Pri­va­cy Pol­i­cy

Pri­va­cy Pol­i­cy

This Pri­va­cy Pol­i­cy explains to you the type, scope and pur­pose of the pro­cess­ing of per­son­al data (here­inafter referred to as “data”) with­in our online offer and the asso­ci­at­ed web­sites, func­tions and con­tents as well as exter­nal online pres­ences, e.g. our Social Media Pro­files (here­inafter col­lec­tive­ly referred to as “online offer”). With regard to the terms used, such as “pro­cess­ing” or “per­son respon­si­ble”, we refer to the def­i­n­i­tions in Art. 4 of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR/DSGVO).

Con­troller

SRC
Secu­ri­ty Research & Con­sult­ing GmbH
Emil-Nolde-Str.7
GER-53113 Bonn
Tele­phone: +49 (228) 2806 – 0
Tele­fax: +49 (228) 2806 – 199
Inter­net: www.src-gmbh.de
eMail: info[at]src-gmbh.de
CEO: Gerd Cimiotti
Com­mer­cial reg­is­ter: Bonn HRB 9414
VAT ID num­ber: DE 212254844

You can con­tact our data pro­tec­tion offi­cer as fol­lows:

Flo­ri­an Reichert
Ade­nauer­allee 136
53113 Bonn

Tel.: +49 (0) 228–227 226–0
Fax: +49 (0) 228–227 226–26
Con­tact: http://www.scheja-partner.de/kontakt/kontakt.html
www.scheja-partner.de

Types of data processed:

  • Inven­to­ry data (for exam­ple, names, address­es).
  • Con­tact details (e.g., e-mail, tele­phone num­bers).
  • Con­tent data (e.g., text input, pho­tographs, videos).
  • Usage data (e.g., vis­it­ed web­sites, inter­est in con­tent, access times).
  • Meta/communication data (e.g., device infor­ma­tion, IP address­es).

Pur­pose of the data pro­cess­ing

  • Pro­vi­sion of the online offer, its func­tions and con­tents.
  • Response to con­tact requests and com­mu­ni­ca­tion with users.
  • Secu­ri­ty mea­sures.
  • Range measurement/marketing

Terms used

Per­son­al data” means any infor­ma­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (here­inafter referred to as “data sub­ject”); an iden­ti­fi­able nat­ur­al per­son is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in par­tic­u­lar by assign­ment to an iden­ti­fi­er such as a name, an iden­ti­fi­ca­tion num­ber, loca­tion data, an online iden­ti­fi­er (e.g. cook­ie) or to one or more spe­cial fea­tures that express the phys­i­cal, phys­i­o­log­i­cal, genet­ic, psy­cho­log­i­cal, eco­nom­ic, cul­tur­al or social iden­ti­ty of that nat­ur­al per­son.

Pro­cess­ing” means any oper­a­tion or set of oper­a­tions which is per­formed on per­son­al data or on sets of per­son­al data, whether or not by auto­mat­ed means. The term cov­ers prac­ti­cal­ly every han­dling of data.

Con­troller” means the nat­ur­al or legal per­son, pub­lic author­i­ty, agency or oth­er body which, alone or joint­ly with oth­ers, deter­mines the pur­pos­es and means of the pro­cess­ing of per­son­al data.

Deci­sive legal bases

In accor­dance with Art. 13 DSGVO, we inform you about the legal basis of our data pro­cess­ing. If the legal basis is not men­tioned in the data pro­tec­tion dec­la­ra­tion, the fol­low­ing applies: The legal basis for obtain­ing con­sents is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for pro­cess­ing for the per­for­mance of our ser­vices and per­for­mance of con­trac­tu­al mea­sures as well as for answer­ing inquiries is Art. 6 para. 1 lit. b DSGVO, the legal basis for pro­cess­ing to ful­fil our legal oblig­a­tions is Art. 6 para. 1 lit. c DSGVO, and the legal basis for pro­cess­ing to pro­tect our legit­i­mate inter­ests is Art. 6 para. 1 lit. f DSGVO. In the event that the vital inter­ests of the data sub­ject or anoth­er nat­ur­al per­son require the pro­cess­ing of per­son­al data, Arti­cle 6(1)(d) DSGVO serves as the legal basis.

Secu­ri­ty mea­sures

We ask you to inform your­self reg­u­lar­ly about the con­tents of our pri­va­cy pol­i­cy. We adapt the pri­va­cy pol­i­cy as soon as changes in the data pro­cess­ing car­ried out by us require this. We will inform you as soon as the changes require your coop­er­a­tion (e.g. con­sent) or if any oth­er indi­vid­ual noti­fi­ca­tion is required.

