Information about the Data Controller:
We attach particular importance to protecting your personal data. Your personal data is processed in accordance with the data protection regulations, in particular the General Data Protection Regulation of the European Union (GDPR) and the German Federal Data Protection Act (BDSG).
General information on Data Processing
The following information provides an overview of the nature, extent and purpose of collecting, processing and transferring personal data as well as the safety measures deployed to protect these data.
Personal data are individual information on personal or factual circumstances of an identified or identifiable natural person such as e.g. your name, address, telephone number, your date of birth as well your e-mail and IP address.
Legal basis for the processing of personalized data
- ïAs far as we obtain a consent of the data subject for the processing of personal data, Art. 6 (1) a GDPR serves as legal basis. You can withdraw this processing at any time in accordance with Art. 7 (3) GDPR.
- ïArt. 6 (1) b GDPR serves as legal basis for the processing of personal data required for the performance of a contract or for the execution of pre-contractual measures.
- ïIf processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c GDPR serves as legal basis.
- ïIf the processing is necessary for the preservation of the legitimate interest of our company or of a third party and if the fundamental rights and freedoms of the person concerned do not predominate, Art. 6 (1) f GDPR serves as legal basis for processing. In this case, you have the right of objection according to Art. 21 GDPR.
Data deletion and storage period
Personal data will be deleted as soon as the purpose for storage no longer applies. Due to legal retention periods, we may be obliged to store the data for a longer period of time.
Provision of the website
Use of hosting service providers
Our website is hosted on servers of a hosting provider, which is located in the EU, based on an order processing according to Art. 28 GDPR. Within the scope of its services, the hosting service provider may have access to personal data of our users, in particular to technical data, which arise within the scope of the technical communication between you and our website (e.g. server log files). However, he may not use them for his own purposes. The use of a hosting service provider is based on our legitimate interests pursuant to Art. 6 (1) f GDPR in the provision of infrastructure and platform services, computing capacity, e-mail dispatch and security services.
When you visit our website or use our services the device used for accessing the site automatically transmits log data (connection data) to our servers. The relevant information consists of:
- The browser and its version number,
- The operating system and its version number,
- The referrer URL, which is the website you visited before switching to our website,
- The date and time of access to our website,
- The name of the subpages,
- The corresponding IP address,
- The amount of data transmitted.
The data collected are used exclusively for evaluating the data statistically to ensure operation and safety and to optimise processing of the offer. For security grounds, however, we reserve the right to inspect log files retroactively if we have sufficient grounds to suspect illegal usage. These data are deleted after 7 days at the latest. This collection is carried out on the basis of our legitimate interest under Art. 6 (1) f GDPR.
Cookies are small files, which are stored on the visitor’s hard disk drive. Cookies do not damage your computer and do not contain viruses. Most cookies used on the website are so-called “session cookies”. They are automatically deleted after the end of your visit. Other cookies stay on your devices and make it possible for your browser to be recognized the next time you visit. These files can be used, for example, to display information on the page that is specifically tailored to your interests.
Security of Your Data
We deploy technical and organisational security measures to adequately protect the data that you have made available to us from being unintentionally or intentionally manipulated, lost, destroyed or accessed by unauthorised persons. Therefore, we are using SSL encryption for the transmission of confidential content e.g. enquires which you send to us as the site operator. An encrypted connection can be recognised when the web address changes from “http://” to “https://” and a padlock symbol is shown in your browser bar. When SSL encryption is activated, third parties cannot read the data that you transmit to us. Our security measures are kept up-to-date.
If you contact us (e.g. via contact form, e-mail, telephone, social media), your personal data will be stored and processed by us for the purpose of processing the enquiry and any related follow-up questions pursuant to Art. 6 (1) b GDPR (within the framework of pre-contractual / contractual measures) or pursuant to Art. 6 (1) f GDPR (general enquiries). This data is not transferred to third parties without your consent.
The data entered into the contact form remain with us until you request that they be deleted, you withdraw your consent to the storage of your data, or the purpose of the data storage is no longer given (i.e. after the successful processing of your request), provided there are no legal storage obligations to the contrary.
When business cards are accepted, your personal data will be stored and processed by us for the purpose of subsequent contact in accordance with Art. 6 (1) b GDPR (in the context of pre-contractual / contractual measures) or Art. 6 (1) f GDPR (general communication). We do not transfer this data without your consent.
The data provided by you on the business card will remain with us until you request us to delete it or object to it being stored, unless this conflicts with any statutory storage obligations.
Photo and video recordings
If you have given us your consent to the creation and publication of photo or video recordings of your person, this is for purposes of representation of the company. The publication refers to our corporate communication in the press, on our website and on our company-owned social media pages as well as in print media (flyers, brochures, etc.). The information is transferred within the company, to commissioned print service providers and advertising agencies as well as for publication on the internet. An additional passing on does not take place without an agreement on your part. A deletion of your data takes place after withdrawal of your consent.
According to Art. 7 (3) GDPR, you have the possibility to withdraw your consent at any time in writing without negative consequences for you and with effect for the future. In this regard, please contact the central data protection contact address given below.
