Data protection at the Wichtel Akademie München

The protection and security of personal data is a high priority for us. Below we inform you about which data is collected when and for what purpose and what rights you have as a data subject. Our privacy policy can be accessed at any time at https://www.wichtel-muenchen.com/de/datenschutz/

1. Controller and data protection officer

1.1 Contact details of the controller

The controller within the meaning of the General Data Protection Regulation and the Federal Data Protection Act is

Wichtel Akademie München GmbH
Herzog-Wilhelm-Straße 26
80331 München
Germany
(hereinafter referred to as "we" or "Wichtel Akademie")

The full details of Wichtel Akademie München GmbH can be found in the legal notice of this website.
If you have any general questions or suggestions regarding data protection, please send an e-mail to info@wichtel-muenchen.com.

1.2 Contact details of the data protection officer

The external data protection officer of the controller is

Felix Leicht
Lawyer | Data Protection and IT Security Officer (TÜV)
Rettenbergerstraße 28
87561 Oberstdorf
E-mail: datenschutz@wichtel-muenchen.com

2. General information on data processing by the controller

2.1 Scope of the processing of personal data

We only process our users' personal data to the extent necessary to provide a functional website and our content and services. The processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2.2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a) EU General Data Protection Regulation (hereinafter referred to as GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c) GDPR is the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR.

2.3 Data erasure and storage duration

The personal data of the data subject will be erased as soon as the purpose of storage no longer applies. Beyond this, data can only be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

2.4 Obligation to provide personal data

The provision of personal data is not required by law or contract for the use of our website.

However, in some of the cases mentioned in this data protection information, it is necessary to provide personal data. This applies in particular to the conclusion of a contract, registration for the newsletter and the processing of inquiries via the contact channels provided by us.

When collecting personal data in each case, we will inform you in the respective context which data is required (e.g. by marking it as mandatory information*). Without this required data, we cannot provide the respective service, e.g. we cannot send you a newsletter or respond to your inquiries.

2.5 No automated decision-making

We do not use automated decision-making or profiling in accordance with Art. 22 (1) and (4) GDPR.

2.6 Recipients of the data

Your data will only be processed by employees who need it to perform their tasks. Data will only be transferred to recipients outside the company if this is permitted or required by law, if the transfer is necessary, if we have your consent or if we are authorized to provide information. Under these conditions, the following categories of recipients of personal data may exist:

  • Public bodies and institutions (e.g. tax office, LHS Munich, municipalities) in the event of a legal or official obligation
  • Recipients to whom the transfer is directly necessary for the processing of the application procedure or a contractual relationship, such as financial service providers or affiliated companies
  • Insurance companies
  • Tax consultants, auditors and lawyers
  • Processors by category: IT service providers (e.g. maintenance, hosting service providers), software service providers (e.g. HR administration and financial software), communication companies (e.g. email service providers)

2.7 Data security

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

2.8 Definitions

Our privacy policy should be simple and understandable for everyone. The privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

3. Data processing

3.1 Server log files

When you visit our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status
  • Web browser and operating system used
  • (Full) IP address of the requesting computer
  • Amount of data transferred

We collect the data listed in order to ensure a smooth connection to the website and to enable users to use our website conveniently. The log file is also used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons based on this data. After 14 days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user.

3.2 Cookies

Our website uses so-called "cookies". Cookies are small files that are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or display advertising.

Technically necessary cookies

Technically necessary cookies are generally processed on the basis of Art. 6 para. 1 lit. f GDPR or § 25 para. 2 no. 2 TTDSG. We have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services.

These cookies are absolutely technically necessary for the functionality of the website and cannot be deactivated in your systems. As a rule, these cookies are only set in response to actions you take that correspond to a service request, such as setting your privacy preferences, logging in or filling out forms. These cookies are largely session cookies and are therefore largely not stored beyond your visit to our website.

We process this data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR or § 25 para. 2 no. 2 TTDSG. You have the option to object to this interest by leaving the website and deleting all cookies.

