our contractual partners, interested parties, customers, and users.

The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g. to determine customer groups with different characteristics). In doing so, we may take into account the profiles of registered users including their details, if available, e.g. concerning the services they use. These analyses are used only by us and are not disclosed externally unless they are anonymous analyses with summary, anonymised results. We also take into consideration your right to privacy and always process the data we use for analytical purposes preferably pseudonymously and, if possible, anonymously (e.g. as summarised data).

Agency services: We process customer data as part of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/ consulting or maintenance, implementation of campaigns and processes / handling, server administration, data analysis/ consulting services and training services.

Education and training services: We process the data of those participating in our education and training offerings (uniformly referred to as “trainees”) in order to be able to provide them with the same. The data processed, including its type, scope, and purpose and the necessity of its processing, is determined by the underlying contractual and training relationship. The types of processing may also include performance assessments and evaluations of our performance and that of the instructors.

As part of our work, we can also process special categories of data, in particular information on the health of trainees and those in further training, as well as data with information on ethnic origin, political opinions, religious or philosophical beliefs. To this end, we obtain the express consent of the trainees, where necessary, and otherwise only process the special categories of data if it is required for the provision of training services, for the purposes of health care, social protection or the protection of the vital interests of the trainees.

If needed to fulfil a contractual duty, to protect vital interests, or under law, and the trainees and those in further training have given their consent, we may disclose or transmit the data of the trainees and those in further training to third parties or agents, such as regulatory authorities, IT departments, offices, or comparable services.

Coaching: We process the data of our clients as well as interested parties and other clients or contractual partners (uniformly referred to as “clients”) in order to be able to provide them with our services.The data processed, its type, scope and purpose, and the necessity of its processing are determined by the underlying contractual and client relationship.

As part of our work, we can also collect special categories of data, in particular information on the health of clients, possibly with reference to their sex life or sexual orientation, as well as data with information on racial and ethnic origin, political opinions, religious or philosophical beliefs or union membership. To this end, we obtain the express consent of the clients, if necessary, and otherwise process the special categories of data if this serves the health of the clients, if the data is public or other legal permissions exist.

If needed to fulfil a contractual duty, to protect vital interests, or under law, and the clients have given their consent, we may disclose or transmit their data to third parties or agents, such as regulatory authorities, IT departments, offices, or comparable services as required by laws governing professional practice.

Consulting: We process the data of our clients, interested parties, and other clients or contractual partners (uniformly referred to as “clients”) in order to be able to provide them with our services. The data processed, its type, scope and purpose, and the necessity of its processing are determined by the underlying contractual and client relationship.

If needed to fulfil a contractual duty, to protect vital interests, or under law, and the clients have given their consent, we may disclose or transmit their data to third parties or agents, such as regulatory authorities, subcontractors, IT departments, offices, or comparable services as required by laws governing professional practice.

Artistic and literary services: We process the data of our clients in order to enable them to select, purchase or commission the selected services or works and related activities including their payment and delivery or execution or provision.

The information required is marked as such within the context of concluding the order contract or comparable contract and includes the information required for delivery and invoicing as well as contact information in order to be able to hold consultations.

Project and development services: We process the data of our customers and clients (hereinafter collectively referred to as “customers”) in order to enable them to select, purchase or commission the selected services or works and related activities including their payment and provision or execution or performance.

The information required is marked as such within the context of concluding the order contract or comparable contract and includes the information required for the service and invoicing as well as contact information in order to be able to hold consultations. Insofar as we have access to information about end customers, employees or other persons, we will process it in accordance with the legal and contractual requirements.

Software and platform services offered: We process the data of our users, of registered and test users (hereinafter uniformly referred to as “users”) in order to be able to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our offer and to be able to develop it further. The information required is marked as such within the context of concluding the order contract or comparable contract and includes the information required for the service and invoicing as well as contact information in order to be able to hold consultations.

Corporate consulting: We process the data of our customers, clients as well as interested parties and other clients or contractual partners (uniformly referred to as “clients”) in order to be able to provide them with our contractual or pre-contractual services, in particular consulting services. The data processed, the type, scope and purpose and the necessity of their processing, is determined by the underlying contractual and business relationship.

If needed to fulfil a contractual duty or under law, and the clients have given their consent, we may disclose or transmit their data to third parties or agents, such as regulatory authorities, courts, IT departments, offices, or comparable services as required by laws governing professional practice.

Functions and events: We process the data of the participants of functions, events and similar activities offered or organized by us (hereinafter collectively referred to as “participants” and “events”) in order for them to participate in the events and make use of the services and promotions associated with them.

If we process health-related data, religious, political or other special categories of data in this context, this is carried out within the context of transparency (e.g. at thematically oriented events, or for health care and safety, or with the consent of the persons concerned).

