privacy policy

1. Data protection at a glance

General information

The following information provides an overview of what happens with your personal data when you visit this website. Personal data is any information relating to an identifiable person. More detailed information on the topic of data protection can be found in our Privacy Policy below.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website owner. You can find their contact details in the legal notice of this website.

How do we collect your data?

On the one hand, we collect the data from you that you provide us with. This might be, for example, data that you enter in a contact form.

Other data is collected automatically by our IT systems when you visit the website. This includes primarily technical data (e.g. internet browser, operating system or the time you accessed the page). This data is collected automatically as soon as you visit the website.

How do we use your data?

Some of the data is collected to ensure the website can be made available with no errors. Other data can be used to analyse your user behaviour.

What rights do you have with regard to your data?

You have the right to obtain information at any time, free of charge, about the origin, recipient and purpose of your stored personal data. You also have the right to demand the correction or erasure of this data. You can contact us about this or any other questions you may have about data protection any time at the address given in the legal notice. You also have the right to lodge a complaint with the relevant supervisory authority.

Under certain circumstances, you have the right to restrict processing of your personal data. More details on this can be found in the Privacy Policy under “Right to restriction of processing”.

Analytics tools and tools from third-party providers

When visiting this website, your user behaviour can be assessed statistically. Cookies and analytics programs are the main tools used for this. The analysis of your user behaviour is generally carried out anonymously – it cannot be traced back to you.

You can object to this analysis or prevent it by not using certain tools. Detailed information about these tools and your right to object can be found in the following Privacy Policy.

2. Hosting

External hosting

This website is hosted by an external service provider. Personal data that is collected on this website is stored on the servers of the hosting company. This primarily includes IP addresses, contact requests, meta and communication data, contract data, contact data, website access information and other data that is generated by a website.

A hosting company is used for the purpose of fulfilling contractual obligations to our potential and existing customers (Art. 6(1)(b) of the GDPR) and in the interest of providing a secure, fast and efficient online service through a professional provider (Art. (6)(1)(f) of the GDPR).

Our hosting company will only process your data if this is required for the fulfilment of their obligations and is in accordance with our instructions with regard to this data.

Conclusion of a contract for processing by a processor

In order to ensure processing complies with data protection regulations, we have concluded a contract with our hosting company to process data on our behalf.

3. General information and mandatory information

Data protection

The owner of this site takes the protection of your personal data very seriously. We treat your personal data as confidential and handle it in accordance with the legal data protection regulations and this Privacy Policy.

When you use this website, a range of personal data is collected. Personal data is any information relating to an identifiable person. This Privacy Policy explains which data we collect and what we use it for. It also explains how and for which purpose this occurs.

Please be advised that when transferring data via the internet (e.g. when communicating via e-mail), security vulnerabilities may arise. It is therefore not possible to completely protect your data from access by third parties.

Note about the data controller

The data controller for this website is:

The data controller is the natural or legal person who, alone or together with others, determines the purposes for which, and the way in which, personal data (e.g. names, e-mail address, etc.) is processed.

Legally prescribed data protection officer

We have appointed a data protection officer for our company.

Withdrawal of consent to data processing

A large number of data processing operations can only be carried out with your express consent. You can revoke your consent at any time. All you need to do is notify us by e-mail. The data processing carried out up until the point that consent was revoked remains unaffected by the revoking of consent.

The right to object to data collection in certain circumstances and to direct advertising (Art. 21 of the GDPR)

When data processing is based on Art. 6 (1) (e) or (f) of the GDPR, you have the right to object at any time to the processing of your personal data, on grounds relating to your particular situation. This also applies to profiling supported by these provisions. Please refer to this Privacy Policy for the legal basis of the respective processing. If you object, we will no longer process your personal data unless we can demonstrate legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the purpose of legal claims (objection in accordance with Art. 21(1) of the GDPR)

If your personal data is processed for the purposes of direct advertising, you have the right to object at any time to the processing of your personal data for the purposes of this type of advertising. This also applies to profiling, insofar as it is linked to this direct advertising. If you object, your personal data will no longer be used for the purposes of direct advertising (objection in accordance with Art. 21(2) of the GDPR).

Right to lodge a complaint with the relevant supervisory authority

In the event of an infringement against the GDPR, the affected parties have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint does not affect any other administrative or legal judicial remedies.

Right to data portability

You have the right to allow data that we process automatically on the basis of your consent or for the fulfilment of our contractual obligations to be issued to yourself or to a third party in a conventional, machine-readable format. If you request the direct transfer of the data to another controller, this will only be carried out if it is technically feasible.

