Providing the website and preparing log files
Each time you log on to our website, our system automatically records data from the computer logging on. The following data are collected:
- Information on the browser type and version
- The user’s operating system
- The Internet service provider of the user
- The IP address of the user
- The date and time of access
- Websites from which the user’s system accesses our website
- Websites that are accessed by the user’s system through our website
The data are saved in log files at our technical service provider, Host Europe GmbH. The legal basis for temporarily storing data is Art. 6(1)(f) GDPR (EU General Data Protection Regulation). The system needs to temporarily store the IP address so that the website can be sent to the user’s computer. To do this, the user’s IP address needs to be saved throughout the session. The data are also stored for the purpose of our legitimate interest in processing data pursuant to Art. 6(1)(f) GDPR.
The aforementioned data are stored in the log files to ensure the functioning of our website. The data are also used to optimize the website and to ensure the security of our IT systems (such as to help recognize attacks). The data are also stored for the purpose of our legitimate interest in processing data pursuant to Art. 6(1)(f) GDPR.
The data are deleted when the purpose for which the data were collected has been achieved. When the data are being recorded to provide the website, the purpose is achieved when the session ends. The log files are saved for seven days.
It is essential to collect the data for providing the website and save it in log files in order to operate the website. There is no opt-out option for users.
Contact forms are available on our website that can be used to establish contact electronically. These contact forms are provided by our technical service providers, who are also the recipients of the data and transmit them for us in accordance with instructions. The legal basis for the processing of data transmitted in the course of establishing contact is Art. 6 Para. 1 lit. f DSGVO. The legitimate interest is to answer the contact and to prevent misuse of the contact form. If the purpose of the contact is to conclude a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b DSGVO.
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case for the personal data from the input mask of the contact form when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.
In order to optimally tailor our website to your interests, we use Google Analytics, a web analysis service offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin (hereinafter “Google”). Google Analytics records and systematically evaluates interactions with users of our website. When individual pages of our website are opened, the following data are saved:
- Three bytes of the IP address of the visiting user’s system (anonymized IP address)
- The visited website
- The website from which the user accessed the visited page (referrer)
- The subpages opened from the visited page
- The frequency with which the website is accessed
The legal basis for the processing by Google Analytics is Art. 6(1)(1)(a) GDPR. Google Analytics will only be activated if you consent to statistics cookies.
The data saved by tracking are deleted when they are no longer required for purposes of our records. In our case, this is after 26 months. You can withdraw your consent by deactivating the statistics cookies in the cookie settings.
Newsletter – Mailchimp
You can subscribe to a free newsletter from our website. The data from the input screen is sent to us when you subscribe to the newsletter.
We use Mailchimp, a service of the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (hereinafter “Mailchimp”), to send our newsletter. Mailchimp is certified according to the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the USA to ensure that European privacy standards are observed in the USA.
Mailchimp allows us to analyze our newsletter campaign. When you open an email sent with Mailchimp, a file (a so-called web-beacon) connects with the Mailchimp servers in the USA. This allows us to determine whether a newsletter message has been opened and the links which may have been clicked. Moreover, technical information is recorded (such as the time of visit, the IP address, browser type and operating system). This information cannot be assigned to the newsletter recipient. It is only used for statistically analyzing the newsletter campaign. The results of this analysis can be used to better adapt future newsletters to the interests of the recipients. If you do not want Mailchimp to perform an analysis, you will have to unsubscribe from the newsletter. We provide a link for this purpose in each message relating to the newsletter.
The newsletter is only sent if the recipient has consented to receipt (Art. 6(1)(1)(a) GDPR)). To subscribe to our newsletter, you only have to provide us with your email address. We record the subscription process since consent must be verifiable. We save this record for three years after consent has been revoked in order to offer proof of previously granted consent. The processing of the data is restricted to a potential defense against claims. A request to delete the data can be submitted at any time, provided that the former existence of consent is confirmed. In fulfilling our obligation to honor a permanent opt-out decision, we retain the right to save only the email address in a blacklist for this purpose. The legal basis for the above is Art. 6(1)(1)(f) GDPR. The purpose is also our legitimate interest.
You can unsubscribe to our newsletter at any time, i.e., withdraw consent or deny further receipt. A link to unsubscribe to the newsletter can be found at the end of each newsletter, or you can use the above-described contact options, preferably email.
To show videos on the website, we use Vimeo, a service of Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA (hereinafter “Vimeo”). Vimeo is certified according to the “EU-US Privacy Shield”. The Privacy Shield is an agreement between the European Union (EU) and the USA to ensure that European privacy standards are observed in the USA.