The information required is marked as such within the context of concluding the order contract or comparable contract and includes the information required for the service and invoicing as well as contact information in order to be able to hold consultations. Insofar as we have access to information about end customers, employees or other persons, we will process it in accordance with the legal and contractual requirements.

Mediation services: We process the information provided by interested parties within the context of a mediation request for establishing, executing and, if necessary, terminating a contract for the mediation of offers from providers of the products or services requested by you.

We use the contact details of interested parties to obtain details about their request using the agreed or otherwise permitted communication channel (e.g. telephone or email) and to suggest suitable providers or offers based.In addition, we can ask interested parties questions about the success of our mediation service at a later point in time and in accordance with legal requirements.

We process the data of the interested parties as well as those of the providers to fulfil our contractual obligations in order to link the enquiries made to us by the interested parties with the offers of the providers that suit them and to forward them to the respective providers or to suggest them to the providers.

We can log the entries in the online form sent by interested parties in order to be able to prove the existence of the contractual relationship and the consent of the interested parties in accordance with statutory accountability (Art. 5 para. 2 GDPR).This information is stored for a period of three to four years if we are obliged to prove the original enquiry (e.g. to be able to prove authorisation to contact the interested party).

  • Types of data processed: Master data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact details (e.g. email, telephone numbers), contract data (e.g. subject of the contract, duration, customer category), usage data (e.g. websites visited, interest content, access times), meta/communication data (e.g. device information, IP addresses).
  • Special categories of personal data: Health data (Art. 9 para. 1 GDPR), data on sex life or sexual orientation (Art. 9 para. 1 GDPR), religious or ideological beliefs (Art. 9 para. 1 GDPR), data which reveals racial and ethnic identities.
  • Data subjects: Interested parties, business and contractual partners, clients.
  • Purposes of the processing: Provision of contractual services and customer service, contact enquiries and communication, office and organisational procedures, administration and answering of enquiries, conversion measurement (measuring the effectiveness of marketing measures), interest-based and behaviour-based marketing, profiling (creation of user profiles).
  • Legal bases: Fulfillment of the contract and pre-contractual enquiries (Art. 6 para. 1 clause 1 lit. b GDPR), legal obligations (Art. 6 para. 1 clause 1 lit. c. GDPR), legitimate interests (Art . 1 lit. f. GDPR), consent (Art. 6 para. 1 clause 1 lit. a. GDPR).

Provision of online services and web hosting

In order to provide our site safely and efficiently, we use one or more web-hosting providers whose servers (or servers they manage) can access the site. For these purposes, we can use infrastructure and platform services, computing capacity, storage and database services, as well as guarantees and technical maintenance.

The data processed in the context of the provision of the hosting offer may include any information related to the users of our site arising from use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of sites to browsers, and all entries made within the framework of our site or online service.

Collection of access data and log files:We or our hosting provider collect data every time the server is accessed in server log files. The server log files may include the address and name of the accessed sites and files, the date and time of the access, the amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and usually IP addresses and the enquiring provider.

The server log files can be used, on the one hand, for security purposes, e.g. to avoid overloading the server (especially in the case of misuse attacks, so-called DDoS attacks) and, on the other hand, to prevent the servers from overloading and destabilising.

  • Types of data processed: Content data (e.g. text input, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website users, users of online services).
  • Purposes of the processing: Contractual services.
  • Legal bases: Legitimate interests (Art. 6 para. 1 clause 1 lit. f. GDPR):

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter referred to as “publications”). The readers' data is only processed for publication purposes to the extent necessary for it to be presented and to allow communication between authors and readers or for security reasons. In addition, we refer to the information on the processing of our publication users within the context of this Privacy Policy.

  • Types of data processed: Master data (e.g. names, addresses), contact details (e.g. email, telephone numbers), contract data (e.g. subject of the contract, duration, customer category), usage data (e.g. websites visited, interest content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website users, users of online services).
  • Purposes of the processing: Contractual services and services, feedback (e.g. collecting feedback via an online form), security measures.
  • Legal bases: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 clause 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 clause 1 lit. f. GDPR).

Contact

When contacting us (e.g. via contact form, email, telephone or social media), the information provided by the requesting persons is processed, if necessary to respond to the contact enquiries and any measures requested.

Responses to contact enquiries within the context of contractual or pre-contractual relations shall be given either in order to fulfil our contractual obligations or for the purpose of answering (pre)contractual enquiries and also on the basis of the legitimate interests in answering the enquiries.

  • Types of data processed: Master data (e.g. names, addresses), contact details (e.g. email, telephone numbers), content data (e.g. text input, photographs, videos).
  • Data subjects: Communication partners.
  • Purposes of the processing: Contact requests and communication.
  • Legal bases: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 clause 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 clause 1 lit. f. GDPR).