Coop­er­a­tion with proces­sors and third par­ties

If, in the course of our pro­cess­ing, we dis­close data to oth­er per­sons and com­pa­nies (proces­sors or third par­ties), trans­fer them or grant them access to the data in any oth­er way, this shall take place as fol­lows

  • on the basis of a legal per­mis­sion (e.g. if a trans­mis­sion of the data to third par­ties, such as to pay­ment ser­vice providers, is nec­es­sary in accor­dance with Art. 6 para. 1 lit. b DSGVO for con­tract ful­fil­ment),
  • if you have con­sent­ed,
  • if a legal oblig­a­tion requires it, or
  • on the basis of our legit­i­mate inter­ests (e.g. when using agents, web hosts, etc.).

If we com­mis­sion third par­ties with the pro­cess­ing of data on the basis of a so-called “pro­cess­ing con­tract”, this is done in accor­dance with the rel­e­vant require­ments of Art. 28 DSGVO.

Trans­fers to third coun­tries

If we process data

  • in a third coun­try (i.e. out­side the Euro­pean Union (EU) or the Euro­pean Eco­nom­ic Area (EEA)), or
  • the pro­cess­ing takes place in the con­text of the use of ser­vices of third par­ties, or
  • data will be dis­closed or trans­mit­ted to third par­ties,

this only hap­pens if it is

  • to ful­fil our (pre)contractual oblig­a­tions or on the basis of
  • your con­sent,
  • a legal oblig­a­tion or
  • on the basis of our legit­i­mate inter­ests.

Sub­ject to legal or con­trac­tu­al per­mis­sions, we process or have the data processed in a third coun­try only if the spe­cial require­ments of Art. 44 ff. DSGVO are ful­filled. This means that the pro­cess­ing is car­ried out, for exam­ple, on the basis of spe­cial guar­an­tees, such as the offi­cial­ly recog­nised deter­mi­na­tion of a data pro­tec­tion lev­el cor­re­spond­ing to the EU (e.g. for the USA by the “Pri­va­cy Shield”) or com­pli­ance with offi­cial­ly recog­nised spe­cial con­trac­tu­al oblig­a­tions (so-called “stan­dard con­trac­tu­al claus­es”).

Rights of the data sub­ject

Infor­ma­tion rights

You have the right to receive infor­ma­tion about your per­son­al data stored by us.

Right of rec­ti­fi­ca­tion and dele­tion

You can request us to rec­ti­fy incor­rect data and — inso­far as the legal require­ments are ful­filled — to delete your data.

Restric­tion of pro­cess­ing

As far as the legal require­ments are ful­filled, you can demand that we restrict the pro­cess­ing of your data.

Data porta­bil­i­ty

If you have pro­vid­ed us with data on the basis of a con­tract or con­sent, you may, if the legal require­ments are met, request that you receive the data pro­vid­ed by you in a struc­tured, cur­rent and machine-read­able for­mat or that we trans­mit it to anoth­er per­son respon­si­ble.

Objec­tion to data pro­cess­ing in the case of a “legit­i­mate inter­est” legal basis

You have the right to object to our pro­cess­ing of your data at any time for rea­sons aris­ing from your par­tic­u­lar sit­u­a­tion, inso­far as this is based on the legal basis of “legit­i­mate inter­est”. If you use your right of objec­tion, we will stop pro­cess­ing your data unless we can — in accor­dance with the statu­to­ry pro­vi­sions — prove com­pelling rea­sons wor­thy of pro­tec­tion for fur­ther pro­cess­ing, which exceed your rights.

Objec­tion to cook­ies

You can also object to the use of cook­ies at any time. Please refer to the above expla­na­tions on the use of the respec­tive cook­ie for details.

Revo­ca­tion of con­sent

If you have giv­en us your con­sent to the pro­cess­ing of your data, you can revoke this at any time with effect for the future. The legal­i­ty of the pro­cess­ing of your data until revo­ca­tion remains unaf­fect­ed by this.

Right of appeal at the super­vi­so­ry author­i­ty

You may also lodge a com­plaint with the com­pe­tent super­vi­so­ry author­i­ty if you believe that the pro­cess­ing of your data is con­trary to applic­a­ble law. You can con­tact the data pro­tec­tion author­i­ty respon­si­ble for your place of res­i­dence or coun­try or the data pro­tec­tion author­i­ty respon­si­ble for us.