By using Vimeo, we can also link videos that we have published on www.vimeo.com to this website. If you open one of our webpages with a Vimeo thumbnail, a link to Vimeo’s servers is established when you click the thumbnail [Play (loads content from vimeo.com]. The data listed under “Providing the website and preparing log files” are sent to Vimeo's servers. The legal basis for transferring this data is the consent of the party requesting the video (Art. 6(1)(1)(a) GDPR). Moreover, pursuant to Art. 6(1)(1)(f) GDPR, we have a legitimate interest in designing our website to be more attractive and offering additional services.
We are unaware of the length of time that Vimeo stores its videos, and we do not have any influence on Vimeo. Vimeo is solely responsible for any further data processing. Vimeo’s privacy statement can be found at https://vimeo.com/privacy.
LinkedIn Conversion Tracking
For analysis purposes, we use LinkedIn Conversion Tracking, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”). For this purpose, we use event-specific pixels that contain conversions without associated pages, for example through web forms that do not have any “thank you” pages, or pages that lead to a PDF file.
Art. 6(1)(1)(f) GDPR serves as the legal basis. Pursuant to Art. 6(1)(1)(f) GDPR, we have a legitimate interest in designing our website to be more attractive and offering additional services.
As a member, you are entitled to opt out of having personal data recorded by adapting the corresponding settings that control each of the four purposes of our identity inference: assignment, retargeting, analysis and advertising displayed outside of LinkedIn. Moreover, members and nonmembers can access the opt-out page of the Digital Advertising Alliance and check the drawbridge box.
LinkedIn is solely responsible for any further data processing. LinkedIn's privacy statement can be found at https://www.linkedin.com/legal/privacy-policy?trk=public_authwall_company-scraping_join-form-privacy-policy.
For analysis purposes, we use HubSpot, a service of HubSpot Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA (hereinafter “HubSpot”). HubSpot is certified according to the “EU-US Privacy Shield”. The Privacy Shield is an agreement between the European Union (EU) and the USA to ensure that European privacy standards are observed in the USA.
The legal basis for processing by HubSpot is Art. 6(1)(1)(a) GDPR. HubSpot will only be activated if you consent to receiving statistics cookies.
The data saved by tracking are deleted when they are no longer required for purposes of our records. In our case, this is after 13 months.
HubSpot is solely responsible for any further data processing. HubSpot’s privacy statement can be found at https://legal.hubspot.com/privacy-policy?_ga=2.3246128.168965598.1593179880-1232966134.1593179880.
Rights of the data subjects
Pursuant to Art. 15 GDPR, you are entitled to receive information on any of your personal data that have been saved. Pursuant to Art. 16 GDPR, if inaccurate personal data have been processed, you are entitled to have the data corrected.
If provided by law, you may request that the processed data be deleted or restricted, or you may object to data processing (Articles 17, 18 and 21 GDPR). Pursuant to Art. 20 GDPR, you have the right to transfer your data (data portability) that have been automatically processed based on your consent or an agreement.
If you believe that an instance of data processing violates data protection law, you are entitled to lodge a complaint with a data protection supervisory authority of your choice (Art. 77 GDPR in conjunction with §19 BDSG (Bundesdatenschutzgesetz - German Data Protection Law). This also includes the data protection supervisory authority responsible for us: The Commissioner for Data Protection of Saxony (Sächsischer Datenschutzbeauftragter), https://www.saechsdsb.de
PART II: DATA PROCESSING OUTSIDE OF THE WEBSITE
Profiles on third-party portals
We have a company profile on the following third-party portals. We do not operate these portals. We only use these portals for the offer of the particular operator while acknowledging the use and privacy provisions that apply to the portals. Further information on suppliers and their information on data processing can be found at:
- Supplier: New Work SE, Dammtorstraße 30, 20354 Hamburg
- Privacy notice: https://privacy.xing.com/de
- The supplier is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
- Privacy notice: https://www.linkedin.com/legal/privacy-policy?trk=public_authwall_company-scraping_join-form-privacy-policy
- Supplier: Twitter International Company, One Cumberland Place Fenian Street , Dublin 2 D02 AX07 Ireland
- Privay notice: https://twitter.com/de/privacy
When we receive contact data from business partners, we save this data in our CRM database for communication purposes. The legal basis is Art. 6(1)(a) GDPR, when the business partner has consented to this and to establish contact. If contact is established to prepare, enter into or implement an agreement, the legal basis is Art. 6(1)(b) GDPR.