Communication via Messenger

We use Messenger for communication purposes and therefore ask you to take note of the following information on Messenger’s features, on encryption, on using the communication metadata and on your options for objection.

You can also contact us by other means, e.g. by telephone or email. Please use the contact options provided to you or the contact options given in our site.

For end-to-end encryption of content (i.e., the content of your message and attachments), we wish to point out that the communicated content (i.e., the content of the message and attached images) is encrypted end-to-end. This means that the content of the messages cannot be viewed, not even by messenger providers themselves. You should always use the latest Messenger version with activated encryption to ensure that all contents of the message are encrypted.

However, we would also like to point out to our communication partners that Messenger providers cannot see the content, but can find out that communication partners are communicating with us and when they are doing this, as well as technical information about the device used by the communication partner and, depending on the settings of their device, location information (so-called metadata).

Notes on legal bases: If we ask communication partners for permission before communicating with them via Messenger, their consent is the legal basis for our processing of your data. In addition, if we do not ask for consent, and you contact us, for example, we use Messenger in relation to our contractual partners as well as within the context of contract initiation as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partner for communication via Messenger. Furthermore, we would like to point out that we do not transmit contact details provided to us for the first time to Messenger without your consent.

Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion guidelines (i.e., for example, as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that any information from the communication partner has been answered if no reference to a previous conversation is to be expected and the deletion does not preclude any statutory retention requirements.

Reservation of reference to other communication channels: To conclude, we would like to point out that, for your security, we reserve the right not to answer enquiries via Messenger. This is the case if, for example, internal contract information requires special confidentiality or a response via Messenger does not meet the formal requirements.In such cases, we suggest you use more appropriate communication channels.

Skype: Skype’s end-to-end encryption requires activation (if it is not activated by default).

  • Types of data processed: Master data (e.g. names, addresses), usage data (e.g. websites visited, interest content, access times), meta/communication data (e.g. device information, IP addresses), content data (e.g. text entries, photographs, videos).
  • Data subjects: Communication partners.
  • Purposes of the processing: Contact enquiries and communication, direct marketing (e.g. by email or post).
  • Legal bases: Consent (Art. 6 para. 1 clause 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 clause. 1 lit. f. GDPR).

Services and service providers used:

Video conferencing, online meetings, webinars and screen sharing

We use platforms and applications from other providers (hereinafter referred to as “third-party providers”) for holding video and audio conferences, webinars and other types of video and audio meetings. We observe the legal requirements when selecting third-party providers and their services.

In this context, data of the communication participants are processed and stored on the servers of the third-party providers, insofar as they are part of communication processes with us. This data can include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and shared screen content.

If users are referred to the third-party providers or their software or platforms in the context of communication, business or other relationships with us, then the third-party providers can process usage data and metadata for security purposes, service optimisation or marketing purposes. We, therefore, ask you to observe the privacy notice of the respective third-party provider.

Notes on legal bases: If we ask users for their consent to the use of third-party providers or certain functions (e.g. consent to recording conversations), the legal basis for processing is this consent. Furthermore, we can use them as part of our (pre)contractual services, provided that the use of third-party providers has been agreed upon in this context. Otherwise, user data will be processed on the basis of our legitimate interests in efficient and secure communication with our communication partners. In this context, we would also like to draw your attention to the information on the use of cookies in this Privacy Policy.

  • Types of data processed: Master data (e.g. names, addresses), contact details (e.g. email, telephone numbers), contract data (e.g. subject of the contract, duration, customer category), usage data (e.g. websites visited, interest content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Communication partners, users (e.g. website users, users of online services).
  • Purposes of the processing: Contractual performance and service, contact enquiries and communication, office and organisational procedures.
  • Legal bases: Consent (Art. 6 para. 1 clause 1 lit. a GDPR), contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 clause 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 clause 1 lit. f. GDPR).

Services and service providers used:

Application procedure

The application procedure requires that applicants provide us with the data required for them to be assessed and selected. The information required can be obtained from the job description or, in the case of online forms, from the information provided there.

In principle, the information required includes personal information such as name, address, contact details and evidence of the qualifications required for a position. Upon request, we will also be happy to provide you with information as to what is required.

If available, applicants can send us their applications using an online form. The data is encrypted and transmitted to us according to the technical state of the art. Applicants can also send us their applications via email.Please note, however, that emails are not encrypted on the internet.Typically, while emails are encrypted by transport, they are not encrypted on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission of emails between the sender and their being received on our server.

For the purpose of applicant searches, submission of applications and selection of applicants, we can make use of applicant management or recruitment software and platforms and services from third-party providers in compliance with legal requirements.

Applicants are welcome to contact us to know how to submit their application or to send us their application by post.

