§1 DATA PROTECTION INFORMATION FOR USERS
Information on data protection regarding our processing of personal data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
we are pleased about your interest. In accordance with the provisions of Articles 13, 14 and 21 of the Basic Data Protection Regulation (GDPR), we hereby inform you about the processing of personal data transmitted by you in the course of the process and any personal data we may have collected and your rights in this regard. In order to ensure that you are fully informed about the processing of your personal data within the scope of this process, please take note of the following information.
1. RESPONSIBLE AUTHORITY IN THE SENSE OF DATA PROTECTION LAW
Flößaustraße 122, 90763 Fürth
+49 (0) 151 6526 3767
2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER
Rechtsanwalt Hans Georg Bauer
+49 40 5530 -2233
3. PURPOSES AND LEGAL BASIS OF THE PROCESSING
We process your personal data in accordance with the provisions of the European Data Protection Basic Regulation (EU-GDPR) and the Federal Data Protection Act (BDSG), insofar as this is necessary for the proposals or mediations.
Furthermore, we may process your personal data if this is necessary to fulfil legal obligations (Art. 6 para. 1 lit. c GDPR) or to defend against legal claims made against us. The legal basis for this is Art. 6 para. 1 lit. f GDPR.
The legitimate interest is, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG). If you give us express consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. A given consent can be revoked at any time, with effect for the future (see item 9 of this general data protection information).
4. CATEGORIES OF PERSONAL DATA
We process only such data that is related to your participation in our software. This can be general data about your person (name, address, contact data, etc.), information about your professional qualifications and schooling, information about professional further education and, if applicable, other data that you send us in connection with your participation.
5. SOURCES OF THE DATA
We process personal data which we receive from you by post or digitally or which you transmit to us by other means within the scope of establishing contact or your mediation.
6. RECIPIENT OF THE DATA
Within our company, we pass on your personal data exclusively to those areas and persons who need this data to fulfil contractual and legal obligations or to implement our legitimate interests.
Your personal data will be processed on our behalf on the basis of commissioned processing contracts in accordance with Art. 28 GDPR. In these cases we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfil legal obligations or if we have your consent.
7. TRANSMISSION TO A THIRD COUNTRY
A transfer to a third country is not intended.
See also §2 Nr. 21, 28.
8. DURATION OF DATA STORAGE / POOL PARTICIPATION
We store your personal data as long as this is necessary. Your personal data will be deleted for a maximum of six months after termination of the contract, unless longer storage is legally required or permitted. Beyond this, we only store your personal data to the extent required by law or in a specific case to assert, exercise or defend legal claims for the duration of a legal dispute.
In case you have agreed to a longer storage of your personal data, we will store them according to your declaration of consent.
They also have the opportunity to give us their consent to be included in our talent pool. This allows us to continue to consider you in our selection process for suitable vacancies in the future. If we have your consent, we will store your data in our talent pool in accordance with your consent or, if applicable, future consent.
9. YOUR RIGHTS
Every data subject has the right of access under Art. 15 GDPR, the right of rectification under Art. 16 GDPR, the right of deletion under Art. 17 GDPR, the right to restrict processing under Art. 18 GDPR, the right of notification under Art. 19 GDPR and the right to data transferability under Art. 20 GDPR. In addition, you have the right of appeal to a data protection supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data is not lawful. The right of appeal is without prejudice to any other administrative or judicial remedy.
If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. Please also note that we may have to store certain data for a certain period of time in order to comply with legal requirements (see item 8 of this data protection information).
Right of objection
Insofar as the processing of your personal data is carried out in accordance with Art. 6 para. 1 lit. f GDPR in order to safeguard legitimate interests, you have the right, pursuant to Art. 21 GDPR, to object to the processing of such data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can prove compelling reasons for processing worthy of protection. These must outweigh your interests, rights and freedoms, or the processing must serve to assert, exercise or defend legal claims.