Consent that has been granted can be withdrawn at any time without affecting the legality of the consent-based processing that occurred before consent was withdrawn. We will also delete the data of our business partner. The data are also deleted when the purpose for which the data were collected has been achieved. This holds true when the business partner is no longer interested in receiving any additional information from us.
General communication, especially by email
The processing of your personal data is based on Art. 6(1)(1)(b) GDPR. The data are processed for the purpose of implementing our agreements or pre-contractual measures with you and to carry out your order, as well as for all activities within our company that are necessary to this end. The particular details of data processing can be found in the agreement documents and terms of business. We also process personal data sent to us while establishing contact. The legal basis is Art. 6(1)(1)(f) GDPR. This is allowed to the extent necessary to process the data to safeguard our legitimate interests or those of a third party, except when your interests or fundamental rights and freedoms take precedence and requires protection of the personal data. Such a legitimate interest exists when asserting legal claims and providing defense in legal disputes, when processing payments through external service providers, ensuring IT security and the operation of IT systems of the company, and in direct advertising. Moreover, we process personal data pursuant to Art. 6(1)(c) GDPR as necessary to satisfy our legal obligations as a company. The reasons for processing include requirements to retain information for commercial and tax purposes pursuant to §257 HGB (Handelsgesetzbuch - German Commercial Code) and §147 AO (Abgabenordnung - German Tax Code).
Within the company, those departments have access to your data that require them to satisfy contractual and legal obligations. Processors that we employ can also receive data for this purpose (Art. 28 GDPR). These are companies that offer IT services, logistics, debt collection, and sales and marketing. In certain exceptions, individuals subject to professional confidentiality (such as tax consultants, auditors and attorneys) as well as officials may also be recipients of your data.
If necessary, we process and save your personal data for the duration of the business relationship. This also includes the preparation for and execution of the agreement. Moreover, we also save your personal data for the term of warranty and guarantee claims. We also save your personal data as required by law. Verification and record-keeping requirements are defined, particularly for commercial and tax reasons pursuant to §257 HGB and §247 AO.
Personal data must be processed for the purposes of communication and for concluding and implementing the agreement. If you do not provide your personal information, we will generally be unable to conclude the agreement, or will no longer be able to implement the existing agreement, or it will have to be terminated.
Privacy notice for job applicants
We process the data that you have sent to us relating to your application to assess the grounds for establishing an employment relationship. The legal bases are Art. 6(1)(1)(b) GDPR and §26 BDSG (Bundesdatenschutzgesetz - German Data Protection Law). If you have provided your consent to your data being processed for inclusion in our pool of applicants, the legality of processing this data is established by your consent (Art. 6(1)(1)(a) GDPR). You can withdraw consent at any time. Please bear in mind that if consent is withdrawn, it only affects the future. Data processed before consent was withdrawn shall remain unaffected.
Beyond the application procedure, we process your personal data pursuant to Art. 6(1)(1)(f) GDPR. This is allowed to the extent necessary to process the data to safeguard our legitimate interests or those of a third party, except when your interests or fundamental rights and freedoms take precedence and requires protection of the personal data. A legitimate interest exists for exercising legal claims and providing defense in legal disputes. Moreover, we process personal data pursuant to Art. 6(1)(c) GDPR as necessary to satisfy our legal obligations as a company.
Within the company, departments have access to your data which require the data to comply with the company's contractual and legal obligations. Processors that we employ can also receive data for this purpose (Art. 28 GDPR). These are companies that offer IT services and consultation.
If an employment relationship is not established, personal data will be deleted within six months after conclusion of the application process. If an employment relationship is established, your application will become part of your personal file.
If you have consented to the ongoing storage of your personal data in our applicant pool, we will receive your data and will delete it within a period of two years at the latest.
PART III: Your right to object pursuant to Art. 21 GDPR
You are entitled at any time to object to your personal data being processed based on Art. 6(1)(f) GDPR (data processing based on a consideration of interests) for reasons arising from your personal situation. If you object, we will longer process your personal data unless we are able to demonstrate compelling, legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the data are processed to assert, exercise or defend legal claims.
In certain cases, we will process your personal data for direct advertising. You are entitled at any time to object to your personal data being processed for the purposes of such advertising. If you object to processing for purposes of direct advertising, we will no longer process your personal data for this purpose.
You do not need a form to object. Direct the request to the contact information provided in the above section, “Name and contact data of the responsible manager”.