Ochrona danych
1. General notes
We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory national and European regulations as well as the specifications and recommendations of the Schleswig-Holstein State Data Protection Authority responsible for us.
We reserve the right to implement published recommendations of other data protection authorities if, in our opinion, this can better ensure the protection of your personal data. The same applies to publications in literature and case law.
However, please always note that the transmission of data is fundamentally not secure. It can technically not be excluded by us that third parties access your data.
For the sole purpose of better readability, the gender-specific spelling has been omitted. All personal designations in these "Notes on Data Protection" (e.g. customer, person responsible, data subject, data protection officer) are therefore to be understood as gender-neutral.
(1) Scope
This privacy policy applies to all processing of personal data carried out by us or carried out by third parties for us, in particular
- for our online presences (websites, etc.);
- for our social media presences (e.g. LinkedIn, YouTube);
- for communication with you (e.g. messenger services such as WhatsApp or e-mail);
- for data services that we make available to you (e.g. storage space or downloads).
This information relates on the one hand to the processing of personal data on or through our website. On the other hand, you will receive information about the processing of your personal data in other internal and external processes of our company (e.g. when playing videos).
To the extent necessary, you will receive supplementary information on further processing in an appropriate manner. For example, if we use your personal data to register your visit to our site, you will be provided with supplementary information on site.
(2) Contact details of the responsible person
The person responsible for the processing of data on our website within the meaning of the General Data Protection Regulation (DSGVO), other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
CS INSTRUMENTS GmbH & Co. KG
Gewerbehof 14
24955 Harrislee
Deutschland
You can contact us at any time if you have questions about this privacy policy or wish to assert your rights. You can also find the contact details in the imprint.
(3) Contact details of the data protection officer
You - and any other data subject - can contact our data protection officer directly, verbally, in writing or by e-mail at any time with any questions or suggestions regarding data protection.
Bernd Jensen
CS INSTRUMENTS GmbH & Co. KG
Gewerbehof 14
D-24955 Harrislee
Deutschland
Phone +49 461 80 71 50 - 288
Fax +49 461 80 71 50 - 15
www.cs-instruments.com
E-Mail b.jensen@cs-instruments.com
wenden.
2. Definitions
This Privacy Policy or this Privacy Notice uses, among other things, the terms defined in the European General Data Protection Regulation (GDPR), OJ L 119 of May 4, 2016, p. 1-88 (in the version applicable at the time of the preparation of this Privacy Notice) and the German Federal Data Protection Act (BDSG) in the version of June 30, 2017; (BGBl. I p. 2097), last amended Art. 12 G of November 20, 2019; (BGBl. I p. 1626, 1633).
Insofar as supplementary terminology arises from further laws that are used in this data protection declaration or the terms serve the understanding of this data protection declaration, we have also provided supplementary explanations of these in the further text.
(1) personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Art. 4 No. 1 GDPR).
Personal data includes, for example, the name, address, account or telephone number, but also the IP address or ID number.
(2) Person concerned
Data subject is any identified or identifiable natural person whose personal data are processed by the controller (cf. Art. 4 No. 1 GDPR).
The data subject is, for example, the user of the website or the customer, client, patient, etc. of a company.
(3) Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (cf. Art. 4 No. 2 GDPR).
Processing therefore occurs when we collect, pass on, store or delete personal data.
(4) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing (cf. Art. 4 No. 3 GDPR).
If, for example, you contact us and inform us that your data is incorrect, we will restrict the processing of your data in order to check the accuracy of the data (cf. Art. 18 para. 1 lit. b DSGVO).
(5) Profiling
Profiling is any type of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location (cf. Art. 4 No. 4 GDPR).
Profiling would be, for example, assessing your economic situation based on your purchasing behavior.
(6) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be attributed to an identified or identifiable natural person (cf. Art. 4 No. 5 GDPR).
Pseudonymization occurs, for example, when the personal data is replaced by a customer number. Without knowledge of which customer number has been assigned to which customer, it is not possible to assign the data to a specific person (customer).
(7) Anonymization
Anonymization is the complete and irrecoverable removal of the personal reference of the data.
For example, if all customer contact data is overwritten with random numbers and there is no storage of which customer was assigned which number, the data can no longer be assigned to a person.
Anonymized data is not subject to the rules of the GDPR and the BDSG due to the lack of personal reference (cf. recital 26 GDPR).
(8) "Controller" or "Controller of the Processing".
The controller or data processor is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law (see Article 4(7) GDPR).
The person responsible for the processing of data when using the website is the provider of this website (cf. (1) Contact details of the person responsible)
(9) Processor
A processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller (cf. Art. 4 No. 8 GDPR).
