Thank you for visiting our website and for your interest in our company. For us data protection is an integral of our customer-oriented quality approach. We care about the protection of your personal data and the protection of your personal rights.
Our website can normally be used without entering personal data. However, if you use our company’s services via our website, it may be necessary for us to process your personal data.
The data automatically collected when you visit our website or personal data that you enter when using services are processed in accordance with the current legal provisions for the protection of personal data.
If it is necessary to process your personal data and there is no legal basis for such processing, we will normally obtain consent from you for the required processing purpose.
As the company responsible for processing, we have defined technical and organisational measures to ensure the highest possible level of protection for your personal data.
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses an SSL or. TLS encryption. You can recognise that a connection is encrypted because the address line of the browser changes from “http: //” to “https: //” and a padlock icon appears in your browser line.
If the SSL or TLS encryption is activated, data transmitted by you to us cannot be read by third parties.
However, we would like to remind you that security gaps can always occur in data transmission via the World Wide Web.
If you would like to make use of our company’s services and do not want to transmit data via the World Wide Web, you can also contact us by telephone.
1. Contact details of the data controller
The data controller in the meaning of the General Data Protection Regulation is:
The following has been designated as data protection officer:
2. Collection of general access information
Every time you visit our website, server log file data transmitted by your browser to us is automatically recorded. This data consists of:
- IP address (internet protocol address) of the accessing computer
- The website from which you are visiting us (referrer)
- Which of our websites you visited
- The date and duration of the visit
- Browser type and browser settings
- Operating system
- Data taps from Google Analytics
We would like to point out that such data cannot be assigned to a specific person. We use this technical access information exclusively for the following purposes to:
- improve the attractiveness and usability of our website,
- identify technical problems on our website at an early stage.
- deliver the content of our website correctly,
- and provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack.
As a technical precaution, this data is stored for a maximum of 7 days to protect the data processing systems against unauthorised access.
3. Collection and disclosure of personal data
We use your personal data only for the purposes stated on this information page for data protection.
The following online forms are available on our website for entering personal data:
3.1. Mailing of our newsletter
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are actually the owner of the e-mail address provided and that you agree to receive the newsletter.
We use the so-called double opt-in procedure to ensure that the newsletter is sent with your consent. As a result, the potential recipient can be added to a mailing list. The user then receives a confirmation e-mail to confirm the registration in a legally compliant manner. The address will only be actively included in the mailing list if the confirmation is received.
We use this data exclusively for sending the requested information and offers.
Newsletter2Go is used as the newsletter software. Your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and using it for purposes other than sending newsletters. Newsletter2Go is a German, certified provider that was selected in accordance with the requirements of the General Data Protection Regulation and the German Federal Data Protection Act (“BDSG”).
More information can be found here: https://www.newsletter2go.de/informationen-newsletter-empfaenger/
You can revoke your consent to the storage of the data, the e-mail address and use of this data for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter.
If we receive your e-mail address in connection with the sale of a product or service and you have not objected, we reserve the right to regularly send you offers in relation to similar products from our range by e-mail.
You have the option at any time to prevent the newsletter from being sent by cancelling it and to revoke your consent to the use of your data for sending the newsletter. There is a corresponding link for this purpose in every newsletter.
3.2. Contacting us by email or contact form
On our website, we offer you the possibility of contacting us by email and/or via a contact form.
If you contact us by email or using a contact form, the personal data transmitted by you will be saved automatically.
Such personal data transmitted to us by you on a voluntary basis will be stored for the purpose of processing your request or contacting the person concerned. This personal data is not passed on to third parties.
3.3. Submission of application documents
In connection with your e-mail job application, we collect and process various personal application-related data. This includes your complete application documents (cover letter, CV, references or other certificates and documents).
After submitting the application you will receive an e-mail confirming receipt of the application documents.
Your personal application data is collected and processed exclusively for the purpose of filling open vacancies within our company. Your data will normally only be forwarded to the internal units and departments of our company responsible for the specific application process. Your personal application data will not be passed on to other companies without your express prior consent.
Your personal application data will not be used for any other purpose or passed on to other companies without your express prior consent.
Your personal application data is normally deleted automatically six months after the application process has been completed. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purposes of documentation or if you have expressly consented to extended retention of the data, for example, for future job postings.
If an employment contract is entered into with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.
4. What are cookies used for?
Our internet pages make use of “cookies”. Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies are saved on your terminal device until you delete them yourself or your web browser automatically deletes them.
In some cases, cookies from third-party companies can also be saved on your device when you enter our website (third-party cookies). These enable us or you to use certain third-party services (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically required because certain website functions do not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to analyse user behaviour or to display advertising.
Cookies that are required to carry out the electronic communication process (essential cookies) or to provide certain functions desired by you (functional cookies, e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) are saved on the basis of Art. 6 (1)(f) GDPR, unless another legal basis is given. The website operator has a legitimate interest in saving cookies on your device for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the relevant cookies are saved exclusively on the basis of this consent (Art. 6 (1)(a) GDPR); this consent can be revoked at any time.
You can adjust your browser settings so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.
