Privacy Policy
Preamble
With the following privacy policy wewould like to inform you which types of your personal data(hereinafter also abbreviated as "data") we process forwhich purposes and in which scope. The privacy statement applies toall processing of personal data carried out by us, both in thecontext of providing our services and in particular on our websites,in mobile applications and within external online presences, such asour social media profiles (hereinafter collectively referred to as"online services").
The terms used are not gender-specific.
Last Update: 27. January 2023
Table of contents
- Preamble
-
- Controller
-
- Overview of processing operations
-
- Legal Bases for the Processing
-
- Security Precautions
-
- Transmission of Personal Data
-
- Data Processing in Third Countries
-
- Erasure of data
-
- Use of Cookies
-
- Business services
-
- Providers and services used in the course of business
-
- Provision of online services and web hosting
-
- Contact and Inquiry Management
-
- Video Conferences, Online Meetings, Webinars and Screen-Sharing
-
- Job Application Process
-
- Newsletter and Electronic Communications
-
- Commercial communication by E-Mail, Postal Mail, Fax or Telephone
-
- Web Analysis, Monitoring and Optimization
-
- Online Marketing
-
- Profiles in Social Networks (Social Media)
-
- Changes and Updates to the Privacy Policy
-
- Rights of Data Subjects
-
- Terminology and Definitions
Controller
robominds GmbH
Moosacher Straße42
80809 München
Authorised Representatives:
Tobias Rietzler, Andreas Däubler
E-mail address:
info@robominds.de
Overview of processing operations
The following table summarises thetypes of data processed, the purposes for which they are processedand the concerned data subjects.
Categoriesof Processed Data
- Inventory data.
-
- Payment Data.
-
- Contact data.
-
- Content data.
-
- Contract data.
-
- Usage data.
-
- Meta, communication and process data.
-
- Job applicant details.
-
- Event Data.
Categoriesof Data Subjects
- Customers.
-
- Prospective customers.
-
- Communication partner.
-
- Users.
-
- Job applicants.
-
- Business and contractual partners.
-
- Persons depicted.
Purposesof Processing
- Provision of contractual services and customer support.
-
- Contact requests and communication.
-
- Security measures.
-
- Direct marketing.
-
- Web Analytics.
-
- Targeting.
-
- Office and organisational procedures.
-
- Remarketing.
-
- Conversion tracking.
-
- Affiliate Tracking.
-
- Managing and responding to inquiries.
-
- Job Application Process.
-
- Feedback.
-
- Marketing.
-
- Profiles with user-related information.
-
- Custom Audiences.
-
- Provision of our online services and usability.
-
- Information technology infrastructure.
LegalBases for the Processing
Below you will find an overview of thelegal basis of the GDPR on the basis of which we process personaldata. Please note that in addition to the provisions of the GDPR,national data protection regulations may apply in your or our countryof residence or domicile. If, in addition, more specific legal basesare applicable in individual cases, we will inform you of these inthe data protection declaration.
- Consent (Article 6 (1) (a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
-
- Performance of a contract and prior requests (Article 6 (1) (b) GDPR) - Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
-
- Compliance with a legal obligation (Article 6 (1) (c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
-
- Legitimate Interests (Article 6 (1) (f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
-
- Job application process as a pre-contractual or contractual relationship (Article 6 (1)(b) GDPR) - If special categories of personal data within the meaning of Article 9 (1) GDPR (e.g. health data, such as severely handicapped status or ethnic origin) are requested from applicants within the framework of the application procedure, so that the responsible person or the person concerned can carry out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law, their processing shall be carried out in accordance with Article 9 (2)(b) GDPR , in the case of the protection of vital interests of applicants or other persons on the basis of Article 9 (2)(c) GDPR or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Article 9 (2)(d) GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Article 9 (2)(a) GDPR.
In addition to the data protectionregulations of the GDPR, national regulations apply to dataprotection in Germany. This includes in particular the Law onProtection against Misuse of Personal Data in Data Processing(Federal Data Protection Act - BDSG). In particular, the BDSGcontains special provisions on the right to access, the right toerase, the right to object, the processing of special categories ofpersonal data, processing for other purposes and transmission as wellas automated individual decision-making, including profiling.Furthermore, it regulates data processing for the purposes of theemployment relationship (§ 26 BDSG), in particular with regard tothe establishment, execution or termination of employmentrelationships as well as the consent of employees. Furthermore, dataprotection laws of the individual federal states may apply.
Security Precautions
We take appropriate technical andorganisational measures in accordance with the legal requirements,taking into account the state of the art, the costs of implementationand the nature, scope, context and purposes of processing as well asthe risk of varying likelihood and severity for the rights andfreedoms of natural persons, in order to ensure a level of securityappropriate to the risk.
The measures include, in particular,safeguarding the confidentiality, integrity and availability of databy controlling physical and electronic access to the data as well asaccess to, input, transmission, securing and separation of the data.In addition, we have established procedures to ensure that datasubjects' rights are respected, that data is erased, and that we areprepared to respond to data threats rapidly. Furthermore, we take theprotection of personal data into account as early as the developmentor selection of hardware, software and service providers, inaccordance with the principle of privacy by design and privacy bydefault.