We use a so-called hoster, for example, as a processor, i.e. a company that stores our website on its own servers. If you enter your personal data (e.g. name, e-mail address, etc.) via a contact form, for example, this data is stored by the hoster on its server, etc.. The hoster processes the data only in the manner in which we have contractually agreed with him. He therefore processes the data "on our behalf" and is therefore an "order processor".
(10) Receiver
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law are not considered recipients (cf. Art. 4 No. 9 GDPR).
Recipients of this Privacy Policy are, for example, you.
(11) Third
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
A third party is, for example, an authority that accesses data on the basis of a legal authorization (cf. Art. 4 No. 10 GDPR).
(12) Consent
Consent is any expression of will in the form of a declaration or other unambiguous affirmative action made voluntarily by the data subject for the specific case in an informed manner and in an unambiguous manner, by which the data subject indicates that he or she consents to the processing of personal data relating to him or her (cf. Art. 4 No. 11, Art. 7 GDPR).
For example, you give us consent when you place your order - then you consent to us processing the data you provide so that we can also fulfill your order.
(13) Mobile devices
The term "mobile devices" refers to all Internet-capable devices that are not stationary but mobile, i.e., movable. These can be, for example, smartphones, tablets, etc.
(14) Website
By "website" (also: web presence, internet presence, web presence, etc.) we mean the presence of a provider that can be reached under an individual web address. A website can be rendered with browsers. It can be compared to a "house" at a specific address (domain) and usually has several web pages (i.e. "rooms"). In addition to the web application (homepage), other services such as e-mail, storage space, etc. can be used.
(15) IP adress
The IP address is the unique address (e.g. 216.58.190.0) of your computer or terminal device used, similar to a postal address. According to a decision of the European Court of Justice (judgment of 19.10.2016, ref.: C-582/14), IP addresses are personal data (cf. also recital 30 DSGVO). It follows that the GDPR and the BDSG also apply to IP addresses.
The IP address is used to deliver data to your computer. You can find out the IP address of your computer in the network by using the command "ipconfig" or you can also research it online (e.g. at www.heise.de/netze/tools/meine-ip-adresse/) In doing so, your IP address is transmitted to the provider.
(16) Java, JavaScript
Java is a platform-independent programming language developed in 1995 by the US company Sun Microsystems Inc., Santa Clara, USA (today part of Oracle Corporation, Austin, USA), whose language specification is constantly being further developed. Java is used today not only by web browsers, but also in cars, hi-fi systems and other electronic devices.
JavaScript (JS for short) is a scripting language developed by Brendan Eich in 1995 for dynamic HTML in web browsers. JS extends the capabilities of HTML. JavaScript was developed independently of Java and differs in many ways.
(17) Cookies
Cookies are small data packages (small text files consisting of numbers and letters) that are used to store certain information locally on your terminal device for some time.
This can be used, for example, to recognize the user's computer when the page is called up again or to save the contents of a form or shopping cart. Tracking services use cookies to store collected information.
In some cases, cookies are automatically deleted when you close your web browser (so-called transient cookies). These include, in particular, so-called session cookies. These cookies store a so-called session ID, which can be used to assign various requests from your web browser to the current session. This makes it possible to recognize your terminal device when you return to our website. Session cookies are deleted as soon as you log out or close the web browser.
In some cases, cookies are only deleted after a specified period of time (so-called persistent cookies). The storage period varies depending on the cookie.
Technically necessary cookies are required to display the website. These include, for example, shopping cart cookies, login cookies or cookies for language selection.
If you do not agree to cookies being stored, you can deactivate the storage of cookies in the settings of your web browser. You can delete already existing cookies in the settings of your web browser.
You can find help on the settings in the respective help menu of your browser under the following links:
- Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
You can also object to the collection and forwarding of personal data or prevent the processing of this data by disabling the execution of Java Script in your browser (""block""). You can also install script blockers that prevent the execution of codes. Script blockers can be found here, for example:
- addons.mozilla.org/de/firefox/addon/noscript/
- noscript.net
- www.ghostery.com
- chrome.google.com/webstore/detail/umatrix/ogfcmafjalglgifnmanfmnieipoejdcf
Further information on cookies can be found, for example, at Bundesverband Digitale Wirtschaft (BVDW) e. V., Berliner Allee 57, 40212 Düsseldorf, Germany, www.bvdw.org. BVDW e. V. provides additional information on its website at meine-cookies.org.
We use a separate tool to obtain and document any required consent to the processing of cookies. For each cookie, we will provide you with the necessary information so that you can decide whether you agree to the use of the tool.
(18) Cookie Consent Tool
Cookie Consent Tools ("consent") manage the consents you give to use certain technically unnecessary tools.
A pop-up window informs you about the cookies you want before using tools that require cookies. You can then decide whether or not you agree and with which cookies.
