Privacy Policy
1.
An overview of data protection
General
information
The following information will provide you
with an easy to navigate overview of what will happen with your personal data
when you visit this website. The term “personal data” comprises all data that
can be used to personally identify you. For detailed information about the
subject matter of data protection, please consult our Data Protection
Declaration, which we have included beneath this copy.
Data
recording on this website
Who
is the responsible party for the recording of data on this website (i.e., the
“controller”)?
The data on this website is processed by
the operator of the website, whose contact information is available under
section “Information about the responsible party (referred to as the
“controller” in the GDPR)” in this Privacy Policy.
How
do we record your data?
We collect your data as a result of your
sharing of your data with us. This may, for instance be information you enter
into our contact form.
Other data shall be recorded by our IT
systems automatically or after you consent to its recording during your website
visit. This data comprises primarily technical information (e.g., web browser,
operating system, or time the site was accessed). This information is recorded
automatically when you access this website.
What
are the purposes we use your data for?
A portion of the information is generated
to guarantee the error free provision of the website. Other data may be used to
analyze your user patterns.
What
rights do you have as far as your information is concerned?
You have the right to receive information
about the source, recipients, and purposes of your archived personal data at
any time without having to pay a fee for such disclosures. You also have the
right to demand that your data are rectified or eradicated. If you have
consented to data processing, you have the option to revoke this consent at any
time, which shall affect all future data processing. Moreover, you have the
right to demand that the processing of your data be restricted under certain
circumstances. Furthermore, you have the right to log a complaint with the
competent supervising agency.
Please do not hesitate to contact us at
any time if you have questions about this or any other data protection related
issues.
Analysis
tools and tools provided by third parties
There is a possibility that your browsing
patterns will be statistically analyzed when your visit this website. Such
analyses are performed primarily with what we refer to as analysis programs.
For detailed information about these
analysis programs please consult our Data Protection Declaration below.
2.
Hosting and Content Delivery Networks (CDN)
We are hosting the content of our website
at the following provider:
Host
Europe
The provider is the Host Europe GmbH,
Hansestraße 111, 51149 Köln, Germany (hereinafter referred to as: Host Europe).
Whenever you visit our website, Host Europe will record a variety of logfiles,
including your IP addresses.
For details, please refer to the Data
Privacy Policy of Host Europe: https://www.hosteurope.de/AGB/Datenschutzerklaerung/.
We use Host Europe on the basis of Art.
6(1)(f) GDPR. We have a legitimate interest in making the depiction of our
website as dependable as possible. If you have been asked for your respective
consent, processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR
and § 25(1) TTDSG, if the consent comprises the archiving of cookies or access
to information on the user’s device (e.g., device finger printing) as defined
in the TTDSG. Such consent may be revoked at any time.
Cloudflare
We use the “Cloudflare” service provided
by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter
referred to as “Cloudflare”).
Cloudflare offers a content delivery
network with DNS that is available worldwide. As a result, the information
transfer that occurs between your browser and our website is technically routed
via Cloudflare’s network. This enables Cloudflare to analyze data transactions
between your browser and our website and to work as a filter between our
servers and potentially malicious data traffic from the Internet. In this
context, Cloudflare may also use cookies or other technologies deployed to
recognize Internet users, which shall, however, only be used for the herein
described purpose.
The use of Cloudflare is based on our
legitimate interest in a provision of our website offerings that is as error
free and secure as possible (Art. 6(1)(f) GDPR).
Data transmission to the US is based on
the Standard Contractual Clauses (SCC) of the European Commission. Details can
be found here: https://www.cloudflare.com/privacypolicy/.
For more information on Cloudflare’s
security precautions and data privacy policies, please follow this link: https://www.cloudflare.com/privacypolicy/.
3.
General information and mandatory information
Data
protection
The operators of this website and its
pages take the protection of your personal data very seriously. Hence, we
handle your personal data as confidential information and in compliance with
the statutory data protection regulations and this Data Protection Declaration.
Whenever you use this website, a variety
of personal information will be collected. Personal data comprises data that
can be used to personally identify you. This Data Protection Declaration
explains which data we collect as well as the purposes we use this data for. It
also explains how, and for which purpose the information is collected.
We herewith advise you that the
transmission of data via the Internet (i.e., through e-mail communications) may
be prone to security gaps. It is not possible to completely protect data
against third-party access.
Information
about the responsible party (referred to as the “controller” in the GDPR)
The data processing controller on this
website is:
Emil Frei GmbH & Co. KG
Am Bahnhof 6
78199 Bräunlingen-Döggingen
Phone: +49 7707 151-0
E-mail: info@freilacke.de
The controller is the natural person or
legal entity that single-handedly or jointly with others makes decisions as to
the purposes of and resources for the processing of personal data (e.g., names,
e-mail addresses, etc.).
