Privacy Policy

Data Protection

This Privacy Policy provides you with information regarding the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our website as well as the web pages, functions and content as well as external online presences such as our social media profiles associated with it (hereinafter mutually referred to as “website”). In regard to the terms used, such as “processing” or “controller”, we kindly refer to the definitions in art. 4 of the General Data Protection Regulation (GDPR).

Data Security Officer

If you have any questions regarding data privacy, please contact our Data Security Officer using the following contact information:
Mr. D. Klapproth, phone: +49 (0) 30 8224888, email: d.klapproth@ains-a.de

Controller

business factors Deutschland GmbH, Tauentzienstraße 15, 10789 Berlin / Germany, phone: +49 (0)30 76 76 552 – 95, fax: +49 (0)30 76 76 552 – 99, email: info@businessfactors.de

Managing Directors: Serkan Atil Ural, Alexander Stärke

Legal Disclosure: https://www.businessfactors.de/imprint/

Kind of data processed

  • Master data (e.g. names, addresses).
  • Contact data (e.g. email, telephone numbers).
  • Content data (e.g. text entries, photos, videos).
  • Usage data (e.g. web pages accessed, interest in contents, access times).
  • Metadata/communication data (e.g. device information, IP addresses).

Data subject categories

Visitors and users of the website (hereinafter, we collectively refer to the data subjects as “users”).

Purpose of processing

  • To make the website, its functions and contents available.
  • To reply to contact enquiries and communicate with users.
  • Security measures.
  • To analyze range/marketing

Order processing in the online shop and customer account

We process the data of our customers as part of the ordering process in our online shop to allow them to select and order the selected products and services, as well as their payment and delivery, or execution.

The processed data includes inventory data, communication data, contract data, payment data and those affected by the processing belong to our customers, prospects and other business partners. Processing is for the purpose of providing contractual services in the context of operating an online shop, billing, delivery and customer service. Here we use session cookies for the storage of the shopping cart contents and permanent cookies for the storage of the login status.

Processing takes place in order to fulfill our services and to carry out contractual measures (for example, carrying out order processes) and insofar as required by law (for example, legally required archiving of business transactions for trading and tax purposes). The information marked as required for the establishment and fulfillment of the contract is required. We disclose the data to third parties only in the context of extradition, payment or legal permissions and obligations, as well as if this is based on our legitimate interests, which we inform you in the context of this privacy policy (eg, to legal and tax consultants, Financial institutions, freight companies and public authorities).

Users can optionally create a user account, in particular by being able to view their orders. As part of the registration, the required mandatory information will be communicated to the users. The user accounts are not public and can not be indexed by search engines. If users have terminated their user account, their data will be deleted with respect to the user account, subject to their retention is necessary for commercial or tax reasons. Information in the customer’s account remains until its deletion with subsequent archiving in the case of a legal obligation or our legitimate interests (for example, in the case of litigation). It is the responsibility of the users to secure their data upon termination prior to the end of the contract.

As part of the registration and re-registration and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the pursuit of our legal claims as a legitimate interest or there is a legal obligation to do so.

The deletion takes place after expiration of legal warranty and other contractual rights or obligations (for example, payment entitlements or performance obligations from contracts with customers), whereby the necessity of keeping the data is checked every three years; in the case of storage due to legal archiving obligations, the deletion takes place after its expiration.

Terms used

“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” refers to any operation or set of operations performed in connection with personal data, with or without the use of automated means. The term has a broad meaning and practically includes any handling of data.

“Pseudonymization” refers to the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures, to ensure that the personal data is not attributed to an identified or identifiable natural person.

“Profiling” refers to any form of automated processing of personal data related to the use of personal data, to evaluate certain personal aspects concerning a natural person, in particular to analyze or predict aspects regarding that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” refers to a natural or legal person, public authority, agency or other body, who/which processes personal data on behalf of the controller.

Relevant legal bases

We inform you of the legal bases of our data processing in accordance with art. 13 of the GDPR Insofar as the legal basis is not stated in the Privacy Policy, the following applies: The legal basis for obtaining consent is art. 6 sec. 1 lit. a and art. 7 of the GDPR, the legal basis for processing to perform our services and implement contractual measures as well as respond to enquiries is art. 6 sec. 1 lit. b of the GDPR, the legal basis for processing to fulfil our legal obligations is art. 6 sec. 1 lit c of the GDPR and the legal basis for processing to safeguard our legitimate interests is art. 6 sec. 1 lit. f of the GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 sec. 1 lit. d of the GDPR serves as the legal basis.

Security measures

We take appropriate technical and organizational measures in accordance with art. 32 of the GDPR, taking the best available technology, the implementation costs and the nature, scope, circumstances and purposes of processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons into account, to ensure a level of protection appropriate for the risk.

In particular, these measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data as well as access it is affected by, input, disclosure, securing availability and its separation. Furthermore, we have established procedures, which ensure data subject rights being able to be exercised, data erasure and a reaction to data vulnerability. Moreover, we already consider the protection of personal data in the development phase or selection of hardware, software as well as procedures, according to the principle of data protection by technology design and by privacy-friendly default settings (article 25 of the GDPR).

Collaboration with processors and third parties

If, in the context of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant access to the data, this will only be done on the basis of legal permission (e.g. if transmission of the data to third parties, such as to payment service providers, is required to fulfill the contract in accordance with art. 6 sec. 1 lit. b of the GDPR), you have consented, a legal obligation stipulates it or based on our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data based on a so-called “Agreement on data processing”, this is conducted based on art. 28 of the GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do this in the context of using third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre)contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements pursuant to art. 44 ff. of the GDPR are met. That means processing takes place e.g. on the basis of specific guarantees, such as the officially recognized identification of an EU compliant data protection standard (e.g. for the US through the Privacy Shield) or in compliance with officially recognized special contractual obligations (so-called “standard contractual provisions”).