Your decision is then stored for a period of up to twelve months. Personal data, such as your IP address - as well as a pseudonymous Uer ID, the time of consent and selection, etc.) are used. This data is stored either in a cookie on your end device or on the server we use.
You can adjust or revoke your consent at any time.
The Cookie Consent Tool is used due to our legitimate interest in operating the website in an efficient manner in compliance with the law. Without its use, it is not possible for us to seek the necessary consents and document the user's decision. We need the documentation pursuant to Art. 5 (2) DSGVO to be able to prove that we operate the website in compliance with applicable law. For more information, please see the explanations of the cookie consent tool used.
(19) Web Beacons
Web beacons are not graphics in HTML e-mails or on Web pages. In most cases, the image is only 1 × 1 pixel in size, often transparent or designed in the color of the background, and thus not or barely visible.
If the document is loaded, the web beacon is loaded from a server and the download is registered there. This can then be used to determine whether the document has been loaded, e.g. whether the e-mail has been opened.
You can prevent the use of web beacons by, for example, opening the email offline, not opening the email as an HTML email, or blocking external graphics with your email program.
You can also use tools that detect and block web beacons, such as.
- Privoxy – www.privoxy.org
- Proxomitron – https://www.proxomitron.info/
For more information, see the explanations of the "web becons" used.
(20) Third countries/third countries, transfer of data to third countries
The term "third countries" refers to all countries that do not belong to the European Union (i.e., Belgium, Bulgaria, Romania, Czech Republic, Denmark, Germany, Estonia, Greece, Spain, France, Ireland, Italy, Cyprus, Latvia, Lithuania, Luxembourg, Hungary, Malta, Netherlands, Austria, Poland, Portugal, Slovenia, Slovakia, Finland and Sweden, as of 12/2022) or the European Economic Area (member states of the EU plus Iceland, Liechtenstein and Norway, as of 12/2022).
Data transfers to third countries/third countries is only lawful according to the strict legal requirements (cf. Art. 44 ff. DSGVO) if
- either the European Commission has determined, pursuant to Art. 45(3) GDPR, that an adequate level of data protection exists in the third country (decisions exist for Andorra, Argentina, Canada (commercial organizations only), Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, Japan and the United Kingdom),
- or if the data recipient provides appropriate safeguards for the protection of the personal data and enforceable and effective legal remedies are available to the data subjects (Art. 46(1) GDPR).
According to Article 46 (2) of the GDPR, such appropriate safeguards include the use of the Commission's standard data protection clauses (Article 46 (2) (c), Article 93 (2) of the GDPR). These standard data protection clauses or standard contractual clauses (SCC) are templates of the EU Commission. You can find these clauses here: eur-lex.europa.eu/eli/dec_impl/2021/914/oj.
The clauses used ensure that personal data is also processed in the third country concerned at a level of data protection equivalent to that in Europe.
A data transfer is also permissible if the data subject has consented to the transfer pursuant to Article 49 (1) (a) of the GDPR or if the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject by the controller with another natural or legal person (Article 49 (1) (c) of the GDPR) or another exception of Article 49 of the GDPR applies.
If we work with providers who are either based in a third country or process data in a third country (e.g. in the USA), we ensure compliance with the legal requirements and check this regularly. We also only work with providers who have concluded the necessary contracts with us.
Should we need or want to deviate from this in exceptional cases, we will inform you accordingly and seek your consent.
3. Rights of the data subject
The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
(1) Right to information according to Art. 15 DSGVO
You may request confirmation from the controller as to whether personal data concerning you is being processed by the controller ("right to confirmation"). Furthermore, you have a right to information about
- the processing purposes
- the categories of personal data that are processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or the restriction of processing by the controller, or a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: All available information about the origin of the data
- the existence of automated decision-making, including profiling pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
Furthermore, you have the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, you also have the right to obtain information about the appropriate safeguards in the context of the transfer.
If you would like to make use of this right to information, you can contact us at any time.
(2) Right to rectification according to Art. 16 DSGVO
You have a right to the immediate correction of incorrect data concerning you and/or the completion of your incomplete data stored by us; the correction or completion must take place immediately.
(3) Right to deletion according to Art. 17 DSGVO
You have the right to request that personal data concerning you be erased immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:
- The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject revokes the consent on which the processing was based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
- The personal data have been processed unlawfully.
- The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) DS-GVO.
If one of the aforementioned reasons applies, and a data subject wishes to arrange for the deletion of personal data stored, he or she may, at any time, contact us.
If the personal data have been made public and our company as the controller is obliged to erase the personal data pursuant to Article 17 (1) of the Data Protection Regulation, we shall implement reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, to inform other data controllers which process the published personal data, that the data subject has requested from those other data controllers the erasure of all links to the personal data or copies or replications of the personal data, unless the processing is necessary.