SSL / TLS encryption

For security reasons and to protect the transfer of confidential content, such as orders or enquiries that you send to us as the owner of the site, this site uses SSL/TLS encryption. You can tell the connection is encrypted because the address in the browser will have changed from “http://” to “https://” and the lock symbol will be visible in your browser bar.

If the SSL/TLS encryption is active, data that you transfer to us cannot be read by third parties.

Encrypted payment transactions on this website

If following the conclusion of a fee-based contract there is an obligation to transfer your payment data to us (e.g. account number for direct debit mandates), this data is required to process the payment.

The payment transactions made via the standard payment methods (Visa/MasterCard, direct debit schemes) are carried out exclusively via an SSL/TLS encrypted connection. You can tell the connection is encrypted because the address in the browser will have changed from “http://” to “https://” and the lock symbol will be visible in your browser bar.

When the communication is encrypted, the payment details you transfer to us cannot be read by third parties.

Access, erasure and rectification

The applicable legal provisions give you the right to access your stored personal data at any time, free of charge, and to find out the origin, recipient and purpose of the data processing, as well as the right to rectification or erasure of this data. You can contact us about this or any other questions you may have about personal data any time at the address given in the legal notice.

Right to restriction of processing

You have the right to restrict processing of your personal data. You can contact us about this any time at the address given in the legal notice. The right to restriction of processing can be asserted in the following cases:

• If you want to contest the accuracy of the personal data stored by us, we generally need time to check this. While this check is being carried out, you have the right to restrict processing of your personal data.
• If your personal data was processed/is being processed unlawfully, instead of erasing the data, you can request that the data processing be restricted.
• If we no longer require your personal data, but you need it to establish, exercise or defend legal claims, you have the right to request that the data processing be restricted instead of erased.
• If you have objected in accordance with Art. 21 (1) GDPR, due consideration must be given to our interests and your interests. If neither party’s interests outweigh the other’s, you have the right to restrict processing of your personal data.

If you have restricted the processing of your personal data, this data – with the exception of its storage – can only be processed with your consent or to establish, exercise or defend legal claims or to protect the rights of other natural or legal persons or on the grounds that it is in the public interest of the European Union or one of the Member States.

Objection to advertising e-mails

An objection is hereby made to the use of contact data published in accordance with the German Telemedia Act for sending advertising and information materials that have not been explicitly requested. The owners of the site expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, e.g. through spam e-mails.

4. Data collection on this website

Cookies

Our website sometimes uses what are known as cookies. Cookies do not damage your computer and do not contain viruses. Cookies make our website more user-friendly, effective and secure. Cookies are small text files which are saved on your computer and can be stored in your browser.

Most of the cookies used by us are what are known as “session cookies”. They are automatically deleted once your visit to the site has ended. Other cookies remain saved on your end device until you delete them. These cookies allow us to recognise your browser on your next visit.

You can set your browser so that you are informed about the placement of cookies and only allow cookies on a case-by-case basis or exclude the acceptance of cookies in certain cases or generally, as well as activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of our website may be limited.

Cookies which are necessary to carry out electronic communications or to provide specific functions desired by you (e.g. shopping basket function) are stored on the basis of Art.6 (1) (f) of the GDPR. The website operator has a legitimate interest in storing cookies to provide their services free of technical errors and in an optimised manner. If consent in this regard is requested (e.g. consent to store cookies), the processing takes place exclusively on the basis of Art. 6 (1) (a) of the GDPR. This consent can be revoked at any time.

Other cookies (e.g. cookies for analysing your surfing habits) that are stored are dealt with separately in this privacy policy.

Server log files

The provider of the website automatically collects and stores information in what are known as server log files, which your browser automatically sends to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the computer requesting access
• Time zone of the server request
• IP address

This data is not linked to other sources.

This data is collected on the basis of Art. 6 (1) (f) of the GDPR. The website operator has a legitimate interest in providing their services free of technical errors and optimising their website – to do this, server log files must be collected.

Contact form

If you use our contact form to make an enquiry, the entries you make on the enquiry form, including the contact details provided by you, will be stored by us for the purposes of processing the enquiry and if we have follow-up questions. This data will not be passed to another party without your consent.

This data is processed on the basis of Art. 6 (1) (b) of the GDPR if your query is related to the fulfilment of a contract or it is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on our legitimate interest in effectively processing the queries we receive (Art. 6(1)(f) of the GDPR) or is based on your consent (Art. 6(1)(a) of the GDPR) if this has been requested.

The data entered by you in the contact form is stored by us until you request its deletion, you revoke your consent for us to store your data or until the reason for storing the data no longer exists (e.g. once your query has been processed). Compulsory legal provisions – in particular retention periods – are not affected.