Processing of special categories of data: Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from you in the context of the application process so that we or you can exercise the rights we/you are entitled to or fulfil the responsibilities we/you are required to meet under social security and social protection laws, it is processed in accordance with Art. 9 para. 2 lit. b. GDPR. If the vital interests of applicants or other persons require protection, then it is processed in accordance with Art. 9 para. 2 lit. c. GDPR. If it is processed for healthcare or occupational medicine purposes, to assess your ability to work, for medical diagnostics, care, or treatment in the healthcare or social services sectors, or for the administration of systems and services in the same, then it is processed in accordance with Art. 9 para. 2 lit. h. GDPR.In the case you share special categories of data and give your consent voluntarily, it may be processed on the basis of Art. 9 para. 2 lit. GDPR.

Deletion of data: If the application is successful, the data provided by the applicants can be further processed by us for the purpose of employment. Otherwise, if the application for a job offer is not successful, applicant data will be deleted. Applicant data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time. The deletion shall take place after a period of six months, reserving the justified withdrawal by the applicant, so that we can answer any follow-up questions regarding the application and meet our obligations from the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses shall be archived in accordance with tax regulations.

Admission to an applicant pool: The inclusion in an applicant pool, if offered, is based on consent. Applicants will be informed that their consent to being admitted to a talent pool is voluntary, has no influence on the ongoing application process and that they can revoke their consent at any time for the future.

  • Types of data processed: Applicant data (e.g. personal details, postal and contact addresses, the documents associated with the application and the information contained therein, such as the cover letter, curriculum vitae, certificates, and other information about their person or voluntarily provided by applicants with regard to a specific position or qualification).
  • Data subjects: Applicants.
  • Purposes of the processing: Application process (justification and possible subsequent implementation as well as possible subsequent termination of the employment relationship).
  • Legal bases: Art. 9 para. 1 clause 1 lit. b GDPR (Application processes as pre-contractual or contractual measure) (Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from you in the context of the application process so that we or you can exercise the rights we/you are entitled to or fulfil the responsibilities we/you are required to meet under social security and social protection laws, it is processed in accordance with Art. 9 para. 2 lit. b. GDPR. If the vital interests of applicants or other persons require protection, then it is processed in accordance with Art. 9 para. 2 lit. c. GDPR. If it is processed for healthcare or occupational medicine purposes, to assess your ability to work, for medical diagnostics, care, or treatment in the healthcare or social services sectors, or for the administration of systems and services in the same, then it is processed in accordance with Art. 9 para. 2 lit. h. GDPR.In the case you share special categories of data and give your consent voluntarily, it may be processed on the basis of Art. 9 para. 2 lit. GDPR).

Cloud services

We use software services (so-called “cloud services”, also known as “software as a service”) that are accessible via the internet and run on the servers of their providers for the following purposes:storage and management of documents, calendar management, sending of emails, spreadsheets and presentations, exchanging documents, content and information with specific recipients or publication of websites, forms or other content and information as well as chats and participation in audio and video conferences.

In this context, personal data can be processed and stored on the servers of the providers, insofar as they are part of communication processes with us or otherwise processed by us, as set out in this Privacy Policy. This data can include, in particular, master data and contact data of users, data on processes, contracts, other processes and their content. The providers of the cloud services also process usage data and metadata that they use for security purposes and for service optimisation.

If we provide forms or documents and content for other users or publicly accessible websites with the help of the cloud services, the providers can set cookies on the users' devices for the purposes of web analysis or to remember user settings (e.g. in the case of media control).

Notes on legal bases: If we ask for your consent to the use of the cloud services, the legal basis for the processing is also your consent. Furthermore, their use can be part of our (pre)contractual services, provided that the use of cloud services has been agreed upon in this context.Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient and secure administration and collaboration processes).

  • Types of data processed: Master data (e.g. names, addresses), contact details (e.g. email, telephone numbers), contract data (e.g. subject of the contract, duration, customer category), usage data (e.g. websites visited, interest content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Customers, employees (e.g. employees, applicants, former employees), interested parties, communication partners.
  • Purposes of the processing: Office and organisational procedures.
  • Legal bases: Consent (Art. 6 para. 1 clause 1 lit. a GDPR), contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 clause 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 clause 1 lit. f. GDPR).

Services and service providers used:

Advertising communication via email, post, fax or telephone

We process personal data for advertising communication purposes over various channels, such as email, telephone, post or fax, all in accordance with legal requirements.

The recipients have the right to revoke their consent at any time or to object to advertising communication at any time.

After revocation or objection, we can store the data required to prove consent for up to three years on the basis of our legitimate interests before we delete them. The processing of these data is limited to the purpose of possible defence against claims.An individual request for deletion can be submitted at any time provided that the existence of prior consent is confirmed at the same time.

  • Types of data processed: Master data (e.g. names, addresses), contact details (e.g. email, telephone numbers).
  • Data subjects: Communication partners.
  • Purposes of the processing: Direct marketing (e.g. by email or post).
  • Legal bases: Consent (Art. 6 para. 1 clause 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 clause. 1 lit. f. GDPR).