(4) Right to restriction of processing pursuant to Art. 18 DSGVO
You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse the deletion of your data due to unauthorized data processing and instead request the restriction of the processing of your data, if you need your data for the assertion, exercise or defense of legal claims after we no longer need this data after the purpose has been achieved, or if you have objected on the grounds of your particular situation as long as it has not yet been determined whether our legitimate grounds prevail;
Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted, you will be informed by the controller before the restriction is lifted.
(5) Right to information according to Art. 19 DSGVO
If you have exercised your right to rectification, erasure or restriction of processing, the controller is obliged to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this is impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
(6) Right to data portability according to Art. 20 DSGVO
You have the right to receive your personal data disclosed to us in a structured, common and machine-readable format or to request that it be transferred to another responsible party, insofar as this is technically possible.
(7) Right of revocation pursuant to Art. 7 (3) DSGVO
You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) lit. e or f DSGVO; this also applies to profiling based on these provisions.
You also have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.
If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data for such marketing. This also applies to profiling, insofar as it is associated with such direct advertising. If you object to direct advertising, we will no longer process the personal data for these purposes.
In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) DS-GVO, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, you may contact us directly. You are also free to exercise your right to object in the context of the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
(8) Right to complain pursuant to Art. 77 DSGVO
Without prejudice to any other administrative or judicial remedy or recourse, you have the right to lodge a complaint with a supervisory authority. You may contact the supervisory authority of your place of residence, place of work or place of the alleged infringement if you believe that the processing of personal data concerning you violates data protection rules.
4. Processing of personal data
(1) Legal bases of the processing
The legal basis for processing based on your consent is Art. 6 para. 1 lit. a DSGVO.
If the processing of personal data is necessary for the performance of a contract to which you are a party (e.g. in the case of a purchase or consulting contract), the processing is based on Art. 6 (1) lit. b DSGVO. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c DSGVO.
In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if you were injured during a visit to our company and we then had to pass on your name to a doctor, hospital or other third party, for example. Then the processing would be based on Art. 6 para. 1 lit. d DSGVO.
The processing may also be based on a so-called legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company (e.g. profit-making intention, presentation of the company, etc.) or of a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.
The European legislator takes the view that a legitimate interest is to be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR. The background to this is that a customer must reasonably assume that processing of the data is in the interest of the company if he or she has a (contractual) relationship with the company.
The same applies to the processing of personal data for the prevention of fraud, etc. (cf. (cf. EC 47, sentence 6) and for direct marketing purposes (cf. EC 47, sentence 7).
(2) Storage duration
In principle, we only store personal data for as long as the storage is necessary ("storage period"). After expiry of the period, the data is deleted automatically.
The necessity of storage also depends on legally prescribed retention periods. These may be, for example, tax regulations or regulations under commercial law. Retention periods may also result from contractual regulations (e.g. information on the contractual partner).
Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.
5. Data processing when visiting our website
(1) Automated acquisition
Each time you visit our website, our system automatically collects data and information that your browser transmits to our server (so-called "server log files"). The following technically necessary data is collected:
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which other website you came to our website
- Meta and communication data (information about the system used, operating system, browser used, IP addresses, etc.).
The legal basis for the processing is Art. 6 (1) lit. f DSGVO due to our legitimate interest in improving the stability and maintaining the functionality of our website.
The data is not passed on or used in any other way. The temporary storage of the IP address by the system is necessary to enable delivery of our website to your computer ("client"). For this purpose, the IP address of the user must remain stored for the duration of the session.
We reserve the right to check the server log files retrospectively if there are concrete indications of illegal use. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Longer storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, there is also no possibility to object. If you do not agree with the processing of this data, you therefore only have the option to completely refrain from using and visiting our website.
If you still want to order something, please contact us using the contact details provided in the imprint so that we can find a solution together.
(2) External hosting
Our website is technically maintained and stored by an external service provider ("hoster"). The personal data collected on this website is therefore stored directly on the hoster's servers and not on servers held directly by us.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in our interest in a secure, fast and efficient provision of our online offer as well as the presentation of our company and our services by a professional provider (so-called "legitimate interest" within the meaning of Art. 6 para. 1 lit. f DSGVO).
When weighing our interests against your interests, in particular your right to informational self-determination, we have come to the conclusion that our interests prevail; the interference with your rights is minor. You are also free to use our offer and disclose data.
Our hoster processes your data only to the extent necessary to fulfill its contractual service obligations. We have concluded a contract with the hoster for the processing of personal data on our behalf (so-called "order processing contract") and thus comply with the strict requirements of the German Data Protection Regulation, the German Federal Data Protection Act and other laws (e.g. Telemedia Act, Telecommunications Act, Telecommunications Telemedia Data Protection Act). Processing of the data by the hoster is only carried out on our instructions and within the framework of the applicable laws.
