Privacy Policy

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following data is collected:

• IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status / HTTP status code
• Volume of data transferred in each case
• Website from which the request originates
• Browser
• Operating system and its interface
• Language and version of the browser software

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. Storage also takes place to ensure the functionality of the website. In addition, the data serves to optimise the website and to ensure the security of our IT systems. There is no evaluation of the data for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6(1)(f) GDPR.

Data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of data collected to provide the website, this is the case when the respective session has ended. Data is also deleted after seven days at the latest. Storage beyond this is possible. In this case, the users' IP addresses are deleted or anonymised so that it is no longer possible to identify the accessing client.

The collection of data to provide the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

The legal basis for processing data after registration for the newsletter is your consent pursuant to Art. 6(1)(a) GDPR. The legal basis for sending the newsletter following the sale of goods or services is Section 7(3) of the German Act Against Unfair Competition (UWG).

The collection of the user's email address serves to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

Data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. The user's email address is therefore stored for as long as the newsletter subscription is active.

The newsletter subscription can be cancelled by the affected user at any time without incurring any costs other than the transmission costs at the basic rates. For this purpose, there is a corresponding link in every newsletter.

The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of the consent prior to its withdrawal. If you withdraw your consent, we will delete this data and no longer send you newsletters.

The use of Google Cloud CDN improves the user experience of our website. Content on our website is delivered faster and more reliably. In addition, Google's use of the service is used for analysing and optimising the delivery of content.

The legal basis for the use of the Google Tag Manager is your consent pursuant to Art. 6(1)(a) GDPR.

The use of the Google Tag Manager enables us to manage so-called website tags via an interface, allowing us to integrate other services into our online offering (please refer to the further and specific information in this privacy policy on this).

We would like to point out that we have no specific knowledge of the transmitted data or its use by Google. For more information about the Google Tag Manager, please visit https://marketingplatform.google.com/intl/en/about/tag-manager/. Google's applicable data protection provisions can be found at https://www.google.com/policies/privacy/.

You can withdraw your consent at any time by changing the settings in our consent management tool. Please note that your objection does not affect the lawfulness of the data processing up to that point.

The processing of data by Google can also be changed and excluded at https://adssettings.google.com/authenticated.

The legal basis for the use of AWS CloudFront is Art. 6(1)(f) GDPR.

To protect input forms on our site, we use the Cloudflare service "Turnstile". The provider of this service is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. In order to verify whether data entry in our forms, and in particular the contact form, is carried out by a human or by an automated program, Turnstile analyses the behaviour of website visitors based on various characteristics. The analysis begins automatically when the website is visited and various pieces of information are evaluated (e.g. IP address, date and duration of the website visit, operating system, browser, cookies, display instructions, scripts and mouse movements made).

Data may be processed in the USA. Where personal data is transferred to the USA, Cloudflare has submitted to the EU-US Data Privacy Framework, and the EU Commission's standard contractual clauses are also used.

To protect input forms on our site, we use the Google service "reCAPTCHA". The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To our knowledge, the referrer URL, IP address, the page you visit on our site on which the captcha is integrated, the date and duration of the visit, your Google account if you are logged into Google, your behaviour as a website visitor, information about the operating system, browser and time spent on the site, cookies, display instructions and scripts, your input behaviour as a user and mouse movements in the area of the "reCAPTCHA" checkbox are transmitted to Google. Data may be processed in the USA. Where personal data is transferred to the USA, Google has submitted to the EU-US Data Privacy Framework.

Google uses the information obtained in this way, among other things, to digitise books and other printed matter, and to optimise services such as Google Street View and Google Maps (e.g. house number and street name recognition).

The legal basis for the use of Google reCAPTCHA is Art. 6(1)(f) GDPR.

We use the service to protect input forms on our site. By using this service, it is possible to distinguish whether the relevant input is of human origin or is carried out abusively by automated machine processing.

We would like to point out that beyond the data mentioned, we have no specific knowledge of the data transmitted or its use by Google. Google's applicable data protection provisions can be found at https://www.google.com/policies/privacy/.

