This data protection declaration clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) in the context of the provision of our services as well as within our online offer and the websites associated with it, Functions and content as well as external online presences, such as our social media profile (collectively referred to as the “Online Offer”). With regard to the terms used, such as “processing” or “responsible”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Legally required data protection officer
We have appointed a data protection officer for our company.
Gmünder Straße 65
Phone: (07181) 9695945
Types of data processed
– Inventory data (e.g., personal master data, names or addresses).
- Contact details (e.g., e-mail, telephone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses). Categories of affected personsVisitors and users of the online offer (hereinafter we refer to the data subjects collectively also as “users”).
Purpose of processing and making available the online offer, its functions and contents.
- Respond to contact requests and communicate with users.
- Range measurement/marketing
“Personal data” used means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); identifiable is a natural person who is directly or indirectly, directly or indirectly, directly or indirectly, by means of an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special characteristics. which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
‘Processing’ means any operation carried out with or without the aid of automated procedures or any series of operations relating to personal data. The term goes far and includes virtually every handling of data.
‘pseudonymisation’ means the processing of personal data in such a way that personal data can no longer be assigned to a specific data subject without the use of additional information, provided that such additional data may be information is kept separately and subject to technical and organisational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
‘profiling’ means any type of automated processing of personal data consisting in the use of such personal data to assess certain personal aspects relating to a natural person, in particular in order to to analyse or predict the performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of this natural person.
“Responsible” means the natural or legal person, authority, body or other body which decides, alone or jointly with others, on the purposes and means of the processing of personal data.
‘processor’ means a natural or legal person, authority, body or other body processing personal data on behalf of the controller.
Relevant legal basesIn accordance with Article 13 GDPR, we shall inform you of the legal bases of our data processing. For users within the scope of the General Data Protection Regulation (GDPR), i.e. the EU and the EEC, unless the legal basis is mentioned in the data protection declaration, the following applies:
The legal basis for obtaining consent is Article 6(4) of the 1 lit. a and Article 7 GDPR;
The legal basis for the processing for the performance of our services and the implementation of contractual measures as well as answering requests is Art. 1 lit. b GDPR;
The legal basis for processing to fulfil our legal obligations is Article 6(4) of the 1 lit. c GDPR;
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(4) of the 1 lit. d GDPR as legal basis.
The legal basis for the necessary processing to carry out a task which is in the public interest or carried out in the exercise of official authority, which has been entrusted to the controller, is Article 6(4) of the 1 lit. e GDPR.
The legal basis for processing in order to safeguard our legitimate interests is Article 6(4) of the 1 lit. f GDPR.
The processing of data for purposes other than those for which it was collected is determined in accordance with the provisions of Article 6(3) of the 4 GDPR.
The processing of special categories of data (according to Art. 9 sec. 1 GDPR) is determined in accordance with the provisions of Article 9(1) of the GDPR. 2 GDPR.
Security measuresWe take action in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different The likelihood of occurrence and seriousness of the risk to the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, ensuring availability and availability. Separation. In addition, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data and a response to data threats. Furthermore, we take into account the protection of personal data already in the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technical design and by data protection-friendly presets.
cooperation with processors, joint controllers and third partiesIf, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties) that they are to this or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is required for the performance of the contract), users have agreed to legal obligation or on the basis of our legitimate interests (e.g. in the use of agents, web hosts, etc.).
If we disclose, transmit or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and in addition to a legal appropriate basis.
Transfers to third countriesIf we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation), or if we use third-party services or services, we do so. disclosure or transfer of data to other persons or companies, this shall only be done if it is necessary to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to express consent or contractually required transfer, we process or leave the data only in third countries with a recognised level of data protection, including u.S. processors certified under the “Privacy Shield” or based on special guarantees, such as contractual obligation through so-called standard safeguard clauses of the EU Commission, to process the existence of certifications or binding internal data protection rules (Art. 44 to 49 GDPR, information page of the EU Commission). Rights of the data subject Right of information: You have the right to request confirmation of whether the relevant data are being processed and to provide information about this data as well as to further information and copy of the data in accordance with the legal requirements.