Rights of the data subjects

  • You have the right to request a confirmation of whether relevant data is being processed and to be informed about this data as well as to additional information and a copy of the data pursuant to art. 15 of the GDPR.
  • In accordance with art. 16 of the GDPR, you have the right to request the completion of data pertaining to you or the rectification of inaccurate data pertaining to you.
  • According to art. 17 of the GDPR, you have the right to request that respective data is immediately erased or alternatively, in accordance with art. 18 of the GDPR, a restriction of the data processing.
  • You have the right to request that data pertaining to you, which you made available to us, is maintained and that it is transferred to other controllers in accordance with art. 20 of the GDPR.
  • Furthermore, pursuant to art. 77 of the GDPR, you have the right to lodge a complaint with the responsible supervisory authority.

Right to withdraw consent

You have the right to withdraw any consent with given with effect for the future pursuant to art. 7 sec. 3 of the GDPR.

Right to object

You can object to the future processing of data pertaining to you in accordance with art. 21 of the GDPR at any time. In particular, you can object to processing for purposes of direct marketing.

Use of Cookies

Cookies are small text files or other data records that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the contents accessed or the functions used. Cookies can also be used for various purposes, e.g. for purposes of functionality, security and convenience of online offers as well as the creation of analyses of visitor flows.

Information on consent: We use cookies in accordance with the statutory provisions. Therefore, we obtain prior consent from users, except when it is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is strictly necessary in order to provide an information society service explicitly requested by the subscriber or user. Essential cookies usually include cookies with functions related to the display and operability of the onlineservice, load balancing, security, storage of users’ preferences and choices or similar purposes related to the provision of the main and secondary functions of the onlineservice requested by users. The revocable consent will be clearly communicated to the user and will contain the information on the respective cookie use.

Information on legal bases under data protection law: The legal basis under data protection law on which we process users’ personal data with the use of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in a business operation of our online services and improvement of its usability) or, if this is done in the context of the fulfillment of our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. For which purposes the cookies are processed by us, we do clarify in the course of this privacy policy or in the context of our consent and processing procedures.

Retention period: With regard to the retention period, a distinction is drawn between the following types of cookies:

  • Temporary cookies (also known as “session cookies”): Temporary cookies are deleted at the latest after a user has left an online service and closed his or her end device (i.e. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the terminal device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

General notes on revocation and objection (so-called “Opt-Out”): Users can revoke the consents they have given at any time and object to the processing in accordance with legal requirements. Users can restrict the use of cookies in their browser settings, among other options (although this may also limit the functionality of our online offering). A objection to the use of cookies for online marketing purposes can also be made through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of Processing: Provision of our online services and usability; Web Analytics (e.g. access statistics, recognition of returning visitors).
  • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Consent (Article 6 (1) (a) GDPR).

Further information on processing methods, procedures and services used:

Processing Cookie Data on the Basis of Consent: We use a cookie management solution in which users’ consent to the use of cookies, or the procedures and providers mentioned in the cookie management solution, can be obtained, managed and revoked by the users. The declaration of consent is stored so that it does not have to be retrieved again and the consent can be proven in accordance with the legal obligation. Storage can take place server-sided and/or in a cookie (so-called opt-out cookie or with the aid of comparable technologies) in order to be able to assign the consent to a user or and/or his/her device. Subject to individual details of the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. In this case, a pseudonymous user identifier is formed and stored with the date/time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and used end device; Legal Basis: Consent (Article 6 (1) (a) GDPR);

Cookie-Opt-Out: In the footer of our website you will find a link that allows you to change your cookie settings as well as revoke corresponding consents; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR);

Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online services (please refer to further details in this privacy policy). With the Tag Manager itself (which implements the tags), for example, no user profiles are created or cookies are stored. Google only receives the IP address of the user, which is necessary to run the Google Tag Manager; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms; Basis for third country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms).

Google Analytics 4: We use Google Analytics to perform measurement and analysis of the use of our online services by users based on a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to an end device in order to recognize which content users have accessed within one or various usage processes, which search terms they have used, have accessed again or have interacted with our online services. Likewise, the time of use and its duration are stored, as well as the sources of users referring to our online services and technical aspects of their end devices and browsers. In the process, pseudonymous profiles of users are created with information from the use of various devices, and cookies may be used. Google Analytics does not log or store individual IP addresses. Analytics does provide coarse geo-location data by deriving the following metadata from IP addresses: City (and the derived latitude, and longitude of the city), Continent, Country, Region, Subcontinent (and ID-based counterparts). For EU-based traffic, IP-address data is used solely for geo-location data derivation before being immediately discarded. It is not logged, accessible, or used for any additional use cases. When Analytics collects measurement data, all IP lookups are performed on EU-based servers before forwarding traffic to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://marketingplatform.google.com/intl/en/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for third country transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://myadcenter.google.com/personalizationoff; Further Information: https://business.safety.google/adsservices/ (Types of processing and data processed).

Erasure of data

The data we process is erased or limited in its processing in accordance with art. 17 and 18 of the GDPR. Unless otherwise specifically indicated in line with this Privacy Policy, the data we store is erased as soon as it is no longer required for its intended purpose and said erasure does not conflict with any statutory retention periods. If the data is not erased because it is required for other or legally permissible purposes, its processing is restricted. This means the data is blocked and not processed for other purposes. For instance, this applies to data, which must be retained for reasons subject to commercial or tax laws.

According to legal requirements in Germany, retention is, in particular, carried out for 10 years in accordance with §§ 147 sec. 1 of the General Tax Code (AO), 257 sec. 1 no. 1 and 4, sec. 4 of the German Commercial Code (HGB) (trading books, inventories (books, records, management reports, accounting records, books of account, documents relevant to taxation, etc.) and for 6 years in accordance with § 257 sec. 1 no. 2 and 3, sec. 4 of the German Commercial Code (HGB) (business letters).

Processing for business purposes

Moreover, we process

  • contractual data (e.g. contractual object, term, customer category)
  • payment data (e.g. bank details, payment history)

of our customers, interested parties and business partners for the purpose of fulfilling contractual services and managing customer accounts as well as marketing, advertising and market research.

