This data protection declaration explains the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the associated websites, functions and content as well as external online presences, such as our social media profile (hereinafter collectively referred to as “online offer”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Controller:
Name/Organization: PMG Projektraum Management GmbH
Managing Directors: Mike Riegler, Stefan Finkenzeller
Street: Kühbachstraße 7
Zip-Code, City and Country: 81543 München, Deutschland
Telephone: +49 (0) 89 330 37 82-0
E-Mail: info@pmgnet.de
Types of data processed:
Basic data (e.g. names, addresses)
Contact data (e.g. e-mail)
Content data (e.g. texts)
Usage data (e.g. websites visited, interest in content, access times)
Meta-/Communications data (e.g. device information, IP addresses)
Categories of persons affected by the processing:
Customers, interested parties, suppliers
Visitors and users of the online offer
In the following, we also refer to these data subjects collectively as “users”.
Hosting:
This website is hosted by an external service provider (Hetzner Online GmbH). The personal data recorded on this website is stored on the host’s servers. This can be for example, but not limited to IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access and other data generated via a website.
Usage of the hosting company is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
The hosting company will only process your data insofar as this is necessary to fulfill its performance obligations and follow our instructions with regard to this data.
Conclusion of a contract for order processing
In order to ensure data protection compliant processing, we have concluded an order processing contract with the hosting company.
Storage duration:
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
Data protection officer:
We have appointed a data protection officer for our company:
DEUDAT GmbH
Zehntenhofstraße 5b
D-65201 Wiesbaden
Telephone: +49 611 950008-40
e-mail: pmg@deudat.de
1. Relevant statutory foundations
If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR, if special categories of data are processed according to Art. 9 (1) DSGVO. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1)(a) GDPR. If you have consented to the storage of cookies or to the access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25 (1) TTDSG. The consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.
2. Changes and updates to the privacy policy
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
3. Safety/Security measures
3.1. In accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons, we make suitable technical and organizational measures to ensure a level of protection appropriate to the risk; The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, ensuring availability and their separation. Furthermore, we have set up procedures that guarantee the exercise of data subject rights, deletion of data and reaction to data threats. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
3.2. The security measures include, in particular, the encrypted transmission of data between your browser and our server.
4. Cooperation with contract processors and third parties
4.1. If we disclose data to other persons and companies (contract processors or third parties) as part of our processing, transmit data to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if the data is transmitted to third parties, such as to payment service providers, according to Art. 6 para. 1 lit. b) GDPR is required to fulfill the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
4.2. If we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.[MP2]
5. Rights of data subjects
5.1. You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
5.2. You have according to Art. 16 GDPR the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
5.3. In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, in accordance with Art. 18 GDPR the processing be limited.
5.4. You have the right to request that you receive the data concerning you, that you have provided to us in accordance with Art. 20 GDPR and to request that it be transmitted to other controllers.
5.5. In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority.
6. RIGHT OF WITHDRAWAL
You have the right to revoke your consent in accordance with Art. 7 para. 3 GDPR with effect for the future.
7. RIGHT TO OBJECT
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection can in particular be made against processing for direct marketing purposes.
8. Provision of contractual services
8.1. We process inventory data (e.g. names and addresses as well as contact details of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit. b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
9. Contact
9.1. When contacting us (using the contact form, email, telephone or fax), the information provided by the user is processed to process the contact request and to process it in accordance with Art. 6 para. 1 lit. b) GDPR. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries sent to us (Art. 6 para. 1 lit. f) GDPR) or on your consent (Art. 6 para. 1 lit. a) GDPR) if this was requested. We do not pass this data on without your consent.
9.2. User information can be saved in our customer relationship management system (“CRM system”) or a comparable request organization.
9.3. The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
10. Registration on this website
10.1 You can register on this website in order to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be given in full. Otherwise we will refuse the registration. For important changes, for example in the scope of the offer or for technically necessary changes, we will use the e-mail address given during registration to inform you in this way.
10.2 The data entered during registration are processed for the purpose of implementing the user relationship established by the registration and, if necessary, to initiate further contracts (Art. 6 para. 1 lit. b) GDPR). The data recorded during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.
11. Collection of access data and log files
11.1. We collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR. The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
11.2. For security reasons (e.g. to investigate acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been fully clarified.
12. Cookies
12.1 Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.
12.2 In some cases, cookies from third-party companies can also be stored on your device when you enter our website (third-party cookies). These enable us or you to use certain third-party services (e.g. cookies for processing payment services). Cookies have different functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or to display advertising.
12.3 Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions you want (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring the web audience) on the basis of Art. 6 para. 1 lit. f) GDPR, unless a different legal basis is given. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the relevant will be saved.
12.4 Cookies exclusively on the basis of a consent (Art. 6 para. 1 lit. a) GDPR); the consent can be revoked at any time.
12.5 You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted. Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you of this separately in the context of this data protection declaration and, if necessary, request your consent.
13. Consent with Borlabs Cookie
13.1 Our website uses the Borlabs consent technology to obtain your consent to the storage of certain cookies in your browser or for the use of certain technologies and for their data privacy protection compliant documentation. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).
