(ii) We process the following data for the purpose of providing the contents of the website that you have visited, to ensure the security of the IT infrastructure used, to correct errors, to enable and simplify searches on the website and to manage cookies. A change of purpose is not planned.
(iii) The data processed is HTTP data: HTTP data is protocol data that is generated for technical reasons when the website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (e.g. when requesting third-party content).
(iv) The legal basis for the processing is our legitimate interest in the operation of an internet presence and the communication with communication partners in accordance with Article 6 (1) (f) GDPR and Section 25 (2) No. 2 of the German Telecommunications-Telemedia Data Protection Act (TDDDG).
(v) The data is automatically transmitted by the browser of the user.
(vi) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vii) IP addresses are anonymized after 24 hours at the latest. Pseudonymous usage data will be deleted after six months.
(viii) Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.
In the structure of our privacy policy, we differentiate between necessary cookies and analytics cookies. Cookies that are technically required for the functioning of the website (“necessary cookies”) cannot be deactivated via the cookie management function of this website. However, you can generally deactivate cookies at any time in your browser. Different browsers offer different ways to configure the cookie settings in the browser. However, some functions of the website may not function or no longer function properly if you generally deactivate cookies in your browser.
a) Cookies to control the Cookies and the information text
We use cookies to control the cookies and the cookie information text on our website. This enables us to ensure that you do not receive the cookie information text every time you visit the website but that your settings are stored.
(i) The purpose of the data processing is to control the use of cookies on our website as well as to display the cookie information text. A change of purpose is not planned.
(ii) The data processed are:
- HTTP data: HTTP data is protocol data that is generated for technical reasons when the website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.
- Data for displaying the cookie text: Data is processed as to whether the cookie information text has already been displayed to the specific user.
(iii) The legal basis for the processing is our legitimate interest in the simple and reliable control of the cookies and the legally compliant display of the cookie information text in accordance with Article 6 (1) (f) GDPR and Section 25 (2) No.2 TDDDG.
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) The data will be deleted after 1 year.
(vii) Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.
b) Consent Cookies
We use consent cookies to store your consent, possible revocation of consent and objections to the use of cookies on our website.
(i) The purpose of data processing is to store user choices on cookies (consent, revocation, opt- out). A change of purpose is not planned.
(ii) The processed data are:
- HTTP data: HTTP data is protocol data that is generated for technical reasons when the website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (e.g. when requesting third- party content).
- User choice on cookies: User choice on individual cookies or groups of cookies. Time of choice and last visit.
(iii) The legal basis for the processing is our legitimate interest in the simple and reliable control of cookies in accordance with the user's choice in accordance with Article 6 (1) (f) GDPR and Section 25 (2) No.2 TDDDG.
(iv) The data is provided actively by the user (choice on cookies) or is automatically transmitted by the browser of the user (protocol data, time stamp).
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) The data will be deleted after 1 year.
(vii) Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.
c) Google Tag Manager
We use the Google Tag Manager on our website. The Google Tag Manager enables us to manage cookies and control their placement. This enables us to implement, for example, your consent, a revocation of consent or an opt-out. The Google Tag Manager does not set its own cookies and does not process data stored in cookies.
(i) The purpose of the data processing is to control the placement of cookies on our website and to ensure the security of the application. A change of purpose is not planned.
(ii) The processed data is HTTP data: HTTP data is protocol data that is generated for technical reasons when the Website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (e.g. when requesting third-party content). Your IP address is automatically anonymized during processing.
(iii) The legal basis for the processing is our legitimate interest in the simple and reliable control of cookies in accordance with Article 6 (1) (f) GDPR and Section 25 (2) No.2 TDDDG.
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement. The recipient of the data is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, which we use as processor within the framework of a data processing agreement. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94034 USA) as a service provider. We have instructed Google to use a European server location for data processing. However, in the event of disruptions and malfunctions, Google may access servers in Germany from so-called third countries, such as the USA, to perform maintenance work. To protect the data, Google has concluded the EU Standard Contractual Clauses (2021/914; Module 3) with Google LLC and other subcontractors. You may request a copy of the key contractual terms of the Standard Contractual Clauses at any time. Additionally, Google entities (including Google LLC) are certified under the EU-US Data Privacy Framework pursuant to Article 45 of the GDPR.
(vi) IP addresses will be anonymized after 24 hours at the latest. Pseudonymous usage data will be deleted after six months.
(vii) The provision of data is neither legally nor contractually required. There is no obligation to provide the data. However, if the data is not provided, we will not be able to use Google Tag Manager.
(i) The purpose of the data processing is to analyze the usage behavior on our website. A change of purpose is not planned.
