TYPES OF DATA PROCESSED
• Inventory data (e.g. personal master data, names or addresses)
• Contact details (e.g. e-mail, telephone numbers)
• Content data (e.g. text input, photographs, videos)
• Usage data (e.g. websites visited, interest in content, access times)
• Meta/communication data (e.g. device information, IP addresses)
CATEGORIES OF DATA SUBJECTS
Visitors and users of the online offer (hereinafter, we also refer to the data subjects collectively as “users”).
PURPOSE OF PROCESSING
• Provision of the online offer, its functions and contents
• Responding to contact requests and communicating with users
• Security measures
• Reach measurement/marketing
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data.
“Pseudonymisation” Processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” Any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
AUTHORITATIVE LEGAL BASIS
In accordance with Art. 13 DSGVO, we inform you about the legal basis of our data processing. For users from the area of application of the General Data Protection Regulation (GDPR), i.e. the EU and the EEC, the following applies if the legal basis is not mentioned in the data protection declaration: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO; The legal basis for processing for the fulfilment of our services and implementation of contractual measures as well as answering enquiries is Art. 6 para. 1 lit. b DSGVO; The legal basis for processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c DSGVO; In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 para. 1 lit. d DSGVO serves as the legal basis. The legal basis for the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6(1)(e) DSGVO. The legal basis for processing to protect our legitimate interests is Art. 6 (1) lit. f DSGVO. The processing of data for purposes other than those for which they were collected is determined by the requirements of Art. 6 (4) DSGVO. The processing of special categories of data (in accordance with Art. 9 (1) DSGVO) is governed by the provisions of Art. 9 (2) DSGVO.
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects’ rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account in the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
COOPERATION WITH PROCESSORS, JOINT CONTROLLERS AND THIRD PARTIES
If, in the course of our processing, we disclose data to other persons and companies (order processors, jointly responsible persons or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we disclose or transfer data to other companies in our group of companies or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis that complies with the legal requirements.
TRANSFERS TO THIRD COUNTRIES
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or if this is done in the context of using third-party services or disclosing, or transferring data to other persons or companies, this is only done if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the legal requirements are met. I.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognized special contractual obligations. (Standard Contractual Clauses)
ACCESS TO AND STORAGE OF INFORMATION IN TERMINAL EQUIPMENT
By using our website, information (e.g. IP address) may be accessed or stored (e.g. cookies) in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.
In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of § 25 para. 1 p. 1, par. 2 No. 2 TTDSG.
In cases where such a process serves other purposes (e.g. the needs-based design of our website), it is carried out on the basis of § 25 para. 1 TTDSG only with your consent in accordance with Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time for the future. The requirements of the DSGVO and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.
For further information on the processing of your personal data and the relevant legal bases in this context, please refer to the following sections on the specific processing activities on our website.
This website is hosted by an external service provider (hoster). This website is hosted by Host Europe GmbH, Hansestraße 111, 51149 Cologne in Germany. Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, website traffic and other data generated through a website.
We collect the listed data in order to be able to guarantee a smooth connection setup of the website and a technically error-free provision of our services. The processing of this data is strictly necessary to provide you with the website. The legal basis for processing the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 para. 1 lit. f DSGVO.
We have concluded an order processing contract with the provider in accordance with the requirements of Art. 28 DSGVO, in which we oblige the provider to protect our customers’ data and not to pass it on to third parties.
When you access our website, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
• Date and time of the request
• Name of the requested file
• Page from which the file was requested
• Access status
• Web browser and operating system used
• (Complete) IP address of the requesting computer
• Transmitted data volume
We collect the listed data in order to be able to guarantee a smooth connection setup of the website and a technically error-free provision of our services. The processing of this data is strictly necessary to provide you with the website. The log files are used to evaluate system security and stability as well as for administrative purposes. The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f DSGVO.
Our website uses so-called “cookies”. Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behaviour or display advertising.
The processing of data through the use of strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO in the technically error-free provision of our services. For details on the processing purposes and legitimate interests, please refer to the explanations on the specific data processing.
The processing of personal data through the use of other cookies is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time for the future. Insofar as such cookies are used for analysis and optimisation purposes, we will inform you separately about this within the framework of this data protection declaration and obtain your consent in accordance with Art. 6 para. 1 lit. obtain from the GDPR.
You can set your browser so that you
• Be informed about the setting of cookies,
• Allow cookies only in individual cases,
• Exclude the acceptance of cookies for certain cases or in general,
• Activate the automatic deletion of cookies when closing the browser.