Your con­tact to us:

Fur­ther­more, you can con­tact us free of charge with ques­tions regard­ing the pro­cess­ing of your per­son­al data, your data sub­ject rights and any con­sent giv­en. To make use of all your afore­men­tioned rights, please con­tact datenschutz@src-gmbh.de or via post to the address indi­cat­ed under point 1 above. Please ensure that we can unique­ly iden­ti­fy you.

Right of objec­tion in the case of a “legit­i­mate inter­est” legal basis

Objec­tion to data pro­cess­ing on the legal basis of “legit­i­mate inter­est”: You have the right, for rea­sons aris­ing from your par­tic­u­lar sit­u­a­tion, to object at any time to the future pro­cess­ing of the data con­cern­ing you by us, inso­far as this is based on the legal basis of “legit­i­mate inter­est”. If you exer­cise your right of objec­tion, we will stop the pro­cess­ing of your data unless we can — in accor­dance with the statu­to­ry pro­vi­sions — prove com­pelling rea­sons wor­thy of pro­tec­tion for fur­ther pro­cess­ing, which out­weigh your rights.

To exer­cise your right to object, please con­tact

Cook­ies

Cook­ies” are small files that are stored on the user’s com­put­er. Dif­fer­ent data can be stored with­in the cook­ies. A cook­ie is pri­mar­i­ly used to store infor­ma­tion about a user (or the device on which the cook­ie is stored) dur­ing or after his or her vis­it to an online offer. Tem­po­rary cook­ies, or “ses­sion cook­ies” or “tran­sient cook­ies”, are cook­ies that are delet­ed after a user leaves an online offer and clos­es the brows­er. In such a cook­ie, for exam­ple, the con­tent of a shop­ping bas­ket can be stored in an online shop or a login jam. Cook­ies are referred to as “per­ma­nent” or “per­sis­tent” if they remain stored even after the brows­er is closed. For exam­ple, the login sta­tus can be saved when users vis­it it after sev­er­al days. Like­wise, the inter­ests of users used for range mea­sure­ment or mar­ket­ing pur­pos­es may be stored in such a cook­ie. “Third-par­ty cook­ies” are cook­ies that are offered by providers oth­er than the per­son respon­si­ble for oper­at­ing the online offer (oth­er­wise, if they are only oper­a­tor cook­ies, they are referred to as “first-par­ty cook­ies”).

We may use tem­po­rary and per­ma­nent cook­ies and clar­i­fy this with­in the scope of using our web­site. The first time you vis­it our web­site, you will receive a pop-up mes­sage at the bot­tom of the screen with infor­ma­tion on the use of cook­ies. If you click the Accept but­ton, we store a cook­ie so that we know that you have tak­en note of our mes­sage and that it will not be dis­played again dur­ing your next vis­it.

If users do not want cook­ies to be stored on their com­put­er, they are asked to deac­ti­vate the cor­re­spond­ing option in the sys­tem set­tings of their brows­er. Stored cook­ies can be delet­ed in the sys­tem set­tings of the brows­er. The exclu­sion of cook­ies can lead to func­tion­al restric­tions of this online offer.

The legal basis for the pro­cess­ing of per­son­al data using tech­ni­cal­ly nec­es­sary cook­ies is Art. 6 para. 1 lit. f DSGVO. Our legit­i­mate inter­ests are the sim­pli­fi­ca­tion of the use of our web­site and the recog­ni­tion of the user’s brows­er even after a switch of the web­site.

Dele­tion of data

The data processed by us will be delet­ed or their pro­cess­ing restrict­ed in accor­dance with Arti­cles 17 and 18 DSGVO. Unless express­ly stat­ed in this data pro­tec­tion dec­la­ra­tion, the data stored by us will be delet­ed as soon as it is no longer required for its intend­ed pur­pose and the dele­tion does not con­flict with any statu­to­ry stor­age oblig­a­tions. If the data is not delet­ed because it is nec­es­sary for oth­er and legal­ly per­mis­si­ble pur­pos­es, its pro­cess­ing is restrict­ed. This means that the data is blocked and not processed for oth­er pur­pos­es. This applies, for exam­ple, to data that must be retained for com­mer­cial or tax rea­sons.

In accor­dance with statu­to­ry require­ments in Ger­many, the records are kept in par­tic­u­lar for 6 years in accor­dance with § 257 (1) HGB (trad­ing books, inven­to­ries, open­ing bal­ance sheets, annu­al finan­cial state­ments, com­mer­cial let­ters, account­ing doc­u­ments, etc.) and for 10 years in accor­dance with § 147 (1) AO (books, records, man­age­ment reports, account­ing doc­u­ments, com­mer­cial and busi­ness let­ters, doc­u­ments rel­e­vant for tax­a­tion, etc.).

