1. Name and contact details of the data controller
You can reach us by post, by e-mail at firstname.lastname@example.org or by phone at 0751/36656-0
2. Collection of personal data for informational purposes
Each time you access our website, we collect the following information about your computer: The IP address of your computer, the request of your browser and the time of this request. In addition, the status and the amount of data transferred are recorded as part of this request. We also collect product and version information about the browser and operating system used on your computer. Moreover, we record the website from which our website was accessed. The IP address of your computer is only stored for the duration of your use of the website and is then immediately deleted or anonymised by truncation. We use this data to operate our website, in particular, to identify and eliminate website errors, to measure website usage and to make adjustments or improvements. The legal basis for this processing is Art. 6 (1) (f) GDPR.
3. Cookies & Local Storage
We may also collect information about your use of our website through the use of so-called browser cookies. These are small text files that are stored on your data carrier. They save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data has been sent as well as information about the age of the cookie and an alphanumeric identifier. Cookies enable our systems to recognise the user’s device and make any preferences available immediately. As soon as a user accesses the platform, a cookie is transferred to the hard disk of the user’s computer. Cookies help us to improve our website and provide you with a more personalised service. They allow us to recognise your computer when you return to our website and enable us to:
- Store information about your preferred activities on the website to help us tailor our site to your individual interests. This includes, for example, advertising that addresses your personal interests.
- Speed up the processing of your requests.
The cookies we use store only the data described above about your use of the website. This is not done by assigning it to you personally, but by assigning an identification number to the cookie.(„cookie ID“). The cookie ID is not merged with your name, your IP address or similar data that would enable the cookie to be assigned to you.
There are two types of cookies: session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored beyond the individual session. Cookies are also distinguished on the basis of their function:
- Technical Cookies: These are mandatory to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes nor do they store information about the web pages you have visited;
- Performance Cookies, Statistic Cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you – all information collected is anonymous and is only used to improve our website and to identify the interests of our users;
- Advertising Cookies, Targeting Cookies: These are used to offer the website user needs-based advertising on the website or third-party offers and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
- Sharing Cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.
Below you will find an overview of the cookies used on our website and your current consent status.
You can use your browser settings to determine whether cookies can be set and retrieved. For example, you can completely disable storage of cookies in your browser, limit it to certain websites, or set your browser to automatically notify you when a cookie is about to be set and ask for your acknowledgement. You can block or delete individual cookies. However, this may adversely affect some features of our website and they may not be fully functional due to technical reasons.
4. Data security
All the information that you submit to us is stored on servers within the European Union. Unfortunately, transmission of information via the Internet is not completely secure and we therefore cannot guarantee the security of data transmitted to our website via the Internet. However, we secure our website and other systems by using technical and organisational measures to safeguard your data against loss, destruction, access, modification or distribution by unauthorised persons. In particular, we encrypt your personal data during transmission. We use the SSL (Secure Socket Layer) or TLS (Transport Layer Security) coding system.
5. Use of Cookiebot
The purpose of integrating „Cookiebot“ is to allow users of our website to decide about the aforementioned matters and to offer them the option of changing selected settings for further use of our website. In the course of using „Cookiebot“, personal data as well as information of the end devices used (IP address, language, browser, etc.) are processed and sent to Usercentrics A/S. Information about the settings you have made is also stored in your end device.
The legal basis for the processing is Art. 6 para.1 sentence 1 (c), Art. 6 para.3 sentence 1 (a), Art. 25, Art. 5 para.2 GDPR in conjunction with Art. 6 para.1 (f) GDPR. We store the cookie required to store your consent on the basis of Section 25 (2) no. 2 TTDSG. Cookiebot helps us process our users‘ data to comply with our legal obligations (e.g., obtaining informed consent as well as the obligation to prove it). Apart from obtaining and proving that consent was obtained, our legitimate interests in processing include the evaluation of consent rates and further functionalities.
„Cookiebot“ stores your data as long as your user settings are active. Consent will be requested again after a period of one year has elapsed from the time the user settings were made. The user settings made will then be stored again for this period, unless you delete the user settings yourself in the end device capacities provided for this purpose. We have concluded a data processing agreement with Cookiebot.
You may object to the processing insofar as the processing is based on Art. 6 para.1 sentence 1 (f) GDPR. You have the right to object on grounds relating to your particular situation. To object, please contact us by e-mail at email@example.com
6. No disclosure of your personal data
We do not disclose your personal data to third parties unless you have consented to the disclosure of data or we are entitled or obliged to disclose data due to statutory provisions and/or official or court orders. In particular, this may include providing information for the purposes of criminal prosecution, for averting danger or for the enforcement of intellectual property rights.
7. Data privacy and third-party websites
8. Use of our website functions
In addition to the use of our website for purely informational purposes, we offer various services that you can use if you are interested. This usually requires you to provide further personal data, which we use to provide the respective service. If additional voluntary information can be provided, this will be marked accordingly.