The cookie settings can be managed under the following links for the respective browsers:
• Google Chrome
• Mozilla Firefox
• Edge (Microsoft)
You can also manage cookies of many companies and functions used for advertising individually. To do this, use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also offer a so-called “do-not-track function”. When this function is activated, the respective browser tells advertising networks, websites and applications that you do not want to be “tracked” for behavioural advertising and the like.
For information and instructions on how to edit this function, depending on your browser provider, see the links below:
• Google Chrome
• Mozilla Firefox
• Edge (Microsoft)
Please note that if you deactivate cookies, the functionality of our website may be limited.
CHANGE COOKIE SETTINGS
You can revoke or change your cookie settings at any time. To do this, call up the cookie settings again via our integrated thumbprint. You can find this at any time at the bottom left of the website.”
Or you can revoke or change your cookie settings at any time. To do this, call up the cookie settings (Cookie Box) again via this link.
DATA PROTECTION INFORMATION IN THE APPLICATION PROCEDURE
If you apply to us via our contact form or by e-mail, we collect personal data. This includes, in particular, your contact details (such as first and last name, telephone number and e-mail address of the user) as well as other data provided by you regarding your career (e.g. CV, qualifications, degrees and professional experience) and your person (e.g. covering letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability).
As a rule, your personal data will be collected directly from you as part of the application process and encrypted during electronic transmission. The primary legal basis for this is § 26 para. 1 BDSG. In addition, consent can be granted in accordance with the Art. 6 para. 1 lit. a DSGVO i. V. m. § 26 Abs. 2 BDSG can be used as a permission provision under data protection law. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.
Where provided, applicants may submit their applications to us using an online form on our website. The data is transmitted to us encrypted according to the state of the art. Furthermore, applicants can send us their applications via e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We can therefore not assume any responsibility for the transmission path of the application between the sender and the reception on our server and therefore rather recommend using an online form or postal dispatch. Because instead of applying via the online form and email, applicants still have the option of sending us their application by post.
Within our company, only those persons and departments (e.g. Human Resources) have access to your personal data that absolutely need it to carry out the application process or to fulfil our legal obligations. If necessary, your applications will be forwarded to the relevant responsible persons for consideration. Under no circumstances will your personal data be passed on to third parties without authorisation.
The data provided by applicants may, in the event of a successful application, be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a vacancy is not successful, the applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Subject to a justified revocation by the applicant, the deletion takes place after the expiry of a period of six months so that we can answer any follow-up questions about the application and satisfy our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user’s details are used to process the contact enquiry and handle it in accordance with the German Data Protection Act. Art. 6 para. 1 lit. b. (in the context of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. (other requests) DSGVO processed. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable enquiry organisation. We delete the requests if they are no longer necessary or if you object. We review the necessity every two years; Furthermore, the legal archiving obligations apply.
If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail address as mandatory information. Additional data is provided in order to be able to address you personally in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.
We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you our newsletter by e-mail once you have expressly confirmed that you consent to receiving newsletters. In the first step, you will receive an email with a link that you can use to confirm that you, as the owner of the corresponding email address, want to receive newsletters in the future. We base the processing of your data on your consent in accordance with Art. 6 para. 1 lit. a DSGVO.
When you register for the newsletter, we store, in addition to the e-mail address required for sending, the IP address via which you registered for the newsletter, as well as the date and time of registration and confirmation, in order to be able to trace possible misuse at a later date. You can unsubscribe from the newsletter at any time via the link included in each newsletter or by sending an email to the responsible person named above. After unsubscribing, your email address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise permitted by law.
We also process your data for the analysis of newsletter campaigns. For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type and operating system). This data is used exclusively for the analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
Our email newsletters are sent via the technical service provider HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild St, North Dock, Dublin, D01 R8H7 Dublin (“HubSpot”), to whom we pass on the data you provided when registering for the newsletter. Since personal data may be transferred to the USA, we obtain your consent to the data transfer to the USA in advance (Art. 49 para. 1 p. 1 lit. a DSGVO). For the USA, there is currently no adequacy decision by the EU Commission, i.e. no level of data protection corresponding to EU standards can be ensured. This can result in risks such as access to data by the authorities and making it more difficult to enforce your rights as a data subject. You can revoke your consent at any time with effect for the future. In addition, we have concluded standard data protection clauses with the provider pursuant to Art. 46 para. 2 lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe.