4.1 Cookie consent with Usercentrics
This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your end device or your consent to the use of certain technologies, and for the documentation of this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter referred to as “Usercentrics”).
The following personal data is transferred to Usercentrics when you access our website:
Your instance(s) of consent or the revocation of your instance(s) of consent
- Your IP address
- Information about your browser
- Information about your end device
- Time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser, in order to allocate all instances of consent granted or the revocation thereof to you. The data collected in this way is stored until you ask us to delete it, or you delete the Usercentrics cookie yourself, or the purpose for storing the data no longer exists. Statutory storage obligations remain unaffected. Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 (1) page 1 (c) GDPR.
5. Implementation and use of tracking, analysis tools and social plugins
This website includes videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.
Furthermore, YouTube can store various cookies on your device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used, among other things, to collect video statistics, improve usability and prevent fraud attempts.
If you are logged into your YouTube account, you enable YouTube to assign your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to present our online offers. This represents a legitimate interest in the meaning of Art. 6 (1)(f) GDPR. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1)(a) GDPR; this consent can be revoked at any time.
5.2 Google Maps
This site uses the “Google Maps” map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary for your IP address to be saved. This information is usually transmitted to a Google server in the USA and saved there. The provider of this site has no influence on this data transfer.
We use Google Maps in the interest of presenting our online offers attractively and facilitating navigation to the places mentioned on the website. This represents a legitimate interest in the meaning of Art. 6 (1)(f) GDPR. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1)(a) GDPR; this consent can be revoked at any time.
Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
5.3 Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether the data is entered on this website (e.g. in a contact form) by a person or by an automated program. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor accesses the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, length of stay of the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data is stored and analysed on the basis of Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in protecting its web offers from illicit automated spying and from SPAM. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1)(a) GDPR; this consent can be revoked at any time.
https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de
We have integrated Wordfence in this website. The provider is Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter referred to as Wordfence). Wordfence serves to protect our website from unwanted access or malicious cyber attacks. For this purpose, our website establishes a permanent connection with Wordfence's servers so that Wordfence can check its databases against the accesses made to our website and block these if necessary. The use of Wordfence is based on Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in protecting their website as effectively as possible against cyber attacks. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1)(a) GDPR; this consent can be revoked at any time.
Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
Conclusion of a data processing agreement.
We have concluded a data processing agreement with Wordfence. This is a contract required by data protection law, which ensures that Wordfence only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
6. Deletion, blocking and duration of storage of personal data
We process and store your personal data only for the period that is necessary to achieve the respective storage purpose or as stipulated by the various statutory retention periods.
After a original storage purpose has ceased to exist or the statutory retention period has expired, the personal data is automatically blocked or deleted for further processing in accordance with the statutory provisions.
7. Data protection rights of the data subject
If you have any questions about your personal data, you can write to us in this regard at any time. Under the GDPR, you have the following rights:
- The right to information (Art. 15 GDPR)
- The right to rectification (Art. 16 GDPR)
- The right to deletion (Art. 17 GDPR)
- The right to restriction (Art. 18 GDPR)
- The right to data portability (Art. 20 GDPR)
- The right to objection (Art. 21 GDPR)
- Right of appeal to the data protection regulatory authority (Art. 77 GDPR in conjunction with § 19 BDSG)
- Right to withdraw consent under data protection law (Art. 7 (3) GDPR)
8. Legal basis for processing
When processing personal data for which we obtain the consent of the data subject, Article 6 (1)(1 a) of the General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data required to fulfil a contract to which the data subject is a party, Article 6 (1)(1 b) (GDPR) serves as the legal basis. This provision also covers processing operations that are necessary in advance of signing of an actual contract.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1)(1 c) (GDPR) serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 (1)(1 f) (GDPR) serves as the legal basis for the processing. The legitimate interest of our company lies in the conduct of our business activities as well as in the analysis, optimisation and maintenance of the security of our online offer.
9. Transmission of data to third parties
We only transmit data if there is a legal obligation to do so. This is the case when government institutions (e.g. law enforcement authorities) request information in writing or a court order exists.
There is no transfer of personal data to so-called third countries outside the EU / EEA.
10. Legal or contractual provisions for the provision of personal data and possible consequences of not providing them
We hereby point out that the disclosure of personal data is required by law in certain cases (e.g. tax regulations) or can follow from contractual provisions (e.g. information on the contractual partner). For example, it may be necessary for the conclusion of a contract that the person concerned/the contractual partner must provide their personal data so that it is possible for us to process their request (e.g. order) in the first place. There is an obligation to provide personal data especially when entering into contracts. If no personal data is provided in this case, it will not be possible to enter into a contract with the data subject. Before the person concerned provides personal data, the latter can contact our data protection officer or the person responsible for processing. The data protection officer or the data controller will then inform the data subject whether the provision of the required personal data is required by law or contract or is necessary for the conclusion of a contract and whether the requests of the data subject result in an obligation to provide the personal data and what consequences a failure to provide the requested data has for the data subject.
11. Use of automated decision-making system
As a responsible company, we do not use automatic decision-making or profiling systems in our business relationships.
12. Additional information
In addition to this web-specific data protection information, you can also refer to our “transparent information policy”.