On this legal basis, we use cookies for the following purposes

Display of the website

To display our website, we collect and store the IP address assigned to your computer for the duration of your visit in order to transmit the content you have retrieved from our website to your computer (e.g. texts, images and files made available for download, etc.). The website serves as the central external presentation of the controller. These cookies also help you to navigate through our website.

Opt-in/opt-out cookies of the cookie banner

In order to fulfill our obligations to document your consent or withdrawal of consent, we store your decision in the opt-in or opt-out cookie. We use the Didomi cookie for this purpose.

The provider of this technology is didomi.io.

When you enter our website, a Didomi cookie is stored in your browser, in which the consent you have given or the revocation of this consent is stored. This data is not passed on to the provider of Digimo.

The data collected will be stored until you ask us to delete it or delete the Didomi cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Didomi Cookie can be found at https://www.didomi.io/cookie-policy

Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time for the future. The legal basis may also arise from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

If cookies are used for analysis purposes, we will inform you about this separately in this privacy policy and obtain your consent.

You can set your browser so that you

  • be informed about the setting of cookies,
  • Only allow cookies in individual cases,
  • exclude the acceptance of cookies for certain cases or in general
  • activate the automatic deletion of cookies when closing the browser.

The cookie settings can be managed for the respective browsers under the following links

  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge
  • Apple Safari
  • Opera

You can also manage cookies from many companies and functions that are used for advertising individually. To do this, use the relevant user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called "do-not-track function". If this function is activated, the respective browser informs advertising networks, websites and applications that you do not wish to be "tracked" for the purpose of behavior-based advertising and the like.

Information and instructions on how to edit this function can be found under the following links, depending on your browser provider:

  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge
  • Apple Safari
  • Opera

You can also prevent scripts from loading by default. "NoScript" only allows the execution of JavaScripts, Java and other plug-ins on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

Please note that the functionality of our website may be restricted if cookies are deactivated.

3.3 Contact requests

You have the option of contacting us by email or via our contact forms. In these cases, we process the data you provide to us in order to process your request.

The processing of the personal data from the input mask serves us solely to process the contact. If you contact us, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process is only used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted if it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case as soon as the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified and no further processing is to take place.

We process the following personal data from you

  • IP address of the user
  • Date and time of registration.

We also process your other personal data depending on the type of contact:

3.3.1 Contact by e-mail or contact form
  • Your name
  • E-mail address
  • City (only in the contact form)
  • All data that you send us in your request (optional)

The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no statutory retention obligations to the contrary. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time.

3.3.2 Contact in the context of an application

Categories of personal data
Standard information

  • Applicant master data (title, first name, surname, address, contact details, job position) Qualification data (cover letter, CV, previous activities, professional qualifications) (work) references and certificates (performance data, assessment data, etc.)
  • Special information that may be required due to the position to be filled: Police clearance certificate (only if the employment contract is concluded)
  • Other information: Voluntary information, such as an application photo, details of severe disability or other information that you voluntarily provide to us in your application. This may also include special categories of personal data (e.g. information on a severe disability) and we may also process personal data that we have legitimately obtained from publicly accessible professional networks such as Xing or LinkedIn. We do not carry out any further research on your person, e.g. using online search engines.

Purposes and legal basis of processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Data processing for the purposes of the application relationship (Section 26 (1) BDSG)

The legal basis for this is Art. 88 GDPR in conjunction with Section 26 BDSG and, if applicable, Art. 6 para. 1 subpara. 1 lit. b GDPR for the initiation or implementation of employment relationships. We only collect the personal data (in particular first name, surname, address, email address, position applied for, CV and cover letter) from you that is required for the application process. To fully assess your application, it is necessary that you also provide us with information about your previous professional career.

The necessity and scope of the data collection depends, among other things, on the position to be filled. If your desired position involves the performance of particularly confidential tasks, increased personnel and/or financial responsibility, more extensive data collection may be necessary.

Data processing on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR, Section 26 para. 2 BDSG)

If you give us your express consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. Consent that has been granted can be revoked at any time with effect for the future.

This is particularly the case for inclusion in our applicant pool, i.e. beyond the current application procedure for consideration in subsequent application procedures, or if we forward your data to a company affiliated with us for an application procedure.

