This data protection declaration clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) in the context of the provision of our services as well as within our online offer and the websites associated with it, Functions and content as well as external online presences, such as our social media profile (collectively referred to as the “Online Offer”). With regard to the terms used, such as “processing” or “responsible”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible

Types of data processed

– Inventory data (e.g., personal master data, names or addresses).

• Contact details (e.g., e-mail, telephone numbers).
• Content data (e.g., text input, photographs, videos).
• Usage data (e.g., websites visited, interest in content, access times).
• Meta/communication data (e.g., device information, IP addresses). Categories of affected personsVisitors and users of the online offer (hereinafter we refer to the data subjects collectively also as “users”).
  Purpose of processing and making available the online offer, its functions and contents.
• Respond to contact requests and communicate with users.
• Security.
• Range measurement/marketing

  “Personal data” used means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); identifiable is a natural person who is directly or indirectly, directly or indirectly, directly or indirectly, by means of an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special characteristics. which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

  ‘Processing’ means any operation carried out with or without the aid of automated procedures or any series of operations relating to personal data. The term goes far and includes virtually every handling of data.

  ‘pseudonymisation’ means the processing of personal data in such a way that personal data can no longer be assigned to a specific data subject without the use of additional information, provided that such additional data may be information is kept separately and subject to technical and organisational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.

  ‘profiling’ means any type of automated processing of personal data consisting in the use of such personal data to assess certain personal aspects relating to a natural person, in particular in order to to analyse or predict the performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of this natural person.

  “Responsible” means the natural or legal person, authority, body or other body which decides, alone or jointly with others, on the purposes and means of the processing of personal data.

  ‘processor’ means a natural or legal person, authority, body or other body processing personal data on behalf of the controller.
  Relevant legal basesIn accordance with Article 13 GDPR, we shall inform you of the legal bases of our data processing. For users within the scope of the General Data Protection Regulation (GDPR), i.e. the EU and the EEC, unless the legal basis is mentioned in the data protection declaration, the following applies:
  The legal basis for obtaining consent is Article 6(4) of the 1 lit. a and Article 7 GDPR;
  The legal basis for the processing for the performance of our services and the implementation of contractual measures as well as answering requests is Art. 1 lit. b GDPR;
  The legal basis for processing to fulfil our legal obligations is Article 6(4) of the 1 lit. c GDPR;
  In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(4) of the 1 lit. d GDPR as legal basis.
  The legal basis for the necessary processing to carry out a task which is in the public interest or carried out in the exercise of official authority, which has been entrusted to the controller, is Article 6(4) of the 1 lit. e GDPR.
  The legal basis for processing in order to safeguard our legitimate interests is Article 6(4) of the 1 lit. f GDPR.
  The processing of data for purposes other than those for which it was collected is determined in accordance with the provisions of Article 6(3) of the 4 GDPR.
  The processing of special categories of data (according to Art. 9 sec. 1 GDPR) is determined in accordance with the provisions of Article 9(1) of the GDPR. 2 GDPR.
  Security measuresWe take action in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different The likelihood of occurrence and seriousness of the risk to the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

  Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, ensuring availability and availability. Separation. In addition, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data and a response to data threats. Furthermore, we take into account the protection of personal data already in the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technical design and by data protection-friendly presets.
  cooperation with processors, joint controllers and third partiesIf, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties) that they are to this or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, is required for the performance of the contract), users have agreed to legal obligation or on the basis of our legitimate interests (e.g. in the use of agents, web hosts, etc.).

  If we disclose, transmit or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and in addition to a legal appropriate basis.
  Transfers to third countriesIf we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation), or if we use third-party services or services, we do so. disclosure or transfer of data to other persons or companies, this shall only be done if it is necessary to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to express consent or contractually required transfer, we process or leave the data only in third countries with a recognised level of data protection, including u.S. processors certified under the “Privacy Shield” or based on special guarantees, such as contractual obligation through so-called standard safeguard clauses of the EU Commission, to process the existence of certifications or binding internal data protection rules (Art. 44 to 49 GDPR, information page of the EU Commission). Rights of the data subject Right of information: You have the right to request confirmation of whether the relevant data are being processed and to provide information about this data as well as to further information and copy of the data in accordance with the legal requirements.