Masking of the IP address: If IPaddresses are processed by us or by the service providers andtechnologies used and the processing of a complete IP address is notnecessary, the IP address is shortened (also referred to as "IPmasking"). In this process, the last two digits or the last partof the IP address after a full stop are removed or replaced bywildcards. The masking of the IP address is intended to prevent theidentification of a person by means of their IP address or to makesuch identification significantly more difficult.
TLS encryption (https): To protect yourdata transmitted via our online services, we use TLS encryption. Youcan recognize such encrypted connections by the prefix https:// inthe address bar of your browser.
Transmission of Personal Data
In the context of our processing ofpersonal data, it may happen that the data is transferred to otherplaces, companies or persons or that it is disclosed to them.Recipients of this data may include, for example, service providerscommissioned with IT tasks or providers of services and content thatare embedded in a website. In such cases, the legal requirements willbe respected and in particular corresponding contracts or agreements,which serve the protection of your data, will be concluded with therecipients of your data.
Data Processing in Third Countries
If we process data in a third country(i.e. outside the European Union (EU), the European Economic Area(EEA)) or the processing takes place in the context of the use ofthird party services or disclosure or transfer of data to otherpersons, bodies or companies, this will only take place in accordancewith the legal requirements.
Subject to express consent or transferrequired by contract or law, we process or have processed the dataonly in third countries with a recognised level of data protection,on the basis of special guarantees, such as a contractual obligationthrough so-called standard protection clauses of the EU Commission orif certifications or binding internal data protection regulationsjustify the processing (Article 44 to 49 GDPR, information page ofthe EU Commission:https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
Erasure of data
The data processed by us will be erasedin accordance with the statutory provisions as soon as theirprocessing is revoked or other permissions no longer apply (e.g. ifthe purpose of processing this data no longer applies or they are notrequired for the purpose). If the data is not deleted because theyare required for other and legally permissible purposes, theirprocessing is limited to these purposes. This means that the datawill be restricted and not processed for other purposes. Thisapplies, for example, to data that must be stored for commercial ortax reasons or for which storage is necessary to assert, exercise ordefend legal claims or to protect the rights of another natural orlegal person. Our further information on individual processingoperations may also contain additional and specific information ondata retention and erasure applicable to the respective processingoperations.
Use of Cookies
Cookies are small text files or otherdata records that store information on end devices and readinformation from the end devices. For example, to store the loginstatus in a user account, the contents of a shopping cart in ane-shop, the contents accessed or the functions used. Cookies can alsobe used for various purposes, e.g. for purposes of functionality,security and convenience of online offers as well as the creation ofanalyses of visitor flows.
Information on consent: We usecookies in accordance with the statutory provisions. Therefore, weobtain prior consent from users, except when it is not required bylaw. In particular, consent is not required if the storage andreading of information, including cookies, is strictly necessary inorder to provide an information society service explicitly requestedby the subscriber or user. The revocable consent will be clearlycommunicated to the user and will contain the information on therespective cookie use.
Information on legal bases underdata protection law: The legal basis under data protection law onwhich we process users' personal data with the use of cookies dependson whether we ask users for consent. If users consent, the legalbasis for processing their data is their declared consent. Otherwise,the data processed with the help of cookies is processed on the basisof our legitimate interests (e.g. in a business operation of ouronline services and improvement of its usability) or, if this is donein the context of the fulfillment of our contractual obligations, ifthe use of cookies is necessary to fulfill our contractualobligations. For which purposes the cookies are processed by us, wedo clarify in the course of this privacy policy or in the context ofour consent and processing procedures.
Retention period: With regard tothe retention period, a distinction is drawn between the followingtypes of cookies:
- Temporary cookies (also known as "session cookies"): Temporary cookies are deleted at the latest after a user has left an online service and closed his or her end device (i.e. browser or mobile application).
-
- Permanent cookies: Permanent cookies remain stored even after the terminal device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.
General information on revocationand objection (opt-out): Users can revoke the consent they havegiven at any time and also file an objection to processing inaccordance with the legal requirements in Article 21 GDPR. Userscan also declare their objection by means of the settings of theirbrowser, e.g. by deactivating the use of cookies (whereby this mayalso limit the functionality of our online services). An objection tothe use of cookies for online marketing purposes, can also bedeclared via the websites https://optout.aboutads.infoand https://www.youronlinechoices.com/.
Cookie Settings/ Opt-Out:
PLACEHOLDER
- Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).
-
- Data subjects: Users (e.g. website visitors, users of online services).
-
- Purposes of Processing: Provision of our online services and usability.
-
- Legal Basis: Consent (Article 6 (1) (a) GDPR).
Further information on processingmethods, procedures and services used:
- Processing Cookie Data on the Basis of Consent: We use a cookie management solution in which users' consent to the use of cookies, or the procedures and providers mentioned in the cookie management solution, can be obtained, managed and revoked by the users. The declaration of consent is stored so that it does not have to be retrieved again and the consent can be proven in accordance with the legal obligation. Storage can take place server-sided and/or in a cookie (so-called opt-out cookie or with the aid of comparable technologies) in order to be able to assign the consent to a user or and/or his/her device. Subject to individual details of the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. In this case, a pseudonymous user identifier is formed and stored with the date/time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and used end device.