Right to rectification: you have the right to rectification accordingly. the legal requirements, the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
Right to erasure and restriction of processing: You have the right, in accordance with the legal requirements, to demand that the data in question be deleted immediately, or alternatively, in accordance with the legal requirements, a restriction on the processing of the data data.
Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format, in accordance with the legal requirements, or to transmit it to another responsible.
Complaint to the supervisory authority: You also have the right to lodge a complaint with the competent supervisory authority in accordance with the legal requirements.
Right of withdrawalYou have the right to revoke given consents with effect for the future. Right to objectRight of objection: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which may be used under Article 6(4) of the 1 lit. e or f GDPR to appeal; this shall also apply to profiling based on these provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.Cookies and the right to object to direct marketing “cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart can be stored in an online shop or a login status. “permanent” or “persistent” are cookies that remain stored even after the browser is closed. For example, the login status can be saved if the users visit it after several days. Likewise, such a cookie may store the interests of users used for range measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than those responsible for the online offer (otherwise, if they are only their cookies, they are called “first-party cookies”).
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Saved cookies can be deleted in the browser’s system settings. The exclusion of cookies may lead to functional limitations of this online offer.
We disclose or transmit data to the tax administration, consultants, such as tax consultants or auditors as well as other fee agencies and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, organizers and other business partners, e.g. for later contact. In principle, we store this majority of company-related data permanently.
Google Cloud ServicesWe use the cloud offered by Google and the cloud software services (so-called Software as a Service, e.g. Google Suite) for the following purposes: document storage and management, calendar management, email sending, spreadsheets and Presentations, exchange of documents, content and information with specific recipients or publication of websites, forms or other content and information, as well as chats and participation in audio and video conferencing.
In this case, the personal data of the users are processed insofar as these become part of the documents and contents processed within the described services or are part of communication processes. This may include, for example, master data and contact data of the users, data on transactions, contracts, other processes and their contents. Google also processes usage data and metadata used by Google for security purposes and service optimization.
In the course of the use of publicly accessible documents, websites or other content, Google may store cookies on the computer of the users for the purpose of web analysis or in order to remember the settings of the users.
We use the Google Cloud Services on the basis of our legitimate interests in accordance with Art. 1 lit. f GDPR in efficient and secure administrative and cooperation processes. Furthermore, the processing takes place on the basis of an order processing contract with Google (https://cloud.google.com/terms/data-processing-terms).
The Google Cloud Services are offered by Google Ireland Limited. Insofar as a transfer to the USA takes place, we refer to the certification of Google USA under the Privacy Shield(https://www.privacyshield.gov/participant?id=a2zt0000000000001L5AAI&status=Aktive) and standard protection clauses (https://cloud.google.com/terms/data-processing-terms). DropboxWe use Dropbox, a cloud storage service, to store documents and other files containing personal content (collectively, “files”) and can also share them with others through so-called sharing. In doing so, the personal data of the users will be processed, insofar as these are part of the files stored within Dropbox. This may include, for example, master data and contact data of the users, data on transactions, contracts, other processes and their contents.
When users access the files as part of the shares, Dropbox also processes usage data and metadata (e.g. IP addresses, access times and user browser and operating system information) for security purposes and service optimization. Dropbox may also store cookies on users’ computers for web analysis purposes or to remember users’ preferences.
We use the Dropbox gem. Art. 1 lit. f GDPR based on our legitimate interests in efficient and secure administrative and cooperation processes.
Dropbox is offered by Dropbox, Inc., 333 Brannan Street, San Francisco, California 94107, USA. To the extent that data is processed in the United States, we refer to the certification of Dropbox under the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnCLAA0&status=Active). Data protection notices in the application processThe application procedure requires that applicants provide us with the data required for their assessment and selection. The information required can be obtained from the job description or, in the case of online forms, from the information provided there.
In principle, the necessary information, information about the person, such as the name, address, a contact possibility and the proof of the qualifications required for a job are included. In addition, we will be happy to inform you what information is required.
