I. Name and address of the responsible person
is the responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws.
II. Name and address of the data protection officer
The data protection officer of the responsible party is:
Phone: 089 32 66 73 47 -0
III General information on data processing
1. scope of the processing of personal data
As a matter of principle, we collect and use personal data of the users of our homepage only to the extent that this is necessary for the provision of a functional website, our contents and services.
In principle, the collection and use of personal data of our users only after his consent. An exception to this principle applies in cases where processing of the data is permitted by legal regulations or where obtaining prior consent is not possible for actual reasons.
2. legal basis for the processing of personal data
The legal bases for the processing of personal data result in principle from:
• Art. 6 para. 1 lit. a GDPR when obtaining the consent of the data subject.
• Art. 6 para. 1 lit. b GDPR for processing operations that serve to fulfill a contract to which the data subject is a party. Included here are processing operations that are necessary for the performance of pre-contractual measures.
• Art. 6 para. 1 lit. c GDPR for processing operations that are necessary for the performance of a legal obligation.
• Art. 6 para. 1 lit. d GDPR if vital interests of the data subject or another natural person make processing of personal data necessary.
• Art. 6 para. 1 lit. f GDPR, if the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest.
3. Data deletion and storage duration
The personal data of the users will be deleted or blocked as soon as the purpose of the storage ceases to apply. Storage beyond this may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the responsible party is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
IV. Use of our website, general information
1. description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the user's computer system. The following information is collected:
(1) Browser type and the version used
(2) The user's operating system
(3) The user's internet service provider
(4) The user's IP address
(5) Date and time of access
The described data is stored in the log files of our system. This data is not stored together with other personal data of the user.
2. purpose and legal basis for data processing
The temporary storage of the IP address by our system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.
The collection of their personal data for the provision of our website and the storage of the data in log files is mandatory for the operation of the website. Therefore, there is no possibility for the user to object.
3. duration of storage
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session has ended.
If your data is stored in log files, it will be deleted after seven days at the latest. Storage beyond this period is possible, in which case the IP addresses of the users are deleted or alienated. An assignment of the calling client is thus no longer possible.
VI. Your rights / rights of the data subject
According to the EU General Data Protection Regulation, you have the following rights as a data subject:
1. Right of information
You have the right to obtain from us, as the responsible party, information as to whether we are processing personal data relating to you.In addition, you could request information about:
(1) the purpose of the data processing;
(2) the categories of personal data processed;
(3) the recipients or the categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the responsible party or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) any available information on the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.Finally, you also have the right to request information about whether your personal data are transferred to a third country or to an international organization. In this case, you can request information about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.You could assert your right to information at: firstname.lastname@example.org
2. Right to rectification
If the personal data processed by us and concerning you is incorrect or incomplete, you have a right against us to rectification and/or completion. The correction will be made without delay.
3. Right to restriction
The right to restrict the processing of personal data concerning you may be exercised in the following cases:
(1) the accuracy of the personal data is contested for a period enabling the responsible party to verify the accuracy of the personal data;
(2) the processing is unlawful and erasure of the personal data is refused, requesting instead the restriction of the use of the personal data;
(3) the responsible party no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defense of legal claims; or
(4) the data subject has objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the responsible party override the grounds of the data subject.If the processing of personal data relating to you has been restricted, such data may - apart from being stored - only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. In the event of a restriction of processing in accordance with the principles outlined, you will be informed by us before the restriction is lifted.
4. Right to deletion
If the reasons outlined below apply, you may request that the personal data concerning you be deleted without delay. The responsible party is obliged to delete this data without delay. The reasons are:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) The processing is protected on the basis of consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR and you revoke your consent. Another requirement is that there is no other legal basis for the processing.
(3) You object to the processing (Art. 21 (1) GDPR) and there are no overriding legitimate grounds for the processing. Another possibility is that you lodge an objection to the processing pursuant to Art. 21(2) GDPR.
(4) The processing of the personal data concerning you is unlawful.
(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the responsible party is subject.
(6) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8(1) GDPR.
If we have made the personal data concerning you public and we are obliged to erase it pursuant to Article 17(1) of the GDPR, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers who process the personal data that you, as the data subject, have requested the erasure of all links to, or copies or replications of, such personal data. Please note that the right to erasure does not apply insofar as the processing is necessary for
(1) the exercise of the right to freedom of expression and information;
(2) compliance with a legal obligation which requires processing under Union or Member State law to which the responsible party is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible party;
(3) for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section (a) is likely to make impossible or seriously prejudice the achievement of the purposes of such processing; or
(5) for the establishment, exercise or defense of legal claims.
5. Right to information
If you have exercised the right to rectification, erasure or restriction of processing, we will be obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. Furthermore, you have the right to be informed about these recipients.
6. Right to data portability
According to the GDPR, you also have the right to receive the personal data concerning you that has been provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another responsible party without hindrance by the responsible party to whom the personal data was provided, provided that
• the processing is based on consent pursuant to Art. 6(1)(a) of the GDPR or Art. 9(2)(a) of the GDPR or on a contract pursuant to Art. 6(1)(b) of the GDPR and
• the processing is carried out with the help of automated processes.