Agency services

We process our customers’ data in line with our contractual services, which include conceptual and strategic consultation, campaign planning, software and design development/consultation or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services and training services.

In the process, we process master data (e.g. customer master data such as names or addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), contractual data (e.g. contractual object, term), payment data (e.g. bank details, payment history), usage data and metadata (e.g. in line with the analysis and range measurement of marketing measures). As a basic principle, we do not process special categories of personal data unless these are a component of commissioned processing. Data subjects include our customers, interested parties as well as their customers, users, website visitors or employees as well as third parties. The purpose of processing is the fulfilment of contractual services, billing and our customer service. The legal bases for processing result from art. 6 sec. 1 lit. b of the GDPR (contractual services), art. 6 sec. 1 lit. f of the GDPR (analysis, statistics, optimization, security measures). We process data required to constitute and fulfil the contractual services and indicate the necessity of your data. A disclosure to external parties only takes place if this is required in line with an order. In the processing of data provided to us in line with an order, we act according to the client’s instructions as well as the statutory requirements of commissioned data processing according to art. 28 of the GDPR and do not process the data for any purposes other than those in accordance with the commissioned data processing agreement.

We erase the data after the expiration of statutory guarantee and comparable obligations. The necessity of retaining the data is reviewed every three years; in the case of statutory retention periods, erasure is conducted after the expiration of said periods (6 years according to § 257 sec. 1 of the German Commercial Code (HGB), 10 years according to § 147 sec. 1 of the General Tax Act (AO)). In the case of data, which was disclosed to us in line with an order by the client, we erase the data according to the specifications in the order; fundamentally after completion of the order.

Therapeutische Leistungen und Coaching

Wir verarbeiten die Daten unserer Klienten und Interessenten und anderer Auftraggeber oder Vertragspartner (einheitlich bezeichnet als „Klienten“) entsprechend Art. 6 Abs. 1 lit. b) DSGVO, um ihnen gegenüber unsere vertraglichen oder vorvertraglichen Leistungen zu erbringen. Die hierbei verarbeiteten Daten, die Art, der Umfang und der Zweck und die Erforderlichkeit ihrer Verarbeitung, bestimmen sich nach dem zugrundeliegenden Vertragsverhältnis. Zu den verarbeiteten Daten gehören grundsätzlich Bestands- und Stammdaten der Klienten (z.B., Name, Adresse, etc.), als auch die Kontaktdaten (z.B., E-Mailadresse, Telefon, etc.), die Vertragsdaten (z.B., in Anspruch genommene Leistungen, Honorare, Namen von Kontaktpersonen, etc.) und Zahlungsdaten (z.B., Bankverbindung, Zahlungshistorie, etc.).

Im Rahmen unserer Leistungen, können wir ferner besondere Kategorien von Daten gem. Art. 9 Abs. 1 DSGVO, insbesondere Angaben zur Gesundheit der Klienten, ggf. mit Bezug zu deren Sexualleben oder der sexuellen Orientierung, ethnischer Herkunft oder religiösen oder weltanschaulichen Überzeugunge, verarbeiten. Hierzu holen wir, sofern erforderlich, gem. Art. 6 Abs. 1 lit. a., Art. 7, Art. 9 Abs. 2 lit. a. DSGVO eine ausdrückliche Einwilligung der Klienten ein und verarbeiten die besonderen Kategorien von Daten ansonsten zu Zwecken der Gesundheitsvorsorge auf Grundlage des Art. 9 Abs. 2 lit h. DSGVO, § 22 Abs. 1 Nr. 1 b. BDSG.

Sofern für die Vertragserfüllung oder gesetzlich erforderlich, offenbaren oder übermitteln wir die Daten der Klienten im Rahmen der Kommunikation mit anderen Fachkräften, an der Vertragserfüllung erforderlicherweise oder typischerweise beteiligten Dritten, wie z.B. Abrechnungsstellen oder vergleichbare Dienstleister, sofern dies der Erbringung unserer Leistungen gem. Art. 6 Abs. 1 lit b. DSGVO dient, gesetzlich gem. Art. 6 Abs. 1 lit c. DSGVO vorgeschrieben ist, unseren Interessen oder denen der Klienten an einer effizienten und kostengünstigen Gesundheitsversorgung als berechtigtes Interesse gem. Art. 6 Abs. 1 lit f. DSGVO dient oder gem. Art. 6 Abs. 1 lit d. DSGVO notwendig ist. um lebenswichtige Interessen der Klienten oder einer anderen natürlichen Person zu schützen oder im Rahmen einer Einwilligung gem. Art. 6 Abs. 1 lit. a., Art. 7 DSGVO.

Die Löschung der Daten erfolgt, wenn die Daten zur Erfüllung vertraglicher oder gesetzlicher Fürsorgepflichten sowie Umgang mit etwaigen Gewährleistungs- und vergleichbaren Pflichten nicht mehr erforderlich ist, wobei die Erforderlichkeit der Aufbewahrung der Daten alle drei Jahre überprüft wird; im Übrigen gelten die gesetzlichen Aufbewahrungspflichten.

Contractual services

We process the data of our contractual partners and interested parties as well as other clients, customers or contractual partners (collectively referred to as “contractual partners”) in accordance with art. 6 sec. 1 lit. b of the GDPR, to be able to render our contractual or precontractual services to them. The data processed in this connection as well as the nature, scope, purpose and necessity of its processing is determined based on the underlying contractual relationship.

The processed data includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. email and telephone numbers) as well as contractual data (e.g. services received, contractual content, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history).

As a basic principle, we do not process special categories of personal data unless these are a component of commissioned or contract specific processing.

We process data required to constitute and fulfil the contractual services and indicate the necessity of your data, insofar as this is not evident to the contractual partner. A disclosure to external persons or companies only takes place if this is required in line with a contract. In the processing of data provided to us in line with an order, we act according to the client’s instructions as well as the statutory requirements.

