1. Data Privacy Overview
Data recording on our website
Who is responsible for recording data on this website?
The website operator processes the data on this website. You can find this party’s contact information in this website’s imprint.
How do we record your data?
We record your data when you provide it to us, for one thing. One example is data that you enter in the contact form.
Our IT systems automatically record other data when you visit our website. This data is primarily of a technical nature (e.g., Internet browser, operating system, or the time the website was called up). This data is automatically recorded as soon as you visit our website.
What do we use your data for?
We collect some of the data to guarantee that the website is displayed without errors. Other data may be used to analyze your user behavior.
What rights do you have concerning your data?
You have the right to receive information about the origin, recipient, and purpose of your stored personal data for free. You also have the right to request the correction or deletion of this data. If you have granted your consent to data processing, you may revoke this consent at any time with effect for the future. Additionally, under certain circumstances, you have the right to request that the processing of your personal data be restricted. Furthermore, you have the right to appeal to the responsible supervisory authorities.
You may contact us regarding this issue and others concerning data privacy at any time at the address specified in the imprint.
2. Hosting and Content Delivery Networks (CDN)
This website is hosted by an external service provider (hoster). The personal data recorded on this website is stored on this hoster’s servers. This data may include, in particular, IP addresses, contact requests, meta- and communication data, contract data, contact data, names, accesses to websites, and other data generated via a website.
We use this hoster for purposes of fulfilling contracts with our potential customers (Art. 6 Para. 1 b of the GDPR) and in the interests of provisioning our website more securely, quickly, and efficiently through a professional provider (Art. 6 Para. 1 f of the GDPR).
Our hoster will process your data only insofar as this is necessary to fulfill its service obligations and will follow our instructions concerning this data.
Conclusion of an order processing contract
To guarantee processing that conforms with data privacy legislation, we have concluded an order processing contract with our hoster.
3. General Information and Mandatory Information
If you use this website, we will collect various personal data. Personal data is data that can be used to personally identify you. This data privacy statement explains which data we collect and what we use it for. It also explains how we do so and for what purpose.
We would like to point out that data transmission over the Internet (e.g., during email communication) may involve security gaps. It is not possible to completely prevent data from being accessed by third parties.
Information about the responsible party
The party responsible for processing the data on this website is:
Phone: +49 2572 80084-20
The responsible party is the natural or legal person that makes decisions regarding the purposes and means of processing personal data (e.g., names, email addresses, and similar data) alone or together with other parties.
Legally prescribed data protection officer
We have appointed a data protection officer for our company, who can be contacted as follows:
Phone: +49 7231 9797-64
Revocation of your consent to data processing
Many data processing procedures are possible only with your express consent. You may revoke consent you have already granted at any time. To do so, simply send us an informal notification of your wish by email. The lawfulness of the data processing performed until the time of your revocation shall remain unaffected by the revocation.
Right to objection against data collection in special cases and direct advertising (Art. 21 of the GDPR)
If your personal data is processed for purposes of carrying out direct advertising, you have the right to file an objection to the processing of your respective personal data for purposes of this advertising at any time; this also applies to profiling associated with such direct advertising. Should you object, your personal data shall subsequently no longer be used for direct advertising purposes (objection pursuant to Art. 21 Para. 2 of the GDPR).
Right of appeal to the responsible supervisory authorities
In the event of violations against the GDPR, the party concerned shall have the right to appeal to a supervisory authority, especially in the member state of their habitual residence, their place of employment, or the location where the alleged violation took place. The right of appeal shall exist, regardless of other administrative or court remedies.
Right to data portability
You have the right to request that data we automatically process based on your consent or when fulfilling a contract be issued to you or to a third party in a common, machine-readable format. Should you request direct transfer of data to another responsible party, this shall take place only to the extent technically possible.
SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and in order to protect the transfer of confidential content, such as orders or inquiries that you submit to us as the website operator. You can recognize encrypted connections because their address line in the browser switches from “http://” to “https://”, and a lock symbol appears in your browser line.