The data entered within the framework of the application form are used for processing the job applications. Within the framework of the application procedure, the data you provide are accessible to employees of the personnel department and to the responsible authority as stated in the job advertisement. The parties involved have been expressly notified of the confidentiality of your data. Your data remain strictly confidential and are not transferred to any third parties without your explicit consent. If you wish to withdraw your consent to the processing of your application data, please send an email with the appropriate notice to the contact address below. Your application data will be deleted 180 days after the job is filled. Data are collected based on Art. 88 GDPR in connection with § 26 BDSG.
If special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily disclosed in the application procedure, they will also be processed in accordance with Art. 9 (2) b GDPR.
Contents and Services of Third Parties
Based on the legitimate interest of the provider according Art. 6 (1) f GDPR, a situation can arise where contents, services and benefits of third parties are integrated which complement our service offerings. With the use of the following services, we want to ensure a customized design and the continuous optimization of our website.
Google Web Fonts
In order to promote the consistent presentation of fonts, this site uses so-called web fonts which are made available by Google. When visiting a web page, your browser downloads the required web fonts into its cache so that texts and typefaces are rendered correctly.
To this end, your browser must connect with Google servers. Thereby, Google becomes aware that our website has been accessed using your IP address. The use of Google Web Fonts is carried out for the sake of a uniform and appealing presentation of our online offer. This is considered legitimate interest under Art. 6 (1) f GDPR. If your browser does not support web fonts, a standard font from your computer is used instead.
Links to websites of third parties
Based on the legitimate interest of the provider, it may occur that contents, services and benefits of third parties are integrated which complement our service offerings. When you access web pages which are linked on this website, information such as your name, IP address, browser details etc. can retrieved again. This Privacy Statement does not govern the collection, dissemination or the processing of personal data by any third parties. In this regard, please also pay attention to the individual privacy statements of the respective third-party providers and service providers to which we link on our website.
We maintain publicly accessible online presences in social networks to communicate with the customers and interested parties active there and to present our services.
The processing of users’ personal data is carried out on the basis of our legitimate interests in providing users with effective information and communicating with users in accordance with Art. 6 (1) f GDPR. If the users are asked by the respective providers of the platforms for consent to data processing or if the user voluntarily sends information to our online presences, the legal basis for processing is Art. 6 (1) a GDPR in conjunction with Art. 7 GDPR. If such information contains contract-relevant contents, Art. 6 (1) b GDPR serves as the legal basis.
For a detailed representation of the respective processing and the possibilities of objection (Opt-Out), we refer to the following linked information of the providers.
Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information. Should you nevertheless need help, you can contact us.
If you interact with our Facebook page (comment, link posts or send us a message) your data will be stored by us.
The operation of a fan page is a joint responsibility under data protection law between Facebook Ireland Ltd. and our company pursuant to Art. 26 GDPR. Accordingly, we have concluded an agreement with Facebook Ireland in which the respective obligations under the GDPR are regulated: https://www.facebook.com/legal/terms/page_controller_addend
The legal bases for the processing of the data are:
- ïIf you “like” a contribution from us, comment on it or upload content to our Facebook page, Art. 6 (1) a GDPR serves as the legal basis. You can withdraw this processing for the future at any time in accordance with Art. 7 (3) GDPR by deleting the comment or content.
- ïIf you send us a contract-relevant inquiry, Art. 6 (1) b GDPR serves as the legal basis.
Facebook provides fan page operators with statistics and insights into the types of actions our fan page visitors take (“Page Insights”). We have no control over the collection of this information by Facebook. According to Facebook, this information is provided to us anonymously so that the user cannot be identified from the information.
Personal data is deleted as soon as the purpose for which it was stored no longer applies. Storage can also take place if this is provided for by statutory retention obligations to which our company is subject.
We principally address adult persons with our online offer. Personal information of persons under 16 years of age may only be made available to us with the explicit consent of their legal guardian (Art. 8 GDPR). Processing without the consent of the legal guardian is not permitted. We therefore reserve the right to delete all data relating to minors unless we have the consent of a parent or guardian.
Upon written request, we will inform you in accordance with Art. 15 GDPR and in accordance with our legal obligation under Art. 12 GDPR whether and which of your personal data is processed or stored by us. Furthermore, you have the right to have incorrect data corrected in accordance with Art. 16 GDPR, data transferability in accordance with Art. 20 GDPR, blocking and deletion of your personal data in accordance with Art. 17 GDPR – provided that there are no legal storage obligations to the contrary – as well as the right to restrict processing in accordance with Art. 18 GDPR. In addition, you have the right to contact the competent supervisory authority pursuant to Art. 77 GDPR.
In addition, you have the right to object pursuant to Art. 21 GDPR.
You have the right to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. To do this, please refer to the contact address below.
If you have any questions regarding the processing of your personal data, you can contact our data protection officer, who is ready to assist with any enquiries, suggestions and complaints that you may have.
Data protection officer of
Changes to our Privacy Statement
We reserve the right to make changes to our privacy statement to ensure that our privacy statement is always up to date with the current legal regulations. This applies also when the privacy statement needs to be adjusted due to new or redesigned services. The new privacy statement will then take effect the next time you use our services.