  Right to rectification: you have the right to rectification accordingly. the legal requirements, the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.

  Right to erasure and restriction of processing: You have the right, in accordance with the legal requirements, to demand that the data in question be deleted immediately, or alternatively, in accordance with the legal requirements, a restriction on the processing of the data data.

  Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format, in accordance with the legal requirements, or to transmit it to another responsible.

  Complaint to the supervisory authority: You also have the right to lodge a complaint with the competent supervisory authority in accordance with the legal requirements.
  Right of withdrawalYou have the right to revoke given consents with effect for the future. Right to objectRight of objection: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which may be used under Article 6(4) of the 1 lit. e or f GDPR to appeal; this shall also apply to profiling based on these provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.Cookies and the right to object to direct marketing “cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart can be stored in an online shop or a login status. “permanent” or “persistent” are cookies that remain stored even after the browser is closed. For example, the login status can be saved if the users visit it after several days. Likewise, such a cookie may store the interests of users used for range measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than those responsible for the online offer (otherwise, if they are only their cookies, they are called “first-party cookies”).

  We may use temporary and permanent cookies and clarify this as part of our privacy policy.

  Insofar as we ask users to consent to the use of cookies (e.g. in the context of a cookie consent), the legal basis of this processing is Art. 1 lit. a. GDPR. Otherwise, the personal cookies of the users are based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our data protection policy) in accordance with the following explanations in the context of this data protection declaration. online offers within the meaning of Art. f. GDPR) or if the use of cookies is necessary for the provision of our contractual services, in accordance with Art. 1 lit. b. GDPR, or insofar as the use of cookies is necessary for the performance of a task which is in the public interest or is carried out in the exercise of official authority, in accordance with Art. 1 lit. e. GDPR.

  If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Saved cookies can be deleted in the browser’s system settings. The exclusion of cookies may lead to functional limitations of this online offer.

  A general objection to the use of cookies used for the purposes of online marketing can be explained on a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by means of their shutdown in the settings of the browser. Please note that not all functions of this online offer can be used. Deletion of dataThe data processed by us will be deleted or restricted in its processing in accordance with the legal requirements. Unless expressly stated in the context of this data protection declaration, the data stored by us will be deleted as soon as they are no longer necessary for their purpose and no legal retention obligations preclude deletion.

  Unless the data is deleted because it is necessary for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons. Changes and updates to the Privacy PolicyWe ask you to keep regularly informed about the content of our Privacy Policy. We will amend the Privacy Policy as soon as the changes to the data processing we perform require it. We will inform you as soon as the changes require an act of participation on your part (e.g. consent) or any other individual notification. Administration, financial accounting, office organization, contact managementWe process data within the scope of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of the provision of our contractual services. The basis for processing is Article 6(1) lit. c. GDPR, Art. f. GDPR. The processing affects customers, prospects, business partners and website visitors. The purpose and our interest in processing lies in administration, financial accounting, office organization, archiving of data, i.e. tasks related to the maintenance of our business activities, the performance of our tasks and the provision of our services. The erasure of the data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.

  We disclose or transmit data to the tax administration, consultants, such as tax consultants or auditors as well as other fee agencies and payment service providers.

  Furthermore, based on our business interests, we store information about suppliers, organizers and other business partners, e.g. for later contact. In principle, we store this majority of company-related data permanently.
  Google Cloud ServicesWe use the cloud offered by Google and the cloud software services (so-called Software as a Service, e.g. Google Suite) for the following purposes: document storage and management, calendar management, email sending, spreadsheets and Presentations, exchange of documents, content and information with specific recipients or publication of websites, forms or other content and information, as well as chats and participation in audio and video conferencing.

  In this case, the personal data of the users are processed insofar as these become part of the documents and contents processed within the described services or are part of communication processes. This may include, for example, master data and contact data of the users, data on transactions, contracts, other processes and their contents. Google also processes usage data and metadata used by Google for security purposes and service optimization.

  In the course of the use of publicly accessible documents, websites or other content, Google may store cookies on the computer of the users for the purpose of web analysis or in order to remember the settings of the users.