(ii) The processed data are: - Google Analytics HTTP data: Protocol data that is generated for technical reasons when visiting the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system used, page visited, previously visited page (referrer URL), date and time of access, and approximate geographical location. - Google Analytics device data: Data generated by Google Analytics and assigned to your device, such as a unique ID to recognize returning visitors (“Client ID”) and certain technical parameters to control data collection. - Google Analytics measurement data: Device-related raw data (“dimensions” and “metrics”) collected and analyzed by Google Analytics when using our website. This includes information about traffic sources, location, browser, device, website usage (page views, visit frequency, time spent), and goal completions (e.g., online shop transactions). These data are linked to the Client ID assigned to your device, creating device-based usage profiles. The data collected does not enable us to identify you directly. We do not combine these profiles with directly identifiable personal data without your consent. - Google Analytics report data: Aggregated segment- and device-related reports generated by Google Analytics based on the analysis of device-related raw data.
(iii) The legal basis for the processing is your consent in accordance with Article 6 (1) (a) GDPR and Section 25 (1) TDDDG.
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement. The recipient of the data is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, which we use as processor within the framework of a data processing agreement. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94034 USA) as a service provider. We have instructed Google to use a European server location for data processing. However, in the event of disruptions and malfunctions, Google may access servers in Germany from so-called third countries, such as the USA, to perform maintenance work. To protect the data, Google has concluded the EU Standard Contractual Clauses (2021/914; Module 3) with Google LLC and other subcontractors. You may request a copy of the key contractual terms of the Standard Contractual Clauses at any time. Additionally, Google entities (including Google LLC) are certified under the EU- US Data Privacy Framework pursuant to Article 45 GDPR.
(vi) The data will be deleted after 6 months.
(vii) The provision of data is neither legally nor contractually required. There is no obligation to provide the data. However, if the data is not provided, we will not be able to use Google Analytics.
a) Instagram Plugin
We use the Instagram plugin on our website. If you click on the plugin, you agree that we allow Instagram or Meta Platforms Ireland Ltd., as the operator of Instagram (hereinafter "Meta Platforms"), to collect data for its own purposes. Before the click, no data is transmitted to Meta Platforms and no cookies are stored on your device.
Technically, the same thing happens then as would happen if you clicked a link to go to the Instagram website: Meta Platforms receives all information that your browser automatically transmits (including your IP address). Meta Platforms also sets its own cookies on your device. This also happens if you do not have an Instagram account. If you are logged in at Instagram or Facebook, your data will be associated directly to your account. If you do not want the association to your Instagram or Facebook account, you have to log out of Instagram or Facebook before clicking on the Instagram plugin.
The collection and processing of this data is the sole responsibility of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Meta Platforms Ireland Ltd. uses Meta Platforms Inc. in the USA (1 Hacker Way, Menlo Park, CA 94025, USA) as its service provider.
As an independent data controller, Meta Platforms is responsible for ensuring appropriate data protection safeguards for data transfers. Additionally, Meta entities (including Meta Platforms, Inc.) are certified under the EU-US Data Privacy Framework pursuant to Article 45 GDPR.
For information about the processing of personal data by Instagram, please refer to the Instagram Privacy Policy: https://help.instagram.com/519522125107875 and the Instagram Cookie Policy: https://help.instagram.com/1896641480634370?ref=ig.
b) LinkedIn Plugin
We use the LinkedIn plugin on our website. If you click on the plugin, you agree that we allow LinkedIn to collect data for its own purposes. Before the click, no data is transmitted to LinkedIn and no cookies are stored on your device.
Technically, the same thing happens then as would happen if you clicked a link to go to the LinkedIn website: LinkedIn receives all information that your browser automatically transmits (including your IP address). LinkedIn also sets its own cookies on your device. This also happens if you do not have a LinkedIn account. If you are logged in at LinkedIn, your data will be associated directly to your account. If you do not want the association to your LinkedIn account, you have to log out of LinkedIn before clicking on the LinkedIn plugin.
The collection and processing of this data is the sole responsibility of LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Irland). LinkedIn Ireland Unlimited Company uses LinkedIn Corporation in the USA (1000 W Maude Ave, Sunnyvale, CA 94085, USA) as its service provider.
As an independent data controller, LinkedIn is responsible for ensuring appropriate data protection safeguards for data transfers. Additionally, LinkedIn entities (including LinkedIn Corporation) are certified under the EU-US Data Privacy Framework pursuant to Article 45 GDPR.
For information about the processing of personal data by LinkedIn, please refer to the LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy and the LinkedIn Cookie Policy: Cookie Table.
c) Kununu Plugin
We use the Kununu plugin on our website. Kununu is part of the service XING which is operated by New Work SE (hereinafter “New Work”). If you click on the plugin, you agree that we allow New Work to collect data for its own purposes. Before the click, no data is transmitted to New Work and no cookies are stored on your device.
Technically, the same thing happens then as would happen if you clicked a link to go to the Kununu website: New Work receives all information that your browser automatically transmits (including your IP address). New Work also sets its own cookies on your device. This also happens if you do not have a Kununu account. If you are logged in at Kununu, your data will be associated directly to your account. If you do not want the association to your Kununu account, you have to log out of Kununu before clicking on the Kununu plugin.
The collection and processing of this data is the sole responsibility of New Work SE (Am Strandkai 1, 20457 Hamburg, Deutschland).
As an independent data controller, New Work is responsible for ensuring appropriate data protection safeguards for data transfers.