If made available, applicants can submit their applications to us via an online form. The data is transmitted to us encrypted according to the state of the art. Applicants can also send us their applications via e-mail. However, we kindly ask you to note that e-mails on the Internet are generally not sent encrypted. As a rule, e-mails are encrypted by transport, but not on the servers from which they are sent and received. Therefore, we cannot accept any responsibility for the transmission of the application between the sender and the reception on our server. Applicants are welcome to contact us about the type of application or to send us the application by post.
The data provided by the applicants can be further processed by us in the event of a successful application for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the candidates’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to at any time. The deletion, subject to a legitimate revocation of the candidates, shall take place at the latest after the expiry of a period of six months, so that we can answer any follow-up questions to the application and fulfil our obligations under the provisions on the equal treatment of candidates. Invoices for any reimbursement of travel expenses will be archived in accordance with the tax law requirements.
Applicants’ data are processed on the basis of Article 6(6) of the 1 p. 1 lit. b GDPR (application procedure as a pre-contractual or contractual relationship). In so far as, in the context of the application procedure, specific categories of personal data within the meaning of Article 9(3) 1 GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants in order to ensure that the controller or the data subject has access to his or her from labour law and social security and social security law social protection rights and to fulfil its obligations in this respect, such processing shall take place in accordance with Article 9(1). 2 lit. b. GDPR, in the case of the protection of the vital interests of applicants or other persons in accordance with Art. 9 Abs. 2 lit. c. GDPR or for the purposes of health care or occupational medicine, for the assessment of the worker’s ability to work, for medical diagnostics, health or social care or for the management of systems, and health or social services in accordance with Art. 9 Abs. 2 lit. h GDPR. In the case of a communication of specific categories of data based on voluntary consent, their processing shall be carried out on the basis of Article 9(4) of the 2 lit. a. GDPR.
In the case of the processing of applicant data in Germany, in addition, the section 22, 26 BDSG.) applies in addition. ContactWhen contacting us (e.g. via contact form, e-mail, telephone or via social media), the user’s details for processing the contact request and processing it in accordance with Art. 6 sec. 1 lit. b. (in the context of contractual/pre-contractual relations), Article 6(1) lit. f. (other requests) GDPR processed. Users’ information can be stored in a customer relationship management system (“CRM system”) or similar request organization.
We will delete the requests if they are no longer required. We check the necessity every two years; In addition, the statutory archiving obligations apply.Hosting and e-mailThe hosting services used by us are used to provide the following services: infrastructure and platform services, computing capacity, Storage space and database services, e-mail, security and technical maintenance services that we use for the purpose of operating this online offer.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in efficient and secure provision of this online offer in accordance with Art. f GDPR in art. 28 GDPR (conclusion of order processing contract). Collection of access data and log filesWe, or our hosting provider, collects on the basis of our legitimate interests within the meaning of Art. 6 sec. 1 lit. f. GDPR data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting providers.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to compile further information, with the use of this online offer and the services related to internet use to provide us. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with IP anonymization enabled. This means that the IP address of the users is truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
The IP address transmitted by the user’s browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by using the browser plug-in available at the following link. download and install: http://tools.google.com/dlpage/gaoptout?hl=de.
If we ask the users for consent (e.g. within the scope of a cookie consent), the legal basis of this processing is Art. 1 lit. a. GDPR. Otherwise, the personal data of the users will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 sec. 1 lit. f. GDPR).
Insofar as data is processed in the USA, we would like to point out that Google is certified under the Privacy Shield Agreement and thereby guarantees to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The personal data of the users will be deleted or anonymized after 14 months. Jetpack (WordPress Stats)We use the plugin Jetpack (here the subfunction “WordPress Stats”), which integrates a tool for statistical evaluation of visitor access and from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website.
If we ask the users for consent (e.g. within the scope of a cookie consent), the legal basis of this processing is Art. 1 lit. a. GDPR. Otherwise, the personal data of the users will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 sec. 1 lit. f. GDPR). Integration of services and content of third partiesWe place within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 sec. 1 lit. f. GDPR) third-party content or service offerings to include their content and services, such as videos or fonts (hereinafter referred to as “Content”).