CookieOverview
Business services
We process data of our contractual andbusiness partners, e.g. customers and interested parties(collectively referred to as "contractual partners") withinthe context of contractual and comparable legal relationships as wellas associated actions and communication with the contractual partnersor pre-contractually, e.g. to answer inquiries.
We process this data in order tofulfill our contractual obligations. These include, in particular,the obligations to provide the agreed services, any updateobligations and remedies in the event of warranty and other servicedisruptions. In addition, we process the data to protect our rightsand for the purpose of administrative tasks associated with theseobligations and company organization. Furthermore, we process thedata on the basis of our legitimate interests in proper andeconomical business management as well as security measures toprotect our contractual partners and our business operations frommisuse, endangerment of their data, secrets, information and rights(e.g. for the involvement of telecommunications, transport and otherauxiliary services as well as subcontractors, banks, tax and legaladvisors, payment service providers or tax authorities). Within theframework of applicable law, we only disclose the data of contractualpartners to third parties to the extent that this is necessary forthe aforementioned purposes or to fulfill legal obligations.Contractual partners will be informed about further forms ofprocessing, e.g. for marketing purposes, within the scope of thisprivacy policy.
Which data are necessary for theaforementioned purposes, we inform the contracting partners before orin the context of the data collection, e.g. in online forms byspecial marking (e.g. colors), and/or symbols (e.g. asterisks or thelike), or personally.
We delete the data after expiry ofstatutory warranty and comparable obligations, i.e. in principleafter expiry of 4 years, unless the data is stored in a customeraccount or must be kept for legal reasons of archiving. The statutoryretention period for documents relevant under tax law as well as forcommercial books, inventories, opening balance sheets, annualfinancial statements, the instructions required to understand thesedocuments and other organizational documents and accounting recordsis ten years and for received commercial and business letters andreproductions of sent commercial and business letters six years. Theperiod begins at the end of the calendar year in which the last entrywas made in the book, the inventory, the opening balance sheet, theannual financial statements or the management report was prepared,the commercial or business letter was received or sent, or theaccounting document was created, furthermore the record was made orthe other documents were created.
If we use third-party providers orplatforms to provide our services, the terms and conditions andprivacy policies of the respective third-party providers or platformsshall apply in the relationship between the users and the providers.
- Processed data types: Inventory data (e.g. names, addresses); Payment Data (e.g. bank details, invoices, payment history); Contact data (e.g. e-mail, telephone numbers); Contract data (e.g. contract object, duration, customer category).
-
- Data subjects: Prospective customers; Business and contractual partners.
-
- Purposes of Processing: Provision of contractual services and customer support; Contact requests and communication; Office and organisational procedures; Managing and responding to inquiries.
-
- Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Compliance with a legal obligation (Article 6 (1) (c) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processingmethods, procedures and services used:
- Project and Development Services: We process the data of our customers and clients (hereinafter uniformly referred to as "customers") in order to enable them to select, acquire or commission the selected services or works as well as associated activities and to pay for and make available such services or works or to perform such services or works.The required information is indicated as such within the framework of the conclusion of the agreement, order or equivalent contract and includes the information required for the provision of services and invoicing as well as contact information in order to be able to hold any consultations. Insofar as we gain access to the information of end customers, employees or other persons, we process it in accordance with the legal and contractual requirements; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
-
- Technical and Engineering services: We process the data of our customers and clients (hereinafter uniformly referred to as "customers") in order to enable them to select, acquire or commission the selected services or works as well as associated activities and to pay for and make available such services or works or to perform such services or works.The required information is indicated as such within the framework of the conclusion of the agreement, order or equivalent contract and includes the information required for the provision of services and invoicing as well as contact information in order to be able to hold any consultations. Insofar as we gain access to the information of end customers, employees or other persons, we process it in accordance with the legal and contractual requirements; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
Providers and services used in thecourse of business
As part of our business activities, weuse additional services, platforms, interfaces or plug-ins fromthird-party providers (in short, "services") in compliancewith legal requirements. Their use is based on our interests in theproper, legal and economic management of our business operations andinternal organization.
- Processed data types: Inventory data (e.g. names, addresses); Payment Data (e.g. bank details, invoices, payment history); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Contract data (e.g. contract object, duration, customer category).
-
- Data subjects: Customers; Prospective customers; Users (e.g. website visitors, users of online services); Business and contractual partners.
-
- Purposes of Processing: Provision of contractual services and customer support; Office and organisational procedures.
-
- Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Consent (Article 6 (1) (a) GDPR).
Provision of online services andweb hosting
We process user data in order to beable to provide them with our online services. For this purpose, weprocess the IP address of the user, which is necessary to transmitthe content and functions of our online services to the user'sbrowser or terminal device.
- Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).
-
- Data subjects: Users (e.g. website visitors, users of online services).
-
- Purposes of Processing: Provision of our online services and usability; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).); Security measures.
-
- Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processingmethods, procedures and services used:
- Provision of online offer on rented hosting space: For the provision of our online services, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a "web hoster"); Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
-
- Collection of Access Data and Log Files: The access to our online services is logged in the form of so-called "server log files". Server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a general rule, IP addresses and the requesting provider.The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability and optimal load balancing of the servers; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Retention period: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.
-
- Webflow: Creation, management and hosting of websites, online forms and other web elements; Service provider: Webflow, Inc. 208 Utah, Suite 210, San Francisco, CA 94103, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://webflow.com; Privacy Policy: https://webflow.com/legal/eu-privacy-policy; Data Processing Agreement: https://webflow.com/legal/sign-dpa; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://webflow.com/legal/sign-dpa.