Data processing on the basis of a legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR)

Furthermore, we may process personal data about you if this is necessary to defend against legal claims asserted against us in the application process. The legal basis for this is Art. 6 (f) GDPR. The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). You have a right to object; you can find more information on this below under the rights of data subjects.

Further processing

If there is an employment relationship between you and us, we may, in accordance with Art. 88 GDPR in conjunction with Section 26 BDSG, further process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the representation of employees' interests arising from a law or a collective agreement, a works or service agreement (collective agreement).

Source of the data

We process personal data that we receive from you in person, by post, by email or via our application form when you contact us or submit your application. In some cases, we receive personal data from service providers for applicant recruitment, e.g. if you have registered with such a service provider or from affiliated companies if you have consented to a transfer.

Recipients of the data

Your data is mainly processed by our HR department and the head of the department filling your position. In some cases, however, other internal departments are also involved in the processing of your data, insofar as this is necessary for the recruitment decision (e.g. the management).

If your applicant profile matches an open position at one of our affiliated companies, the controller will request your consent to forward your data to one of these companies. You will find more detailed information about the affiliated company in this consent.

Otherwise, data will only be transferred to recipients outside the company if this is permitted or required by law, if the transfer is necessary for the application process, if we have your consent or if we are authorized to provide information (see also II.6. Recipients of the data)

Data transfer to third countries

Your personal data will not be transferred to third countries.

Storage period

We store your personal data for as long as is necessary to make a decision about your application. Your personal data and application documents will be deleted no later than six months after the end of the application process, unless longer storage is legally required or permitted. We only store your personal data beyond this if this is required by law or in a specific case for the assertion, exercise or defense of legal claims for the duration of a legal dispute.

In the event that you have consented to your personal data being stored for a longer period, we will store it in accordance with your declaration of consent.

If the application process is followed by an employment, training or internship relationship, your data will, if necessary and permissible, initially continue to be stored and then transferred to the personnel file.

Contact via Whatsapp chat

We also offer you the opportunity to submit your inquiries about job vacancies via the WhatsApp chat service and to receive feedback on your request via WhatsApp. The operator of this service is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("WhatsApp"), a subsidiary of the Meta Group (formerly Facebook). When you communicate with us via WhatsApp, both we and WhatsApp receive your telephone number and the information that you have contacted our customer hotline.

The aforementioned data is also forwarded by WhatsApp to Facebook servers in the USA and processed by WhatsApp and Facebook in accordance with the WhatsApp Privacy Policy, which also includes processing for their own purposes, such as improving the WhatsApp service. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. We would like to point out that WhatsApp also accesses the address book of the device used and the contact data stored therein. For more information on the purpose and scope of data collection and the further processing of this data by WhatsApp and Facebook, as well as your rights in this regard and settings options for protecting your privacy, please refer to WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

We process your telephone number, your name and other data provided by you and the content of your request or message in order to process your request and answer any queries you may have.

The basis for this processing and the transmission to WhatsApp in this context is primarily Art. 6 para. 1 b GDPR in conjunction with Section 26 para. 1 BDSG, insofar as your request relates to entering into an employment relationship with us or serves to initiate such a contractual relationship. Otherwise, this data processing is carried out on the basis of Art. 6 para. 1 sentence 1 f) GDPR, whereby our legitimate interest is the careful processing of your respective request and the solution of any problems. We take your interests into account by the fact that communication via WhatsApp is only an additional option. Of course, you can also contact us by other means, for example by phone call, email or via our contact form on the website, as described in this privacy policy.

3.3.3 Contact in the context of a pre-registration

Categories of personal data

  • Mandatory information
  • Salutation
  • First name and surname
  • Your address
  • Telephone number
  • E-mail address
  • Name of the child for whom a KiTa place is requested
  • Date of birth of this child
  • Desired KiTA location
  • Desired entry date
  • Type of KiTa place (crèche/kindergarten/after-school care)

Optional information

  • Further comments

Purposes and legal basis of processing

The mandatory information is processed in order to select a suitable childcare place for the child and then to ensure communication about a confirmation and the exchange of documents. The legal basis for processing the data is the initiation of a childcare contract (Art. 6 para. 1 lit. b GDPR).