In line with the use of our online services, we can store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as in the interests of the users, to protect against misuse and other unauthorized use. This data is generally not disclosed to third parties unless required to pursue our claims according to art. 6 sec. 1 lit. f of the GDPR or we have a legal obligation to do so according to art. 6 sec. 1 lit. c of the GDPR.

The data is erased when the data is no longer required to fulfil contractual or statutory duties of care as well as to handle possible guarantee or similar obligations; at the same time, the necessity of data retention is reviewed every three years; furthermore, the statutory retention obligations apply.

External payment service providers

We use external payment service providers whose platforms allow users and we to make payment transactions. These payment service providers may include, in each case with a link to the privacy policy: Paypal (https://www.paypal.com/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/en/footer/protocol/), Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), At the erican Express (https://www.americanexpress.comen/content/privacy-policy-statement.html), Stripe (https://stripe.com/de/privacy.)

As part of the fulfillment of contracts, we set the payment service providers on the basis of Art. 6 para. 1 lit. b. GDPR. Incidentally, we use external payment service providers on the basis of our legitimate interests. Art. 6 para. 1 lit. f. GDPR in order to offer our users effective and secure payment options.

Amongst the data processed by the payment service providers are inventory data, e.g. the name and the address, bank data, e.g. Account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, summary and recipient-related information. The information is required to complete the transactions. However, the data entered will only be processed and stored by the payment service providers. That We do not receive any account or credit card information, but only information with confirmation or negative disclosure of the payment. The data may be transmitted by the payment service providers to credit reporting agencies. This transmission aims at the identity and credit check. For this we refer to the terms and conditions and privacy policy of payment service providers.

For the payment transactions, the terms and conditions and the privacy notices of the respective payment service providers, which are available within the respective websites, or transactional applications apply. We also refer to these for further information and assertion of rights of revocation, information and other data subjects.

Administration, accounting, office organization, contact management

We process data in line with administrative tasks as well as for the organization of our company, accounting and to comply with statutory obligations such as archiving for instance. In this connection, we process the same data we process in line with fulfilling our contractual services. This processing is based on art. 6 sec. 1 lit. c of the GDPR, art. 6 sec. 1 lit. f of the GDPR. This processing pertains to customers, interested parties, business partners and website visitors. The purpose of and our interest in this processing lies in the administration, accounting, office organization, data archiving, i.e. functions, which serve maintaining our business activities, performing our tasks and rendering our services. The erasure of data regarding contractual services and the contractual communication complies with the tasks stated for these processing activities.

In this connection, we disclose or transfer data to the fiscal authority, consultants, e.g. tax consultants or auditors as well as other billing centres and payment service providers.

Moreover, we store data pertaining to suppliers, organizers and other business partners bases on our business interests, e.g. for the purpose of contacting at a later point in time. We generally store this predominantly company-related data permanently.

Business analyses and market research

In order to be able to conduct our business in an economic manner and identify the requirements of the contractual partners and users, we analyze the data we have in connection with business transactions, contracts, enquiries, etc. At the same time, we process master data, communication data, contractual data, payment data, usage data and metadata based on art. 6 sec. 1 lit. f of the GDPR; the data subjects in this connection include contractual partners, interested parties, customers, visitors and users of our website.

The analyses are carried out for the purpose of business assessments, marketing and marketing research. In the process, we can take the profiles of the registered users with data, e.g. regarding the services they received, into account. The analyses enable us to increase user-friendliness, optimize our product range and operate in a more efficient manner. These analyses are only intended for us and are not disclosed to third parties unless it is a matter of anonymous analyses with pooled values.

If these analyses or profiles are individual-related, they are erased or anonymized with the user’s cancellation; otherwise after two years as of contract conclusion. Furthermore, the analysis of overall economic factors and general tendencies are compiled anonymously, as far as possible.

Privacy guidelines for the application process

We only process applicant data for the purpose of and in line with the application process in accordance with the statutory provisions. The processing of applicant data is carried out to fulfil our (pre)contractual obligations within the application process in terms of art. 6 sec. 1 lit. b of the GDPR, art. 6 sec. 1 lit. f of the GDPR if we require said data processing, e.g. in line with legal processes (§ 26 of the German Data Protection Act (BDSG) additionally applies in Germany).

The application process requires that applicants provide us with the applicant data. The required applicant data is, if we provide an online form, designated and otherwise results from the job posting and fundamentally includes information pertaining to the person, postal and contact addresses and the documents belonging to the application such as cover letter, CV and certificates. Additionally, applicants can also provide us with voluntary information.

Upon submitting an application, applicants agree to the processing of their data for the purposes of the application process according to the nature and scope specified in this Privacy Policy.

Insofar as special categories of personal data are disclosed voluntarily in line with the application process in terms of art. 9 sec. 1 of the GDPR, the processing of this data is also conducted pursuant to art. 9 sec. 2 lit. b of the GDPR (e.g. health-related data such as severe disability status or ethnic background). Insofar as special categories of personal data are requested from applicants in terms of art. 9 sec. 1 of the GDPR, the processing thereof is also conducted pursuant to art. 9 sec. 2 lit. a of the GDPR (e.g. health-related data if required to practice the profession).

If made available, applicants can also transfer their applications to us using an online form. The data is transmitted to us encrypted according to the best available technology.

Furthermore, applicants can send us their applications via email. However in this case, we kindly ask you to observe, that emails are not strictly sent encrypted and the applicants must arrange for encryption themselves. Therefore, we cannot assume any responsibility for the communication of the application from the sender to the receipt by our server and consequently recommend, to preferably use an online form or send us the application by post. We would like to remind you that in addition to applications via the online form and email, you also have the option of sending us your application by post.

The data provided by the applicants may undergo further processing in the event of a successful application for the purpose of the employment relationship. Otherwise, in the event that the application for a job posting is unsuccessful, the applicant’s data will be erased. The applicant’s data will also be erased if an application is withdrawn; the applicant is entitled to do so at any time.