Contact and Inquiry Management
When contacting us (e.g. via contactform, e-mail, telephone or via social media) as well as in thecontext of existing user and business relationships, the informationof the inquiring persons is processed to the extent necessary torespond to the contact requests and any requested measures.
- Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).
-
- Data subjects: Communication partner (Recipients of e-mails, letters, etc.).
-
- Purposes of Processing: Contact requests and communication; Managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online services and usability.
-
- Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
Further information on processingmethods, procedures and services used:
- Contact form: When users contact us via our contact form, e-mail or other communication channels, we process the data provided to us in this context to process the communicated request; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
-
- HubSpot: Customer management and process and sales support with personalized customer care with multi-channel communication, i.e. management of customer inquiries from different channels, and analysis and feedback functions; Service provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.hubspot.de; Privacy Policy: https://legal.hubspot.com/privacy-policy; Data Processing Agreement: https://legal.hubspot.com/dpa; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.hubspot.com/dpa.
-
- Jira: Web application for error management, troubleshooting and operational project management; Service provider: Atlassian Inc. (San Francisco, Harrison Street Location), 1098 Harrison Street, San Francisco, California 94103, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.atlassian.com/de/software/jira; Privacy Policy: https://www.atlassian.com/legal/privacy-policy; Data Processing Agreement: https://www.atlassian.com/legal/data-processing-addendum; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): Part of the Data Processing Agreement; Further Information: Data Transfer Impact Assessment: https://www.atlassian.com/legal/data-transfer-impact-assessment.
Video Conferences, OnlineMeetings, Webinars and Screen-Sharing
We use platforms and applications ofother providers (hereinafter referred to as "ConferencePlatforms") for the purpose of conducting video and audioconferences, webinars and other types of video and audio meetings(hereinafter collectively referred to as "Conference").When using the Conference Platforms and their services, we complywith the legal requirements.
Data processed by ConferencePlatforms: In the course of participation in a Conference, theData of the participants listed below are processed. The scope of theprocessing depends, on the one hand, on which data is requested inthe context of a specific Conference (e.g., provision of access dataor clear names) and which optional information is provided by theparticipants. In addition to processing for the purpose of conductingthe conference, participants' Data may also be processed by theConference Platforms for security purposes or service optimization.The processed Date includes personal information (first name, lastname), contact information (e-mail address, telephone number), accessdata (access codes or passwords), profile pictures, information onprofessional position/function, the IP address of the internetaccess, information on the participants' end devices, their operatingsystem, the browser and its technical and linguistic settings,information on the content-related communication processes, i.e.entries in chats and audio and video data, as well as the use ofother available functions (e.g. surveys). The content ofcommunications is encrypted to the extent technically provided by theconference providers. If participants are registered as users withthe Conference Platforms, then further data may be processed inaccordance with the agreement with the respective ConferenceProvider.
Logging and recording: If textentries, participation results (e.g. from surveys) as well as videoor audio recordings are recorded, this will be transparentlycommunicated to the participants in advance and they will be asked -if necessary - for their consent.
Data protection measures of theparticipants: Please refer to the data privacy information of theConference Platforms for details on the processing of your data andselect the optimum security and data privacy settings for you withinthe framework of the settings of the conference platforms.Furthermore, please ensure data and privacy protection in thebackground of your recording for the duration of a Conference (e.g.,by notifying roommates, locking doors, and using the backgroundmasking function, if technically possible). Links to the conferencerooms as well as access data, should not be passed on to unauthorizedthird parties.
Notes on legal bases: Insofaras, in addition to the Conference Platforms, we also process users'data and ask users for their consent to use contents from theConferences or certain functions (e.g. consent to a recording ofConferences), the legal basis of the processing is this consent. Furthermore, our processing may be necessary for the fulfillment ofour contractual obligations (e.g. in participant lists, in the caseof reprocessing of Conference results, etc.). Otherwise, user data isprocessed on the basis of our legitimate interests in efficient andsecure communication with our communication partners.
- Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).
-
- Data subjects: Communication partner (Recipients of e-mails, letters, etc.); Users (e.g. website visitors, users of online services); Persons depicted.
-
- Purposes of Processing: Provision of contractual services and customer support; Contact requests and communication; Office and organisational procedures.
-
- Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processingmethods, procedures and services used:
- Microsoft Teams: Messenger and conference software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.microsoft.com/de-de/microsoft-365; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.
Job Application Process
The application process requiresapplicants to provide us with the data necessary for their assessmentand selection. The information required can be found in the jobdescription or, in the case of online forms, in the informationcontained therein.
In principle, the required informationincludes personal information such as name, address, a contact optionand proof of the qualifications required for a particular employment.Upon request, we will be happy to provide you with additionalinformation.
If made available, applicants cansubmit their applications via an online form. The data will betransmitted to us encrypted according to the state of the art.Applicants can also send us their applications by e-mail. Pleasenote, however, that e-mails on the Internet are generally not sent inencrypted form. As a rule, e-mails are encrypted during transport,but not on the servers from which they are sent and received. We cantherefore accept no responsibility for the transmission path of theapplication between the sender and the reception on our server. Forthe purposes of searching for applicants, submitting applications andselecting applicants, we may make use of the applicant management andrecruitment software, platforms and services of third-party providersin compliance with legal requirements. Applicants are welcome tocontact us about how to submit their application or send it to us byregular mail.