USING THE SalesViewer® TECHNOLOGY
On this website, data is collected and stored for marketing, market research and optimisation purposes using the SalesViewer® technology of SalesViewer® GmbH on the basis of the legitimate interests of the website operator (Art. 6 para.1 lit.f DSGVO).
The data stored within the framework of Salesviewer will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.
You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection of data by SalesViewer® within this website in the future. This places an opt-out cookie for this website on your device. If you delete your cookies in this browser, you must click this link again.
As a transfer of personal data to the US takes place, further safeguards are required to ensure the level of data protection of the GDPR. To ensure this, we have concluded standard data protection clauses with the provider pursuant to Art. 46 para. 2 lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be guaranteed by this contract extension, we will seek additional arrangements and commitments from the recipient in the US.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Deletion of user and event level data linked to cookies, user identifiers (e.g. user ID) and advertising IDs will take place no later than 14 months after their collection.
GOOGLE UNIVERSAL ANALYTICS
We use Google Analytics in the form of “Universal Analytics”. “Universal Analytics” refers to a procedure of Google Analytics in which user analysis is carried out on the basis of a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of different devices (so-called “cross-device tracking”).
As a transfer of personal data to the US takes place, further safeguards are required to ensure the level of data protection of the GDPR. To ensure this, we have concluded standard data protection clauses with the provider pursuant to Art. 46 para. 2 lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. We assess whether the conclusion of standard contractual clauses is sufficient or whether additional measures are required in the sense of the “Schrems II” decision of the European Court of Justice as part of an ongoing review and ensure an adequate level of data protection through further measures if necessary.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The data will be deleted no later than 13 months after it has been collected. You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies accordingly through your browser settings. You can object to the processing of your personal data at any time with effect for the future.
ONLINE PRESENCE IN SOCIAL MEDIA
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. We would like to point out that user data may be processed outside the European Union. This may result in risks for the users, because it could, for example, make it more difficult to enforce the rights of the users. With regard to US providers, we point out that they thereby undertake to comply with EU data protection standards. Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behaviour and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behaviour and the interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them). The processing of the users’ personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 para. 1 lit. f. DSGVO. If the users are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO. For a detailed description of the respective processing and the opt-out options, please refer to the information of the providers linked below. In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
• Opt-out: https://twitter.com/personalization
• Opt-out: https://adssettings.google.com/authenticated
• Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
https://www.linkedin.com/legal/privacy-policy und https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de
• Opt-Out: https://nats.xing.com/optout.html?popup=1&locale=de_DE
INTEGRATION OF THIRD PARTY SERVICES AND CONTENT
We use content or service offers from third-party providers, such as videos or fonts, within our online offer on the basis of our legitimate interests or your consent. This always assumes that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is thus required for the display of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources.
On our website, we integrate videos from “YouTube”, a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). The legal basis for the processing of your personal data is your consent granted for this purpose in accordance with Art. 6 (1) lit. a DSGVO.
As a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, Google uses standard data protection clauses in accordance with Art. 46 (2) lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the USA.
Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/privacy?hl=de&gl=de
WEBFONTS FROM FONTS.COM
As far as necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes, among other things, the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations resulting from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods prescribed there for storage or documentation are two to ten years.
Finally, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years.
Below you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:
The right to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
The right to request the correction of inaccurate or incomplete personal data stored by us without delay in accordance with Art. 16 DSGVO.
The right to request the erasure of your personal data stored by us in accordance with Art. 17 DSGVO, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
The right to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO.
The right, in accordance with Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.
The right to complain to a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you can contact the supervisory authority of the federal state where our registered office is located or, if applicable, that of your usual place of residence or workplace.
The right to revoke consent given in accordance with Art. 7 para. 3 DSGVO: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of the consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
RIGHT OF OBJECTION
Insofar as your personal data is used by us on the basis of legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation.
If you wish to exercise your right of revocation or objection, simply send an e-mail to: email@example.com.
The provision of personal data for the decision on the conclusion of a contract, the fulfilment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the performance of the contract or pre-contractual measures.
AUTOMATED DECISION MAKING
Automated decision-making or profiling in accordance with Art. 22 DSGVO does not take place.
SUBJECT TO CHANGE
We reserve the right to adapt or update this data protection declaration if necessary in compliance with the applicable data protection regulations. In this way, we can adapt them to the current legal requirements and take into account changes in our services, e.g. when introducing new services. The current version applies to your visit.
Status of this data protection declaration: 02.08.2022