You are welcome to contact us to protect your rights.
10. NECESSITY OF THE PROVISION OF PERSONAL DATA
10.1 You are not obliged to provide information about your personal data. Please note, however, that this is necessary for the decision on whether to enter into an employment contract. If you do not provide us with personal information, we will not be able to make a decision to employ or otherwise assign you. We encourage you to provide only the personal information necessary to fulfill the contract.
10.2 In the event of any conflict between the English and German or other language text on this website and in the data protection information, the German text shall prevail.
§2 DATA PROTECTION (GENERAL)
1. Collection of personal data when visiting the website.
If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure its stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):
– IP addres
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (concrete page)
– Access status/HTTP status cod
– Amount of data transmitted in each case
– Website from which the request come
– Operating system and its interfac
– Language and version of the browser software.
2. Use of our portal
If you want to use the full range of functions of the portal, you must register. We use the so-called double-opt-in procedure for registration, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. If your confirmation is not received within 30 days, your registration will be deleted from our database.
3. Information you give us when you register
Category: User name, login e-mail address, password.
Visibility: Your access data are not visible to third parties. Under no circumstances will we pass these data on to third parties.
Storage period: We will delete this data when you delete your user account.
Legal basis: The legal basis for this processing of personal data is Art. 6 I b) EU-GDPR.
Mandatory data in the profile:
Category: Last name, first name, address, date of birth, telephone number, short description, job title, hourly rate, areas, branches, skills.
Visibility: Of the mandatory data, the following are always and without restriction visible to other registered users: First name, photo, short description, job title, areas, sectors, skills.
Storage period: We delete this data when you delete your user account.
Legal basis: The legal basis for this processing of personal data is Art. 6 I b) EU-GDPR.
Optional entries in the profile:
Category: Intro to your references, References
Visibility: Your optional details will be visible to other logged in users after you have entered them.
Privacy: You can revoke the optional information for the future at any time by deleting the relevant information in your profile
Storage period: If you have not already deleted the data yourself, we will delete it when you delete your user account.
Legal basis: The legal basis for this processing of personal data is Art. 6 I b) EU-GDPR.
Information for your project partner::
Category: e-mail address, phone number, information from the briefing / offer.
Visibility: This information from your profile will be displayed to your project partners during ongoing projects.
Duration of storage: We store this data until your user account is deleted or until the data is no longer subject to any tax, commercial or other legal storage obligations.
Legal basis: The legal basis for this processing of personal data is Art. 6 I b) EU-GDPR.
Information for matching:
Category: Answers from your personal questionnaire, street, house number, zip code, city.
Visibility: This information is only processed by our algorithm and is not displayed anywhere.
Storage period: We store this data until your user account is deleted or until the data is no longer subject to any tax, commercial or other legal storage obligations.
Legal basis: The legal basis for this processing of personal data is Art. 6 I b) EU-GDPR.
4. Basic types of data processed:
Stock data (e.g., name, address).
Contact data (e.g., e-mail, telephone numbers).
Content data (e.g., photo, short description, references, text entries).
Contract data (e.g., customer category).
Usage data (e.g., websites visited, interest in content, access times).
Meta/communication data (e.g., device information, IP addresses).
5. Processing of special categories of data (Art. 9 para. 1 DPA):
No special categories of data are processed.
6. Categories of data subjects:
customers / interested parties / suppliers
User of the online offer
In the following, we refer to the persons concerned collectively as “users”.
7. Purpose of the processing:
– Provision of the online offer, its contents and functions.
– Provision of contractual services, service and customer care.
– Answering of contact requests and communication with users.
– Security measures.
8. Relevant legal bases
In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consents is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures and answering enquiries is Art. 6 Para. 1 lit. b GDPR, the legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing for the purpose of safeguarding our legitimate interests is Art. 6 Para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 paragraph 1 lit. d GDPR serves as the legal basis.
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes make it necessary for you to cooperate (e.g. consent) or to receive other individual notification.