Processing of special categories ofdata: If special categories of personal data within the meaningof Article 9 (1) GDPR (e.g. health data, such as severely handicappedstatus or ethnic origin) are requested from applicants within theframework of the application procedure, so that the responsibleperson or the person concerned can exercise his/her rights arisingfrom labour law and social security and social protection law andfulfil his/her duties in this regard, their processing shall becarried out in accordance with Article 9 (1)(b) GDPR, in the case ofthe protection of vital interests of applicants or other personspursuant to Article 9 (1)(c) GDPR or for the purposes of preventivehealth care or occupational medicine, for the assessment of theemployee's ability to work, for medical diagnostics, care ortreatment in the health or social sector or for the administration ofsystems and services in the health or social sector in accordancewith Article 9 (1)(h) GDPR. In the case of a communication of specialcategories of data based on voluntary consent, their processing iscarried out on the basis of Article 9 (1)(a) GDPR.
Ereasure of data: In the eventof a successful application, the data provided by the applicants maybe further processed by us for the purposes of the employmentrelationship. Otherwise, if the application for a job offer is notsuccessful, the applicant's data will be deleted. Applicants' datawill also be deleted if an application is withdrawn, to whichapplicants are entitled at any time. Subject to a justifiedrevocation by the applicant, the deletion will take place at thelatest after the expiry of a period of six months, so that we cananswer any follow-up questions regarding the application and complywith our duty of proof under the regulations on equal treatment ofapplicants. Invoices for any reimbursement of travel expenses arearchived in accordance with tax regulations.
Admission to a talent pool -Admission to an talent pool, if offered, is based on consent.Applicants are informed that their consent to be included in thetalent pool is voluntary, has no influence on the current applicationprocess and that they can revoke their consent at any time for thefuture.
- Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Job applicant details (e.g. Personal data, postal and contact addresses and the documents pertaining to the application and the information contained therein, such as cover letter, curriculum vitae, certificates, etc., as well as other information on the person or qualifications of applicants provided with regard to a specific job or voluntarily by applicants).
-
- Data subjects: Job applicants.
-
- Purposes of Processing: Job Application Process (Establishment and possible later execution as well as possible later termination of the employment relationship).
-
- Legal Basis: Job application process as a pre-contractual or contractual relationship (Article 6 (1)(b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).
Newsletter and ElectronicCommunications
We send newsletters, e-mails and otherelectronic communications (hereinafter referred to as "newsletters")only with the consent of the recipient or a legal permission. Insofaras the contents of the newsletter are specifically described withinthe framework of registration, they are decisive for the consent ofthe user. Otherwise, our newsletters contain information about ourservices and us.
In order to subscribe to ournewsletters, it is generally sufficient to enter your e-mail address.We may, however, ask you to provide a name for the purpose ofcontacting you personally in the newsletter or to provide furtherinformation if this is required for the purposes of the newsletter.
Double opt-in procedure: Theregistration to our newsletter takes place in general in a so-calledDouble-Opt-In procedure. This means that you will receive an e-mailafter registration asking you to confirm your registration. Thisconfirmation is necessary so that no one can register with externale-mail addresses.
The registrations for the newsletterare logged in order to be able to prove the registration processaccording to the legal requirements. This includes storing the loginand confirmation times as well as the IP address. Likewise thechanges of your data stored with the dispatch service provider arelogged.
Deletion and restriction ofprocessing: We may store the unsubscribed email addresses for upto three years based on our legitimate interests before deleting themto provide evidence of prior consent. The processing of these data islimited to the purpose of a possible defense against claims. Anindividual deletion request is possible at any time, provided thatthe former existence of a consent is confirmed at the same time. Inthe case of an obligation to permanently observe an objection, wereserve the right to store the e-mail address solely for this purposein a blocklist.
The logging of the registration processtakes place on the basis of our legitimate interests for the purposeof proving its proper course. If we commission a service provider tosend e-mails, this is done on the basis of our legitimate interestsin an efficient and secure sending system.
Contents:
Information about us, our services,promotions and offers.
- Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status); Usage data (e.g. websites visited, interest in content, access times).
-
- Data subjects: Communication partner (Recipients of e-mails, letters, etc.).
-
- Purposes of Processing: Direct marketing (e.g. by e-mail or postal).
-
- Legal Basis: Consent (Article 6 (1) (a) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).
-
- Opt-Out: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the contact options listed above, preferably e-mail.
Further information on processingmethods, procedures and services used:
- Measurement of opening rates and click rates: The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file, which is retrieved from our server when the newsletter is opened or, if we use a mailing service provider, from its server. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of our newsletter on the basis of technical data or target groups and their reading behaviour on the basis of their retrieval points (which can be determined with the help of the IP address) or access times. This analysis also includes determining whether newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until the profiles are deleted. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.The measurement of opening rates and click rates as well as the storage of the measurement results in the profiles of the users and their further processing are based on the consent of the users. A separate objection to the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled or objected to. In this case, the stored profile information will be deleted; Legal Basis: Consent (Article 6 (1) (a) GDPR).
