The responsible body
The responsible body within the meaning of data protection laws (Art. 4 No. 7 GDPR) is:
Am Burgberg 13
Telephone: +49 (0) 5564 200 78-0
The company data protection officer can be reached at firstname.lastname@example.org.
Type of data processed
We process data from the following data categories:
- Inventory data (e.g. names, addresses)
- Contact details (e.g. email, telephone numbers)
- Content data (e.g. text input, photographs, videos)
- Usage data (e.g. visited websites, interest in content, access times)
- Meta / communication data (e.g. device information, IP addresses)
- Employee data (e.g. cover letters and attachments for online applications)
Categories of data subjects
Visitors and users of the online offer. In the following, we refer to the data subjects collectively as “users”.
Purpose of processing
- Providing the online offer, its content and functions
- Answering contact inquiries and communicating with users
- Marketing and advertisement
- Safety measures.
Legal basis for data processing
In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 sentence 1 lit. a and Art. 7 GDPR, the legal basis for processing to perform our services and carry out contractual measures as well as answering inquiries is Art. 6 Para. 1 S. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 S. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 S. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.
Disclosure of personal data to third parties and processors
If we disclose data to other people and companies (processors or third parties) as part of our processing, transmit them to them or otherwise give them access to the data, this will only be done on the basis of legal permission (e.g. if the data is transmitted to third parties, as to payment service providers, in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR for the fulfillment of the contract), you have consented, a legal obligation provides for this or based on our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data based on a so-called “order processing contract”, this will be done based on Art. 28 GDPR.
Data transfer to third countries
If we process the processing by third-party services outside the European Union or the European Economic Area, they must meet the special requirements of Art. 44 ff. GDPR. This means that processing takes place based on special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or the observance of officially recognized special contractual obligations, the so-called “standard contractual clauses”.
Deletion of data
The data processed by us is deleted in accordance with Art. 17 and 18 GDPR or its processing is restricted. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal storage obligations to prevent deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data will be blocked and not processed for other purposes. This applies e.g. for data that must be kept for commercial or tax law reasons or for data whose further storage is necessary for evidence purposes.
This includes, for example, commercial law retention requirements for business letters in accordance with Section 257 (1) Commercial Code (HGB) (6 years) and tax retention requirements in accordance with Section 147 (1) Fiscal Code (AO) for documents (10 years). If the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion of a contract or for the fulfillment of the contract.
“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie e.g. the content of a shopping cart in an online shop or a login status can be saved. Cookies are referred to as “permanent” or “persistent” and remain saved even after the browser is closed. For example, the login status is saved if the users visit it after several days. Such a cookie can also be used to store the interests of users who are used for range measurement or marketing purposes. A “third-party cookie” refers to cookies that are offered by providers other than the person responsible for operating the online offer (otherwise, if they are only their cookies, we speak of “first-party cookies”).
Objection and “opt-out”: You can generally prevent cookies from being saved on your hard drive by selecting “do not accept cookies” in your browser settings. However, this can result in a functional restriction of our offers. You can use third-party cookies for advertising purposes by opting out via this American website (https://optout.aboutads.info) or this European website (https://www.youronlinechoices.com/uk/your-ad-choices) contradict.
Provision of our website and creation of log files
We collect based on our legitimate interests within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR data about every access to the server on which this service is located (so-called server log files).
The access data include:
- Name of the website accessed,
- date and time of access,
- amount of data transferred,
- notification of successful access,
- browser type and version,
- the user’s operating system,
- referrer URL (the previously visited page),
- IP address
- and the requesting provider.
For security reasons (e.g. to investigate hacker attacks, misuse or fraudulent activities), log file information is stored for a maximum of 60 days and then deleted. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
Contact via contact form / email / fax / post
If you contact us by contact form, fax, post or email, your details will be processed for the purpose of processing the contact request.
If you have given your consent, the legal basis for processing the data is Art. 6 para. 1 sentence 1 lit. a GDPR. The legal basis for processing the data transmitted in the course of a contact request or email, letter or fax is Art. 6 Para. 1 S. 1 lit. f GDPR. The person responsible has a legitimate interest in the processing and storage of the data, in order to be able to answer user inquiries, to preserve evidence for reasons of liability and, if necessary, to be able to comply with his legal retention requirements for business letters. If the contact is aimed at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
The information provided by users can be stored in our customer relationship management system (“CRM system”) or a comparable request organization.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified. We store inquiries from users who have an account or contract with us up to two years after the contract has ended. In the case of legal archiving obligations, deletion takes place after their expiry: end of commercial law (6 years) and tax law (10 years) retention requirements.