The optional data is processed in order to establish a more precise reference to the application. In this respect, there is a legitimate interest (Art. 6 para. 1 lit. f GDPR) in processing your request. You can object to this (see section "Your rights").

Source of the data

We process personal data that we receive from you in person, by post, by email or via our registration form on the website when you contact us.

Recipient of the data

Your data will be processed by the parent advice and place allocation department of our parent company Babilou Family Deutschland GmbH, which allocates places on our behalf. The legal basis for the transfer is Art. 6 para. 1 lit. f GDPR, as there is a legitimate interest in a centrally organized allocation of places for fast and reliable selection. You can object to this processing of your personal data at any time.

Data transfer to third countries

Data is not transferred to third countries.

Storage period

If no commitment can be made, your data will generally be deleted 6 months after the entry date you have selected. In this respect, there is a legitimate interest (Art. 6 para. 1 lit. f GDPR) in effective protection against legal disputes. You can object to this (see section "Your rights"). We only store your personal data beyond this if this is required by law or in a specific case for the assertion, exercise or defense of legal claims for the duration of a legal dispute or if you have communicated an interest in storage in order to be considered for a later allocation of places.

3.4 Newsletter registration

The newsletter is sent on the basis of your registration on our website. We use a double opt-in procedure to ensure that only people who have access to the corresponding email address can register for the newsletter.

Purpose of use

Your data will be processed in order to send you the newsletter or to ensure that you really want to receive it.

Type of processing

You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input screen is transmitted to us. You only need to enter your e-mail address to subscribe. When you register for the newsletter, we store your IP address and the date of registration. This storage serves solely as proof in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the authorized party.

Legal basis

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a GDPR.

You can withdraw your consent at any time with effect for the future by unsubscribing from the newsletter. Your email address will then be added to the advertising blacklist (see below). This will not affect the lawfulness of the processing carried out on the basis of your consent until you withdraw it.

Recipients

To send the newsletter, we use the services of CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, to whom we pass on the data you provide when you register. The data entered by users for the purpose of subscribing to the newsletter (e.g. e-mail address) is stored on CleverReach's servers in Germany or Ireland. You can find CleverReach's privacy policy at: https://www.cleverreach.com/de/datenschutz/.

Storage period

We store your data until you withdraw your consent or unsubscribe from the newsletter.

Newsletter tracking

To improve the quality, optimization and further development of our content and customer communication in our newsletters, we use newsletter tracking via our newsletter provider CleverReach; this does not allow us to identify you personally. The following statistical data is transmitted to us by CleverReach:

  • Opening rate
  • Click behavior

In addition, it is also recorded whether newsletters could be delivered and for which email addresses delivery was not possible. The service provider collects technical information (e.g. time of access, IP address, browser type and operating system). You can prevent the measurement of the opening rate by deactivating the loading of images in your email client. Via CleverReach, we also use links with so-called UTM parameters, which can be read by Google Analytics; we have described all information on Google Analytics in detail in this privacy policy.

Data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want CleverReach to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

Advertising blacklist

After you unsubscribe from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest in unsubscribing and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

3.5 Google Tag Manager

We use the Google Tag Manager on our website.

Intended use

Google Tag Manager enables efficient organization and integration of the individual analysis tools on our website.

Type of processing

Google Tag Manager is an auxiliary service and processes personal data itself only for technically necessary purposes. Google Tag Manager ensures that other components are loaded, which in turn may collect data. For this purpose, small code sections (so-called tags) of the various Google products (such as Google Analytics, Google Ads, etc.), but also tags from other companies, are integrated into the Google Tag Manager and managed from there. The Google Tag Manager does not access this data. Further information on how the Google Tag Manager works can be found here: https://support.google.com/tagmanager/?hl=de#topic=3441530.

Legal basis

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a GDPR.