13.2 Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology.
13.3 The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
13.4 We use the Borlabs cookie consent technology to obtain the declarations of consent mandated by law for the use of cookies. The legal basis for the use of such cookies is Art. 6(1)(c) GDPR.
14. Google Analytics
14.1 This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their device. Google Analytics uses technologies that enable the user to be recognized for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.
14.2 The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
14.3. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the internet. In doing so, pseudonymous user profiles can be created from the processed data.
14.4 We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
14.5 You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can find more information on how Google Analytics handles user data in Google’s data protection declaration: https://support.google.com/analytics/answer/6004245?hl=de.
14.6 Data stored by Google at user and event level that are linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymized after 26 months or deleted. You can find details on this under the following link: https://support.google.com/analytics/answer/7667196?hl=de
14.7. You can find more information on the use of data by Google, setting and objection options on the Google website here: https://www.google.com/intl/de/policies/privacy/partners (“Google uses data when you use websites or apps of our partners”), https://policies.google.com/technologies/ads (“Data usage for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information that Google uses to show you advertisements”).
14.8 The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
15. Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to play advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms have led to the display of our advertisements and how many ads have resulted in corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
16. Google Tag Manager
16.1 We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool with the help of which we can integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not save cookies and does not carry out any independent analyzes. It is only used to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which can also be transferred to the parent company of Google in the United States.
16.2 Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on this website. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a) GDPR and § 25 (1) TTDSG; the consent can be revoked at any time.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
17. Newsletter
17.1 If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.
17.2 This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter: “CleverReach”). CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) will be stored on CleverReach’s servers in Germany or Ireland.
17.3 Our newsletters sent with CleverReach enable us to analyze the behavior of newsletter recipients. Among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) has taken place after clicking the link in the newsletter. Further information on data analysis by the CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
17.4 The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
17.5 If you do not want an analysis by CleverReach, you have to unsubscribe from the newsletter. We provide a link for this in every newsletter message.
17.6 The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. This does not affect data that we have saved for other purposes.
17.7 After you have been removed from the newsletter distribution list, your email address will be stored in a blacklist by us or the newsletter service provider, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. The storage in the blacklist is not limited in time. You can object to the storage provided that your interests outweigh our legitimate interests.
For more information, see the CleverReach data protection policy at: https://www.cleverreach.com/de/datenschutz/.
17.8 We have concluded an order processing contract with the provider of CleverReach and fully implement the strict requirements of the German data protection authorities when using CleverReach.
18. Adobe Fonts
18.1 In order to ensure the uniform depiction of certain fonts, this website uses fonts called Adobe Fonts provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
18.2 When you access pages of this website, your browser will automatically load the required fonts directly from the Adobe site to be able to display them correctly on your device. As a result, your browser will establish a connection with Adobe’s servers in the United States. Hence, Adobe learns that your IP address was used to access this website. According to the information provided by Adobe, no cookies will be stored in conjunction with the provision of the fonts.
18.3 Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
18.4 The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TNo9AAG&status=Active.
For more information about Adobe Fonts, please read the policies under: https://www.adobe.com/privacy/policies/adobe-fonts.html.
Adobe’s Data Privacy Declaration may be reviewed under: https://www.adobe.com/privacy/policy.html.
19. Audio and video conferencing
19.1. We use online conference tools for communication with our customers. The individual tools we use are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be recorded and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide / use to use the tools (email address and / or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that are required to process online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.
If content is exchanged, uploaded or made available in any other way within the tool, it is also stored on the server of the tool provider. Such content includes in particular cloud recordings, chat / instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information that is shared while using the service.
Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely based on the company policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed under this text.
19.2. The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR). If consent has been requested, the relevant tools are used on the basis of this consent; the consent can be revoked at any time with effect for the future.
19.3. The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete them, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
19.4 Conference tools used
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active
20. Social Media
20.1 We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.
20.2 Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).
20.3 If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
20.4 The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.
We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).
20.5 Individual social networks
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs.
For details on how they handle your personal information, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in the YouTube privacy policy: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
21. Handling of applicant data
21.1 If you send us an application, we process your related personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.), insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 of the Federal Data Protection Act according to German law (initiation of an employment relationship), Art. 6 para. 1 lit. b) GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a) GDPR. The consent can be revoked at any time. Your personal data will only be passed on to persons within our company who are involved in processing your application. If the application is successful, the data you submit will be stored in our data processing systems on the basis of § 26 of the Federal Data Protection Act and Article 6 para. 1 lit. b) GDPR for the purpose of carrying out the employment relationship.
21.2 If we cannot make you a job offer, you reject a job offer or withdraw your application, we reserve the right to store the data you have transmitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f) GDPR) for up to 6 months to be kept with us from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular for evidence purposes in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), it will only be deleted when the purpose for further storage no longer applies. Longer storage can also take place if you have given your consent (Art. 6 para. 1 lit. a) GDPR) or if statutory retention requirements prevent deletion.
Last update: 01/2024