We work together with the hoster domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany.
(3) Cookie Consent Tool
We use a cookie consent tool on our website based on Typo3. You can find more information on the manufacturer's website, or under point 6. in this privacy policy.
(4) TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses TLS encryption.
TLS (Transport Layer Security) is an encryption technology that enables secure access to the Internet. TLS has a so-called end-to-end encryption; i.e. the information is encrypted at the sender (e.g. a client) before it is sent and only decrypted at the recipient (e.g. a web server). This is made possible by asymmetric encryption of the information and the exchange of a common symmetric session key between the communication partners. Only the communication partners can decrypt the information, since the encryption technologies also check the authenticity of the communication partners and they must first acquire the corresponding certificates from a special certification authority.
Data that you transmit via this website cannot be read by third parties due to SSL encryption. You can recognize the encryption of our website by the fact that you call it up with "https://". You can also recognize the use of the technology by a small lock symbol in your browser."
The certificate we use was issued by the certification authority Let's Encrypt (LE), 548 Market St, PMB 77519, San Francisco, CA 94104-5401, USA.
The certification body may process your IP address. Information on data protection and data processing can be found on the website of the certification body letsencrypt.org/privacy/
6. Website modular system
We use a content management system (abbreviation: "CMS") of the TYPO3 Association, Gewerbestr. 10, 4450 Sissach, Switzerland for the design of our website.
With the help of the CMS we can use many functions for our website and webshop without any programming effort.
CMS process technical data such as operating system, browser, language and keyboard settings as well as personal data (e.g. IP address).
The legal basis for the processing of personal data is our legitimate interest in making our website efficient and effective (Art. 6 para. 1 lit. f DSGVO). When weighing our interests against your interests, in particular your right to informational self-determination, we have come to the conclusion that our interests prevail; the interference with your rights is minor. You are also free to use our offer and to disclose data. Insofar as the CMS uses cookies, you also have the option to object to their use.
Further information on data protection can be found on the website and in the privacy policy of the provider typo3.org.
7. Website functions
(1) Collection of general data and information
Our website collects a series of general data and information with each call of the website by you or an automated system. This general data and information is stored in the log files of the server. The following can be recorded
- browser types and browser versions used,
- the operating system used by the accessing system,
- the website from which an accessing system arrives at our website (so-called referrer URL),
- the sub-websites that are accessed via an accessing system on our website,
- the date and time of an access to the website,
- an Internet Protocol (IP) address,
- the Internet service provider of the accessing system and
- other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
This data is not merged with other data sources. The data is anonymized.
The basis for data processing is Art. 6 (1) lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. Insofar as you do not enter into a contract with us or no pre-contractual measures are necessary, we process the data on the basis of Art. 6 (1) f DSGVO (so-called "legitimate interest").
We do not use the above information to draw conclusions about the data subject, but to
- to deliver the contents of our website correctly,
- to optimize the content of our website and the advertising for it,
- to ensure the long-term functionality of our information technology systems and the technology of our website, and
- to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.
Therefore, the data and information collected anonymously will be used for statistical purposes only and for the purpose of increasing the data protection and data security of our enterprise so as to ensure an optimal level of protection for the personal data we process.
The anonymous data of the server log files are stored separately from all personal data provided by you. It is therefore not possible to draw any conclusions about you. We can therefore not determine, for example, which browser type you are using. We only have data on which browser types were used by visitors during a certain period.
If, for example, a visitor logs into the customer area incorrectly several times, we store the IP address - which is a personal data - in order to detect (hacker) attacks on our system and ward them off in good time.
(2) Contact form, contact options
Due to legal requirements, the website contains information that enables a quick electronic contact to our company as well as an immediate communication with us, which also includes a general address of the so-called electronic mail (e-mail address).
If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. No disclosure of this personal data to third parties will take place.
If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested.
The data you send us via contact requests will be stored by us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular legal retention periods - remain unaffected.
(3) Newsletter and email marketing
If you would like to receive the newsletter offered on this website, we require an e-mail address from you in order to send the newsletter. The e-mail address will be used by us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter (so-called "double opt-in procedure"). This means that we will send you an e-mail after your registration and you confirm the legitimacy of the use of the data. Further data will not be processed or only with your consent. We use this data exclusively for sending our newsletter and do not pass this data on to third parties.
The processing of the data entered in the newsletter registration form is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. We will then not send you any further newsletters in the future.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from us or the newsletter service provider and will be deleted from the newsletter distribution list after unsubscribing from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO.
After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data.
This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
(4) Video
We use the platform of the provider Google Ireland Limited or Google Germany GmbH, ABC-Straße 19, 20354 Hamburg, Germany, for the integration and provision of videos.