10. Security measures
10.1 In accordance with Art. 32 GDPR and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we shall take appropriate technical and organisational measures to ensure a level of protection commensurate with the risk; these measures shall include in particular the safeguarding of the confidentiality, integrity and availability of data by controlling the physical access to the data as well as the access, input, transmission, safeguarding of availability and its separation. Furthermore, we have established procedures to ensure that data subjects’ rights are exercised, data is deleted, and we respond to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).
10.2 The security measures include in particular the encrypted transmission of data between your browser and our server.
11. Cooperation with contract processors and third parties
11.1 If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them or otherwise grant them access to the data, this is only done on the basis of a legal authorisation (e.g. if the data must be transferred to third parties, such as payment service providers, in accordance with Art. 6 Para. 1 letter b GDPR for the fulfilment of the contract), if you have given your consent, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, webhosters, etc.).
11.2 If we commission third parties to process data on the basis of a so-called “contract processing agreement”, this is done on the basis of Art. 28 GDPR.
12. Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or transfer data to a third country if the special requirements of Art. 44 ff. GDPR. In other words, processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
13. Rights of the data subjects
13.1 You have the right to obtain confirmation as to whether or not data in question is being processed and to obtain information on such data and to obtain further information and a copy of the data in accordance with Art. 15 of the DPA.
13.2. you have accordingly. Art. 16 DPA, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
13.3 You have the right to demand that data concerning you be deleted immediately in accordance with Art. 17 GDPR, or alternatively, in accordance with Art. 18 GDPR, to demand a restriction on the processing of the data.
13.4. you have the right to obtain the data concerning you which you have provided us with in accordance with Art. 20 GDPR and to demand that it be passed on to other persons responsible.
13.5. you also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.
14. Right of withdrawal
You have the right to revoke consents granted in accordance with Art. 7 Para. 3 GDPR with effect for the future.
15. Right of objection
You can object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. In particular, you may object to processing for the purposes of direct advertising.
16. Cookies and right of objection for direct advertising
17. Deletion of data
17.1 The data processed by us will be deleted or restricted in their processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
17.2 In accordance with legal requirements, the retention is in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
18. Provision of contractual services
18.1 We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit b. GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract.
18.2 Users can optionally create a user account, in particular by viewing their projects. During the registration process, the required mandatory data will be provided to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention is necessary for reasons of commercial or tax law in accordance with Art. 6 para. 1 lit. c GDPR. It is the users’ responsibility to back up their data before the end of the contract if they have terminated it. We are entitled to irretrievably delete all user data stored during the term of the contract.
18.3 Within the scope of registration and renewed logins as well as the use of our platform, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c GDPR.
18.4 We process usage data (e.g., the websites visited by our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order to show the user, for example, product information based on the services they have used so far.
18.5 Deletion takes place after the expiry of statutory warranty and comparable obligations, the necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiry (end of commercial (6 years) and tax (10 years) storage obligation); information in the customer account remains until its deletion.
19.1 When contacting us (via contact form or e-mail), the user’s details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) GDPR.
19.2 The user’s details may be stored in our Customer Relationship Management System (CRM system) or comparable enquiry organisation.
19.3 We will delete the inquiries if they are no longer required. We review the necessity every two years; we permanently store inquiries from customers who have a customer account and refer to the information on the customer account for deletion. In the case of statutory archiving obligations, deletion shall take place after their expiry (end of the storage obligation under commercial law (6 years) and tax law (10 years)).
20. Collection of access data and log files
20.1 On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited site), IP address and the requesting provider.
20.2 For security reasons (e.g. to clarify misuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes is excluded from deletion until final clarification of the respective incident.
21. Online presence in social media
21.1 We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
22. Cookies & range measurement
22.1 Cookies are pieces of information that are transferred from our web server or third party web servers to users’ web browsers and stored there for later retrieval. Cookies may be small files or other types of information storage.