Order pro­cess­ing for ser­vices

We process our cus­tomers’ data as part of the order­ing process in our online tick­et man­age­ment sys­tem to enable them to select and order the select­ed prod­ucts and ser­vices, as well as their pay­ment and deliv­ery or exe­cu­tion.

The processed data includes inven­to­ry data, com­mu­ni­ca­tion data, con­tract data, pay­ment data. The per­sons affect­ed by the pro­cess­ing include our cus­tomers, inter­est­ed par­ties and oth­er busi­ness part­ners. The pro­cess­ing takes place for the pur­pose of pro­vid­ing con­trac­tu­al ser­vices in the con­text of oper­at­ing an online shop, billing, deliv­ery and cus­tomer ser­vices. We use ses­sion cook­ies for stor­ing the con­tents of the shop­ping cart and per­ma­nent cook­ies for stor­ing the login sta­tus.

Pro­cess­ing is car­ried out on the basis of Art. 6 Para. 1 lit. b (exe­cu­tion of order process­es) and c (legal­ly required archiv­ing) DSGVO. The infor­ma­tion marked as nec­es­sary is required to estab­lish and ful­fil the con­tract. We dis­close the data to third par­ties only with­in the frame­work of deliv­ery, pay­ment or with­in the frame­work of legal per­mits and oblig­a­tions to legal advi­sors and author­i­ties. The data will only be processed in third coun­tries if this is nec­es­sary for the ful­fil­ment of the con­tract (e.g. at the customer’s request upon deliv­ery or pay­ment).

When reg­is­ter­ing, re-reg­is­ter­ing and using our online ser­vices, we store the IP address and the time of the respec­tive user action. This data is stored on the basis of our legit­i­mate inter­ests as well as the users’ inter­est in pro­tec­tion against mis­use and oth­er unau­tho­rized use. A pass­ing on of this data to third par­ties does not take place in gen­er­al, unless it is nec­es­sary to pur­sue our claims or there is a legal oblig­a­tion accord­ing to Art. 6 para. 1 lit. c DSGVO.

The dele­tion takes place after the expiry of statu­to­ry war­ran­ty and com­pa­ra­ble oblig­a­tions, the neces­si­ty of data stor­age is reviewed every three years; in the case of statu­to­ry archiv­ing oblig­a­tions, the dele­tion takes place after their expiry (end of com­mer­cial law (6 years) and tax law (10 years) stor­age oblig­a­tion).

Agency ser­vices

We process our cus­tomers’ data as part of our con­trac­tu­al ser­vices, which include con­cep­tu­al and strate­gic con­sult­ing, cam­paign plan­ning, soft­ware and design devel­op­ment / con­sult­ing or main­te­nance, imple­men­ta­tion of cam­paigns and process­es / han­dling, serv­er admin­is­tra­tion, data analy­sis / con­sult­ing ser­vices and train­ing ser­vices.

We process inven­to­ry data (e.g., cus­tomer mas­ter data, such as names or address­es), con­tact data (e.g., e-mail, tele­phone num­bers), con­tent data (e.g., text entries, pho­tographs, videos), con­tract data (e.g., sub­ject mat­ter of the con­tract, term), pay­ment data (e.g., bank details, pay­ment his­to­ry), usage and meta­da­ta (e.g. as part of the eval­u­a­tion and per­for­mance mea­sure­ment of mar­ket­ing mea­sures). We do not process spe­cial cat­e­gories of per­son­al data unless these are part of com­mis­sioned pro­cess­ing. This includes our cus­tomers, prospects, their cus­tomers, users, web­site vis­i­tors or employ­ees, as well as third par­ties. The pur­pose of the pro­cess­ing is to pro­vide con­trac­tu­al ser­vices, billing and our cus­tomer ser­vice. The legal basis for pro­cess­ing results from Art. 6 para. 1 lit. b DSGVO (con­trac­tu­al ser­vices), Art. 6 para. 1 lit. f DSGVO (analy­sis, sta­tis­tics, opti­mi­sa­tion, safe­ty mea­sures). We process data which are nec­es­sary to jus­ti­fy and ful­fil the con­trac­tu­al ser­vices and point out the neces­si­ty of their dis­clo­sure. Dis­clo­sure to exter­nal par­ties only takes place if it is nec­es­sary with­in the frame­work of an order. When pro­cess­ing the data pro­vid­ed to us with­in the scope of an order, we act in accor­dance with the instruc­tions of the client and the legal require­ments for order pro­cess­ing pur­suant to Art. 28 DSGVO and process the data for no oth­er pur­pos­es than those stip­u­lat­ed in the order.