Measuring reach, monitoring, analytics, optimisation

Web analytics (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our site and can include information about visitor behaviour, interests, or demographic information such as age or gender, all pseudonymised. With the help of reach analytics, we can, for example, recognise at what time our site or its features or content are used most often or invite you to reuse them. It also allows us to understand which areas are in need of optimisation.

In addition to web analytics, we can also use test procedures, for example, to test and optimise different versions of our site or its components.

For these purposes, so-called user profiles can be created and stored in cookies and the like. This information can include, for example, content viewed, websites visited and elements and technical information used there, such as the browser used, the computer system used as well as information on usage times. Insofar as users have consented to the collection of their location data, these can also be processed, depending on the provider.

The IP addresses of the users are also saved. However, we use an IP masking process (i.e., pseudonymisation by truncating the IP address) to protect users.In general, within the scope of web analysis, A/B testing and optimisation, no clearly identifiable user data (such as email addresses or names) is stored; instead, pseudonyms are used. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask the users for their consent to the use of third-party providers, the legal basis of processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economic and recipient friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this Privacy Policy.

  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of the processing: reach measurement (e.g. access statistics, recognition of returning visitors), tracking (e.g. profiling based on interest/behaviour, use of cookies), conversion measurement (measurement of the effectiveness of marketing measures), profiling (creation of user profiles).
  • Security measures: IP masking (pseudonymisation of the IP address).
  • Legal bases: Consent (Art. 6 para. 1 clause 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 clause. 1 lit. f. GDPR).

Services and service providers used:

Online marketing

We process personal data for online marketing purposes, which can include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar processes are used, by means of which user information relevant to the presentation of the aforementioned content is saved. This information can include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. Insofar as users have consented to the collection of their location data, these can also be processed.

The IP addresses of the users are also saved. However, we use available IP masking processes (i.e., pseudonymisation by truncating the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) are stored in the context of the online marketing process, but pseudonyms. This means that we and the providers of online marketing processes do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by means of similar processes. These cookies can later generally also be read out on other websites that use the same online marketing process, analysed for displaying content, as well as supplemented with additional data and stored on the online marketing process provider’s server.

As an exception, plain data can be assigned to the profiles. This is the case when users belong to a social network whose online marketing process we use and the network connects the users' profiles with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g., by consent during registration.

In principle, we only have access to summarised information about the success of our advertisements. However, within the scope of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to a contract with us. Conversion measurement is used solely to analyse the success of our marketing measures. Unless otherwise stated, we ask you to assume that the cookies used will be stored for a period of two years.

Notes on legal bases: If we ask the users for their consent to the use of third-party providers, the legal basis of processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economic and recipient friendly services).In this context, we would also like to draw your attention to the information on the use of cookies in this Privacy Policy.

Google Analytics We use Google Analytics in the form of Universal Analytics (https://support.google.com/analytics/answer/2790010?hl=de&ref_topic=6010376).“Universal Analytics” refers to a process by Google Analytics in which user analysis is carried out on the basis of a pseudonymous user ID, thus creating a pseudonymous profile of the user with information from the use of different devices (so-called “cross-device tracking”).

Facebook Pixels/Custom Audiences: With the help of Facebook pixels (or comparable features for transmitting event data or contact information by means of interfaces in apps), Facebook is, on the one hand, able to determine the users of our online offer as a target group for displaying advertisements (so-called “Facebook Ads”). Accordingly, we use Facebook pixels to display our Facebook ads placed by us only to those users on Facebook and within the services of the partners cooperating with Facebook (so-called “Audience Network” https://www.facebook.com/audiencenetwork), who have also shown an interest in our online offer or who have certain traits (e.g. interests in certain topics or products that are determined by the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of Facebook pixels, we want to make sure that our Facebook ads correspond to the potential interest of the users and are not annoying. The Facebook pixel also helps us understand the effectiveness of Facebook ads for statistical and marketing research purposes by showing and evaluating whether users are directed to our internet presentation after they have clicked a Facebook ad (so-called “conversion measurement”).