The IP address transmitted via "reCAPTCHA" is not merged with other data from Google, unless you are logged into your Google account at the time you use the "reCAPTCHA" plugin. If you wish to prevent the transmission and storage of data about you and your behaviour on our website by Google, you must log out of Google before visiting our site or using the reCAPTCHA plugin. The processing of data by Google can be changed and excluded at https://adssettings.google.com/authenticated.

A contact form is available on our website that can be used for electronic communication. If a user makes use of this option, the data entered in the input form is transmitted to us and stored.

Your acknowledgement of the processing of data, with reference to this privacy policy, is documented during the submission process.

Alternatively, it is possible to contact us via the email address provided. In this case, the personal data of the user transmitted with the email will be stored.

In this context, the data is not passed on to third parties. The data is used exclusively for processing the conversation.

The legal basis for the processing of data is your consent pursuant to Art. 6(1)(a) GDPR.

If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

The processing of personal data from the input form serves us solely to handle the contact request. In the case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

Data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. For the personal data from the contact form's input fields and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively resolved.

The user has the option of revoking their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of making contact will be deleted in this case.

Your applicant data will be reviewed by the human resources department upon receipt of your application. Suitable applications will then be forwarded internally to the department heads responsible for the respective open position. The further process will then be coordinated. Within the company, only those persons have access to your data who require it for the proper conduct of our application procedure. Data is processed exclusively in data centres of the Federal Republic of Germany.

The legal basis for the processing of your personal data in the application process is primarily Section 26 BDSG in the version in force since 25 May 2018, or Art. 6(1)(b) GDPR. Accordingly, the processing of data that is necessary in connection with the decision to establish an employment relationship is permissible.

If the data should be required after the conclusion of the application process for the purpose of legal proceedings, data processing may take place on the basis of the requirements of Art. 6 GDPR, in particular for the pursuit of legitimate interests pursuant to Art. 6(1)(f) GDPR. Our interest then consists in the assertion or defence of claims.

We process the data you have sent us in connection with your application in order to assess your suitability for the position (or, if applicable, other open positions in our company) and to conduct the application procedure.

Data of applicants will be deleted six months after a rejection.

In the event that you have consented to further storage of your personal data, we will include your data in our applicant pool. Data there is generally deleted after two years.

Should you be offered a position as part of the application process, the data from the applicant data system will be transferred to our personnel information system.

Our site uses what are known as web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to ensure the uniform display of fonts. When a page is called up, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. This enables Google to learn that our website has been accessed via your IP address.

The legal basis for the use of Google Web Fonts is Art. 6(1)(a) GDPR, i.e. your consent, which you have given via our cookie banner or consent management tool for the data processing described.

We use the service for the uniform display of fonts and in the interest of a uniform and attractive presentation of our online presence.

We would like to point out that beyond the data mentioned, we have no specific knowledge of the data transmitted or its use by Google. For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq. Google's applicable data protection provisions can be found at https://www.google.com/policies/privacy/.

You can withdraw your consent at any time with effect for the future by changing the settings in our cookie banner or consent management tool.

You can set your browser so that the fonts are not loaded from Google's servers (e.g. by installing browser add-ons such as NoScript or Ghostery for Firefox). If your browser does not support Google Web Fonts or you prevent access to Google's servers, the text will be displayed in your system's default font. The processing of data by Google can be changed and excluded at https://adssettings.google.com/authenticated.

We maintain an online presence within the social network LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. In this context and for contemporary marketing purposes, we process data from users in order to communicate with users active on the platform or to provide information about us.

The categories of data processed include contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times) and meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, consent status).

In addition to the use of data by us, users' data is typically processed by the operator of the social network for market research and advertising purposes. For example, profiles may be created based on users' usage behaviour and resulting interests. These user profiles can in turn be used, for example, to place advertisements inside and outside the networks that are presumed to correspond to the users' interests. For these purposes, cookies are typically stored on the users' computers, in which the users' usage behaviour and interests are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially when the users are members of the social network and are logged into their user account).