22.2 We use “session cookies”, which are only stored for the duration of the current visit to our online presence (e.g. to enable the storage of your login status or the shopping basket function and thus the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our website and, for example, log out or close the browser.
22.4 If the users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offer.
23. Google analytics
23.2 Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
23.3 Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. The processed data can be used to create pseudonymous user profiles of the users.
23.4 We use Google Analytics in order to display the advertisements placed within the advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who show certain characteristics (e.g. interests in certain topics or products determined by the websites visited), which we transmit to Google (so-called “remarketing” or “Google Analytics Audiences”). With the help of remarketing audiences, we also want to ensure that our advertisements correspond to the potential interest of the users and do not appear annoying.
23.5 We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
23.6 The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
23.7 Further information on Google’s use of data, setting and objection options can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Google’s use of data when you use our partners’ websites or apps”), https://policies.google.com/technologies/ads (“Use of data for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information that Google uses to show you advertising”).
24. Google marketing services
24.1 On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) the marketing and remarketing services (in short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
24.2 Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
24.3 Google’s marketing services allow us to display ads for and on our website in a more targeted manner so that we only show users ads that potentially match their interests. For example, if a user is shown ads for products that he or she has been interested in on other websites, this is called “remarketing”. For these purposes, when you visit our website and other websites where Google marketing services are active, Google will execute code directly from Google and (re)marketing tags (invisible graphics or code, also known as “web beacons”) will be embedded in the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, what content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is it transferred in full to a Google server in the USA and shortened there. The IP address will not be merged with data of the user within other offers of Google. Google may also combine the above-mentioned information with information from other sources. If the user subsequently visits other websites, advertisements tailored to the user’s interests may be displayed.
24.4 User data is processed pseudonymously within the framework of Google marketing services. I.e. Google does not store and process e.g. the name or e-mail address of the user, but processes the relevant data cookie-related within pseudonymous user profiles. This means that from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.
24.5 The Google marketing services used by us include the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked on the websites of AdWords customers. The information collected using the cookie is used to compile conversion statistics for AdWords customers who have opted-in to conversion tracking. AdWords customers are told the total number of users who have clicked on their ad and been redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
24.8 We may also use the “Google Optimizer” service. Google Optimizer allows us in the context of so-called “A/B-Testings” to understand how different.
25. Facebook, custom audiences and facebook marketing services
25.1 Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are located in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes.
25.2 Facebook is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
25.3 With the help of the Facebook pixel, on the one hand, Facebook is able to determine the visitors of our online offer as a target group for the presentation of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook Pixel in order to display the Facebook Ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of the users and do not appear annoying. With the help of the Facebook Pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users are redirected to our website after clicking on a Facebook ad (so-called “conversion”).
25.4 Furthermore, when using the Facebook Pixel, we use the additional function “extended matching” (here, data such as telephone numbers, email addresses or Facebook IDs of users) to create target groups (“Custom Audiences” or “Look Alike Audiences”) to Facebook (encrypted). Further information on “extended matching”: https://www.facebook.com/business/help/611774685654668).
25.5 We also use the “Custom Audiences from File” procedure of the social network Facebook, Inc. In this case, the email addresses of newsletter recipients are uploaded to Facebook. The upload process is encrypted. The upload is used solely to determine recipients of our Facebook ads. We want to ensure that the ads are only displayed to users who have an interest in our information and services.
25.6 The processing of data by Facebook is carried out within the framework of Facebook’s Data Use Policy. Accordingly, general information on the display of Facebook Ads is provided in the Facebook Data Use Policy at https://www.facebook.com/policy.php. Specific information and details about the Facebook pixel and its functionality can be found in the help section of Facebook: https://www.facebook.com/business/help/651294705016616.
25.7 You may object to the collection by the Facebook Pixel and use of your information to display Facebook Ads. To control the types of ads that are displayed to you within Facebook, you can go to the Facebook-facilitated page and follow the instructions for usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, meaning that they are applied to all devices, such as desktop computers or mobile devices.