We, together with Facebook Ireland Ltd. are jointly responsible for collecting or receiving “event data” as part of a transmission (but not further processing) that Facebook collects by means of Facebook pixels and comparable features (e.g. interfaces), which are executed on our online offer, or receives in the context of a transmission for the following purposes: a) Display of content, advertising information that corresponds to the presumed interests of the users; b) Delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) Improving the delivery of advertisements and personalizing functions and content (e.g. improving the recognition of which content or advertising information presumably corresponds to the interests of the users). We have concluded a special agreement with Facebook (“Addendum for controllers”, https://www.facebook.com/legal/controller_addendum), which regulates, in particular, which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfil the rights of data subjects (i.e., users can, for example, send information or deletion requests directly to Facebook). Note:Note: If Facebook provides us with measurement values, analyses and reports (which are aggregated, i.e., they do not have any information about individual users and are anonymous to us), this processing does not take place within the framework of joint responsibility, but on the basis of an order processing contract (“data processing conditions”, https://www.facebook.com/legal/terms/dataprocessing), “data security terms” (https://www.facebook.com/legal/terms/data_security_terms) as well as with regard to processing in the USA on the basis of standard contractual clauses (“Facebook-EU data transfer addendum”, https://www.facebook.com/legal/EU_data_transfer_addendumy). The rights of users (in particular to information, deletion, objection and complaint at the competent supervisory authority) are not restricted by the agreements with Facebook.

  • Types of data processed: Usage data (e.g. websites visited, interactions with content, access times), meta/communication data (e.g. device information, IP addresses), location data (information on the geographical position of a device or a person), event data (Facebook). “Event data” is data that can be transmitted from us to Facebook, for example via Facebook pixels (via apps or in other ways) and relate to people or their actions; the data includes, for example, information about visits to websites , Interactions with content, functions, installation of apps, purchases of products, etc.; Event data is processed in order to create target groups for content and advertising information (custom audiences). Event data does not contain the actual content (such as written comments ), no login information and no contact information (i.e. no names, email addresses and telephone numbers). Event data is deleted by Facebook after a maximum of two years; the target groups formed from it are deleted when deleted from our Facebook account.
  • Data subjects: Users (e.g. website users, users of online services), interested parties.
  • Purposes of the processing: Tracking (e.g. profiling based on interest/behaviour, use of cookies), remarketing, conversion measurement (measurement of the effectiveness of marketing measures), interest-based and behaviour-based marketing, profiling (creation of user profiles), reach measurement (e.g. access statistics, access statistics, recognising returning users), cross-device tracking (cross-device processing of user data for marketing purposes), target group formation (determining target groups relevant for marketing purposes or other content output).
  • Security measures: IP masking (pseudonymisation of the IP address).
  • Legal bases: Consent (Art. 6 para. 1 clause 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 clause. 1 lit. f. GDPR).
  • **Opt-out option:__ ***Opting out:** We refer to the privacy policy of the respective provider and the options indicated there for opting out. Unless an explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings.However, this can restrict the features of our site. We therefore also recommend the following opt-out options, which, in summary, are offered for the respective areas:
  • a) Europe: https://www.youronlinechoices.eu.
  • b) Canada: https://www.youradchoices.ca/choices.
  • c) USA: https://www.aboutads.info/choices.
  • d) Cross-regional: https://optout.aboutads.info.

Microsoft Clarity: We use Microsoft Clarity via Google Analytics.Microsoft Clarity refers to a process from Microsoft in which user analyses can be carried out on the basis of a pseudonymous user ID and thus on the basis of pseudonymous data, such as the evaluation of data on mouse movements or performance data on certain websites.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (information on the geographical position of a device or a person), movement data (mouse movements, scrolling movements).
  • Data subjects: Users (e.g. website users, users of online services).
  • Purposes of the processing: Tracking (e.g. profiling based on interest/behaviour, use of cookies), remarketing, conversion measurement (measurement of the effectiveness of marketing measures), interest-based and behaviour-based marketing, profiling (creation of user profiles), reach measurement (e.g. access statistics, access statistics, recognising returning users), cross-device tracking (cross-device processing of user data for marketing purposes).
  • Security measures: IP masking (pseudonymisation of the IP address).
  • Legal bases: Consent (Art. 6 para. 1 clause 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 clause. 1 lit. f. GDPR).
  • Opting out: We refer to the privacy policy of the respective provider and the options indicated there for opting out.Unless an explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings.However, this can restrict the features of our site.We therefore also recommend the following opt-out options, which, in summary, are offered for the respective areas:
  • a) Europe: https://www.youronlinechoices.eu.
  • b) Canada: https://www.youradchoices.ca/choices.
  • c) USA: https://www.aboutads.info/choices.
  • d) Cross-regional: https://optout.aboutads.info.

Services and service providers used:

Affiliate programmes and affiliate links

In our site, we include so-called affiliate links or other references (which may include search masks, widgets or discount codes) to the offers and services of third-party providers (collectively referred to as “affiliate links”). If users follow the affiliate links and then take advantage of the offers, we can receive a commission or other benefits from these third-party providers (collectively referred to as “commission”).

To be able to track and see whether the users have taken advantage of the offers of an affiliate link used by us, it is necessary for the respective third-party provider to know that the users have followed an affiliate link used within our site. The assignment of the affiliate links to the respective business deals or other promotions (e.g. purchases) serves the sole purpose of commission settlement and is cancelled as soon as it is no longer required for this purpose.