Users' data may also be processed outside the European Union, which may give rise to risks for users, including, for example, making it more difficult to enforce the so-called rights of data subjects (see the rights of the data subject below).

For a detailed description of the respective forms of processing, please refer to LinkedIn's privacy policy at https://de.linkedin.com/legal/privacy-policy.

Where personal data is transferred to the USA, LinkedIn has submitted to the EU-US Data Privacy Framework.

The legal basis for the use of LinkedIn is Art. 6(1)(f) GDPR.

If you are asked by LinkedIn to consent to the data processing described, the legal basis for processing is Art. 6(1)(a) GDPR.

Additionally, on the basis of a joint processing agreement pursuant to Art. 26 GDPR in conjunction with the declaration stored at the following link: https://legal.linkedin.com/pages-joint-controller-addendum.

The use of LinkedIn facilitates the sharing of content. When content is posted by users on LinkedIn, we are able to reach more potential customers. In addition, we use LinkedIn to further publicise and promote our company and the services we offer.

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn, and it is therefore not possible for us to ascertain the extent, location and duration for which the data is stored, the extent to which LinkedIn complies with existing deletion obligations, what analyses and links are made with the data, and to whom the data is passed on. Each user of the social network must, however, carefully consider for themselves which personal data they share with and about LinkedIn.

Options for restricting the processing of your data and managing your account and privacy settings are described at https://www.linkedin.com/help/linkedin/answer/a1337839. Furthermore, on mobile devices (smartphones, tablet computers), you can restrict LinkedIn's access to contact and calendar data, photos, location data, etc. in their respective settings, although this depends on the operating system used.

An opt-out option is available at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

We maintain an online presence within the social network and video platform YouTube, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this context and for contemporary marketing purposes, we process data from users in order to communicate with users active on the platform or to provide information about us.

The categories of data processed include contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times) and meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, consent status).

In addition to the use of data by us, users' data is typically processed by the operator of the social network for market research and advertising purposes. For example, profiles may be created based on users' usage behaviour and resulting interests. These user profiles can in turn be used, for example, to place advertisements inside and outside the networks that are presumed to correspond to the users' interests. For these purposes, cookies are typically stored on the users' computers, in which the users' usage behaviour and interests are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially when the users are members of the social network and are logged into their user account).

Users' data may also be processed outside the European Union, which may give rise to risks for users, including, for example, making it more difficult to enforce the rights of data subjects (see below).

For a detailed description of the respective forms of processing, please refer to YouTube's and Google's privacy policy at https://policies.google.com/privacy.

Where personal data is transferred to the USA, YouTube and Google have submitted to the EU-US Data Privacy Framework.

The legal basis for the use of YouTube is Art. 6(1)(f) GDPR.

If you are asked by YouTube to consent to the data processing described, the legal basis for processing is Art. 6(1)(a) GDPR.

The use of YouTube facilitates the sharing of content and enables us to present our services in an engaging way. Through its use, we are able to further publicise and promote our company and the services we offer. We hope thereby to reach more potential customers.

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by YouTube, and it is therefore not possible for us to ascertain the extent, location and duration for which the data is stored, the extent to which YouTube complies with existing deletion obligations, what analyses and links are made with the data, and to whom the data is passed on. Each user of the platform must, however, carefully consider for themselves which personal data they share with and about YouTube.

If you do not wish YouTube to be able to associate the visit to our pages with your YouTube user account, please log out of your YouTube user account. An opt-out option is available at https://myadcenter.google.com/personalizationoff.

We maintain an online presence within the social network Instagram, which is operated by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. In this context and for contemporary marketing purposes, we process data from users in order to communicate with users active on the platform or to provide information about us.

The categories of data processed include contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times) and meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, consent status).

In addition to the use of data by us, users' data is typically processed by the operator of the social network for market research and advertising purposes. For example, profiles may be created based on users' usage behaviour and resulting interests. These user profiles can in turn be used, for example, to place advertisements inside and outside the networks that are presumed to correspond to the users' interests. For these purposes, cookies are typically stored on the users' computers, in which the users' usage behaviour and interests are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially when the users are members of the social network and are logged into their user account).