25.8 To prevent the collection of your data using the Facebook pixel on our website, please click the button at the top of the page: Back to top
Note: When you click the link, an “opt-out” cookie is stored on your device. If you delete the cookies in this browser, you will need to click the link again. Furthermore, the opt-out only applies within the browser you are using and only within our web domain where the link was clicked.
26. Facebook social plugins
26.1 On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) Social Plugins (“Plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The Plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white “f” on blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
26.2. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
26.3 If a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offer by the user. User profiles can be created from the processed data. We therefore have no influence on the extent of the data that Facebook collects with the help of this plugin and therefore inform the users according to our state of knowledge.
26.4 By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his or her Facebook account. If users interact with the plugins, for example, by pressing the Like button or submitting a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out his or her IP address and store it. According to Facebook, only an anonymized IP address is stored in Germany.
26.6 If a user is a Facebook member and does not want Facebook to collect data about him/her via this online offer and link it with his/her membership data stored on Facebook, he/she must log out of Facebook before using our online offer and delete his/her cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
We use Hotjar in our Internet presence. This is a web analytics service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, hereinafter only referred to as “Hotjar”.
Hotjar serves us to analyse the usage behaviour of our website. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis, optimization and economic operation of our Internet presence.
Hotjar enables us to log and evaluate your usage behaviour on our website, such as your mouse movements or mouse clicks. However, your visit to our website is made anonymous. In addition, information about your operating system, your Internet browser, incoming or outgoing links, the geographical origin as well as the type and activation of the terminal device you are using is evaluated and processed for statistical purposes by Hotjar. Hotjar can also obtain direct feedback from you. In addition, Hotjar offers further data protection information at https://www.hotjar.com/privacy.
Furthermore, you have the option of terminating the analysis of your usage behavior by way of the so-called opt-out. When you confirm the link https://www.hotjar.com/opt-out, a cookie is stored on your end device via your internet browser, which prevents further analysis. Please note, however, that you will have to click the above link again if you delete the cookies stored on your terminal device.
28.1 With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.
28.2 Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. Insofar as the contents of the newsletter are specifically described in the context of a registration for the newsletter, they are decisive for the consent of the users. Furthermore, our newsletters contain information about our products, offers, promotions and our company.
28.3 Double-Opt-In and logging: The registration for our newsletter takes place in a so-called Double-Opt-In procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with foreign e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
28.4 Dispatch service provider: Newsletters are sent by “MailChimp”, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data protection regulations of the mail service provider can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
28.5 Furthermore, according to its own information, the delivery service provider can use this data in pseudonymous form, i.e. without allocation to a user, to optimize or improve its own services, e.g. for technical optimization of the delivery and presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or pass them on to third parties.
28.6 Registration data: In order to subscribe to the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name for personal contact in the newsletter.
28.7 Measurement of success – The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the server of the mailing service provider when the newsletter is opened. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined by means of the IP address) or the access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our nor the dispatch service provider’s intention to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
28.8 The dispatch of the newsletter and the measurement of success are based on the consent of the recipients according to 6 paragraph 1 letter a, art. 7 GDPR in connection with § 7 paragraph 2 no. 3 UWG or on the basis of the legal permission according to § 7 paragraph 3 UWG.
28.9 The registration procedure is recorded on the basis of our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR and serves as proof of consent to receive the newsletter.
28.10. Cancellation/revocation – You can cancel receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only registered for the newsletter and cancelled this registration, their personal data will be deleted.
29. Integration of third party services and content
29.1 Within our online offer, we set the following priorities on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of such content are aware of the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore required to display this content. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information on the browser and operating system, referring web pages, visiting time and other details on the use of our online offer, as well as being able to be linked to such information from other sources.
29.2 The following presentation offers an overview of third party providers and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, the possibility to object (so-called opt-out):