We delete the data after the expiry of statu­to­ry war­ran­ty and com­pa­ra­ble oblig­a­tions. The neces­si­ty of stor­ing the data is checked every three years; in the case of statu­to­ry archiv­ing oblig­a­tions, the data is delet­ed after their expiry (6 years, in accor­dance with § 257 Para­graph 1 HGB, 10 years, in accor­dance with § 147 Para­graph 1 AO). In the case of data dis­closed to us with­in the scope of an order by the cus­tomer, we delete the data in accor­dance with the spec­i­fi­ca­tions of the order, gen­er­al­ly after the end of the order.

Ful­fil­ment of con­trac­tu­al ser­vices

We process inven­to­ry data (e.g., names and address­es as well as con­tact data of users), con­tract data (e.g., ser­vices used, names of con­tact per­sons, pay­ment infor­ma­tion) for the pur­pose of ful­fill­ing our con­trac­tu­al oblig­a­tions and ser­vices pur­suant to Art. 6 para. 1 lit b. DSGVO. The entries marked as oblig­a­tory in online forms are required for the con­clu­sion of the con­tract.

When using our online ser­vices, we store the IP address and the time of the respec­tive user action. The data is stored on the basis of our legit­i­mate inter­ests as well as the user’s pro­tec­tion against mis­use and oth­er unau­tho­rized use. A pass­ing on of this data to third par­ties does not take place in prin­ci­ple, unless it is nec­es­sary for the pur­suit of our claims or there is a legal oblig­a­tion accord­ing to Art. 6 Abs. 1 lit. c DSGVO.
The data will be delet­ed after the expiry of statu­to­ry war­ran­ty and com­pa­ra­ble oblig­a­tions; the neces­si­ty of stor­ing the data will be reviewed every three years; in the case of statu­to­ry archiv­ing oblig­a­tions, the data will be delet­ed after their expiry. Infor­ma­tion in the pos­si­ble cus­tomer account remain up to its dele­tion.

Admin­is­tra­tion, finan­cial account­ing, office organ­i­sa­tion, con­tact man­age­ment

We process data with­in the frame­work of admin­is­tra­tive tasks as well as the organ­i­sa­tion of our com­pa­ny, finan­cial account­ing and com­pli­ance with legal oblig­a­tions, e.g. archiv­ing. We process the same data that we process as part of the per­for­mance of our con­trac­tu­al ser­vices. The pro­cess­ing bases are Art. 6 para. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Cus­tomers, prospects, busi­ness part­ners and web­site vis­i­tors are affect­ed by the pro­cess­ing. The pur­pose and our inter­est in the pro­cess­ing lies in the admin­is­tra­tion, finan­cial account­ing, office orga­ni­za­tion, archiv­ing of data, thus tasks which serve the main­te­nance of our busi­ness activ­i­ties, and the pro­vi­sion of our ser­vices. The dele­tion of the data with regard to con­trac­tu­al ser­vices and con­trac­tu­al com­mu­ni­ca­tion cor­re­sponds to the infor­ma­tion pro­vid­ed in these pro­cess­ing activ­i­ties.

We dis­close or trans­mit data to the tax author­i­ties, con­sul­tants, such as tax con­sul­tants or audi­tors, as well as oth­er fee offices and pay­ment ser­vice providers.

Fur­ther­more, we store infor­ma­tion on sup­pli­ers, event organ­is­ers and oth­er busi­ness part­ners on the basis of our busi­ness inter­ests, e.g. for the pur­pose of mak­ing con­tact at a lat­er date. We store this data, which is main­ly com­pa­ny-relat­ed, per­ma­nent­ly.

Busi­ness analy­ses and mar­ket research

In order to oper­ate our busi­ness eco­nom­i­cal­ly and to iden­ti­fy mar­ket trends, cus­tomer and user require­ments, we analyse the data avail­able to us on busi­ness trans­ac­tions, con­tracts, enquiries, etc., in order to ensure that we are able to offer our cus­tomers the best pos­si­ble ser­vice. We process inven­to­ry data, com­mu­ni­ca­tion data, con­tract data, pay­ment data, usage data, meta­da­ta on the basis of Art. 6 para. 1 lit. f. DSGVO, where­by the per­sons con­cerned include cus­tomers, inter­est­ed par­ties, busi­ness part­ners, vis­i­tors and users of the online offer.