Erasure takes place, subject to a legitimate withdrawal by the applicant, after the expiration of a period of six months, to enable us to respond to possible subsequent questions and to meet our obligation of furnishing evidence resulting from the General Act on Equal Treatment. Invoices for possible reimbursements of travel expenses are archived according to the requirements under fiscal law.

Registration function

Users can create a user account. The user is informed of the mandatory data required in line with the registration and said data is processed based on art. 6 sec. 1 lit. b of the GDPR for purposes of making the user account available. In particular, the data processed includes login information (name, password as well as an email address). The data entered during registration is used for the purposes of using the user account and its purpose.

The users can receive information relevant to their user account, e.g. technical modifications, via email. If users cancel their user account, their data pertaining to the user account is erased subject to a statutory retention obligation. The users are responsible for backing up their data after cancellation prior to an expiration of the contract. We are entitled to irretrievably erase all user data stored over the term of the contract.

In line with the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as to protect the user from misuse and other unauthorized use. This data is generally not disclosed to third parties unless this is required to pursue our claims or we have a legal obligation to do so according to art. 6 sec. 1 lit. c of the GDPR. The IP addresses are anonymized or erased after 7 days at the latest.

Brute Force Protection from iThemes

We use the so-called ”Brute Force Protection”, provided by iThemes Media, LLC Privacy Matters, c/o Liquid Web, LLC, 2703 Ena Drive, Lansing, MI 48917, USA, (“iThemes”).

Brute Force Protection is a service, which helps protect the content of our website against possible brute force attacks. When users log on to their user account, the users’ IP address is shared with a service made available by iThemes. The users’ data is solely processed for the aforementioned purposes and to maintain the security and functionality of Brute Force Protection.

This processing is based on our legitimate interests, i.e. the interest in a secure and efficient provision, analysis and optimization of our website in accordance with art. 6 sec. 1 lit. f of the GDPR.

You can obtain more information from the privacy policy of https://ithemes.com/privacy-policy/.

Comments and posts

When users leave comments or make other posts, their IP addresses can be stored for 7 days based on our legitimate interests as defined by art. 6 sec. 1 lit. f of the GDPR. This is for our protection in the event somebody adds comments or posts with illegal content (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.

Furthermore, we reserve the right to process the user’s data for the purpose of spam detection based on our legitimate interests according to art. 6 sec. 1 lit. f of the GDPR.

We store the data provided in line with comments and posts permanently until the user objects to such storage.

Live-Chat Support

Wir setzen die Live-Chat-Plattform “WP Live Chat Support” (“WPLC”), des Anbieters Code Cabin PTY Ltd (“Code Cabin”), Newark, Delaware, USA ein, um Anfragen der Nutzer schneller und effizienter bearbeiten zu können (berechtigtes Interesse gem. Art. 6 Abs. 1 lit. f. DSGVO).

Die Nutzung der Live-Chat-Plattform ist freiwillig und ohne eine Registrierung möglich. Zur Verwendung unserer Live-Chat-Plattform ist mindestens die Angabe des Namens und einer korrekten E-Mail-Adresse notwendig. Eine pseudonyme Nutzung ist ebenfalls möglich. Weiterhin setzt WPCL Cookies ein. Mehr Informationen erhalten Sie unter Cookies und Widerspruchsrecht bei Direktwerbung.

Wenn Nutzer unsere Live-Chat-Plattform verwenden, können ihre eingegebenen Daten, samt IP-Adressen auf Grundlage unserer berechtigten Interessen im Sinne des Art. 6 Abs. 1 lit. f. DSGVO gespeichert werden. Zu diesen Angaben gehören der eingegebene Name, die E-Mailadresse, Browsertyp nebst Version, das Betriebssystem des Nutzers, die aktuelle URL, IP-Adresse, der Nachrichteninhalt sowie die Zeit der Anfrage. Die personenbezogenen Daten der Nutzer werden für den Zeitraum von 90 Tagen gespeichert. Es werden keine Daten an Dritte weitergeleitet.

Da die Möglichkeit der Eingabe persönlicher Daten besteht, bitten wir Sie, für sich selbst zu prüfen, welche Daten Sie uns gegenüber preisgeben möchten. Sofern hingegen die Service-Anfrage eine Identifizierung erfordert (z.B. Klärung von Anliegen zu Ihrem Vertrag), dienen angeforderte personenbezogene Daten ausschließlich der Legitimation Ihrer Person und zur Durchführung der Service-Anfrage. Sie können den Live-Chat jederzeit abbrechen, indem Sie das Chat-Fenster schließen.

Wenn Nutzer mit einer Datenerhebung über und einer Datenspeicherung in unserer Live-Chat-Plattform nicht einverstanden sind, bieten wir ihnen alternative Kontaktmöglichkeiten zur Einreichung von Service-Anfragen per E-Mail, Telefon, Telefax oder Post.

Weitere Informationen erhalten Sie in der Datenschutzerklärung von Code Cabin: https://wp-livechat.com/privacy-policy/.

Antispam Bee anti-spam test

Our website uses the “Antispam Bee” service, which is provided by pluginkollektiv (https://profiles.wordpress.org/pluginkollektiv), Sergej Müller at WordPress.org (https://wordpress.org/plugins/antispam-bee/). The use thereof is based on our legitimate interests as defined by art. 6 sec. 1 lit. f of the GDPR. Comments from actual people are distinguished from spam comments with the help of this service.

We only use Antispam Bee with a local spam database. That means no data is transferred to third parties according to the author but compared locally and categorized accordingly. We deactivated “Consider public spam database”, “Block or allow specific countries” and “Only allow comments in one language”.

If a comment was categorized as a spam, the data is stored for a period of 90 days. This data includes the name and email address entered, the IP address, the website, the comment content as well as the time of entry.

More detailed information on the collection and use of the data by Antispam Bee can be found in the Privacy Policy of the documentation: https://github.com/pluginkollektiv/antispam-bee/wiki/de-Dokumentation.