-
- HubSpot: Email marketing platform; Service provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.hubspot.com; Privacy Policy: https://legal.hubspot.com/privacy-policy; Data Processing Agreement: https://legal.hubspot.com/dpa; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.hubspot.com/dpa; Further Information: https://legal.hubspot.com/dpa.
Commercial communication byE-Mail, Postal Mail, Fax or Telephone
We process personal data for thepurposes of promotional communication, which may be carried out viavarious channels, such as e-mail, telephone, post or fax, inaccordance with the legal requirements.
The recipients have the right towithdraw their consent at any time or to object to the advertisingcommunication at any time.
After revocation or objection, we storethe data required to prove the past authorization to contact or sendup to three years from the end of the year of revocation or objectionon the basis of our legitimate interests. The processing of this datais limited to the purpose of a possible defense against claims. Basedon the legitimate interest to permanently observe the revocation,respectively objection of the users, we further store the datanecessary to avoid a renewed contact (e.g. depending on thecommunication channel, the e-mail address, telephone number, name).
- Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers).
-
- Data subjects: Communication partner (Recipients of e-mails, letters, etc.).
-
- Purposes of Processing: Direct marketing (e.g. by e-mail or postal).
-
- Legal Basis: Consent (Article 6 (1) (a) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).
Web Analysis, Monitoring andOptimization
Web analysis is used to evaluate thevisitor traffic on our website and may include the behaviour,interests or demographic information of users, such as age or gender,as pseudonymous values. With the help of web analysis we can e.g.recognize, at which time our online services or their functions orcontents are most frequently used or requested for repeatedly, aswell as which areas require optimization.
In addition to web analysis, we canalso use test procedures, e.g. to test and optimize differentversions of our online services or their components.
Unless otherwise stated below,profiles, i.e. data aggregated for a usage process, can be createdfor these purposes and information can be stored in a browser or in aterminal device and read from it. The information collected includes,in particular, websites visited and elements used there as well astechnical information such as the browser used, the computer systemused and information on usage times. If users have agreed to thecollection of their location data from us or from the providers ofthe services we use, location data may also be processed.
Unless otherwise stated below,profiles, that is data summarized for a usage process or user, may becreated for these purposes and stored in a browser or terminal device(so-called "cookies") or similar processes may be used forthe same purpose. The information collected includes, in particular,websites visited and elements used there as well as technicalinformation such as the browser used, the computer system used andinformation on usage times. If users have consented to the collectionof their location data or profiles to us or to the providers of theservices we use, these may also be processed, depending on theprovider.
The IP addresses of the users are alsostored. However, we use any existing IP masking procedure (i.e.pseudonymisation by shortening the IP address) to protect the user.In general, within the framework of web analysis, A/B testing andoptimisation, no user data (such as e-mail addresses or names) isstored, but pseudonyms. This means that we, as well as the providersof the software used, do not know the actual identity of the users,but only the information stored in their profiles for the purposes ofthe respective processes.
- Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).
-
- Data subjects: Users (e.g. website visitors, users of online services).
-
- Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (Creating user profiles); Provision of our online services and usability.
-
- Security measures: IP Masking (Pseudonymization of the IP address).
-
- Legal Basis: Consent (Article 6 (1) (a) GDPR).
Further information on processingmethods, procedures and services used:
- Google Analytics 4: We use Google Analytics to perform measurement and analysis of the use of our online services by users based on a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to an end device in order to recognize which content users have accessed within one or various usage processes, which search terms they have used, have accessed again or have interacted with our online services. Likewise, the time of use and its duration are stored, as well as the sources of users referring to our online services and technical aspects of their end devices and browsers. In the process, pseudonymous profiles of users are created with information from the use of various devices, and cookies may be used. In Analytics, higher level geographic location data is provided by collecting the following metadata based on IP search: "city" (and the derived latitude and longitude of the city), "continent", "country", "region", "subcontinent" (and the ID-based equivalents). To ensure the protection of user data in the EU, Google receives and processes all user data via domains and servers within the EU. The IP address of users is not logged and is shortened by the last two digits by default. The shortening of the IP address takes place on EU servers for EU users. In addition, all sensitive data collected from users in the EU is deleted before it is collected via EU domains and servers; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://business.safety.google/adsprocessorterms; Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://adssettings.google.com/authenticated; Further Information: https://privacy.google.com/businesses/adsservices (Types of processing and data processed).
-
- Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online services (please refer to further details in this privacy policy). With the Tag Manager itself (which implements the tags), for example, no user profiles are created or cookies are stored. Google only receives the IP address of the user, which is necessary to run the Google Tag Manager; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://business.safety.google/adsprocessorterms.
Online Marketing
We process personal data for thepurposes of online marketing, which may include in particular themarketing of advertising space or the display of advertising andother content (collectively referred to as "Content") basedon the potential interests of users and the measurement of theireffectiveness.
For these purposes, so-called userprofiles are created and stored in a file (so-called "cookie")or similar procedure in which the relevant user information for thedisplay of the aforementioned content is stored. This information mayinclude, for example, content viewed, websites visited, onlinenetworks used, communication partners and technical information suchas the browser used, computer system used and information on usagetimes and used functions. If users have consented to the collectionof their sideline data, these can also be processed.