Finally, in exercising the right to data portability, you have the right to obtain that the personal data concerning you be transferred directly from one responsible party to another responsible party, insofar as this is technically feasible and does not adversely affect the freedoms and rights of other persons.The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible party.
7. Right to revoke the declaration of consent under data protection law.
You have the right to revoke your declaration of consent under data protection law at any time. We point out that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
8. Right of objection
Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR. The right to object also applies to profiling based on these provisions.The responsible party will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.If the personal data concerning you is processed for the purpose of, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising. This also applies to profiling, insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.You also have the possibility, in connection with the use of information society services (notwithstanding Directive 2002/58/EC), to exercise your right to object by means of automated procedures using technical specifications.
9. Automated decision in individual cases including profiling.
Under the EU General Data Protection Regulation, you continue to have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. However, an exception to this principle exists if the decision
(1) is necessary for the conclusion or performance of a contract between you and the responsible party,
(2) is permitted by Union or Member State law to which the responsible party is subject and that law contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
(3) is made with your explicit consent.If the processing is carried out within the framework of the cases mentioned in (1) and (3), the responsible party shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests. This includes at least the right to obtain the intervention of a person on the part of the responsible party, to express your point of view and to challenge the decision.The decision under (1) - (3) shall not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
10. Right to complain to a supervisory authority
Finally, if you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement.
On this website, we use the service HubSpot for various purposes. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
More information from HubSpot regarding EU data protection regulations »
More information on the cookies used by HubSpot can be found here & here »
As part of the optimization of our marketing measures, the following data may be collected and processed via Hubspot:
- Geographic location
- Browser type
- Navigation information
- Referral URL
- Performance data
- Information about how often the application is used
- Mobile apps data
- HubSpot subscription service credentials
- Files viewed on site
- Domain names
- Pages viewed
- Aggregated usage
- Operating system version
- Internet service provider
- IP address
- Device identifier
- Duration of visit
- Where the application was downloaded from
- Operating system
- Events that occur within the application
- Access times
- Clickstream data
- Device model and version.
The legal basis of the processing is your consent in accordance with Art. 6 (1) lit. a GDPR. If you do not want the aforementioned data to be collected and processed via Hubspot, you can refuse your consent or revoke it at any time with effect for the future.The personal data will be retained for as long as it is required to fulfill the purpose of processing. The data will be deleted as soon as they are no longer required to achieve the purpose.
In the context of processing via HubSpot, data may be transferred to the USA. The security of the transfer is secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) a GDPR may serve as the legal basis for the transfer to third countries.
6. statistical survey
We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the sent e-mails contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. For the evaluations, we link the data mentioned under point 1 and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID.
With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and infer your personal interests from this. We link this data to actions you have taken on our website.
You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously.
VIII. Electronic contact
It is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.
Your data will not be passed on to third parties in this context; the data will be used exclusively for processing the communication.
The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 lit. a GDPR. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
In this context, the processing of personal data serves solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
Your data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
You have the option to revoke your consent to the processing of personal data at any time. You can also object to the storage of your personal data at any time when contacting us by e-mail. However, we would like to point out that in such a case the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
IX. Web Analytics
1. Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in abbreviated form, which means that personal references can be ruled out. Insofar as the data collected about you has a personal reference, this is therefore immediately excluded and the personal data is deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f GDPR or, in case of consent, Art. 6 para. 1 p. 1 lit. A GDPR.
Third Party Provider Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User Terms:
2. Use of Hotjar
X. Social media
1. Use of social media plug-ins
We currently use the following social media plug-ins: [Facebook, Twitter, Xing].
We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box above its initial letter or logo. We open up the possibility for you to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-in provider receives the information that you have called up the corresponding website of our online offer.
In addition, the data mentioned in section IV of this declaration will be transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data is therefore transmitted from you to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects the data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the grayed-out box.
We have no influence on the collected data and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. We also have no information about the deletion of the collected data by the plug-in provider.
The plug-in provider stores the data collected about you as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. f DS-GVO.
The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider.
For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers provided below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.
Addresses of the respective plug-in providers and URL with their privacy notices:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
f) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
2. integration of YouTube videos and Vimeo
We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
3. Integration of Google Maps
On this website we use the offer of Google Maps. This allows us to show you interactive maps directly in the website and enables you to use the map function comfortably.
By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned in section IV of this statement will be transmitted to Google. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
XI. Online advertising
1. Use of Google Adwords Conversion
We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising media (so-called Google Adwords) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the interest of displaying advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.
These advertisements are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.
You can prevent participation in this tracking process in various ways:
(a) by adjusting your browser software settings accordingly; in particular, suppressing third-party cookies will result in you not receiving third-party ads;
b) by disabling conversion tracking cookies by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, which setting will be deleted when you delete your cookies;
c) by deactivating the interest-based ads of the providers that are part of the self-regulatory campaign "About Ads" via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies; d) by permanent deactivation in your browsers Firefox, Internetexplorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use the full functionality of this website.
The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f GDPR or, in case of consent, Art. 6 para. 1 p. 1 lit. a GDPR.
More information about Google's privacy practices can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.