Users' data may also be processed outside the European Union, which may give rise to risks for users, including, for example, making it more difficult to enforce the rights of data subjects (see below).

For a detailed description of the respective forms of processing, please refer to Instagram's privacy policy at https://privacycenter.instagram.com/policy. Where personal data is transferred to the USA, Instagram has submitted to the EU-US Data Privacy Framework.

The legal basis for the use of Instagram is Art. 6(1)(f) GDPR. If you are asked by Instagram to consent to the data processing described, the legal basis for processing is Art. 6(1)(a) GDPR.

If you do not wish YouTube to be able to associate the visit to our pages with your YouTube user account, please log out of your YouTube user account. An opt-out option is available at https://myadcenter.google.com/personalizationoff.

According to its own statements, Instagram stores data until it is no longer needed to provide its services and features, or until the respective user account is deleted, whichever comes first. This depends on the circumstances of the individual case, in particular the type of data, why it is collected and processed, and the relevant legal or operational storage requirements.

For opt-out options, please refer to Instagram's privacy policy and to the privacy information and settings at https://help.instagram.com/196883487377501 and, for privacy-friendly profile settings on Instagram profiles, at https://help.instagram.com/811572406418223.

We would also like to point out that in the case of requests for information and the assertion of data subject rights, these can most effectively be asserted with the operator of the social network. Only the operator has access to the users' data in each case and can directly take appropriate measures and provide information. You can contact the social network's data protection officer directly at https://www.facebook.com/help/contact/540977946302970. Should you nevertheless require assistance, you can also contact us.

If personal data about you is processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:

You may request confirmation from the controller as to whether personal data relating to you is being processed by us.

If such processing exists, you may request information from the controller about the following:

‍

1. the purposes for which the personal data are being processed;
2. the categories of personal data that are being processed;
3. the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;
4. the envisaged period for which the personal data relating to you will be stored, or, if specific information on this is not possible, the criteria used to determine the storage period;
5. the existence of a right to rectification or erasure of the personal data relating to you, a right to restriction of processing by the controller, or a right to object to such processing;
6. the existence of a right to lodge a complaint with a supervisory authority;
7. all available information about the origin of the data where the personal data are not collected from the data subject;
8. the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data relating to you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

You have a right to rectification and/or completion from the controller if the personal data processed relating to you is incorrect or incomplete. The controller must carry out the rectification without delay.

1. if you contest the accuracy of the personal data relating to you for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
3. the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
4. if you have objected to processing pursuant to Art. 21(1) GDPR pending verification of whether the legitimate grounds of the controller override your grounds.

Where processing of the personal data relating to you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Where restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Obligation to Erase

You may request the controller to erase the personal data relating to you without undue delay, and the controller is obliged to erase this data without undue delay where one of the following grounds applies:
‍

1. The personal data relating to you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw consent on which the processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for the processing.
3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
4. The personal data relating to you has been unlawfully processed.
5. The personal data relating to you must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject.
6. The personal data relating to you has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

Notification to Third Parties

Where the controller has made the personal data relating to you public and is obliged pursuant to Art. 17(1) GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested erasure of all links to, or copies or replications of, that personal data.
‍

Exceptions

The right to erasure does not apply where the processing is necessary:
‍

1. for exercising the right of freedom of expression and information;
2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
3. for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the objectives of such processing; or
5. for the establishment, exercise or defence of legal claims.

Where you have exercised the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate any such rectification or erasure of data or restriction of processing to each recipient to whom the personal data relating to you has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about those recipients by the controller.

You have the right to receive the personal data relating to you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where:

1. the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract pursuant to Art. 6(1)(b) GDPR; and
2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data relating to you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data relating to you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where personal data relating to you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data relating to you for such marketing purposes, including profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
‍

1. is necessary for entering into, or performance of, a contract between you and the controller;
2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
3. is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

With regard to the cases referred to in (1) and (3) above, the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.