The IP addresses of the users are alsostored. However, we use provided IP masking procedures (i.e.pseudonymisation by shortening the IP address) to ensure theprotection of the user's by using a pseudonym. In general, within theframework of the online marketing process, no clear user data (suchas e-mail addresses or names) is secured, but pseudonyms. This meansthat we, as well as the providers of online marketing procedures, donot know the actual identity of the users, but only the informationstored in their profiles.
The information in the profiles isusually stored in the cookies or similar memorizing procedures. Thesecookies can later, generally also on other websites that use the sameonline marketing technology, be read and analyzed for purposes ofcontent display, as well as supplemented with other data and storedon the server of the online marketing technology provider.
Exceptionally, clear data can beassigned to the profiles. This is the case, for example, if the usersare members of a social network whose online marketing technology weuse and the network links the profiles of the users in theaforementioned data. Please note that users may enter into additionalagreements with the social network providers or other serviceproviders, e.g. by consenting as part of a registration process.
As a matter of principle, we only gainaccess to summarised information about the performance of ouradvertisements. However, within the framework of so-called conversionmeasurement, we can check which of our online marketing processeshave led to a so-called conversion, i.e. to the conclusion of acontract with us. The conversion measurement is used alone for theperformance analysis of our marketing activities.
Unless otherwise stated, we kindly askyou to consider that cookies used will be stored for a period of twoyears.
- Processed data types: Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status); Event Data (Facebook) ("Event Data" is data that can be transmitted from us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to persons or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (such as written comments), login information, and Contact Information (such as names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, the Custom Audiences created from them with the deletion of our Facebook account).
-
- Data subjects: Users (e.g. website visitors, users of online services).
-
- Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Conversion tracking (Measurement of the effectiveness of marketing activities); Affiliate Tracking; Marketing; Profiles with user-related information (Creating user profiles); Custom Audiences (Selection of relevant target groups for marketing purposes or other output of content); Provision of our online services and usability; Remarketing.
-
- Security measures: IP Masking (Pseudonymization of the IP address).
-
- Legal Basis: Consent (Article 6 (1) (a) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).
-
- Opt-Out: We refer to the privacy policies of the respective service providers and the possibilities for objection (so-called "opt-out"). If no explicit opt-out option has been specified, it is possible to deactivate cookies in the settings of your browser. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered collectively for each area: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-regional: https://optout.aboutads.info.
Further information on processingmethods, procedures and services used:
- Facebook Pixel and Custom Audiences (Custom Audiences): With the help of the Facebook pixel (or equivalent functions, to transfer Event-Data or Contact Information via interfaces or other software in apps), Facebook is on the one hand able to determine the visitors of our online services as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users and within the services of partners cooperating with Facebook (so-called "audience network" https://www.facebook.com/audiencenetwork/ ) who have shown an interest in our online services or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called "custom audiences"). With the help of Facebook pixels, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not appear annoying. The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by showing whether users were referred to our website after clicking on a Facebook ad (known as "conversion tracking"); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessing; Further Information: User event data, i.e. behavioral and interest data, is processed for the purposes of targeted advertising and audience building on the basis of the joint controllership agreement ("Controller Addendum", https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection and transfer of the data to Meta Platforms Ireland Limited, a company located in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
-
- Google Ads and Conversion Tracking: Online marketing process for purposes of placing content and advertisements within the provider's advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads. Furthermore, we measure the conversion of the ads, i.e. whether the users took them as a reason to interact with the ads and make use of the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Further Information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices; Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms.
-
- Google Ads Remarketing: Google Remarketing, also known as retargeting, is a technology that adds users who use an online service to a pseudonymous remarketing list so that users can be shown ads on other online services based on their visit to the online service; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Further Information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices; Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms.
-
- LinkedIn: Insights Tag / Conversion tracking; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy, cookie policy: https://www.linkedin.com/legal/cookie_policy; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.linkedin.com/dpa; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Profiles in Social Networks(Social Media)
We maintain online presences withinsocial networks and process user data in this context in order tocommunicate with the users active there or to offer information aboutus.
We would like to point out that userdata may be processed outside the European Union. This may entailrisks for users, e.g. by making it more difficult to enforce users'rights.
In addition, user data is usuallyprocessed within social networks for market research and advertisingpurposes. For example, user profiles can be created on the basis ofuser behaviour and the associated interests of users. The userprofiles can then be used, for example, to place advertisementswithin and outside the networks which are presumed to correspond tothe interests of the users. For these purposes, cookies are usuallystored on the user's computer, in which the user's usage behaviourand interests are stored. Furthermore, data can be stored in the userprofiles independently of the devices used by the users (especiallyif the users are members of the respective networks or will becomemembers later on).
For a detailed description of therespective processing operations and the opt-out options, pleaserefer to the respective data protection declarations and informationprovided by the providers of the respective networks.
Also in the case of requests forinformation and the exercise of rights of data subjects, we point outthat these can be most effectively pursued with the providers. Onlythe providers have access to the data of the users and can directlytake appropriate measures and provide information. If you still needhelp, please do not hesitate to contact us.
- Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).
-
- Data subjects: Users (e.g. website visitors, users of online services).
-
- Purposes of Processing: Contact requests and communication; Feedback (e.g. collecting feedback via online form); Marketing.