The analy­ses are car­ried out for the pur­pose of eco­nom­ic eval­u­a­tions, mar­ket­ing and mar­ket research. In doing so, we can con­sid­er the pro­files of reg­is­tered users with infor­ma­tion e.g. about their pur­chase process­es. The analy­ses serve us to increase the user-friend­li­ness, the opti­miza­tion of our offer and the eco­nom­ic effi­cien­cy. The analy­ses serve us alone and are not dis­closed exter­nal­ly, unless they are anony­mous analy­ses with aggre­gat­ed val­ues.

If these analy­ses or pro­files are per­son­al, they will be delet­ed or made anony­mous upon ter­mi­na­tion of the user, oth­er­wise after two years from the con­clu­sion of the con­tract. For the rest, macro­eco­nom­ic analy­ses and gen­er­al trend deter­mi­na­tions are pre­pared anony­mous­ly wher­ev­er pos­si­ble.

Pri­va­cy pol­i­cy in the appli­ca­tion process

We process the appli­cant data only for the pur­pose and in the con­text of the appli­ca­tion pro­ce­dure in accor­dance with the legal require­ments. The pro­cess­ing of the appli­cant data takes place in order to ful­fil our (pre)contractual oblig­a­tions in the con­text of the appli­ca­tion pro­ce­dure with­in the mean­ing of Art. 6 para. 1 lit. b. DSGVO Art. 6 para. 1 lit. f. DSGVO if data pro­cess­ing becomes nec­es­sary for us, e.g. with­in the frame­work of legal pro­ce­dures (in Ger­many § 26 BDSG addi­tion­al­ly applies).

The appli­ca­tion pro­ce­dure requires that appli­cants pro­vide us with their data. If we offer an online form, the nec­es­sary appli­cant data are marked oth­er­wise result from the job descrip­tions and gen­er­al­ly include per­son­al data, postal and con­tact address­es and the doc­u­ments belong­ing to the appli­ca­tion, such as cov­er let­ter, cur­ricu­lum vitae and cer­tifi­cates. In addi­tion, appli­cants may vol­un­tar­i­ly pro­vide us with addi­tion­al infor­ma­tion.

By sub­mit­ting the appli­ca­tion to us, appli­cants agree to the pro­cess­ing of their data for the pur­pos­es of the appli­ca­tion pro­ce­dure in accor­dance with the type and scope set out in this data pro­tec­tion dec­la­ra­tion.

Inso­far as spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Art. 9 para. 1 DSGVO are vol­un­tar­i­ly com­mu­ni­cat­ed with­in the scope of the appli­ca­tion pro­ce­dure, they are addi­tion­al­ly processed in accor­dance with Art. 9 para. 2 let­ter b DSGVO (e.g. health data, e.g. severe­ly dis­abled sta­tus or eth­nic ori­gin). If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Art. 9 para. 1 DSGVO are request­ed from appli­cants dur­ing the appli­ca­tion pro­ce­dure, they are addi­tion­al­ly processed in accor­dance with Art. 9 para. 2 lit. a DSGVO (e.g. health data, if these are required for the exer­cise of the pro­fes­sion).

Appli­cants can send us their appli­ca­tions via an online form on our web­site. The data is encrypt­ed and trans­mit­ted to us accord­ing to the state of the art.

Appli­cants can also send us their appli­ca­tions by e-mail. Please note, how­ev­er, that e-mails are gen­er­al­ly not sent in encrypt­ed form and that the appli­cants them­selves must ensure that they are encrypt­ed. We can­not there­fore accept any respon­si­bil­i­ty for the trans­mis­sion of the appli­ca­tion between the sender and receipt on our serv­er and there­fore rec­om­mend that you use an online form or the postal dis­patch. Instead of apply­ing via the online form or by e-mail, appli­cants can still send us their appli­ca­tion by post.

If the appli­ca­tion is suc­cess­ful, the data pro­vid­ed by the appli­cants can be fur­ther processed by us for the pur­pose of employ­ment. Oth­er­wise, if the appli­ca­tion for a job offer is not suc­cess­ful, the appli­cants’ data will be delet­ed. Appli­cants’ data will also be delet­ed if an appli­ca­tion is with­drawn, which the appli­cants are enti­tled to do at any time.