For the purposes of the aforementioned assignment of the affiliate links, the affiliate links can be supplemented with certain values that are part of the link or that can be stored in some other way, e.g. in a cookie. The values can also include the original website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.

Notes on legal bases: If we ask the users for their consent to the use of third-party providers, the legal basis of processing data is consent. Furthermore, we can use them as part of our (pre)contractual services, provided that the use of third-party providers has been agreed upon in this context. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economic and recipient friendly services).In this context, we would also like to draw your attention to the information on the use of cookies in this Privacy Policy.

  • Types of data processed: Contract data (e.g. subject of the contract, duration, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of the processing: Affiliate tracking.
  • Legal bases: Consent (Art. 6 para. 1 clause 1 lit. a GDPR), contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 clause 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 clause 1 lit. f. GDPR).

Presence in social networks (social media)

We maintain an online presence within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that this might lead to user data being processed outside the European Union,which can pose risks for users because this might hinder the enforcement of users' rights, for example.

User data is also generally processed for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the user interests taken therefrom. The usage profiles can in turn be used, for example, to display advertisements which presumably correspond to the interests of the users both within and outside of the platforms. For these purposes, cookies are usually stored on the user’s computer, in which the user’s usage behaviour and interests are stored. Furthermore, data can also be stored in user profiles separate from the devices used by the users (especially if the users are members of the respective platforms and are logged in).

For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer you to the privacy policies and information of the respective network operators.

We would like to point out that requests for information and the assertion of user rights are also directed most effectively to the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. Should you still require assistance, you can contact us.

Facebook: We, together with Facebook Ireland Ltd. are jointly responsible for the collection (but not the further processing) of data of those using our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see “Things You and Others Do and Provide” in the Facebook Data Policy:https://www.facebook.com/policy), as well as information about the devices used by the users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device information” in the Facebook data policy declaration : https://www.facebook.com/policy).As explained in the Facebook data policy under “How do we use this information?”, Facebook also collects and uses information to provide analysis services, so-called “page insights”, for website operators so that they can obtain information about how people use their pages and interact with the content associated with them. We have concluded a special agreement with Facebook (“Information on Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and which Facebook itself has agreed to fulfill the rights of the data subject (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint at the competent supervisory authority) are not restricted by the agreements with Facebook.Further information can be found in the “Information on Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data).

  • Types of data processed: Master data (e.g. names, addresses), contact details (e.g. email, telephone numbers), contract data (e.g. subject of the contract, duration, customer category), usage data (e.g. websites visited, interest content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website users, users of online services).
  • Purposes of the processing: Contact enquiries and communication, tracking (interest / behaviour related profiling, cookies), remarketing, range measurement (access statistics, recognition of returning visitors).
  • Legal bases: Legitimate interests (Art. 6 para. 1 clause 1 lit. f. GDPR):

Services and service providers used:

Plug-ins and embedded features/content

We include in our site functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may, for example, be graphics, videos or social media buttons as well as contributions (hereinafter uniformly referred to as “Content”).

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or features. We strive to only use content whose respective provider uses the IP address solely for the delivery of content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as user traffic on the pages of this internet presentation. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, websites to be referred to, visiting times and other information about the use of our online services, and may be linked to such information from other sources.

Notes on legal bases: If we ask the users for their consent to the use of third-party providers, the legal basis of processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economic and recipient friendly services).In this context, we would also like to draw your attention to the information on the use of cookies in this Privacy Policy.

Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software accessed from servers of other providers (e.g. function libraries that we use for the purpose of making our site more user-friendly). The respective providers collect the user’s IP address and can process it for transmitting the software to the user’s browser and for security purposes as well as for evaluating and optimising their offer.

  • Types of data processed: usage data (visited web pages, content interest, access times), meta/communication data (device information, IP addresses).
  • Data subjects: Users (e.g. website users, users of online services).
  • Purposes of the processing: Provision of our website snd user-friendliness, contractual services and services.
  • Legal bases: Legitimate interests (Art. 6 para. 1 clause 1 lit. f. GDPR):

Services and service providers used:

  • Google Fonts: We integrate the fonts (“Google Fonts”) from the provider Google, whereby the user data are used solely for the purpose of displaying the fonts in the user’s browser. Integration takes place on the basis of our legitimate interests in technically safe, maintenance-free and efficient use of fonts and their uniform representation as well as consideration of possible licensing restrictions for their integration. Service provider:Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company:Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USAhttps://marketingplatform.google.com; Privacy policy: https://policies.google.com/privacy.
  • ReCaptcha: We incorporate the “ReCaptcha” function to recognize bots, for example when entering data in online forms. The behavioral information provided by users (e.g. mouse movements or queries) is evaluated in order to be able to differentiate between people and bots. Service provider:Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company:Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USAhttps://www.google.com/recaptcha; Privacy policy: https://policies.google.com/privacy; Opt-out:Opt-out plug-in:https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://adssettings.google.com/authenticated.