You can withdraw your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Recipients

Recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Storage duration

The Google Tag Manager itself does not store any cookies, user profiles, analyses, etc. You can therefore find out how long the analysis tools integrated via the Google Tag Manager store your data in the respective text passages.

Third country transfer

This personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Further information

Further information on the use of data by Google, on setting and objection options and on data protection can be found on the following Google websites:

Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
Google website statistics: https://services.google.com/sitestats/de.html
Use of data by Google: https://support.google.com/google-ads/answer/6334160
You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain "www.googleadservices.com" (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted if you delete your cookies. You can also deactivate interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.

3.6 Google Analytics with anonymization function

We have integrated the Google Analytics component with anonymization function on our website.

Intended use

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google Analytics is a web analysis service. Web analytics is the collection, gathering and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data about the website from which a data subject came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising.

Type of processing

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us which show the activities on our website and to provide other services in connection with the use of our website.

During your website visit, your user behavior is recorded in the form of "events". Events can be

  • Page views
  • First visit to the website
  • Start of the session
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • internal search queries
  • Interaction with videos
  • File downloads
  • viewed / clicked ads
  • Language setting

Also recorded:

  • Your approximate location (region)
  • Your IP address (in abbreviated form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • Your internet provider
  • the referrer URL (via which website/advertising medium you came to this website)

Google Analytics places a cookie on the data subject's IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. During the course of this technical procedure, Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

Google Dynamic Remarketing

We use Google's remarketing function. If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you sign in with your Google account.

To support this feature, Google Analytics collects authenticated user IDs that are temporarily linked to our Google Analytics data to define and create audiences for cross-device advertising.

You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google account by following this link: https://adssettings.google.com/anonymous Further information and the data protection provisions can be found in Google's privacy policy at: https://www.google.com/policies/technologies/ads/

Google Ads Conversion

Google's conversion tracking tool helps us to measure what happens after the user has clicked on one of our ads and whether this has resulted in a purchase, subscription or download, for example. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies generally lose their validity after 90 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognize your web browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have accessed the relevant part of our website or clicked on one of our ads. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out your IP address and store it.

Google Audiences

Google Audiences allows us to create target groups that are more likely to be interested in one of our services.

A remarketing audience includes cookies or mobile advertising IDs for a group of users. Remarketing audiences are created based on user behavior on our website and then used as the basis for remarketing campaigns in other accounts such as Google Ads. This technology allows users who have visited our website to be shown targeted advertising from us on other external sites in the Google Partner Network. GA Audience receives access to the data from the cookies created as part of the use of Google Analytics. During use, data such as, in particular, the IP address and user activities may be transmitted to a Google server and stored there. Google may transfer this information to third parties.

Legal basis

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a GDPR.

You can withdraw your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Recipients

Recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Storage duration

The data sent by us and linked to cookies is automatically deleted after 14 months at the latest. Data that has reached the end of its retention period is automatically deleted once a month.

Third country transfer

Each time you visit our website, this personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Further information

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by a. not giving your consent to the setting of the cookie or b. downloading and installing the browser add-on to deactivate Google Analytics HERE.

You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

3.7 Google Maps

Our website uses the online map service provider Google Maps via an interface.

Purpose of use

Data processing is carried out for the purpose of using the functionalities of the map service and optimizing the findability of our locations and the website.

Type of processing

If you agree to the display of Google Maps on our website, data (in particular your IP address) will be transmitted to Google and at least one cookie will be set. This cookie then stores data about your user behavior, which Google uses to improve its own services and, if necessary, to display individual, personalized advertising.

Legal basis

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a GDPR.

You can withdraw your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Recipients

Recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Storage period

According to Google, the storage period of the NID cookie set by Google Maps in your browser is 6 months.

Third country transfer

This personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Further information:

Further information on the use of data by Google, on setting and objection options and on data protection can be found on the following Google websites:

Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
Google website statistics: https://services.google.com/sitestats/de.html
Use of data by Google: https://support.google.com/google-ads/answer/6334160
You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain "www.googleadservices.com" (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted if you delete your cookies. You can also deactivate interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.