The dele­tion will take place after a peri­od of six months, sub­ject to a jus­ti­fied revo­ca­tion by the appli­cant, so that we can answer any fol­low-up ques­tions to the appli­ca­tion and meet our oblig­a­tions under the Equal Treat­ment Act. Invoic­es for any reim­burse­ment of trav­el expens­es are archived in accor­dance with tax reg­u­la­tions.

Con­tact­ing

When con­tact­ing us (e.g. via con­tact form, e-mail or tele­phone), the user’s data will be processed in order to process the con­tact request and to han­dle it in accor­dance with Art. 6 Para. 1 lit. b) DSGVO. User infor­ma­tion can be stored in a cus­tomer rela­tion­ship man­age­ment sys­tem (“CRM sys­tem”) or com­pa­ra­ble request orga­ni­za­tion.

We delete the requests if they are no longer nec­es­sary. We review the neces­si­ty every two years; the statu­to­ry archiv­ing oblig­a­tions also apply.

Newslet­ter

With the fol­low­ing infor­ma­tion we inform you about the con­tents of our newslet­ter as well as the reg­is­tra­tion, mail­ing and sta­tis­ti­cal eval­u­a­tion pro­ce­dure and your rights of objec­tion. By sub­scrib­ing to our newslet­ter you agree to the recep­tion and the described pro­ce­dures.

Con­tents of the newslet­ter

We will only send newslet­ters, e-mails and oth­er elec­tron­ic noti­fi­ca­tions con­tain­ing adver­tis­ing infor­ma­tion (here­inafter “newslet­ters”) with the con­sent of the recip­i­ents or a legal per­mis­sion. If the con­tents of a newslet­ter are specif­i­cal­ly described with­in the scope of a reg­is­tra­tion, they are deci­sive for the con­sent of the users. In addi­tion, our newslet­ters con­tain infor­ma­tion about our ser­vices and us.

Dou­ble-Opt-In and log­ging

The reg­is­tra­tion for our newslet­ter takes place in a so-called dou­ble opt-in pro­ce­dure. This means that after reg­is­tra­tion you will receive an e-mail ask­ing you to con­firm your reg­is­tra­tion. This con­fir­ma­tion is nec­es­sary so that no one can log in with oth­er e-mail address­es. Sub­scrip­tions to the newslet­ter are logged in order to be able to prove the reg­is­tra­tion process in accor­dance with legal require­ments. This includes the stor­age of the login and con­fir­ma­tion time, as well as the IP address. The changes to your data stored with the ship­ping ser­vice provider are also logged.

Reg­is­tra­tion details

To sub­scribe to the newslet­ter, sim­ply enter your e-mail address. Option­al­ly we ask you to indi­cate a name for the pur­pose of per­son­al address in the newslet­ter.

The dis­patch of the newslet­ter and the per­for­mance mea­sure­ment asso­ci­at­ed with it is based on the recipient’s con­sent pur­suant to Art. 6 para. 1 lit. a, Art. 7 DSGVO in con­junc­tion with § 7 para. 2 no. 3 UWG or on the basis of the legal per­mis­sion pur­suant to § 7 para. 3 UWG.

The reg­is­tra­tion pro­ce­dure is record­ed on the basis of our legit­i­mate inter­ests pur­suant to Art. 6 para. 1 lit. f DSGVO. We are inter­est­ed in the use of a user-friend­ly and secure newslet­ter sys­tem that serves both our busi­ness inter­ests and the expec­ta­tions of users and also allows us to pro­vide proof of con­sent.

Cancellation/Revocation

You can can­cel the receipt of our newslet­ter at any time, i.e. revoke your con­sent. You will find a link to can­cel the newslet­ter at the end of each newslet­ter. We may store the e-mail address­es we have unsub­scribed for up to three years on the basis of our legit­i­mate inter­ests before we delete them in order to be able to prove a pre­vi­ous­ly giv­en con­sent. The pro­cess­ing of these data is lim­it­ed to the pur­pose of a pos­si­ble defence against claims. An indi­vid­ual appli­ca­tion for can­cel­la­tion is pos­si­ble at any time, pro­vid­ed that at the same time the for­mer exis­tence of a con­sent is con­firmed.

Newslet­ter — Mail­ing ser­vice provider

The newslet­ter is sent by the mail­ing ser­vice provider Mail­Jet GmbH, Rankestr. 21, 10789 Berlin, Ger­many. The data pro­tec­tion reg­u­la­tions of the ship­ping ser­vice provider can be viewed here: https://www.mailjet.de/privacy-policy/. The mail­ing ser­vice provider is used on the basis of our legit­i­mate inter­ests accord­ing to Art. 6 Para. 1 let­ter f DSGVO and an order pro­cess­ing con­tract accord­ing to Art. 28 Para. 3 S. 1 DSGVO.