Deletion of data

The data processed by us will be deleted in accordance with the statutory provisions as soon as their consent permitted for processing is revoked or other permissions lapse (e.g. if the purpose of processing these data has lapsed, or it is not necessary for the purpose).

If the data is not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Further information on the deletion of personal data can also be found in the individual data protection notices of this Privacy Policy.

Changes and updates to this Privacy Policy

We ask you to inform yourself regularly about the contents of our Privacy Policy. We will adapt our Privacy Policy when changes in data processing carried out by us make this necessary. We will inform you when these changes require either your cooperation (for example, consent) or other individual notification.

If we provide addresses and contact information of companies and organisations in this Privacy Policy, please note that the addresses may change over time, and so we ask you to check the information before contacting us.

Rights of data subjects

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 of the GDPR:

  • Right to object:You have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit e or f GDPR for reasons arising from your particular situation, including profiling based on these provisions.If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to such processing; this also applies to profiling insofar as it is associated with such direct marketing.
  • **Right to revoke consent:**You have the right to revoke your consent at any time.
  • **Right to obtain information:**You have the right to request confirmation as to whether the data in question are being processed and for information about these data as well as for further information and copying of the data in accordance with legal requirements.
  • **Right to have your data corrected:**You have the right, in accordance with the legal requirements, to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
  • **Right to deletion and restriction of processing:**In accordance with the statutory provisions, you have the right to demand that the relevant data be deleted immediately, or alternatively to demand a restriction of the processing of the data in accordance with the statutory provisions.
  • **Right to data portability:**You have the right to receive data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to demand that they be transferred to another controller.
  • **Right to complain to the supervisory authority:**You also have the right, in accordance with the statutory provisions, to complain to a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place where the alleged infringement was committed, if you are of the opinion that the processing of your personal data violates the GDPR.

The supervisory authority responsible for us:

The Hessian Commissioner for Data Protection and Freedom of Information

PO Box 3163
65021 Wiesbaden

Phone:+49 611 1408 - 0

Fax:+49 611 1408 - 900/901

Definition of terms

This section gives you an overview of the terms used in this Privacy Policy. Many of the terms are taken from legislation and are primarily defined in Art. 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for a better understanding. The terms are sorted alphabetically in English.

  • Conversion tracking: Conversion tracking describes a procedure with which the effectiveness of marketing measures can be determined. For this purpose, a cookie is usually stored on the users' devices within the websites on which the marketing measures are carried out and then retrieved again on the internet presentation. For example, we can see whether the advertisements we placed on other websites were successful.
  • Interest- and behaviour-based marketing. One speaks of interest-based and/or behaviour-based marketing when the potential interests of users in advertisements and other content are predetermined as precisely as possible. This is done on the basis of information about their previous behavior (e.g. visiting certain Internet presentations and lingering on them, buying behavior or interaction with other users), which are stored in a so-called profile.Cookies are usually used for these purposes.
  • **Personal data:**Personal data refers to all information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is regarded as identifiable if he can be directly or indirectly identified, especially by means of association with an identifier such as a name, with an identification number, with location data, with an online identifier (e.g. cookies) or with one or several special features reflecting the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
  • Profiling:“Profiling” refers to any type of automated processing of personal data that includes using these personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this includes information relating to age, gender, location data and movement data, interaction with internet presentations and their content, shopping behaviour, social interactions with other people) (e.g. interests in certain content or products, clicking behaviour on an internet presentation or his/her whereabouts).Cookies and web beacons are often used for profiling purposes.
  • Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the user flows of an online offer and can include the behaviour or interests of users regarding certain information, such asWith the help of reach analytics, we can, for example, recognise at what time our site or its features or content are used most often or invite you to reuse them.This allows them, for example, to better adapt the content of the internet presentation to the needs of their users.For reach analysis, pseudonymous cookies and web beacons are often used to recognise returning users and thus to receive more precise analyses of the use of an site.
  • Remarketing: “Remarketing” or “retargeting” refers to, for example, noting down which products a user was interested in on an internet presentation, i.e., for advertising purposes, in order to make the user remember these products on other internet presentations, for example in advertisements.
  • Tracking:“Tracking” refers to the behaviour of users that you can trace across several online offers. As a rule, information on behaviour and interest with regard to the sites used is stored in cookies or on servers of the providers of tracking technologies (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to correspond to their interests.
  • Data controller: “Data controller” refers to the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.
  • Processing: “Processing” is any operation or series of operations carried out with or without the help of automated procedures in connection with personal data. The term is broad and covers virtually every aspect of dealing with data, be it collection, evaluation, storage, transmission or deletion.

Status of this Privacy Policy

15. February 2021