3.8 LinkedIn Insight Tag

We use LinkedIn Insight Tag on our website.

Intended use

This enables us to display personalized ads on LinkedIn to visitors to our website.

Type of processing

The LinkedIn Insight Tag enables the collection of data about visits to your website, including URL, referrer URL, IP address, device and browser characteristics (user agent) and timestamp. The IP addresses are shortened or (if they are used to reach members across devices) hashed.

LinkedIn does not share any personal data with the website owner, but only provides reports and notifications (in which you are not identified) about the website target group and ad performance. LinkedIn also provides retargeting for website visitors so that we, as the owner of the website, can use this data to display targeted advertising outside our website without identifying the member. LinkedIn also uses data that does not identify you to improve the relevance of ads and reach members across devices. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

Legal basis

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a GDPR.

You can withdraw your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Recipients

Recipients of the data are/may be

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
It cannot be ruled out that US authorities may access the data stored by LinkedIn.

Storage period

Members' direct identifiers are removed within seven days in order to pseudonymize the data. Personal data stored by advertisers in the LinkedIn Campaign Manager is automatically deleted on a regular basis; within 30 days in relation to contact lists (e.g. hashed emails), on an ongoing basis within 90 days in the case of target groups created on the basis of contact lists (if not actively used by the customer), within 90 days in the case of data submitted in lead generation forms and within 180 days in the case of pseudonymized website visitor data.

Third country transfer

This personal data, including the IP address of the Internet connection used by the data subject, may be transferred to LinkedIn in the United States of America. This personal data may be stored by LinkedIn in the United States of America. LinkedIn may pass on this personal data collected via the technical process to third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of LinkedIn Ireland Unlimited Company is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by LinkedIn cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

3.9 Microsoft Advertising

We use Microsoft Advertising.

Intended use

Both "Microsoft Clarity" and "Microsoft Universal Event Tracking (UET)" are used in the context of Microsoft Advertising.

"Microsoft Clarity" refers to a Microsoft process that enables user analysis, e.g. by evaluating data on mouse movements or performance data on certain Internet presentations. The purpose of the processing is tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, conversion measurement (measurement of the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creation of user profiles), reach measurement (e.g. access statistics, recognition of returning users), cross-device tracking (cross-device processing of user data for marketing purposes).

With "Microsoft Universal Event Tracking (UET)", a cookie is stored on your computer if you have reached our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, has been redirected to our website and has reached a predetermined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is communicated.

Type of processing

In particular, we process usage data (e.g. Internet presentations visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (information on the geographical position of a device or person), movement data (mouse movements, scrolling movements)

Legal basis

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a GDPR.

You can withdraw your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Recipients

Recipients are/may be:

Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA;
Please note that Microsoft also acts as its own controller and processes data for its own purposes. We have concluded a user agreement with Microsoft, which also contains information on data processing as the controller. More information on this:

Terms of use: https://clarity.microsoft.com/terms
Privacy policy: https://privacy.microsoft.com/de-DE/privacystatement
Option to object (opt-out): https://choice.microsoft.com/de-DE/opt-out
Storage period

The data collected by Microsoft Clarity can be viewed by us for three months after it has been recorded. The CLID cookie has an expiry date of one year.

Third country transfer

This personal data, including the IP address of the Internet connection used by the data subject, may be transferred to Microsoft in the United States of America. This personal data may be stored by Microsoft in the United States of America. Microsoft may share this personal data collected through the technical process with third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Microsoft Ireland Operations Limited is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Microsoft cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

3.10 Facebook Custom Audiences (for websites) / conversion

We use the so-called "Facebook Pixel" and the "Facebook Conversions API"

Intended use

As part of Facebook (website) Custom Audiences, we use the Facebook pixel and the Conversions API for remarketing purposes in order to be able to address you again within 180 days. This allows interest-based advertisements ("Facebook Ads") to be displayed after using our website when visiting the social network "Facebook" or other websites that also use the process. We are interested in showing you advertisements that are of interest to you in order to make our website or offers more interesting for you.