You have the option at any time to withdraw consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR to process personal data. If you contact us by email, you can object to the storage of your personal data at any time.
We use the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”), based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 S. 1 lit. f).
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user clicks on a Facebook button on our online offer and is logged into his Facebook account, his device establishes a direct connection to the Facebook servers. User profiles of the users can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects due to the click and therefore inform the users according to our level of knowledge.
By clicking, Facebook receives the information that a user has called up the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. If, for example, users click the Facebook Like button or leave a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save his IP address. According to Facebook, only an anonymized IP address is saved in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options for protecting the privacy of users can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his member data stored on Facebook, he must log out of Facebook before using our online offer and delete his cookies. Further settings and contradictions regarding the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings are platform independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
Integration of services and content from third parties
We use content or service offers from third-party providers within our online offer based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 sentence 1 lit. Content and services, such as Include videos or fonts (hereinafter referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required to display this content. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the device of the user and contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information on the use of our online offer, as well as being linked to such information from other sources.
The following illustration provides an overview of third-party providers and their content, along with links to their data protection declarations, which provide further information on the processing of data and, in part. already mentioned here, options for objection (so-called opt-out) include:
External fonts from Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) at https://www.google.com/fonts (“Google Fonts”). The integration of the Google Fonts is done by calling up a server at Google (usually in the USA). Data protection declaration: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
Videos from the “YouTube” platform of the third-party provider Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Data protection declaration: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated.
As far as we know, the data of the users are used by OpenStreetMap exclusively for the purpose of displaying the map functions and temporarily storing the selected settings. This data can include, in particular, IP addresses and location data of the users, which, however, are not collected without their consent (usually carried out as part of the settings of their mobile devices).
Data protection for applications and in the application process
Applications that are sent to the responsible person electronically or by post are processed electronically or manually for the purpose of handling the application process.
We expressly point out that application documents with “special categories of personal data” according to Art. 9 GDPR (e.g. a photo that gives conclusions about your ethnic origin, religion or your marital status), with the exception of a possible severe disability, which you choose freely want to disclose are undesirable. You should submit your application without this data. This has no impact on your application chances.
The legal bases for processing are Art. 6 Para. 1 S.1 lit. b GDPR and § 26 Federal Data Protection Act (BDSG) new
If an employment relationship is entered into with the applicant after the application process has been completed, the applicant data will be saved in compliance with the relevant data protection regulations. If you are not offered a job after completing the application process, your application letter and documents will be deleted 6 months after the rejection has been sent in order to be able to meet any claims and verification requirements under the General Equal Treatment Act (AGG).
Rights of the data subject
Right to object or revoke the processing of your data
If you have given your consent to the processing of your data (Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a) GDPR), you can revoke this at any time in accordance with Art. 7 para. 3 GDPR withdraw. Such a revocation affects the admissibility of processing your personal data after you have given it to us.
Insofar as we base the processing of your personal data on the balancing of interests (Art. 6 Para. 1 S. 1 lit. f GDPR), you can object to the processing. This is the case if the processing is not particularly necessary to fulfill a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising using the contact details above.
Right to information
You have a right to information about your personal data stored with us according to Art. 15 GDPR. This includes, in particular, information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it was collected directly from you.
Right to rectification
You have the right to correct inaccurate or complete correct data in accordance with Art. 16 GDPR.
Right to cancellation
You have the right to have your data stored by us deleted in accordance with Art. 17 GDPR, unless legal or contractual retention periods or other legal obligations or rights to further storage prevent this.
Right to restriction
You have the right to request a restriction in the processing of your personal data if one of the requirements in Art. 18 Para. 1 lit. a to d GDPR is fulfilled:
- If you contest the accuracy of your personal data for a period of time that enables the person responsible to check the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
- the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
- if you have objected to processing in accordance with Art. 21 Para. 1 GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
Right to data portability
You have a right to data portability according to Art. 20 GDPR, which means that you can receive the personal data we have stored about you in a structured, common and machine-readable format or you can request the transfer to another person responsible.
Right to complain
You can contact a supervisory authority at any time with a complaint, e.g. to the responsible supervisory authority of the state of your residence or to the authority responsible for us as the responsible body.
A list of the supervisory authorities (for the non-public area) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
We have taken appropriate technical and organizational security measures to protect all personal data transmitted to us and to ensure that the data protection regulations are adhered to by us and our external service providers. That is why, among other things, all data is transmitted encrypted between your browser and our server via a secure SSL connection.