If the SSL or TLS encryption is activated, no third parties can read the data you transfer to us.
Information, deletion, and correction
In the scope of the applicable legal provisions, you have the right to receive free information about the personal data stored concerning you, its origin, and recipients, as well as the purpose of the data processing and, if necessary, the right to the correction, blocking, or deletion of this data at all times. You may contact us regarding this issue and others concerning personal data at any time at the address specified in the imprint.
Right to restricted processing
You have the right to request that the processing of your personal data be restricted.
You may contact us regarding this issue at any time at the address specified in the imprint. The right to restricted processing shall exist in the following cases:
- Should you contest the accuracy of the personal data we have stored, we generally require some time to examine the matter. You shall have the right to request that the processing of your personal data be restricted during this examination.
- Should the processing of your personal data have taken place or take place illicitly, you may request data processing restriction instead of deletion.
- If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you shall have the right to request the restriction of the processing of your personal data instead of its deletion.
- If you have filed an objection according to Art. 21 Para. 1 of the GDPR, your interests and our interests shall be weighed. Until a decision has been reached concerning the prevailing interests, you shall have the right to request that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, this data – apart from its storage – may be processed only with your consent or to assert, exercise, or defend legal claims; to protect the rights of another natural or legal person; or for reasons of important public interest of the European Union or a member state.
4. Data Recording on our Website
Our Internet sites use what are referred to as “cookies.” Cookies are small text files that do not damage your terminal device. They are stored on your terminal device either on a temporary basis for the length of a session (session cookies) or on a permanent basis (permanent cookies). Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until your web browser automatically deletes them.
In some instances, third-party companies can also store cookies on your terminal device when you enter our website (third-party cookies). They allow us or you to use certain services from the third-party company (e.g., cookies for processing payment services).
Cookies have different functions. Many cookies are necessary from a technical perspective since certain website functions would not work without them (e.g., the shopping cart function or showing videos). Other cookies serve to evaluate user behavior or display advertisements.
Cookies that are required to perform electronic communication procedures (necessary cookies), to provision certain functions you want to use (functional cookies, e.g., for the shopping cart function), or to optimize the website (e.g., cookies for measuring the web public) are stored on the basis of Art. 6 Para. 1 f of the GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing cookies in order to provide its service optimally and free of technical errors. If consent to the storage of cookies was requested, the cookies in question will be stored only on the basis of this consent (Art. 6 Para. 1 a of the GDPR), and you may revoke your consent at any time.
Server log files
The website provider automatically collects and stores information in what are referred to as server log files, which your browser automatically transmits to us. They are the following:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time and server request
- IP address
This data is not combined with other sources of data.
This data is recorded based on Art. 6 Para. 1 f of the GDPR. The website operator has a legitimate interest in the technically flawless display and optimization of their website. Log server files must be recorded for this reason.
Inquiries by email, telephone, or fax
If you contact us by email, telephone, or fax, we shall store and process your inquiry, including all personal data issuing from it (name, inquiry) so we can process your request. We shall not pass on this data without your consent.
We shall process this data based on Art. 6 Para. 1 b of the GDPR if your inquiry is related to the fulfillment of a contract or is necessary for performing pre-contractual measures. In all remaining cases, processing shall take place on the basis of your consent (Art. 6 Para. 1 a of the GDPR) and/or on the basis of our legitimate interests (Art. 6 Para. 1 f of the GDPR), since we have a legitimate interest in effectively processing the inquiries addressed to us.
We shall retain the data you transmit to us through contact inquiries until you request its deletion, you revoke your consent to storage, or the purpose for storing the data lapses (e.g., after we have finished processing your request). Mandatory legal provisions – especially legal storage periods – shall remain unaffected by this.
5. Analytic Tools and Advertisements
This website uses the visitor action pixel from Facebook to measure conversions. The provider for this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data recorded is also transferred to the USA and other third countries.