Storage
duration
Unless a more specific storage period has
been specified in this privacy policy, your personal data will remain with us
until the purpose for which it was collected no longer applies. If you assert a
justified request for deletion or revoke your consent to data processing, your
data will be deleted, unless we have other legally permissible reasons for
storing your personal data (e.g., tax or commercial law retention periods); in
the latter case, the deletion will take place after these reasons cease to
apply.
General
information on the legal basis for the data processing on this website
If you have consented to data processing,
we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9
(2)(a) GDPR, if special categories of data are processed according to Art. 9
(1) DSGVO. In the case of explicit consent to the transfer of personal data to
third countries, the data processing is also based on Art. 49 (1)(a) GDPR. If
you have consented to the storage of cookies or to the access to information in
your end device (e.g., via device fingerprinting), the data processing is
additionally based on § 25 (1) TTDSG. The consent can be revoked at any time.
If your data is required for the fulfillment of a contract or for the
implementation of pre-contractual measures, we process your data on the basis
of Art. 6(1)(b) GDPR. Furthermore, if your data is required for the fulfillment
of a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR.
Furthermore, the data processing may be carried out on the basis of our
legitimate interest according to Art. 6(1)(f) GDPR. Information on the relevant
legal basis in each individual case is provided in the following paragraphs of
this privacy policy.
Designation
of a data protection officer
We have appointed a data protection
officer.
machCon Deutschland GmbH
Christian Herbst
Robert-Bosch-Straße 1
78234 Engen
Phone: +49 7733 360 35 40
E-mail: datenschutz@freilacke.de
Information
on data transfer to the USA and other non-EU countries
Among other things, we use tools of
companies domiciled in the United States or other from a data protection
perspective non-secure non-EU countries. If these tools are active, your
personal data may potentially be transferred to these non-EU countries and may
be processed there. We must point out that in these countries, a data
protection level that is comparable to that in the EU cannot be guaranteed. For
instance, U.S. enterprises are under a mandate to release personal data to the
security agencies and you as the data subject do not have any litigation
options to defend yourself in court. Hence, it cannot be ruled out that U.S.
agencies (e.g., the Secret Service) may process, analyze, and permanently
archive your personal data for surveillance purposes. We have no control over
these processing activities.
Revocation
of your consent to the processing of data
A wide range of data processing
transactions are possible only subject to your express consent. You can also
revoke at any time any consent you have already given us. This shall be without
prejudice to the lawfulness of any data collection that occurred prior to your
revocation.
Right
to object to the collection of data in special cases; right to object to direct
advertising (Art. 21 GDPR)
IN THE EVENT THAT DATA ARE PROCESSED ON
THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT
TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR
UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS.
TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE
CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO
LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO
PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA,
THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE
PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS
(OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS BEING PROCESSED
IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE
PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING
AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED
WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL
SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION
PURSUANT TO ART. 21(2) GDPR).
Right
to log a complaint with the competent supervisory agency
In the event of violations of the GDPR,
data subjects are entitled to log a complaint with a supervisory agency, in
particular in the member state where they usually maintain their domicile, place
of work or at the place where the alleged violation occurred. The right to log
a complaint is in effect regardless of any other administrative or court
proceedings available as legal recourses.
Right
to data portability
You have the right to demand that we hand
over any data we automatically process on the basis of your consent or in order
to fulfil a contract be handed over to you or a third party in a commonly used,
machine readable format. If you should demand the direct transfer of the data
to another controller, this will be done only if it is technically feasible.
Information
about, rectification and eradication of data
Within the scope of the applicable
statutory provisions, you have the right to at any time demand information
about your archived personal data, their source and recipients as well as the
purpose of the processing of your data. You may also have a right to have your
data rectified or eradicated. If you have questions about this subject matter
or any other questions about personal data, please do not hesitate to contact
us at any time.
Right
to demand processing restrictions
You have the right to demand the
imposition of restrictions as far as the processing of your personal data is
concerned. To do so, you may contact us at any time. The right to demand
restriction of processing applies in the following cases:
- In the event that you should dispute the correctness of your data
archived by us, we will usually need some time to verify this claim.