  We use the Google Cloud Services on the basis of our legitimate interests in accordance with Art. 1 lit. f GDPR in efficient and secure administrative and cooperation processes. Furthermore, the processing takes place on the basis of an order processing contract with Google (https://cloud.google.com/terms/data-processing-terms).

  For more information, see Google’s privacy policy (https://www.google.com/policies/privacy) and Google Cloud Services Security Notices (https://cloud.google.com/security/privacy/). You can object to the processing of your data in the Google Cloud to us in accordance with the legal requirements. In addition, the deletion of the data within Google’s cloud services is determined after the other processing processes in which the data are processed (e.g., deletion for contractual purposes no longer necessary or storage for purposes of taxation required data).

  The Google Cloud Services are offered by Google Ireland Limited. Insofar as a transfer to the USA takes place, we refer to the certification of Google USA under the Privacy Shield(https://www.privacyshield.gov/participant?id=a2zt0000000000001L5AAI&status=Aktive) and standard protection clauses (https://cloud.google.com/terms/data-processing-terms). DropboxWe use Dropbox, a cloud storage service, to store documents and other files containing personal content (collectively, “files”) and can also share them with others through so-called sharing. In doing so, the personal data of the users will be processed, insofar as these are part of the files stored within Dropbox. This may include, for example, master data and contact data of the users, data on transactions, contracts, other processes and their contents.
  When users access the files as part of the shares, Dropbox also processes usage data and metadata (e.g. IP addresses, access times and user browser and operating system information) for security purposes and service optimization. Dropbox may also store cookies on users’ computers for web analysis purposes or to remember users’ preferences.

  We use the Dropbox gem. Art. 1 lit. f GDPR based on our legitimate interests in efficient and secure administrative and cooperation processes.

  For more information, see Dropbox’s Privacy Policy(https://www.dropbox.com/privacy). You may object to the processing of your data in Dropbox to us in accordance with the legal requirements. In addition, the deletion of the data within Dropbox is determined after the other processing processes in which the data are processed (e.g., deletion for contractual purposes no longer necessary or storage for purposes of taxation of necessary data).

  Dropbox is offered by Dropbox, Inc., 333 Brannan Street, San Francisco, California 94107, USA. To the extent that data is processed in the United States, we refer to the certification of Dropbox under the Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnCLAA0&status=Active). Data protection notices in the application processThe application procedure requires that applicants provide us with the data required for their assessment and selection. The information required can be obtained from the job description or, in the case of online forms, from the information provided there.
  In principle, the necessary information, information about the person, such as the name, address, a contact possibility and the proof of the qualifications required for a job are included. In addition, we will be happy to inform you what information is required.
  If made available, applicants can submit their applications to us via an online form. The data is transmitted to us encrypted according to the state of the art. Applicants can also send us their applications via e-mail. However, we kindly ask you to note that e-mails on the Internet are generally not sent encrypted. As a rule, e-mails are encrypted by transport, but not on the servers from which they are sent and received. Therefore, we cannot accept any responsibility for the transmission of the application between the sender and the reception on our server. Applicants are welcome to contact us about the type of application or to send us the application by post.
  The data provided by the applicants can be further processed by us in the event of a successful application for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the candidates’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to at any time. The deletion, subject to a legitimate revocation of the candidates, shall take place at the latest after the expiry of a period of six months, so that we can answer any follow-up questions to the application and fulfil our obligations under the provisions on the equal treatment of candidates. Invoices for any reimbursement of travel expenses will be archived in accordance with the tax law requirements.
  Applicants’ data are processed on the basis of Article 6(6) of the 1 p. 1 lit. b GDPR (application procedure as a pre-contractual or contractual relationship). In so far as, in the context of the application procedure, specific categories of personal data within the meaning of Article 9(3) 1 GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants in order to ensure that the controller or the data subject has access to his or her from labour law and social security and social security law social protection rights and to fulfil its obligations in this respect, such processing shall take place in accordance with Article 9(1). 2 lit. b. GDPR, in the case of the protection of the vital interests of applicants or other persons in accordance with Art. 9 Abs. 2 lit. c. GDPR or for the purposes of health care or occupational medicine, for the assessment of the worker’s ability to work, for medical diagnostics, health or social care or for the management of systems, and health or social services in accordance with Art. 9 Abs. 2 lit. h GDPR. In the case of a communication of specific categories of data based on voluntary consent, their processing shall be carried out on the basis of Article 9(4) of the 2 lit. a. GDPR.
  In the case of the processing of applicant data in Germany, in addition, the section 22, 26 BDSG.) applies in addition. ContactWhen contacting us (e.g. via contact form, e-mail, telephone or via social media), the user’s details for processing the contact request and processing it in accordance with Art. 6 sec. 1 lit. b. (in the context of contractual/pre-contractual relations), Article 6(1) lit. f. (other requests) GDPR processed. Users’ information can be stored in a customer relationship management system (“CRM system”) or similar request organization.