As part of Facebook Conversion, we want to use Facebook Pixel and the Conversions API to ensure that our Facebook Ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

Type of processing

Due to the marketing tools used (Facebook Pixel and Conversions API), your browser automatically establishes a direct connection with the Facebook server as soon as you have consented to the use of cookies requiring consent. The cookie transfers personal data (including your IP address) to Facebook. By integrating the Facebook pixel and using the Conversions API, Facebook receives the information that you have accessed the corresponding website of our Internet presence or have clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your account.

Facebook processes the data in accordance with Facebook's data usage policy. Specific information and details about the Facebook pixel and the Conversions API and how it works can also be found in Facebook's help section.

Legal basis

The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a GDPR.

You can withdraw your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Recipients

Recipients are/may be:

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta)
Meta Platforms Inc (Meta), 1601 Willow Rd, Menlo Park, California, 94025-1452
Shared responsibility

We are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the collection and transmission of data as part of this process. This applies for the following purposes:

The creation of individualized or suitable ads, as well as for their optimization
Delivery of commercial and transaction-related messages (e.g. via Messenger)
The following processing operations are therefore not covered by joint processing:

The processing that takes place after collection and transmission is the sole responsibility of Meta.
The creation of reports and analyses in aggregated and anonymized form is carried out as part of commissioned processing and is therefore our responsibility.
We have concluded a corresponding agreement with Facebook for joint responsibility, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This defines the respective responsibilities for fulfilling the obligation under the GDPR with regard to joint responsibility.

The contact details of the responsible company and Facebook's data protection officer can be found here: https://www.facebook.com/about/privacy.

We have agreed with Meta that Meta can be used as a point of contact for exercising the rights of data subjects. This does not affect the competence of the data subject's rights.

Further information on how Meta processes personal data, including its legal basis and further information on the rights of data subjects can be found here: https://www.facebook.com/about/privacy.Wir transmit the data within the scope of joint responsibility on the basis of legitimate interest pursuant to Art. 6 (1) f GDPR

Storage duration

The cookies set lose their validity after 180 days.

Transfer to a third country

This personal data, including the IP address of the Internet connection used by the data subject, may be transferred to Meta in the United States of America. This personal data may be stored by Meta in the United States of America. Meta may share this personal data collected through the technical process with third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an adequate level of data protection. The parent company of Meta Platforms Ireland Limited is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Meta cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Information on the data security conditions can be found here: https://www.facebook.com/legal/terms/data_security_terms and on processing on the basis of standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

3.11 YouTube

We have integrated YouTube components on our website.

Intended use

YouTube is an Internet video portal that enables video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programs as well as music videos, trailers or videos made by users themselves can be accessed via the Internet portal. We use YouTube videos on our website to post our own videos and make them publicly accessible.

Type of processing

In the event that you follow a link to YouTube, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes.

We also directly integrate videos stored on YouTube on some of our websites. During this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. This technique is also known as "framing". When you call up a (sub)page of our website on which YouTube videos are integrated in this form, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.

YouTube content is only integrated in "extended data protection mode". This is provided by YouTube itself and ensures that YouTube does not initially store any cookies on your device. However, when the relevant pages are accessed, the IP address, browser type, operating system, information about the previously accessed website and the pages you have accessed, your location, your mobile phone provider, the end device you are using (including device ID and application ID), the search terms you have used and cookie information and, in particular, which of our Internet pages you have visited. However, this information cannot be assigned to you unless you have logged in to YouTube or another Google service (e.g. Google+) before accessing the page or are permanently logged in.

As soon as you start playing an embedded video by clicking on it, YouTube only stores cookies on your device through the extended data protection mode, which do not contain any personally identifiable data, unless you are currently logged in to a Google service. These cookies can be prevented by making the appropriate browser settings and extensions.

Legal basis

The use of YouTube requires your consent. This has been requested via our Cookie Consent Tool or will be obtained again before clicking on the respective video. The storage of and access to information in the end user's terminal equipment is carried out in accordance with Section 25 (1) of the German Data Protection Act (TTDSG). The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a GDPR.

You can withdraw your consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Recipients

Recipients of the data are/may be

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities may access the data stored by Google.