For more information on the processing of your data and your rights, please visit the website of the provider www.youtube.com, in particular the notes on data protection https://policies.google.com/privacy .
We only embed videos with a "no-cookie" script. This is a code for embedding including the corresponding URL, which allows website operators to integrate videos on their websites without tracking cookies. The code must be generated and inserted for each embedded video.
The use of YouTube Nocookie prevents the disclosure of personal data to third parties (such as advertising services).
However, we cannot exclude the possibility that other cookies may continue to collect data and forward it to third parties, e.g. to Google servers.
The legal basis for the processing is our legitimate interest (cf. Art. 6 (1) sentence 1 lit. f DSGVO) in an effective and efficient provision of videos to present our company and our products. As far as possible and reasonable, we only use the videos if you have expressly consented to this beforehand (cf. Art. 6 para. 1 sentence 1 lit. a DSGVO). If this is not possible because, for example, a video is used to display our website - e.g. in the header of a page - we make sure that apart from your IP address, which is necessary for the delivery of the video - no other personal data is processed. The contracts required under data protection law have been concluded by us; compliance with data protection regulations by the provider is checked by us on a regular basis - usually annually by a data protection auditor commissioned by us.
Your data may also be processed in the USA; please refer to our notes (No. 5 (21)above "Third countries/third countries, transfer of data to third countries").
(5) Appointment planner, appointment booking
You can book an appointment for a meeting etc. that suits you via our website. For online appointment scheduling, we use the tool Microsoft Bookings of the provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The processing takes place
The processing is based on our legitimate interest (Art. 6 para. 1 lit. f DSGVO); we have a legitimate interest in making scheduling efficient. Further information on data protection can be found on the website privacy.microsoft.com/de-de/privacystatement. We have concluded the contracts required under the DSGVO (order processing contract).
If and insofar as you contact us to make an appointment within the framework of an existing or desired consulting contract, the data processing is based on Art. 6 para. 1 sentence 1 lit. b DSGVO (contract performance and initiation),
If and insofar as you communicate personal data that is not required for purely contact purposes, you provide this data voluntarily in each case and expressly consent to its transmission - otherwise you are better off leaving it out.
In any case, make sure that you use as little personal data as possible - i.e. usually only the data that is required for us to contact you (surname, first name, e-mail address, telephone number). If possible, describe your request only roughly so that no personal data is communicated uselessly here either.
(6) Registration Leak Reporter
Via the website www.leak-reporter.com, registered users have access to various information, such as learning programs, downloads such as software updates, and to products. They can also save or delete "Leak Reporter" data in a database. If additional products and authorizations are required, you can contact us at any time using the contact form.
Insofar as videos via YouTube are integrated for the presentation of information or for the support of learning, please also note the data protection information on YouTube here in the privacy policy.
For registration with leak-reporter.com, the required contact data (e-mail, company, etc.) that you provide during the registration process are processed to set up and secure the registration. The processing is based on Art. 6 para. 1 sentence 1 lit. b and f (contract initiation, fulfillment, legitimate interest). The data is deleted in compliance with the legally prescribed retention periods.
Further personal data, e.g. the users, companies, roles and authorizations created by you are processed, in particular stored, in the same way as they are specified by you. You can make changes and solutions at any time within the scope of a valid access.
8. Tools
(1) Google Fonts
We use Google Fonts of the US company Google LLC, 1600 Amphittheatre Parkway, Mountain View, 94043 California, United States of America (USA) on our website. Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland is responsible for the European area, which is represented in Germany by Google Germany GmbH, ABC-Straße 19 in 20354 Hamburg (phone +49 (0) 40 8081 79 000, e-mail support-deutschland@google.com) and is also authorized to deliver.
Google Fonts is a directory of about 800 fonts that are provided free of charge. The fonts are optimized for the web and for use on mobile devices.
When you visit our website, the required fonts are reloaded through a Google server via the domains fonts.googleapis.com and fonts.gstatic.com if they are not already present on the device you are using.
By loading the fonts via the server or the Content Delivery Network (CDN) of Google, we do not have to load the fonts on our server and thus save data volume. This makes the display of our website faster and we can also optimize the quality of the display of our website.
We also avoid that errors occur due to the use of different browsers, operating systems and mobile devices by visitors to our website and that, for example, texts or web pages are visually distorted or cannot be displayed correctly.
In order for the fonts to be displayed optimally in your browser, your IP address is transmitted to Google. In addition to the IP address, Google also recognizes which website you are visiting - i.e. for which website the fonts are requested. In addition, the Google request also includes information about the language used, the version and type of browser used, and the screen resolution.
According to Google, Google does not store cookies in your browser or on your terminal device and stores the fonts separately from other Google services.