  We will delete the requests if they are no longer required. We check the necessity every two years; In addition, the statutory archiving obligations apply.Hosting and e-mailThe hosting services used by us are used to provide the following services: infrastructure and platform services, computing capacity, Storage space and database services, e-mail, security and technical maintenance services that we use for the purpose of operating this online offer.

  In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in efficient and secure provision of this online offer in accordance with Art. f GDPR in art. 28 GDPR (conclusion of order processing contract). Collection of access data and log filesWe, or our hosting provider, collects on the basis of our legitimate interests within the meaning of Art. 6 sec. 1 lit. f. GDPR data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting providers.

  Logfile information is stored for security reasons (e.g. to investigate abuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidence purposes shall be excluded from deletion until the relevant incident has been finally clarified. Google AnalyticsWe use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there.

  Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to compile further information, with the use of this online offer and the services related to internet use to provide us. Pseudonymous user profiles can be created from the processed data.

  We only use Google Analytics with IP anonymization enabled. This means that the IP address of the users is truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

  The IP address transmitted by the user’s browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by using the browser plug-in available at the following link. download and install: http://tools.google.com/dlpage/gaoptout?hl=de.

  If we ask the users for consent (e.g. within the scope of a cookie consent), the legal basis of this processing is Art. 1 lit. a. GDPR. Otherwise, the personal data of the users will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 sec. 1 lit. f. GDPR).

  Insofar as data is processed in the USA, we would like to point out that Google is certified under the Privacy Shield Agreement and thereby guarantees to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

  For more information about Google’s data usage, settings and opposition options, please see Google’s privacy policy (https://policies.google.com/privacy)and Google’s privacy policy (https://adssettings.google.com/authenticated).

  The personal data of the users will be deleted or anonymized after 14 months. Jetpack (WordPress Stats)We use the plugin Jetpack (here the subfunction “WordPress Stats”), which integrates a tool for statistical evaluation of visitor access and from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website.

  The information generated by the cookie about your use of this online offer is stored on a server in the USA. User profiles can be created from the processed data, whereby these are used only for analysis and not for advertising purposes. For more information, please refer to Automattic’s privacy policy: https://automattic.com/privacy/ and Jetpack Cookies Notes: https://jetpack.com/support/cookies/.

  If we ask the users for consent (e.g. within the scope of a cookie consent), the legal basis of this processing is Art. 1 lit. a. GDPR. Otherwise, the personal data of the users will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 sec. 1 lit. f. GDPR). Integration of services and content of third partiesWe place within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 sec. 1 lit. f. GDPR) third-party content or service offerings to include their content and services, such as videos or fonts (hereinafter referred to as “Content”).

  This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” allow information on how to evaluate visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and, among other things, technical information about the browser and operating system, referring websites, visit time as well as further information on the use of our online offer as well as such information from other sources. YoutubeWe include the videos of the platform “YouTube” of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated. Google FontsWe integrate the fonts (“Google Fonts”) of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. According to Google, the data of the users are used solely for the purpose of displaying the fonts in the browser of the users. The integration is based on our legitimate interests in a technically safe, maintenance-free and efficient use of fonts, their uniform presentation as well as consideration of possible licensing restrictions for their Integration. Privacy Policy: https://www.google.com/policies/privacy/. Google MapsWe include the maps of the Google Maps service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The processed data may include in particular IP addresses and location data of the users, which are not collected without their consent (usually carried out within the framework of the settings of their mobile devices). The data can be processed in the United States. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated. Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke