Responsible according to Art. 4 para. 7 GDPR
Data protection officer of the responsible
Phone: +49 9621 608 2110
- Personal Data
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Restriction of Processing
the marking of stored personal data with the aim of limiting their processing in the future.
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Third Party
A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
§ 1 Lawfulness of the processing of personal data
(1) Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
(2) In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. lit. b GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.
(3) Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
(4) Insofar as vital interests of the data subject or of another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
(5) If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
§ 2 Data deletion and storage duration
(1) The personal data of the data subject shall be erased or blocked as soon as the purpose of the storage is no longer valid.
(2) Data may also be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the data controller is subject.
(3) Data shall also be blocked or deleted when a storage period prescribed by the standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
§ 3 Information on the collection of personal data
(1) In the following we inform about the collection of personal data when using our website. Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
(2) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions. We delete the data collected in this context after storage is no longer required or restrict processing if there are legal storage obligations.
(3) If we would like to use contracted service providers for individual functions of our offer or use your data for advertising purposes, we will inform you in detail about the respective processes below. In this context, we will also state the defined criteria for the storage period.
Collection of personal data when visiting our website
If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure stability and security (legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- Amount of data transmitted in each case
- Website from which the request comes (referrer)
- The specific pages of our website that you have called up
- Browser: Type, version and set language
- Operating System: type and version
- Screen resolution
- Colour depth
- Size of the browser window
- Installed browser plugins
Cookies are small files that are stored on your hard disk in accordance with the browser you are using and through which certain information is transmitted to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective. In addition to the above-mentioned data, the following cookies are stored on your computer when you use our website based on your active consent in our cookie banner:
Data Privacy Settings
§ 4 Further functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services which you can use if you are interested. For this purpose, you will generally have to provide additional personal data which we use to provide the respective service and to which the data processing principles apply. Mandatory information is marked with an asterisk. Information in fields not marked in this way is purely voluntary.
(2) If you contact the service provider by e-mail or via the contact form, personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. Alternatively, it is possible to contact us via the provided e-mail address. In this case, the user's personal data transmitted with the e-mail will be stored in order to process your request.
(3) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
§ 5 Rights of the data subject
In the following, we will inform you about your rights as a data subject according to GDPR. You can exercise these rights at any time and therefore contact us directly. If you claim these rights from us, we will examine them in detail, considering the legal requirements and conditions associated with them. For this purpose, we may ask you for further information. We will explain the results of our examination and our procedure for fulfilling your request in detail. It is possible that we will not be able to fully meet your requirements in the manner you have requested.
This should not prevent you from asserting your rights against us or from asking us about them. We will gladly answer all your questions.
(1) Right of access by the data subject
In accordance with Art. 15 GDPR, you have the right to request information from us at any time as to whether and which data relating to your person are being processed by us. This also includes information on the purposes of processing, if applicable to recipients to whom we have disclosed data about you, the planned storage period and, if applicable, information on the origin of this data, unless we have collected it directly from you. Furthermore, you have the right to receive a one-time copy of your personal data stored with us free of charge. We reserve the right to charge a reasonable administration fee for making subsequent copies.
(2) Right to rectification
In accordance with Art. 16 GDPR, you have the right to demand that we correct inaccurate data that we have stored about you. This also includes the right to complete incomplete personal data.
(3) Right to erasure (‚right to be forgotten“)
You have the right to demand that we delete data that we have stored about you. If we have published data about you, this also includes our obligation, within the framework of the "right to be forgotten" in accordance with Art. 17 Para. 2 GDPR, to forward your request for deletion, considering available technology and implementation costs, all links to this data as well as copies or replications of this data concerning other persons responsible for processing this published personal data.
(4) Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right to demand that we restrict the processing of data that we have stored about you. Thereafter, processing of this data will only be possible with your consent or for a limited number of legally defined purposes.
(5) Right to object
Insofar as we base the processing of your personal data on the balancing of interests, you may object to the processing in accordance with Art. 21 GDPR. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is described by us in the following description of the functions. If you exercise such an objection, we would ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising via the contact channels listed above.
(6) Right of withdrawal of a data protection consent
If you have given your consent to the processing of your data, you can revoke this consent at any time in accordance with Art. 7 Para. 3 GDPR. Such revocation will affect the permissibility of processing your personal data after you have given it to us.
(7) Right to data portability
In accordance with Art. 20 GDPR, you have the right to receive from us data relating to your person which you have provided to us in a structured, common and machine-readable format for the purpose of transfer to another responsible party. At your request and taking into account the existing technical possibilities, this also includes direct transfer from us to the other responsible party.