Queries via e-mail, phone or fax

If you contact us via e-mail, phone or fax, your query, including all personal data contained therein (name, query) will be saved and processed by us for the purposes of handling your request. This data will not be passed to another party without your consent.

This data is processed on the basis of Art. 6 (1) (b) of the GDPR if your query is related to the fulfilment of a contract or it is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on your consent (Art. 6(1)(a) of the GDPR and/or on our legitimate interest (Art. 6(1)(f) of the GDPR) as we have a legitimate interest in effectively processing the queries we receive.

The data sent to us by you in the contact form is stored by us until you request its deletion, you revoke your consent for us to store your data or until the purpose of storing the data no longer exists (e.g. once your request has been processed). Compulsory legal provisions – in particular legally required retention periods – are not affected.

Processing data (customer and contract data)

We collect, process and use personal data only when it is necessary for the conclusion, substantive arrangement or amendment of the business relationship (stock data). This is done on the basis of Art. 6 (1) (b) of the GDPR, which allows data to be processed for the purposes of fulfilling a contract or for the implementation of pre-contractual measures. We only collect, process and use personal data on the use of the website (usage data) where this is necessary to allow the user to make use of the service or to invoice them.

The collected customer data is deleted once the order has been completed or the business relationship has ended. Legally required retention periods are not affected.

5. Analytics tools and advertising

Google Analytics

This website uses Google Analytics, a web analysis service from Google Inc. (?Google?). Google Analytics uses ?cookies?, i.e. text files which are saved on your computer to allow your use of the website to be analysed. The information generated by the cookie regarding your use of this website is generally transferred to a Google server in the USA and saved there. However, if IP anonymisation is activated on this website, in member states of the European Union or within other European Economic Area signatory states Google will initially abbreviate your IP address. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there. IP anonymisation is active on this website. Google will use this information on behalf of the operator of this website to analyse how you use the website, so that it can create reports on website activity and provide additional services related to the website use and internet use to the website operator. Your browser IP address transmitted as part of Google Analytics is not linked with other data by Google. You can prevent cookies from being saved through a setting in your browser software. However, we would like to point out that if you do so, you may not be able to use all of the functions of this website. You may also prevent Google collecting and processing data (including your IP address) relating to your use of the website generated by the cookie, by downloading and installing the browser plug-in available from the following link:

tools.google.com/dlpage/gaoptout?hl=de

Further information on conditions of use and data protection can be found at:
https://www.google.com/analytics/terms/de.html

Google Ads (previously AdWords)

This website uses Google conversion tracking. If you arrive at our website via a Google advert, Google Ads will place a cookie on your computer. The conversion tracking cookie is placed if a user clicks on an advert displayed by Google. These cookies lose their validity after 30 days and cannot be used to identify you. If the user visits certain pages of our website and the cookie has not expired, we and Google can identify that the user has clicked on the ad and been forwarded to this page. Every Google Ads customer receives a different cookie. Cookies can therefore not be tracked across the websites of Ads customers. The information collected using the conversion cookie serves to generate conversion statistics for Ads customers who have decided to use conversion tracking. The customers receive the total number of users who have clicked on their ad and been forwarded to a page provided with a conversion tracking tag. They will not receive any information which could personally identify the user.

If you do not wish to be involved in tracking, you can opt out of receiving the necessary cookies – either by changing browser settings to automatically deactivate all cookies, or by setting your browser to block cookies from the domain “googleleadservices.com”.

Please be aware that the opt-out cookies should not be deleted so long as you do not wish for measurement data to be recorded. If you have deleted all of your cookies in the browser, the respective opt-out cookie must be reactivated.

Google Tag Manager

This website uses Google Tag Manager. This service allows website tags to be managed via an interface. Google Tag Manager only implements tags. This means no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags which in turn may collect data. Google Tag Manager does not have access to this data. If individual cookies or cookies from a specific domain are deactivated, this will apply to all tracking tags, so long as they were implemented by Google Tag Manager.

6. Plugins and tools

YouTube with enhanced data protection

This website has embedded YouTube videos. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube videos in enhanced data protection mode. According to YouTube, in this mode YouTube does not store any information about the visitor to this website before watching the video. However, the enhanced data protection mode does not necessarily prevent the passing on of data to YouTube partners. YouTube therefore creates a connection to the Google DoubleClick network, regardless of whether you are viewing a video.

As soon as you play a YouTube video on this website, a connection to the YouTube servers is created. The pages of our website that you have visited are then shared with the YouTube server. If you are logged in to your YouTube account, you allow YouTube to associate your internet behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube can also save various cookies to your end device when a video is started. Using these cookies, YouTube can collect information about visitors to this website. This information is used to collect video statistics, improve the user experience and prevent attempted fraud. The cookies remain on your end device until you delete them.