During the time that this investigation is ongoing, you have the right to
demand that we restrict the processing of your personal data. - If the processing of your personal data was/is conducted in an
unlawful manner, you have the option to demand the restriction of the
processing of your data in lieu of demanding the eradication of this data. - If we do not need your personal data any longer and you need it to
exercise, defend or claim legal entitlements, you have the right to demand
the restriction of the processing of your personal data instead of its
eradication. - If you have raised an objection pursuant to Art. 21(1) GDPR, your
rights and our rights will have to be weighed against each other. As long
as it has not been determined whose interests prevail, you have the right
to demand a restriction of the processing of your personal data.
If you have restricted the processing of
your personal data, these data – with the exception of their archiving – may be
processed only subject to your consent or to claim, exercise or defend legal
entitlements or to protect the rights of other natural persons or legal
entities or for important public interest reasons cited by the European Union
or a member state of the EU.
SSL
and/or TLS encryption
For security reasons and to protect the
transmission of confidential content, such as purchase orders or inquiries you
submit to us as the website operator, this website uses either an SSL or a TLS
encryption program. You can recognize an encrypted connection by checking
whether the address line of the browser switches from “http://” to “https://”
and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated,
data you transmit to us cannot be read by third parties.
Rejection
of unsolicited e-mails
We herewith object to the use of contact
information published in conjunction with the mandatory information to be
provided in our Site Notice to send us promotional and information material
that we have not expressly requested. The operators of this website and its
pages reserve the express right to take legal action in the event of the
unsolicited sending of promotional information, for instance via SPAM messages.
4.
Recording of data on this website
Cookies
Our websites and pages use what the
industry refers to as “cookies.” Cookies are small data packages that do not
cause any damage to your device. They are either stored temporarily for the
duration of a session (session cookies) or they are permanently archived on
your device (permanent cookies). Session cookies are automatically deleted once
you terminate your visit. Permanent cookies remain archived on your device
until you actively delete them, or they are automatically eradicated by your
web browser.
In some cases, it is possible that
third-party cookies are stored on your device once you enter our site
(third-party cookies). These cookies enable you or us to take advantage of
certain services offered by the third party (e.g., cookies for the processing
of payment services).
Cookies have a variety of functions. Many
cookies are technically essential since certain website functions would not
work in the absence of the cookies (e.g., the shopping cart function or the
display of videos). The purpose of other cookies may be the analysis of user
patterns or the display of promotional messages.
Cookies, which are required for the
performance of electronic communication transactions, or for the provision of
certain functions you want to use (e.g., for the shopping cart function) or
those that are necessary for the optimization (required cookies) of the website
(e.g., cookies that provide measurable insights into the web audience), shall
be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is
cited. The operator of the website has a legitimate interest in the storage of
required cookies to ensure the technically error free and optimized provision
of the operator’s services. If your consent to the storage of the cookies and
similar recognition technologies has been requested, processing occurs
exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25
(1) TTDSG); this consent may be revoked at any time.
You have the option to set up your browser
in such a manner that you will be notified any time cookies are placed and to
permit the acceptance of cookies only in specific cases. You may also exclude
the acceptance of cookies in certain cases or in general or activate the delete
function for the automatic eradication of cookies when the browser closes. If
cookies are deactivated, the functions of this website may be limited.
In the event that third-party cookies are
used or if cookies are used for analytical purposes, we will separately notify
you in conjunction with this Data Protection Policy and, if applicable, ask for
your consent.
Server
log files
The provider of this website and its pages
automatically collects and stores information in so-called server log files,
which your browser communicates to us automatically. The information comprises:
- The type and version of browser used
- The used operating system
- Referrer URL
- The hostname of the accessing computer
- The time of the server inquiry
- The IP address
This data is not merged with other data
sources.
This data is recorded on the basis of Art.
6(1)(f) GDPR. The operator of the website has a legitimate interest in the
technically error free depiction and the optimization of the operator’s
website. In order to achieve this, server log files must be recorded.
Contact
form
If you submit inquiries to us via our
contact form, the information provided in the contact form as well as any
contact information provided therein will be stored by us in order to handle
your inquiry and in the event that we have further questions. We will not share
this information without your consent.
The processing of these data is based on
Art. 6(1)(b) GDPR, if your request is related to the execution of a contract or
if it is necessary to carry out pre-contractual measures. In all other cases
the processing is based on our legitimate interest in the effective processing
of the requests addressed to us (Art. 6(1)(f) GDPR) or on your agreement (Art.
6(1)(a) GDPR) if this has been requested; the consent can be revoked at any
time.
The information you have entered into the
contact form shall remain with us until you ask us to eradicate the data,
revoke your consent to the archiving of data or if the purpose for which the
information is being archived no longer exists (e.g., after we have concluded
our response to your inquiry). This shall be without prejudice to any mandatory
legal provisions, in particular retention periods.