Users are welcome to use pseudonyms or can refrain from entering a name or email address as well as website. You can completely prevent data from being tested by not using our commentary system. That would be a share but unfortunately, we do not have any other alternative, which works as effectively.

Accessing profile pictures at Gravatar

We use the Gravatar service provided by the Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA within our website and in particular in the blog.

Gravatar is a service for which users can register and then, can store profile pictures and their email addresses. If users with the respective email addresses leave comments or posts on other websites (particularly in blogs), their profile pictures can be shown next to the posts or comments. For this, the email address communicated by the users is transmitted to Gravatar in an encrypted manner, for the purpose of checking whether a profile is stored with that email address. This is the sole purpose of the transmission of the email address and it is not used for any other purposes; in fact, it is erased after that.

The use of Gravatar is based on our legitimate interests as defined by art. 6 sec. 1 lit. f) of the GDPR because with the help of Gravatar, we give the authors of posts and comments the option of personalizing their contributions with a profile picture.

By showing the pictures, Gravatar obtains knowledge of the users’ IP address because this is required for the communication between a browser and an online service. More detailed information on the collection and use of the data by Gravatar can be found in the Automattic Privacy Policy: https://automattic.com/privacy/.

If users do not want a user picture linked to their email address at Gravatar to appear in the comments, they should use an email address in their comments, which is not stored with Gravatar. Furthermore, we would like to point out that it is also possible to use an anonymous email address or no email address at all, should the users not want their own email address to be sent to Gravatar. Users can completely prevent data from being transmitted by not using our commentary system.

Establishing contact

When contacting us (e.g. via contact form, email, phone or via social media), the user’s data is processed, to process the contact request and the handling thereof in accordance with art. 6 sec. 1 lit. b) of the GDPR. The users data can be stored in a customer relationship management system (“CRM system”) or a comparable enquiry set-up.

We erase enquiries, insofar as they are no longer required. We review the necessity every two years; furthermore, the statutory archiving obligations apply.

Newsletter

Below we would like to inform you about the content of our newsletter as well as the registration, mailing and statistical analysis processes and your rights to object. By subscribing to our newsletter, you agree to the receipt and to the processes described.

Newsletter content: We only send newsletters, emails and other electronic notifications with promotional information (hereinafter “newsletter”) with the recipient’s consent or legal permission. Insofar as the content of a newsletter is precisely described in line with subscribing to the newsletter, it is decisive for the consent of the users. Furthermore, our newsletters contain information regarding our services and us.

Double opt-in and logging A subscription to our newsletter is conducted in a so-called double opt-in process. This means that you receive an email after subscribing, in which you are requested to confirm your subscription. This confirmation is necessary, to ensure that no one can subscribe using third-party or non-existent email addresses. The subscriptions to the newsletter are logged, to be able to verify the subscription process in accordance with the statutory requirements. This includes the storing of subscription and confirmation time as well as the IP address. Moreover, changes to your data stored by the mail-handling service provider are also logged.

Subscription data: In order to be able to subscribe to the newsletter, indicating your email address suffices. Optionally, we ask for a name, so you can be addressed personally in the newsletter.

The distribution of the newsletter and the performance measurement associated with it is carried out based on consent from the recipients in accordance with art. 6 sec. 1 lit. a, art. 7 of the GDPR in conjunction with § 7 sec. 2 no. 3 of the UWG (German Law Against Unfair Competition) or if consent is not required, based on our legitimate interests in direct marketing in accordance with art. 6 sec. 1 lit. f of the GDPR in conjunction with § 7 sec. 3 of the UWG.

The subscription process is logged based on our legitimate interests in accordance with art. 6 sec. 1 lit. f of the GDPR. Our interest is aimed at the application of a user-friendly as well as secure newsletter system, which serves our business interests as well as complies with the expectations of the users and furthermore, allows us to verify consent given.

Cancellation/revocation – You can unsubscribe to our newsletter at any time, i.e. revoke your consent given. You can find a link to unsubscribe to the newsletter at the bottom of each newsletter. We can store the email addresses, which unsubscribed, up to three years based on our legitimate interests before we erase them, to be able to verify formerly given consent. The processing of this data is limited to the purpose of a possible defence against claims. An individual application for erasure is possible at any time, provided that the former existence of consent is simultaneously confirmed.

Newsletter - performance measurement

The newsletters contains so-called “web beacons”, i.e. a file the size of a pixel, which is accessed by our server or, if we use a mail-handling service provider, by its server, when the newsletter is opened. This access initially collects technical information, such as information on the browser and your system as well as your IP address and time of access.

This information is used for the technical improvement of the service based on the technical data or the target groups and your reading behaviour based on its access locations (which can be determined based on the IP address) or the times of access. The collection of statistics also includes determining whether the newsletters are opened, when they are opened and which links are clicked. Although technical reasons enable allocating this information to individual newsletter recipients, it is by no means our intention, or, if engaged, the intention of the mail-handling service provider, to monitor individual users. More importantly, the analyses serve our being able to recognize the reading habits of our users and therefore, being able to tailor our content accordingly or send different content according to the interests of our users.

Unfortunately, a separate objection to performance measurement is not possible; in this case, you must unsubscribe to the newsletter in its entirety.

Hosting and emailing

The hosting services we use serve making the following services available: Infrastructure and platform services, computing capacity, memory capacity and database services, emailing, security services as well as technical maintenance services, which we use for the purpose of operating this website.

In the process, we or our hosting provider process(es) master data, contact data, content data, contractual data, usage data, metadata and communication data from customers, interested parties and visitors to this website based on our legitimate interests in an efficient and secure provision of this website according to art. 6 sec. 1 lit. f of the GDPR in conjunction with art. 28 of the GDPR (conclusion of a data processing agreement with a processor).