Storage duration

According to Google, log data is anonymized by deleting part of the IP address and cookie information after 9 or 18 months. You can find more information on how Google stores your data here https://policies.google.com/technologies/retention?hl=de and here https://policies.google.com/privacy?hl=de#inforetaining.

Third country transfer

This personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Further information:

Further information on the use of data by Google, on setting and objection options and on data protection can be found on the following Google websites:

Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
Google website statistics: https://services.google.com/sitestats/de.html
Use of data by Google: https://support.google.com/google-ads/answer/6334160
You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain "www.googleadservices.com" (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted if you delete your cookies. You can also deactivate interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.

The data protection provisions published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.

3.12 Online presence on social networks

We are active on various social networks with online presences in order to communicate with applicants and interested parties and to provide information about our products and services.

We use the following social networks for this purpose:

Facebook fan page of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook")
Instagram fan page of Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Instagram")
LinkedIn company page of LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland ("LinkedIn")
Xing Company profile of XING SE, Dammtorstraße 30, 20354 Hamburg, Germany ("Xing")
Pinterest profile of Pinterest Inc, 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest")
YouTube channel of YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube")
As part of the operation of our online presence on social networks, we may have access to information such as statistics on the use of our online presence provided by the operator of the social network. This is summarized data that provides information about how people interact with our site, so-called page insights. Page Insights may be based on personal data collected in connection with a visit or interaction of people on or with our site and in connection with content provided. These Page Insights are aggregated and may include, in particular, demographic information (e.g. age, gender, region, country), employment-related information (e.g. job, function, industry, professional experience, company size) and data on interaction with our online presence (e.g. likes, shares, subscriptions, viewing of images and videos) and the posts and content distributed via it. This may also provide information about the interests of users and which content and topics are particularly relevant to them. This information can also be used by us to adapt the design and our activities and content on the online presences and to optimize them for our audience. We are jointly responsible with the operator of the social network for the collection and use of these page insights.

You can find more information on joint responsibility, the nature and scope of these statistics and how to contact the social network at

Facebook and Instagram: Information on Page Insights data, Page Insights addendum regarding the controller.
LinkedIn: Page Insights Joint Controller Addendum (the "Addendum")
The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR, in order to stay in contact with our customers and to inform them and to carry out pre-contractual measures with interested parties, as well as Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in the optimized presentation of our offer and effective information and communication with the aforementioned persons.

Please note that we have no influence on data collection and further processing by the social networks. However, we would like to point out that when you visit the online presences, data about your usage behavior may be transmitted to the operator of the social network. The operators of the social networks may process the aforementioned information in order to compile more detailed statistics and for their own market research and advertising purposes, over which we have no influence. For this purpose, cookies and other identifiers are stored on the computers of the data subjects. Based on these usage profiles, advertisements are then placed within the social network and on third-party websites, for example. You can find more information on this in the data protection notices of the social networks:

  • Facebook
  • Instagram
  • LinkedIn
  • XING
  • Pinterest
  • YouTube

If we receive your personal data when operating our online presence on social networks, you are entitled to the rights set out in this privacy policy. If you also wish to assert your rights against the operator of the social network, the easiest way to do so is to contact them directly. We have no influence on the processing of your personal data by the provider and how it is handled. We also have no information on this. For further information, please check the privacy policy of the respective provider and, if necessary, use the opt-out / personalization options with regard to data processing by the provider. The provider knows both the details of the technical operation of the platforms and the associated data processing as well as the specific purposes of the data processing and can implement appropriate measures on request if you exercise your rights. We will be happy to support you in asserting your rights, insofar as this is possible for us, and will forward your requests to the operator of the social network.

4. Your rights

Below you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

The right, in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us.

The right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR

The right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller in accordance with Art. 20 GDPR

The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.

The right to withdraw consent granted in accordance with Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object

If your personal data is processed by us on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object without the requirement to specify a particular situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to the e-mail address given above.

5. Subject to change

We reserve the right to amend or update this privacy policy if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The latest version applies to your visit.

 

Status of this privacy policy: 10.07.2024