For information about the processing of personal data and cookies set by New Work, please refer
to the XING Privacy Policy: Datenschutz bei XING.
(i) The purpose of the processing is the preparation of a contractual relationship or other communication. A change of purpose is not planned.
(ii) Processed data are name, contact data, communication details, time stamp of communication as well as technical metadata of communication
(iii) The legal basis for processing the data with natural persons is Article 6 (1) (b) GDPR (contract or contract initiation), whereas for contracts with legal persons Article 6 (1) (f) GDPR (legitimate interest, namely communication with contact persons relevant to the contract) and Article 6 (1) (c) GDPR (statutory obligations, in particular tax and commercial law provisions) apply. For simple communication, the legal basis is Article 6 (1) (f) GDPR (legitimate interest, namely documentation of communication processes).
(iv) Contact data is actively provided by the data subject. Communication metadata and communication data are automatically collected.
(v) We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.
(vi) Data of contract partners and service providers will be deleted ten calendar years after termination of the contract or order. Inquiries and communication will be deleted automatically after ten calendar years.
(vii) The provision of data is obligatory. Without the provision of data, communication is not possible.
(i) The purpose of data processing on our social media pages is to provide you with engaging content and to interact with you on social media platforms. Depending on the social media service, usage data may also be analyzed to improve our social media presence.
(ii) The processed data includes content and usage data on such social media pages.
(iii) Information and data displayed or shared on our social media pages may be accessible to the respective social media platform provider, its users, and us (or commissioned service providers).
(iv) Further details on data processing on the respective social media pages can be found on the respective social media pages and in this privacy policy.
Instagram:
We and Instagram (provided for users in the EU/EEA by Meta Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are jointly responsible for processing personal data on our Instagram page. The agreement on joint controllership is available at: https://www.facebook.com/legal/terms/page_controller_addendum.
According to this agreement, Instagram (provided by Meta) is responsible for informing the affected individuals about data processing. Instagram’s privacy policy can be accessed at: https://help.instagram.com/519522125107875.
Affected individuals may exercise their rights against any of the controllers, including us and/or Instagram (provided by Meta). Further information about the data that Instagram shares with us can be found at: https://de-de.facebook.com/help/instagram/788388387972460?helpref=related.
The legal basis for processing data by us is our legitimate interest in analyzing usage data to improve our Instagram page (Art. 6 (1) (f) GDPR).
To protect your data, we have concluded the EU Standard Contractual Clauses (2021/914; Module 1) with Meta. You may request a copy of the key contractual terms of the EU Standard Contractual Clauses at any time. Additionally, Meta is certified under the EU-US Data Privacy Framework (Article 45 GDPR).
LinkedIn:
We and LinkedIn (for users in the EU/EEA: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) are jointly responsible for processing personal data on our LinkedIn page. The agreement on joint controllership is available at: https://legal.linkedin.com/pages-joint- controller-addendum.
According to this agreement, LinkedIn is responsible for informing affected individuals about data processing activities. LinkedIn’s privacy policy can be accessed at: https://www.linkedin.com/legal/privacy-policy.
Affected individuals may exercise their rights against any of the controllers, including us and/or LinkedIn. Further information about the data LinkedIn shares with us can be found at: https://www.linkedin.com/help/linkedin/answer/4499/viewing-company-page-analytics?lang=en.
The legal basis for processing data by us is our legitimate interest in analyzing usage data to improve our LinkedIn page (Art. 6 (1) (f) GDPR).
To protect your data, we have concluded the EU Standard Contractual Clauses (2021/914; Module 1) with LinkedIn. You may request a copy of the key contractual terms of the EU Standard Contractual Clauses at any time. Additionally, LinkedIn is certified under the EU-US Data Privacy Framework (Article 45 GDPR).
(ii) You have the right to request information at any time about all your personal data which we are processing.
(iii) If your personal data is incorrect or incomplete, you have the right to have it rectified and completed.
(iv) You can request the erasure of your personal data at any time, as long as we are not bound by legal obligations that require or allow us to continue processing your data.
(v) If the applicable legal requirements are met, you can request a restriction to the processing of your personal data.
(vi) You have the right to object to the processing, insofar as the data processing is based on profiling or direct marketing purposes.
(vii) If the processing is carried out on the basis of the balancing of interests, you may object to the processing by stating reasons arising from your particular situation.
(viii) If the data processing takes place on the basis of your consent or a contract, you have the right to a transfer of the data provided by you, insofar as the rights and freedoms of others are thereby not impaired.
(ix) If we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with future effect. The processing carried out prior to a revocation remains unaffected by the revocation.
(x) Moreover, you have the right to file a complaint at any time with a data protection supervisory authority, if you believe that data processing has been carried out in violation of the applicable law.
https://devowl.io/de/rcb/datenverarbeitung/.
The legal bases for processing personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used, as well as the related consents.
The provision of personal data is neither legally nor contractually required, nor is it necessary to conclude a contract. You are not obliged to provide the personal data. However, if you do not provide the personal data, we cannot manage your consents.