When you contact us by e-mail or via the contact form, we will store your e-mail address and, if you provide it, your name and telephone number, in order to answer your questions. (The legal basis is Art. 6 para.1 sentence 1 (b) GDPR)
9. Social media profiles
We are present on various so-called social media platforms. We operate our sites on:
9. 1. 1
9. 1. 2
We use the technical platform and services of the providers for these information services. We would like to point out that you use our sites on social media platforms and its functions on your own responsibility. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating). When you visit our sites, the providers of the social media platforms collect, inter alia, your IP address as well as other information that is present on your end device, in the form of cookies. This information is used to provide us, as operators of the accounts, with statistical information about your interaction with us. The legal basis in each case is your consent: for the setting of cookies this is Section 25 para. 1 TTDSG, for the subsequent data processing this is Art. 6 para. 1 (a) GDPR.
The data collected about you in this context will be processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. All of the above providers claim to maintain an adequate level of data privacy equivalent to the former EU-US Privacy Shield and we have agreed on standard data privacy clauses with the companies (with the exception of Xing, as this provider is based within the EU). We are not aware of how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is disclosed to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the web. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. This data can be used to offer you customised content or advertising. If you want to avoid this, you should log out or disable the „stay logged in“ function, delete the cookies present on your device and restart your browser.
To exercise your rights as the data subject, you can contact us or the provider of the social media platform. If one party is not responsible for answering or has to receive the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about profiling and processing of your data when using the website. If you have any questions about the processing of your interaction with us on our site, please write to us using the contact details we have provided above.
The information received by the social media platforms and how it is used is described by the providers in their privacy policies (see link in the table above). There you will also find information on contact options as well as on setting options for advertisements. You can also find more information on social networks and how to protect your data at www.youngdata.de.
10. Application process
We process the data you send us in connection with your application in order to assess your suitability for the position (or for other open positions in our company, if applicable) and to carry out the application process.
The legal basis for the processing of your personal data in this application procedure is primarily Section 26 of the Federal Data Protection Act (BDSG). According to this, data may be processed if this is necessary to decide about the establishment of an employment relationship. Should the data be required for legal prosecution after completion of the application process, data may be processed pursuant to Art. 6 GDPR, in particular, to safeguard legitimate interests pursuant to Art. 6 para. 1 (f) GDPR. Our interest then consists in asserting or defending claims.
Data of applicants will be deleted after 6 months in case of rejection.
If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. Data in this pool will be deleted after two years.
If you have been awarded a position during the application process, the data from the applicant data system will be transferred to our personnel information system.
Your applicant data will be viewed by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the department heads for the respective open position. This will be followed by further procedures. In principle, only those people within the company who need to access your data in order to properly process your application will have access to it.
If you use our application tool, we will use a specialised software provider for the application process. This company acts as our service provider and may also receive access to your personal information in connection with the maintenance and upkeep of the systems. We have concluded a so-called data processing agreement with this provider, which ensures that the data processing is carried out in an approved manner. More details about this are given in item 11.10
11. Third-party tools
11. 1 Use of Google Tag Manager
11. 1. 1
This website uses Google Tag Manager, a cookie-less domain that does not collect any personal data.
11. 1. 2
The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have opted out at the domain or cookie level, this will apply to all tracking tags implemented with Google Tag Manager.
11. 1. 3
Google Tag Manager is used to facilitate the administration and development of our website. Google Tag Manager provides efficient control of content across multiple pages, reduces potential errors, eliminates outdated processes and thus ensures a safe user experience. The legal basis for the use is Art. 6 para. 1 (a) GDPR.
11. 2 Use of Google Analytics
11. 2. 1
This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). We use this tool to enable us to analyse user interactions with our websites and apps, and to use the statistics and reports we obtain to improve our service and make them more relevant to you as a user.
11. 2. 2
We collect the interactions between you as a user of the website and our website primarily through cookies, device/browser data, IP addresses and website or app activities. Google Analytics also collects your IP addresses in order to ensure the security of the service and to provide us, as the website operator, with information about the country, region or location from which the respective user originates (so-called „IP location determination“). However, for your protection, we use the anonymisation function („IP masking“), i.e. Google truncates the IP addresses by the last octet within the EU/EEA.
11. 2. 3
Google acts as a data processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually truncated) IP addresses about your use of this website are usually transmitted to a Google server in the USA and processed there. Google states that in these cases it is subject to a standard that is equivalent to the former EU-US Privacy Shield and has promised to comply with applicable data privacy laws when transferring data internationally. We have also agreed on so-called standard contractual clauses with Google to ensure that an adequate level of data privacy is maintained in the third country.
11. 2. 4
The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your consent (Art. 6 para. 1 sentence 1 (a) GDPR). Moreover, any necessary cookies will only be set with your consent in accordance with Section 25 para. 1 TTDSG. You can revoke your consent at any time without affecting the permissibility of the processing until the time of revocation. In apps, you can reset the advertising ID under the Android or iOS settings. The easiest way to revoke your consent is to use our Consent Manager or to install Google’s browser add-on, which can be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=de/.