(8) Right to lodge a complaint with a supervisory authority
In accordance with Art. 13 GDPR, you have the right to complain at any time to a data protection supervisory authority about our processing of data relating to your person.
(9) Automated individual decision-making, including profiling
They have the right to obtain information on the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.
§ 6 Social Media and other third-party services
1. Use of social media plug-ins
(1) We currently use the following social media plug-ins: Twitter, Facebook, LinkedIn. We use a data protection-friendly implementation technique (2-click Method). This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box by its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-in provider will receive the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under § 5 of this declaration will be transmitted. In the case of Facebook and Xing, the IP address will be anonymized immediately after the data is collected, according to the respective providers in Germany. By activating the plug-in, your personal data is thus transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the greyed-out box.
(2) We have no influence on the collected data and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.
(3) The plug-in provider stores the data collected about you as user profiles and uses this data for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out (also for users who are not logged in) for the purpose of presenting need-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider in order to exercise this right. Through the plug-ins we pursue our interest in offering you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting and attractive for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. f GDPR.
(4) The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data we collect from you will be assigned directly to your account with the plug-in provider. If you click on the activated button and, for example, link to the page, the plug-in provider will also save this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as you can then avoid being assigned to your profile with the plug-in provider.
(5) Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the data protection declarations of these providers, as notified below. There you will also find further information on your rights and settings to protect your privacy.
(6) Addresses of the respective plug-in providers and URL with their data protection information:
a) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; twitter.com/privacy. Twitter has submitted to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework.
b) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info. Facebook has submitted to the EU-US privacy shield, www.privacyshield.gov/EU-US-Framework.
c) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US privacy shield, www.privacyshield.gov/EU-US-Framework.
2. Integration of YouTube videos
(1) We have included YouTube videos in our online offering, which are stored at www.YouTube.com and are integrated from our website. We use a data protection-friendly implementation technique (2-click method). This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. Only when you click on the preview image of the video, the data mentioned in paragraph 2 will be transferred. We have no influence on this data transfer. With the integration of YouTube videos, we pursue our interest in making our website more interesting and attractive for our visitors and to achieve a better presentation of contents or facts. The legal basis for the use of the plug-in is Art. 6 para. 1 p. 1 lit. f GDPR.
(2) This is done regardless of whether YouTube provides a user account that you are logged in with or no user account exists. If you are logged in to Google, your information will be associated directly with your account. If you don't want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out (even for users who are not logged in) for the purpose of providing needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact YouTube in order to exercise this right.
3. Integration of Vimeo
(1) We have included Vimeo videos in our online offer, which are stored on www.vimeo.com and integrated from our website. We use a data protection-friendly implementation technique (2-click method). This means that when you visit our site, no personal data is initially transferred to the providers of the plug-ins. Only when you click on the preview image of the video, the data mentioned in paragraph 2 will be transferred. We have no influence on this data transfer. are and can be played directly from our website. With the integration of Vimeo videos, we are pursuing our interest in making our website more interesting and attractive for our visitors and to achieve a better presentation of content or facts. The legal basis for the use of the plug-in is Art. 6 para. 1 p. 1 lit. f GDPR.
4. Integration of Google Maps
(1) On this website we use the offer of Google Maps. In this way, we are pursuing our interest in increasing the attractiveness of our website by displaying interactive maps directly on our website and allowing you to use the map function conveniently. The legal basis for the use of the plug-in is Art. 6 para. 1 p. 1 lit. f GDPR.
(2) By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned under § 5 of this declaration is transmitted. This happens regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out (even for users who are not logged in) for the purpose of providing needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact Google in order to exercise this right.
(4) Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001
User conditions: http://www.google.com/analytics/terms/de.html
Data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html
5. Facebook Fan page
(1) The use of our Facebook fan page requires the collection of personal data. Some are also collected during an unannounced visit. More specifically, metadata (frequency, duration, location from which the "Like" information was provided, when users are online, which posts reach fans, which fans have interacted with posts and to what extent, information about the device used), personal data (gender, age, place of residence, language and other demographic data) are obtained from Facebook. This personal information is used here for statistical purposes. The legal basis for the use is Art. 6 paragraph 1 f of the GDPR.
(2) As a user, you can exercise your rights under Art. 12 - 23 GDPR. Detailed explanations can be found in Art. 5, Rights of the data subject.
(3) Further information on Facebook's data policy can be found at www.facebook.com/about/privacy/, and information on Insight data at https://www.facebook.com/legal/terms/information_about_page_insights_data.
(4) According to Art. 26 GDPR, there is a joint responsibility between us and Facebook. This is in the form of a contract on https://www.facebook.com/legal/terms/page_controller_addendum. to find.