According to Google, the requests are stored for one day, fonts are stored for one year.
If you want to delete or have the data deleted prematurely, you must contact Google Support (support.google.com.
The legal basis for the processing of your personal data (in particular the IP address) is Art. 6 para. 1 lit. f DSGVO (so-called legitimate interest). We have an interest in presenting our website optimally and quickly and in reducing (chargeable) data volume on our server.
If Google wants to store data on your terminal device (e.g. cookies), we ask for your consent before storing the data. For this purpose, we use a so-called Consent Tool. You can find further information on this in this privacy policy.
You can also read more information from Google about the scope of the data collected and how it is used at policies.google.com/privacy/.
(2) Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables us to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, duration of visit, operating systems used and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) a DSGVO; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: privacy.google.com/businesses/controllerterms/mccs/.
We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout. For more information on how Google Analytics handles user data, please see Google's privacy policy: support.google.com/analytics/answer/6004245.
We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics. However, we would like to point out that we have no actual influence on Google's data processing. Nor can we prevent US government authorities from accessing data without our or your knowledge or consent. Nor can we guarantee that you will be able to effectively defend yourself against government measures in the USA with legal assistance.
Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link: support.google.com/analytics/answer/7667196
This website also uses the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".
(3) Google Tag Manager
We use the Google Tag Manager of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. According to the provider, the Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It is only used for the administration and playout of the tools integrated via it.
The legal basis for processing is our legitimate interest in effective and efficient integration and management of the tools used (Art. 6 para. 1 lit. f DSGVO). If consent has been given via the Consent Management Tool (see Chapter 7.2), processing is carried out exclusively on the basis of Art. 6 (1) lit. a DSGVO and Section 25 (1) TTDSG, insofar as the consent permits the storage of cookies or access to information in the user's terminal The consent can be revoked at any time with effect for the future. For more information, see chapter 5.7 and the notes of the Consent Management Tool.
(4) Facebook Pixel
This website uses the visitor action pixel from Facebook for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
This allows the behavior of page visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: www.facebook.com/legal/EU_data_transfer_addendum and de-de.facebook.com/help/566994660333381.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
You can find more information about protecting your privacy in Facebook's privacy notices: de-de.facebook.com/about/privacy/.
You can also disable the "Custom Audiences" remarketing feature in the Ad Settings section at www.facebook.com/ads/preferences/. To do this, you must be logged into Facebook.
If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: www.youronlinechoices.com/de/praferenzmanagement/.
(5) Facebook Conversion API
We have integrated Facebook Conversion API on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
Facebook Conversion API allows us to record the website visitor's interactions with our website and pass them on to Facebook in order to improve advertising performance on Facebook.
For this purpose, in particular, the time of the call, the website called up, your IP address and your user agent as well as, if applicable, further specific data (e.g. products purchased, value of the shopping cart and currency) are recorded. A complete overview of the data that can be collected can be found here: developers.facebook.com/docs/marketing-api/conversions-api/parameters.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: www.facebook.com/legal/EU_data_transfer_addendum and de-de.facebook.com/help/566994660333381.
You can find further information on protecting your privacy in Facebook's privacy policy: de-de.facebook.com/about/privacy/.
Order processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
9. Social Media
(1) General
Social media channels are platforms (website or apps) through which logged-in or registered users can provide content and share it with the general public of users or in groups to which only certain users have access, and can also network with other users.
We use social media channels to present and optimize our business services, for advertising and marketing purposes, and to maintain contact with our visitors, interested parties, applicants, partners, and suppliers.
When you use our social media channel, personal data that you provide, such as title, gender, name, e-mail addresses, contact data, etc.) and other personal data (e.g. data on usage behavior, IP address) are processed, i.e. collected, stored, evaluated, deleted, etc.). If you share media, e.g. publish photos, texts or videos, these are usually stored by the provider. The processing is carried out by the provider of the social media channel.
The data is analyzed by the provider for the purpose of, among other things, developing marketing and advertising strategies for the provider itself or for other companies and drawing conclusions about your interests, needs and purchasing behavior.
As a rule, cookies are stored on your mobile device for this purpose.
We therefore also provide you with information on cookies and the rights to which you are entitled in this data protection declaration; the information and notices (e.g. on the right to object) naturally apply.
We recommend that you also carefully read the provider's data protection information and declarations. There you will also receive the necessary information about which data is processed, how long data is stored and what rights you have vis-à-vis the provider. Only use the social media channel if you have read and understood the data protection information.
We ourselves have no significant influence on the processing of data at the respective provider. In particular, we do not know whether and how the data is processed, especially whether data is passed on to affiliated or third-party companies, but must rely on the information provided by the provider. We also cannot ensure that the data is not processed in third countries outside the EU for which an adequate level of protection for your data is not or cannot be ensured. A review or audit, if necessary also on site, is usually refused by the providers.