Collection of access data and log files

We or our hosting provider collect(s) data (so-called server log files) everytime the server, on which this service is located, is accessed. This is based on our legitimate interests as defined by art. 6 sec. 1 lit. f of the GDPR. This access data includes the name of the accessed web page, file, date and time of access, volume of data transferred, notification of successful access, browser type incl. version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

For reasons of security (e.g. to clarify acts of misuse or fraud), log file information is stored for a maximum of 7 days and then, erased. Data, which must be retained for evidentiary purposes, is excluded from erasure until the ultimate clarification of the respective case in question.

SiteCheck from Sucuri

We use a so-called “SiteCheck”, provided by the Media Temple Inc. d/b/a Sucuri, 6060 Center Dr. Suite 500, Los Angeles CA 90045, USA, (“Sucuri”). Sucuri is certified under the Privacy Shield agreement and therefore, guarantees compliance with the European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000TN9xAAG&status=Active).

A SiteCheck is a service, which helps scan the content of our website for possible malware and security issues. No personal data is sent to Sucuri. However, Sucuri can discover personal data during the scanning process (e.g. in comments). The users’ data is solely processed for the aforementioned purposes and to maintain the security and functionality of the SiteCheck.

This processing is based on our legitimate interests, i.e. the interest in a secure and efficient provision, analysis and optimization of my website in accordance with art. 6 sec. 1 lit. f of the GDPR.

You can obtain more information from the Sucuri Privacy Policy: https://sucuri.net/privacy.

Google Analytics

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our website as defined by art. 6 sec. 1 lit. f of the GDPR), we use Google Analytics, a web analysis service of the Google Ireland Limited (“Google”). Google uses cookies. The information generated by the cookie on the use of this website by the user is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield agreement and therefore, guarantees compliance with the European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf, to analyze the use of our website by the user, to compile reports on activities within this website and to provide us with additional services associated with the use of the website and Internet. In the process, pseudonymous user profiles of the users can be created from the processed data.

We only use Google Analytics with activated IP anonymization. That means that the IP address of the user is truncated by Google within member states of the European union or other states party to the Agreement on the European Economic Area. The complete IP address is only transmitted to a Google server in the USA and truncated there in exceptional cases.

The IP address transmitted by the user’s browser is not merged with any other data by Google. Users can prevent the storage of cookies by using a corresponding setting in their browser software; furthermore, users can prevent Google from collecting data created by the cookie, which relates to their use of the website and from Google processing this data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on the use of data by Google, setting and objection options, can be found in the Google Privacy Policy (https://policies.google.com/technologies/ads) as well as in the settings for the display of pop-up advertising by Google (https://adssettings.google.com/authenticated).

The users’ personal data is erased or anonymized after 14 months.

Alternatively to the browser add-on or when using browsers on mobile devices, please click on this link, to prevent a collection by Google Analytics within this website in the future (the opt-out only works in the momentarily used browser and only for this domain). At the same time, an opt-out cookie is stored on your device. If you erase your cookies in this browser, you have to click on this link again.  

Jetpack (WordPress Stats)

On the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. DSGVO), we use the plugin Jetpack (here the subfunction “Wordpress Stats”) Automated Visitor Access Statistics Tool and Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, United States. Jetpack uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you.

Automattic is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).

The information generated by the cookie about your use of this online offer is stored on a server in the United States. Here, user profiles of the users can be created from the processed data, these being used only for analysis and not for advertising purposes. For more information, please refer to Automattic’s Privacy Policy: https://automattic.com/privacy/ and “About Jetpack.” Cookies: https://jetpack.com/support/cookies/.

Online presence in social media

We maintain online presence within social media and platforms, to communicate with the customers, interested parties and users active there and to be able to provide them with information regarding our services there.

We would like to point out, that in the process user data can be processed outside the region of the European Union. This can result in risks for the users because the enforcement of user rights can be complicated by this for instance. In regard to US providers certified under the Privacy Shield agreement, we point out that you undertake to observe the data privacy standards of the EU.

Furthermore, the users’ data is usually processed for market research and advertising purposes. They can for example compile user profiles from user behaviour and the resulting interests of the users. The user profiles can in turn be used to place advertisements, e.g. inside and outside the platforms, which presumably comply with the interests of the users. Cookies are usually stored on the users’ computers for this purpose, in which user behaviour and the interests of the users are stored. Moreover, data independent of the devices used by the users can also be stored in the user profiles (in particular if the users are members in the respective platforms and are logged in there).

The processing of the users’ personal data is carried out based on our legitimate interest in effectively informing the users and communication with the users according to art. 6 sec. 1 lit. f of the GDPR. If the users are asked to consent to data processing by the respective providers (i.e. stating your consent e.g. by ticking a checkbox or confirming a button), the legal basis for processing is art. 6. sec. 1 lit. a, art. 7 of the GDPR.

We refer to the following linked information from the providers for a detailed display of the respective processing and objection options (opt-out).

In the case of information enquiries and the assertion of user rights, we would like to point out that this is most effective when asserted directly against the providers. Solely the providers have respective access to the users’ data and can take direct measures or provide information. Nevertheless, should you require support, feel free to contact us.

Integration of third-party services and content

We use content or service offerings from third-party providers within our website based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our website as defined by art. 6 sec. 1 lit. f of the GDPR), to embed their content and services such as videos and fonts for example (hereinafter collectively referred to as “content”).

This always implies that the third-party providers of this content obtain knowledge of the users’ IP address, given that the content cannot be sent to their browsers without the IP address. Consequently, the IP address is required to show this content. We strive to only use such content, whose respective provider merely uses the IP address to supply this content. Furthermore, third-party providers can use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Using “pixel tags”, information such as visitor traffic on the pages of this website can be analyzed. Furthermore, the pseudonymous information can be stored on the users’ device and among other things, contain technical information regarding the browser and operating system, referring web pages, visiting time as well as other information on the use of our website as well as be connected to information from other sources.