The mail­ing ser­vice provider can use the recipient’s data in pseu­do­ny­mous form, i.e. with­out assign­ment to a user, to opti­mise or improve its own ser­vices, e.g. for tech­ni­cal opti­mi­sa­tion of the dis­patch and pre­sen­ta­tion of the newslet­ter or for sta­tis­ti­cal pur­pos­es. How­ev­er, the mail­ing ser­vice provider does not use the data of our newslet­ter recip­i­ents to con­tact them itself or to pass the data on to third par­ties.

Range mea­sure­ment with Mato­mo

With­in the scope of Matomo’s range analy­sis, based on our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­miza­tion and eco­nom­ic oper­a­tion of our online offer with­in the mean­ing of Art. 6 para. 1 lit. f. DSGVO) process­es the fol­low­ing data: The brows­er type and ver­sion you use, the oper­at­ing sys­tem you use, your coun­try of ori­gin, date and time of the serv­er request, the num­ber of vis­its, your time spent on the web­site and the exter­nal links you clicked. The IP address of the users is anonymized before it is stored.

Mato­mo uses cook­ies which are stored on the user’s com­put­er and which enable an analy­sis of the use of our online offer by the user. Pseu­do­ny­mous user pro­files can be cre­at­ed from the processed data. The cook­ies are stored for one week. The infor­ma­tion gen­er­at­ed by the cook­ie about your use of this web­site is only stored on our serv­er and not passed on to third par­ties.

Users can object to the anonymized data col­lec­tion by the Mato­mo pro­gram at any time with effect for the future by click­ing on the link below. In this case, a so-called opt-out cook­ie is stored in your brows­er, which means that Mato­mo no longer col­lects any ses­sion data. If users delete their cook­ies, how­ev­er, this means that the opt-out cook­ie is also delet­ed and must there­fore be acti­vat­ed again by the users.

The logs con­tain­ing user data will be delet­ed after 6 months at the lat­est.

 

Con­nec­tion of third-par­ty ser­vices and con­tent

With­in our online offer, we pro­vide infor­ma­tion based on our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and eco­nom­ic oper­a­tion of our online offer with­in the mean­ing of Art. 6 para. 1 let­ter f). DSGVO) of con­tent or ser­vice offer­ings of third par­ties in order to embed their con­tent and ser­vices, such as videos or fonts (here­inafter uni­form­ly referred to as “con­tent”).

This always requires that the third par­ty providers of this con­tent per­ceive the IP address of the users, since with­out the IP address they could not send the con­tent to their brows­er. The IP address is there­fore required for the dis­play of this con­tent. We endeav­our to use only those con­tents whose respec­tive providers use the IP address only for the deliv­ery of the con­tents. Third-par­ty providers may also use so-called pix­el tags (invis­i­ble graph­ics, also known as “web bea­cons”) for sta­tis­ti­cal or mar­ket­ing pur­pos­es. “Pix­el tags” can be used to eval­u­ate infor­ma­tion such as vis­i­tor traf­fic on the pages of this web­site. The pseu­do­ny­mous infor­ma­tion may also be stored in cook­ies on the user’s device and may include tech­ni­cal infor­ma­tion about the brows­er and oper­at­ing sys­tem, refer­ring web­sites, vis­it­ing time and oth­er infor­ma­tion about the use of our online offer, as well as be linked to such infor­ma­tion from oth­er sources.

Google Fonts

We use the fonts (“Google Fonts”) of Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA. Pri­va­cy pol­i­cy: https://www.google.com/policies/privacy/, Opt-out func­tion indi­cat­ed by Google: https://adssettings.google.com/authenticated.

Google ReCaptcha

We use the func­tion for the detec­tion of bots, e.g. for entries in online forms (“ReCaptcha”) of the provider Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA. Pri­va­cy pol­i­cy: https://www.google.com/policies/privacy/, Opt-out func­tion indi­cat­ed by Google: https://adssettings.google.com/authenticated.

Google Maps

We use the maps of the ser­vice “Google Maps” of the provider Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA. The processed data may include in par­tic­u­lar IP address­es and loca­tion data of the users, which, how­ev­er, are not col­lect­ed with­out their con­sent (as a rule with­in the frame­work of the set­tings of their mobile devices). The data can be processed in the USA. Pri­va­cy pol­i­cy: https://www.google.com/policies/privacy/, Opt-out func­tion indi­cat­ed by Google: https://adssettings.google.com/authenticated.