-
- Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processingmethods, procedures and services used:
- Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
-
- Facebook-Seiten: Profiles within the social network Facebook - We are jointly responsible (so called "joint controller") with Meta Platforms Ireland Limited for the collection (but not the further processing) of data of visitors to our Facebook page. This data includes information about the types of content users view or interact with, or the actions they take (see "Things that you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/policy), and information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie information; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How we use this information?" Facebook also collects and uses information to provide analytics services, known as "page insights," to site operators to help them understand how people interact with their pages and with content associated with them. We have concluded a special agreement with Facebook ("Information about Page-Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular the security measures that Facebook must observe and in which Facebook has agreed to fulfill the rights of the persons concerned (i.e. users can send information access or deletion requests directly to Facebook). The rights of users (in particular to access to information, erasure, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information about Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; Further Information: Joint Controllership Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data. The joint controllership is limited to the collection and transfer of the data to Meta Platforms Ireland Limited, a company located in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
-
- LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement: https://legal.linkedin.com/dpa; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.linkedin.com/dpa; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
-
- YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Privacy Policy: https://policies.google.com/privacy; Opt-Out: https://adssettings.google.com/authenticated.
-
- Xing: Social network; Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.xing.com; Privacy Policy: https://privacy.xing.com/en.
Changes and Updates to the PrivacyPolicy
We kindly ask you to inform yourselfregularly about the contents of our data protection declaration. Wewill adjust the privacy policy as changes in our data processingpractices make this necessary. We will inform you as soon as thechanges require your cooperation (e.g. consent) or other individualnotification.
If we provide addresses and contactinformation of companies and organizations in this privacy policy, weask you to note that addresses may change over time and to verify theinformation before contacting us.
Rights of Data Subjects
As data subject, you are entitled tovarious rights under the GDPR, which arise in particular fromArticles 15 to 21 of the GDPR:
- Right to Object: You have the right, on grounds arising from your particular situation, to object at any time to the processing of your personal data which is based on letter (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.
-
- Right of withdrawal for consents: You have the right to revoke consents at any time.
-
- Right of access: You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with the provisions of the law.
-
- Right to rectification: You have the right, in accordance with the law, to request the completion of the data concerning you or the rectification of the incorrect data concerning you.
-
- Right to Erasure and Right to Restriction of Processing: In accordance with the statutory provisions, you have the right to demand that the relevant data be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.
-
- Right to data portability: You have the right to receive data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.
-
- Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Terminology and Definitions
This section provides an overview ofthe terms used in this privacy policy. Many of the terms are drawnfrom the law and defined mainly in Article 4 GDPR. The legaldefinitions are binding. The following explanations, on the otherhand, are intended above all for the purpose of comprehension. Theterms are sorted alphabetically.
- Affiliate Tracking: Custom Audiences refers to the process of determining target groups for advertising purposes, e.g. the display of advertisements. For example, a user's interest in certain products or topics on the Internet may be used to conclude that the user is interested in advertisements for similar products or the online store in which the user viewed the products. "Lookalike Audiences" is the term used to describe content that is viewed as suitable by users whose profiles or interests presumably correspond to the users for whom the profiles were created. For the purposes of creating custom audiences and lookalike audiences, cookies and web beacons are typically used.
-
- Controller: "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
-
- Conversion tracking: Conversion tracking is a method used to evaluate the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the devices of the users within the websites on which the marketing measures take place and then called up again on the target website (e.g. we can thus trace whether the advertisements placed by us on other websites were successful).
-
- Custom Audiences: Target group formation (or "custom audiences") is the term used when target groups are determined for advertising purposes, e.g. display of advertisements. For example, a user's interest in certain products or topics on the Internet may be used to infer that that user is interested in advertisements for similar products or the online store in which they viewed the products. Lookalike Audiences" (or similar target groups) is the term used to describe content that is viewed as suitable by users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies are generally used for the purposes of creating custom audiences and lookalike audiences. Target groups can be created by processing visitors of an online service or can be uploaded to the provider of an online marketing technology by means of uploading (which is usually done pseudonymised).
-
- Personal Data: "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
-
- Processing: The term "processing" covers a wide range and practically every handling of data, be it collection, evaluation, storage, transmission or erasure.
-
- Profiles with user-related information: The processing of "profiles with user-related information", or "profiles" for short, includes any kind of automated processing of personal data that consists of using these personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information concerning demographics, behaviour and interests, such as interaction with websites and their content, etc.) (e.g. interests in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.
-
- Remarketing: Remarketing" or "retargeting" is the term used, for example, to indicate for advertising purposes which products a user is interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements.
-
- Targeting: "Tracking" is the term used when the behaviour of users can be traced across several websites. As a rule, behavior and interest information with regard to the websites used is stored in cookies or on the servers of the tracking technology providers (so-called profiling). This information can then be used, for example, to display advertisements to users presumably corresponding to their interests.
-
- Web Analytics: Web Analytics serves the evaluation of visitor traffic of online services and can determine their behavior or interests in certain information, such as content of websites. With the help of web analytics, website owners, for example, can recognize at what time visitors visit their website and what content they are interested in. This allows them, for example, to optimize the content of the website to better meet the needs of their visitors. For purposes of web analytics, pseudonymous cookies and web beacons are frequently used in order to recognise returning visitors and thus obtain more precise analyses of the use of an online service.