Request
by e-mail, telephone, or fax
If you contact us by e-mail, telephone or
fax, your request, including all resulting personal data (name, request) will
be stored and processed by us for the purpose of processing your request. We do
not pass these data on without your consent.
These data are processed on the basis of
Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract
or is required for the performance of pre-contractual measures. In all other
cases, the data are processed on the basis of our legitimate interest in the
effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the
basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent
can be revoked at any time.
The data sent by you to us via contact
requests remain with us until you request us to delete, revoke your consent to
the storage or the purpose for the data storage lapses (e.g. after completion
of your request). Mandatory statutory provisions – in particular statutory
retention periods – remain unaffected.
5.
Social media
We have integrated elements of the social
network Facebook on this website. The provider of this service is Meta
Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According
to Facebook’s statement the collected data will be transferred to the USA and
other third-party countries too.
An overview of the Facebook social media
elements is available under the following link: https://developers.facebook.com/docs/plugins/.
If the social media element has been
activated, a direct connection between your device and the Facebook server will
be established. As a result, Facebook will receive information confirming your
visit to this website with your IP address. If you click on the Facebook Like
button while you are logged into your Facebook account, you can link content of
this website to your Facebook profile. Consequently, Facebook will be able to
allocate your visit to this website to your user account. We have to emphasize
that we as the provider of the website do not receive any information on the
content of the transferred data and its use by Facebook. For more information,
please consult the Data Privacy Policy of Facebook at: https://de-de.facebook.com/privacy/explanation.
If your approval (consent) has been
obtained the use of the abovementioned service shall occur on the basis of Art.
6 Sect. 1 lit. a GDPR and § 25 TTDSG (German Telecommunications Act). Such
consent may be revoked at any time. If your consent was not obtained, the use
of the service will occur on the basis of our legitimate interest in making our
information as comprehensively visible as possible on social media.
Insofar as personal data is collected on
our website with the help of the tool described here and forwarded to Facebook,
we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal
Harbour, Dublin 2, Ireland are jointly responsible for this data processing
(Art. 26 DSGVO). The joint responsibility is limited exclusively to the
collection of the data and its forwarding to Facebook. The processing by
Facebook that takes place after the onward transfer is not part of the joint
responsibility. The obligations incumbent on us jointly have been set out in a
joint processing agreement. The wording of the agreement can be found
under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for
providing the privacy information when using the Facebook tool and for the
privacy-secure implementation of the tool on our website. Facebook is
responsible for the data security of Facebook products. You can assert data
subject rights (e.g., requests for information) regarding data processed by
Facebook directly with Facebook. If you assert the data subject rights with us,
we are obliged to forward them to Facebook.
Data transmission to the US is based on
the Standard Contractual Clauses (SCC) of the European Commission. Details can
be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
We have integrated functions of the social
media platform Twitter into this website. These functions are provided by
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2,
D02 AX07, Ireland.
If the social media element has been
activated, a direct connection between your device and Twitter’s server will be
established. As a result, Twitter will receive information on your visit to
this website. While you use Twitter and the “Re-Tweet” function, websites you
visit are linked to your Twitter account and disclosed to other users. We must
point out, that we, the providers of the website and its pages do not know
anything about the content of the data transferred and the use of this
information by Twitter. For more details, please consult Twitter’s Data Privacy
Declaration at: https://twitter.com/en/privacy.
If your approval (consent) has been
obtained the use of the abovementioned service shall occur on the basis of Art.
6(1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may
be revoked at any time. If your consent was not obtained, the use of the
service will occur on the basis of our legitimate interest in making our
information as comprehensively visible as possible on social media.
Data transmission to the US is based on
the Standard Contractual Clauses (SCC) of the European Commission. Details can
be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
You have the option to reset your data
protection settings on Twitter under the account settings at https://twitter.com/account/settings.
We have integrated functions of the public
media platform Instagram into this website. These functions are being offered
by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour,
Dublin 2, Ireland.
If the social media element has been
activated, a direct connection between your device and Instagram’s server will
be established. As a result, Instagram will receive information on your visit
to this website.
If you are logged into your Instagram
account, you may click the Instagram button to link contents from this website
to your Instagram profile. This enables Instagram to allocate your visit to
this website to your user account. We have to point out that we as the provider
of the website and its pages do not have any knowledge of the content of the
data transferred and its use by Instagram.
If your approval (consent) has been
obtained the use of the abovementioned service shall occur on the basis of Art.
6(1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may
be revoked at any time. If your consent was not obtained, the use of the
service will occur on the basis of our legitimate interest in making our
information as comprehensively visible as possible on social media.