11. 2. 5
11. 3 Integration of YouTube Videos
11. 3. 1
We have integrated YouTube videos into our online offer. These videos are stored on YouTube.com and can be played directly from our website. [All of these are integrated in „extended data privacy mode“, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. The data mentioned in paragraph 2 will be transmitted only when you play the videos. We have no influence on this data transmission] The legal basis for the display of the videos is Art. 6 para. 1 sentence 1 (a) GDPR, i.e. integration only takes place after you have given your consent. We set the required cookie for playing the videos in accordance with Section 25 para. 2 no. 2 TTDSG, as this is mandatory for technical reasons.
11. 3. 2
When you visit the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the above-mentioned basic data such as IP address and time stamp are transmitted. This takes place regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish the data to be assigned to your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for the purposes of advertising, market research and/or for designing its website to meet user needs. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles. You must contact YouTube to exercise this right.
11. 3. 3
The information collected is stored on Google servers, also located in the USA. The provider states that in these cases it is subject to a standard that is equivalent to the former EU-US Privacy Shield and has promised to comply with applicable data privacy laws when transferring data internationally. We have also agreed on so-called standard data privacy clauses with Google to ensure that an adequate level of data privacy is maintained in the third country.
11. 3. 4
11. 4 Use of Vimeo
11. 4. 1
On our website we integrate the service „Vimeo“, which is provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
11. 4. 2
We use plugins from the provider Vimeo on some of our pages. When you access pages of our online offer that are provided with such a plugin, a connection to the Vimeo servers is established and the plugin is displayed. This tells the Vimeo server which of our pages you have visited. If you are logged in as a Vimeo member, Vimeo assigns this information to your personal user account. When you use the plugin, e.g. when you click on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
11. 4. 3
11. 4. 4
The data processing is based on our legitimate interest, i.e. to optimise our offer and our website according to Art. 6 para. 1 (f) GDPR. Likewise, technically required data is transmitted to Vimeo on the same legal basis. The technically required cookie for playing the videos is set on the basis of Section 25 para. 2 no. 2 TTDSG.
11. 4. 5
In order to ensure an appropriate level of data privacy when transferring data to the USA, we have concluded the EU standard contractual clauses with the provider of Vimeo in the so-called „controller to controller“ variant. As further protective measures, we always integrate videos from Vimeo in the „Do Not Track“ variant, so that minimal personal data is transmitted to Vimeo. In addition, the provider of Vimeo has given us an undertaking that it will continue to comply with the self-imposed obligations under the former so-called Privacy Shield agreement.
11. 5 Application tool Personio
11. 5. 1
We use the service provider Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany for application management.
11. 5. 2
If you use our online application process, the associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) will be collected and processed to the extent necessary for a decision to be made regarding the establishment of an employment relationship. The legal basis for this is Section 26 of the Federal Data Protection Act (BDSG) in conjunction with Art. 6 para. 1 (b) GDPR. Your personal data will only be disclosed to persons in our company who are involved in processing your application. If the application is successful, we will store the data submitted by you in our data processing systems on the basis of Section 26 BDSG for the purpose of implementing the employment relationship. Otherwise, we will delete the data after a period of 6 months after your application.
11. 5. 3
Possibility of setting cookies: If a cookie is required for data processing, it is set in accordance with Section 25 para. 1 TTDSG, i.e. after you have given your consent. You can revoke your consent at any time with effect for the future. To do this, click on the Cookiebot icon at the bottom left of the browser window.
11. 5. 4
More detailed data privacy information on the service provider Personio SE & Co. KG can be found at https://www.personio.de/datenschutzerklaerung/
12. Recipients or categories of recipients
If we disclose your personal data to third parties, you will be explicitly informed of this in the description of the respective data processing (e.g. when using our contact form). Of course, for technical and organisational processing we also use external service providers with whom we have concluded corresponding data processing agreements within the meaning of Art. 28 GDPR. These are, e.g., service providers for web hosting, sending emails, maintenance and care of our IT systems, etc.
13. Storage period
Your data will be stored for as long as it is absolutely necessary to achieve the respective purpose. However the period will not exceed the period for which we are required to store it under any statutory provisions (e.g. under commercial law we are obliged to store business letters, which may also include e-mails, for 10 years).
As soon as the purpose of storage ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.
14. Your rights
You have extensive rights with regard to the processing of your personal data. First of all, you have a comprehensive right to information and, if necessary, you can demand that your personal data be corrected and/or deleted and/or blocked. You can also request restricted processing and have a right to object and a right to data portability. If you would like to exercise any of your rights and/or receive more information about them, please contact us at firstname.lastname@example.org.
In addition, you have the right to lodge a complaint with a supervisory authority. Should you have any questions, comments or requests regarding how we collect, process and use your personal data, please do not hesitate to contact us using the contact details provided.
14. 3 Right to Object
Right to object on a case-by-case basis:
- You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of Article 6 para. 1 (e) or (f) of the GDPR; this also applies to profiling based on these provisions.
- We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
Right to object to processing of data for direct marketing purposes:
- If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
- If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
- In the context of the use of information society services, you can – notwithstanding Directive 2002/58/EC – exercise your right to object by means of automated procedures using technical specifications.
15. No obligation to provide personal data
We do not require you to provide us with personal data before entering into a contract with us. As a customer, you are basically under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. Should this exceptionally be the case for any of the products and services offered by us above, we will notify you separately.