Vimeo

We can embed videos from the platform “Vimeo” from the provider Vimeo Inc. Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy Policy: https://vimeo.com/privacy. We point out that Vimeo can use Google Analytics and in this respect, refer to the Privacy Policy (https://www.google.com/policies/privacy) as well as the opt-out options for Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or the settings of Google for data use for marketing purposes (https://adssettings.google.com/).

Youtube

We embed the videos of the “YouTube” platform from provided by the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Privacy Policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google Fonts

We embed the fonts (“Google Fonts”) provided by the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Privacy Policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

FontAwesome

We embed the fonts (“FontAwesome”) provided by the Fonticons, Inc., 710 Blackhorn Dr, Carl Junction, 64834, MO, USA („FontAwesome“). Privacy Policy: https://fontawesome.com/privacy.

Google Maps

We embed the maps of the “Google Maps” service provided by the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. In particular, the data processed can include the user’s IP address and location data, which are however not collected without the consent of the users (typically executed in the settings of your mobile device). The data can be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google ReCaptcha

A function to detect bots is embedded in our website, e.g. for entries in online forms (“ReCaptcha”), which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Privacy Policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Typekit-Schriftarten von Adobe

Wir setzen auf Grundlage unserer berechtigten Interessen (d.h. Interesse an der Analyse, Optimierung und wirtschaftlichem Betrieb unseres Onlineangebotes im Sinne des Art. 6 Abs. 1 lit. f. DSGVO) externe “Typekit”-Schriftarten des Anbieters Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland ein. Adobe ist unter dem Privacy-Shield-Abkommen zertifiziert und bietet hierdurch eine Garantie, das europäische Datenschutzrecht einzuhalten (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).

Use of Facebook social plugins

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our website as defined by art. 6 sec. 1 lit. f of the GDPR), we use social plugins (“plugins”) from the social network facebook.com, which is operated by the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white “f” on a blue tile or a “like”, “thumbs up” sign) or are marked with the addition “Facebook social plugin”. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield agreement and therefore, guarantees compliance with the European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user accesses a function of the website, which contains such a plugin, his/her browser establishes a direct connection to the Facebook servers. The content of the plugin is directly transmitted to the user’s device and incorporated into the website by it. In the process, user profiles of the users can be created from the processed data. Therefore, we do not have any control over the scope of data, which Facebook collects using this plugin and inform the users of this accordingly based on our knowledge.

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the website. If the user is logged in to Facebook, Facebook can assign the visit to his/her Facebook account. If users interact with the plugins, for example press the like button or leave a comment, the corresponding information is directly transmitted to Facebook from your device and stored there. If a user is not a member on Facebook, there is still the possibility that Facebook can identify and store his/her IP address. According to Facebook, only anonymized IP addresses are stored in Germany.

Users can view the Facebook privacy policies, to obtain information pertaining to the purpose and scope of data collection and the further processing and use of the data by Facebook as well as the rights and setting options of users, to protect the their privacy at: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about him /her via this website or associate it with his/her member data stored on Facebook, he/she must log out of Facebook before visiting the website and erase his/her cookies. Additional settings and objections to use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads  or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are carried out irrespective of the platform, i.e. they apply to all devices such as desktop computer or mobile devices.

Twitter

The functions and contents of the Twitter service provided by the Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA can be embedded within our website. This can for instance include images, videos or texts and buttons, with which users can share contents of this website on Twitter.

Insofar as the users are members on the Twitter platform, Twitter can allocate the access of the aforementioned content and functions to the user profiles there. Twitter is certified under the Privacy Shield agreement and therefore, guarantees compliance with the European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy Policy: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization.

Instagram

The functions and contents of the Instagram service provided by the Instagram Inc., 1601 Willow Road, Menlo Park, CA. 94025, USA can be embedded within our website. This can for instance include images, videos or texts and buttons, with which users can share contents of this website on Instagram. Insofar as the users are members on the Instagram platform, Instagram can allocate the access of the aforementioned content and functions to the user profiles there. Instagram Privacy Policy: http://instagram.com/about/legal/privacy/.

Pinterest

The functions and contents of the Pinterest service provided by the Pinterest Inc., 635 High Street, Palo Alto, CA. 94301, USA can be embedded within our website. This can for instance include images, videos or texts and buttons, with which users can share contents of this website on Pinterest. Insofar as the users are members on the Pinterest platform, Pinterest can allocate the access of the aforementioned content and functions to the user profiles there. Pinterest Privacy Policy: https://about.pinterest.com/de/privacy-policy.

Xing

The functions and contents of the Xing service provided by the Xing AG, Dammtorstraße 29-32, 20354 Hamburg, Germany can be embedded within our website. This can for instance include images, videos or texts and buttons, with which users can share contents of this website on Xing. Insofar as the users are members on the Xing platform, Xing can allocate the access of the aforementioned content and functions to the user profiles there. Xing Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

The functions and contents of the LinkedIn service provided by the LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland can be embedded within our website. This can for instance include images, videos or texts and buttons, with which users can share contents of this website on LinkedIn. Insofar as the users are members on the LinkedIn platform, LinkedIn can allocate the access of the aforementioned content and functions to the user profiles there. LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy.. LinkedIn is certified under the Privacy Shield agreement and therefore, guarantees compliance with the European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Google+

The functions and contents of the Google+ platform provided by the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (“Google”) can be embedded within our website on Google. This can for instance include images, videos or texts and buttons, with which users can share contents of this website. Insofar as the users are members on the Google+ platform, Google can allocate the access of the aforementioned content and functions to the user profiles there.

Google is certified under the Privacy Shield agreement and therefore, guarantees compliance with the European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).Further information on the use of data by Google, setting and objection options, can be found in the Google Privacy Policy (https://policies.google.com/technologies/ads) as well as in the settings for the display of pop-up advertising by Google (https://adssettings.google.com/authenticated).

Modifications, correction and updates

We reserve the right to occasionally change this Privacy Policy, to ensure it always complies with current legal requirements or to apply changes in our services to our Privacy Policy, e.g. when introducing new services. The new Privacy Policy then applies, when you return to our website.