Therefore, inform yourself about other possible risks when you make your data available to third parties or the public (totality of all users of a social media channel).
Often you can no longer delete data completely if you want to - e.g.
- because another user has stored the data in such a way (e.g. on his local storage medium) that it cannot be accessed by you, or
- because you have no knowledge of the user, storage and location.
Therefore, please handle your and other people's (especially children's) data responsibly. If you yourself maintain a profile with a social media channel provider, the personal data generated by the use of our social media channel may also be linked to your profile by the provider.
The personal data can also - depending on the social media channel or provider - be perceived by other users of the channel and possibly also processed for their own purposes. With some providers, you can decide yourself in the settings provided which personal data can be seen by third parties. Find out how you can protect your personal data.
We assume that you are aware that your personal data is always at risk when using the Internet. We therefore strongly recommend that you also take care of your personal data yourself.
You should also only disclose personal data of third parties with their prior consent (e.g. in the case of images or texts).
(2) Contract with the provider for the protection of your personal data
The European Court of Justice has ruled in its judgment of 29.07.2019 (case number C-40/17 - Fashion ID - published in the ECJ digital collection curia.europa.eu/juris/liste.jsf) that in certain cases the operator of the social media platform is jointly responsible with the website operator within the meaning of Article 26 GDPR.
Where this is the case, we have concluded a corresponding agreement with the provider. We process the personal data in compliance with the agreement. Insofar as the provider makes the contract text publicly available, we have linked it for you below. You can then also use the text of the contract to check whether you accept data processing. If you do not agree, please do not use the channel.
(3) Legal bases of the processing
If you have consented to the processing of your data, this consent is also the legal basis for data processing (Art. 6 (1) a, Art. 4 No. 11, Art. 7 DSGVO) when using the social media channel. In addition, your data will also be processed on the basis of our legitimate interest (Art. 6 (1) lit. f DSGVO) in fast and good communication with you or others. We have designed our website and the integration of the social media channels in such a way that you are informed in good time (i.e. when you click a button, for example) that data will be transferred to the provider.
As a matter of principle, we only use social media channels in such a way that your data is only transferred to the provider if you have given your consent.
(4) Possible data processing in third countries
We cannot rule out the possibility that personal data may also be processed in third countries, in particular the USA. Please also refer to our information on data processing in third countries (see above).
(5) Channels used
In the following compilation you will find more information about the channels we use:
i. xing
- Provider: Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany
- Information on data processing and data protection: privacy.xing.com/de/datenschutzerklaerung
ii. LinkedIn
- Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California, CA 94043, USA
- Information on standard contractual clauses: https://de.linkedin.com/legal/l/dpa, www.linkedin.com/legal/l/eu-sccs
- Information on data processing and data protection: https://www.linkedin.com/legal/privacy-policy
10. Applications, recruitment
We offer you the possibility to contact us by
- Applicant form on our website
- Contact via SocialMedia
- By mail
- personal visit
- by phone
to apply. The contact details can be found in this privacy policy (above) and in the imprint of this website.
If you apply to us, we process your associated personal data (e.g. surname, first name, communication data, application documents, etc.) only insofar as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is § 26 para. 1 sentence 1 BDSG, Art. 6 para. 1 lit. b DSGVO.
If the application is successful, your data will be processed by us on the basis of Section 26 (1) BDSG and Art. 6 (1) lit. b DSGVO for the purpose of implementing the employment relationship.
If we are unable to make you a contractual offer, if you reject the offer or withdraw your application, we will retain the data you have provided on the basis of our legitimate interests (Art. 6 Para. 1 lit. f DSGVO) for up to 6 months from the termination of the application process (rejection or withdrawal of the application). After that, the data will be deleted and the physical application documents destroyed.
Retention serves in particular as evidence in the event of a legal dispute. If it is evident that the data will still be required after the expiry of the period (e.g. due to an impending or existing legal dispute), the data will only be deleted when the purpose for further storage has ceased to exist and when no legal or officially ordered storage obligations prevent the deletion.
11. Minors
Our Services are not directed to children under the age of 13. We do not knowingly collect information from children under 13. If you are under the age limit, do not use the Services or provide us with your personal information. If you are a parent of a child under the age limit and you become aware that your child has provided us with personal information, contact our Privacy Officer (see above for contact information) or us immediately.
12. Copyright of the privacy policy
The data protection declaration was created by the data protection officer and lawyer Michael F. Ochsenfeld, Hildesheim, Germany www.ochsenfeld.com.
If you are of the opinion that the data protection declaration is incorrect, in particular incomplete, please contact us so that we can remedy the situation without delay.