Thus, the behavior of people who visit the website can be tracked after they were forwarded to the provider’s website as a result of clicking on a Facebook ad. Consequently, the effectiveness of the Facebook ads can be evaluated for statistical and market research purposes, and future advertising measures can be optimized.
The data collected is anonymous for us in our role as website operators, meaning we cannot draw any conclusions regarding the identity of users. However, Facebook stores and processes the data, meaning it is possible to create a connection between the respective user profile, and Facebook can use the data for its own advertising purposes pursuant to its own data usage policy. As a result, Facebook can make it possible to activate ads on web pages both within and outside of Facebook. We cannot influence the usage of this data in our role as website operators.
Facebook pixel is used based on Art. 6 Para. 1 f of the GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. Insofar as consent to this end was requested (e.g., consent to storage of cookies), processing will take place exclusively on the basis of Art. 6 Para. 1 a of the GDPR. You may revoke your consent at any time.
You can find additional information about the protection of your privacy in Facebook’s data privacy statement: https://facebook.com/about/privacy/.
Additionally, you can deactivate the re-marketing function “Custom Audiences” in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook in order to do this.
If you do not have a Facebook account, you can deactivate user-based advertisements from Facebook on the European Interactive Digital Advertising Alliance’s website: https://www.youronlinechoices.com/uk/your-ad-choices.
6. Own Services
Handling applicant data
We offer you the opportunity to apply to work with us (e.g., by email or using conventional mail or our online application form). The following text informs you about the extent, purpose, and usage of the personal data that we collect from you during the application process. We guarantee that the collection, processing, and usage of your data is performed in accordance with the applicable data privacy legislation and all other legal provisions and that we treat your data strictly confidentially.
Scope and purpose of data collection
If you send us an application, we process your personal data related to this application (e.g., contact and communication data, application documents, notes taken during interviews, etc.) to the extent required to reach a decision regarding the formation of an employment relationship. The legal basis for this is § 26 of the new BDSG [Federal Data Protection Act] pursuant to German law (initiation of an employment relationship), Art. 6 Para. 1 b of the GDPR (general contract initiation) and – if you have granted your consent – Art. 6 Para. 1 a of the GDPR. You may revoke your consent at any time. We shall transmit your personal data only to persons within our company who are involved in processing your application.
If your application is successful, we shall store the data you submitted based on § 26 of the new BSDC and Art. 6 Para. 1 b of the GDPR in order to establish the employment relationship.
Storage period for data
If we are unable to offer you a position, if you reject a job offer, or if you withdraw your application, we reserve the right to store the data you have transmitted to us for up to six months after the termination of the application procedure (rejection or withdrawal of the application) based on our legitimate interests (Art. 6 Para. 1 f of the GDPR). After that time, we will delete the data and destroy the physical application. In particular, storage serves verification purposes in the event of a legal dispute. If it is foreseeable that the data will be required after the expiration of the 6-month period (e.g., owing to an imminent or pending legal dispute), this data will be deleted only after the purpose for its continued storage has ceased to exist.
Additionally, storage may be prolonged if you have granted your consent to this (Art. 6 Para. 1 a of the GDPR) or if legal storage obligations speak against deletion.
Inclusion in the applicant pool
If we are unable to offer you a position, we may be able to include you in our applicant pool. If you are included in this pool, we will transfer all documents and information from your application to the applicant pool so we can contact you in the event of appropriate vacancies.
Inclusion in the applicant pool takes place only if you have expressly granted consent (Art. 6 Para. 1 a of the GDPR). Your consent is granted on a voluntary basis, and it bears no relation to ongoing application procedures. The party in question may revoke its consent at all times. In this instance, the data from the applicant pool is irrecoverably deleted, provided no legal reasons for storage exist.
The data from the applicant pool will be irrecoverably deleted no later than two years after consent has been granted.