Further data processing may be triggered when a YouTube video is started, over which we have no control.

YouTube is used in the interests of appropriately presenting our online offerings. This represents a legitimate interest in accordance with Art. 6 (1) (f) of the GDPR. If consent in this regard is requested (e.g. consent to store cookies), the processing takes place exclusively on the basis of Art. 6 (1) (a) of the GDPR. This consent can be revoked at any time.

You can find more information about YouTube’s data protection in their privacy policy at: https://policies.google.com/privacy?hl=de.

Vimeo

This website uses plugins from the Vimeo video portal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of our pages which has a Vimeo plugin, a connection to the Vimeo servers is created. The pages of our website that you have visited are then shared with the Vimeo server. Vimeo also receives your IP address. This is the case whether or not you are logged in to Vimeo or have a Vimeo account. The information collected by Vimeo is sent to the Vimeo server in the USA.

If you are logged in to your Vimeo account, you allow Vimeo to associate your internet behaviour directly with your personal profile. You can prevent this by logging out of your Vimeo account.

Vimeo is used in the interests of appropriately presenting our online offerings. This represents a legitimate interest in accordance with Art. 6 (1) (f) of the GDPR. If consent in this regard is requested (e.g. consent to store cookies), the processing takes place exclusively on the basis of Art. 6 (1) (a) of the GDPR. This consent can be revoked at any time.

More information about how Vimeo handles user data can be found in Vimeo’s privacy policy: https://vimeo.com/privacy.

Google Web Fonts

This website uses web fonts provided by Google to uniformly present fonts. Google fonts are installed locally. No connection to Google’s servers is created.

Google Maps (with consent)

This website uses the Google Maps location service via an API. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

In order to protect data on this website, Google Maps is deactivated the first time you access this website. No direct connection to the Google servers is created until you activate Google Maps yourself (consent in accordance with Art. 6(1)(a) of the GDPR). This prevents your data from being shared with Google when you first visit the page.

Once activated, Google Maps will save your IP address. This is then generally transferred to a Google server in the USA and saved there. The provider of this page does not have any control over the sharing of this data once Google Maps has been activated.

More information about how Google handles user data can be found in Google’s Privacy Policy: https://www.google.de/intl/de/policies/privacy/.

7. In-house services

Handling of applicant data

We offer you the option to apply to us (e.g. via e-mail, post or online application form). You can find information of the scope, purpose and use of the personal data we collect about you as part of the application process below. We affirm that the collection, processing and use of your data is done in compliance with applicable data protection law and all other legal provisions and that the handling of your data is strictly confidential.

Scope and purpose of data collection

If you submit an application to us, we process your personal data associated with this application (e.g. contact and communications data, application documents, notes from interviews etc.) if this is necessary for the decision to enter into a business relationship. The legal basis for this is Section 26 of the new BDSG (German Federal Data Protection Law) in accordance with German law (initiation of a business relationship), Art. 6 (1) (b) of the GDPR (general initiation of a contract) and – if you have given consent – Art. 6 (1) (a) of the GDPR. This consent can be revoked at any time. Your personal data is only shared with people within our company who are involved in processing your application.

If the application is successful, the data you have submitted is stored in our data processing systems on the basis of section 26 the new BDSG (German Federal Data Protection Law) and Art. 6 (1) (b) of the GDPR for the purposes of conducting a business relationship.

Data retention period

If we cannot make you an offer of employment, you reject an offer of employment or you withdraw your application, we reserve the right to retain your data on the basis of our legitimate interest (Art. 6(1)(f) of the GDPR) for up to 6 months after the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents will be destroyed. This retention is in particular for the purpose of providing evidence in case of a legal dispute. If it appears that after the 6-month retention period the data is necessary (e.g. due to a threatened or pending legal dispute), it will be deleted when the purpose for the continued retention no longer exists.

There may also be a longer retention period if you have granted consent in this regard (Art. 6(1)(a) of the GDPR) or if legal obligations to retain data prevent deletion.

Acceptance in the applicant pool

If we do not make you an offer of employment, there may be the opportunity to be added to our applicant pool. If added, all documents and information from the application will be transferred to the applicant pool in order to be able to contact you if there is an appropriate vacancy.

Acceptance into the applicant pool is only done on the basis of your explicit consent (Art. 6(1)(a) of the GDPR). Consent is voluntary and has no bearing on ongoing application processes. You can revoke your consent at any time. In this case your data will be irrevocably deleted from the applicant pool, so long as there is no legal requirement to retain it.

The applicant pool data will be irrevocably deleted two years at the latest after consent has been granted.