Insofar as personal data is collected on
our website with the help of the tool described here and forwarded to Facebook
or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square,
Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data
processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to
the collection of the data and its forwarding to Facebook or Instagram. The processing
by Facebook or Instagram that takes place after the onward transfer is not part
of the joint responsibility. The obligations incumbent on us jointly have been
set out in a joint processing agreement. The wording of the agreement can be
found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for
providing the privacy information when using the Facebook or Instagram tool and
for the privacy-secure implementation of the tool on our website. Facebook is
responsible for the data security of Facebook or Instagram products. You can
assert data subject rights (e.g., requests for information) regarding data
processed by Facebook or Instagram directly with Facebook. If you assert the
data subject rights with us, we are obliged to forward them to Facebook.
Data transmission to the US is based on
the Standard Contractual Clauses (SCC) of the European Commission. Details can
be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For more information on this subject,
please consult Instagram’s Data Privacy Declaration at: https://instagram.com/about/legal/privacy/.
This website uses elements of the LinkedIn
network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza,
Wilton Place, Dublin 2, Ireland.
Any time you access a page of this website
that contains elements of LinkedIn, a connection to LinkedIn’s servers is
established. LinkedIn is notified that you have visited this website with your
IP address. If you click on LinkedIn’s “Recommend” button and are logged into
your LinkedIn account at the time, LinkedIn will be in a position to allocate
your visit to this website to your user account. We have to point out that we
as the provider of the websites do not have any knowledge of the content of the
transferred data and its use by LinkedIn.
If your approval (consent) has been
obtained the use of the abovementioned service shall occur on the basis of Art.
6 (1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may
be revoked at any time. If your consent was not obtained, the use of the
service will occur on the basis of our legitimate interest in making our
information as comprehensively visible as possible on social media.
Data transmission to the US is based on
the Standard Contractual Clauses (SCC) of the European Commission. Details can
be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=en.
For further information on this subject,
please consult LinkedIn’s Data Privacy Declaration at: https://www.linkedin.com/legal/privacy-policy.
This website uses elements of the XING
network. The provider is the New Work SE, Dammtorstraße 30, 20354 Hamburg,
Germany.
Any time one of our sites/pages that
contains elements of XING is accessed, a connection with XING’s servers is
established. As far as we know, this does not result in the archiving of any
personal data. In particular, the service does not store any IP addresses or
analyze user patterns.
If your approval (consent) has been
obtained the use of the abovementioned service shall occur on the basis of Art.
6 (1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may
be revoked at any time. If your consent was not obtained, the use of the
service will occur on the basis of our legitimate interest in making our
information as comprehensively visible as possible on social media.
For more information on data protection
and the XING share button please consult the Data Protection Declaration of
Xing at: https://www.xing.com/app/share?op=data_protection.
6.
Analysis tools and advertising
Google
Analytics
This website uses functions of the web
analysis service Google Analytics. The provider of this service is Google
Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website
operator to analyze the behavior patterns of website visitors. To that end, the
website operator receives a variety of user data, such as pages accessed, time
spent on the page, the utilized operating system and the user’s origin. This
data is assigned to the respective end device of the user. An assignment to a
user-ID does not take place.
Furthermore, Google Analytics allows us to
record your mouse and scroll movements and clicks, among other things. Google
Analytics uses various modeling approaches to augment the collected data sets
and uses machine learning technologies in data analysis.
Google Analytics uses technologies that
make the recognition of the user for the purpose of analyzing the user behavior
patterns (e.g., cookies or device fingerprinting). The website use information
recorded by Google is, as a rule transferred to a Google server in the United
States, where it is stored.
The use of these services occurs on the
basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may
revoke your consent at any time.
Data transmission to the US is based on
the Standard Contractual Clauses (SCC) of the European Commission. Details can
be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Browser
plug-in
You can prevent the recording and
processing of your data by Google by downloading and installing the browser
plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about the handling of
user data by Google Analytics, please consult Google’s Data Privacy Declaration
at: https://support.google.com/analytics/answer/6004245?hl=en.
7.
Newsletter
Newsletter
data
If you would like to subscribe to the
newsletter offered on this website, we will need from you an e-mail address as
well as information that allow us to verify that you are the owner of the
e-mail address provided and consent to the receipt of the newsletter. No
further data shall be collected or shall be collected only on a voluntary
basis. We shall use such data only for the sending of the requested information
and shall not share such data with any third parties.
The processing of the information entered
into the newsletter subscription form shall occur exclusively on the basis of
your consent (Art. 6(1)(a) GDPR). You may revoke the consent you have given to
the archiving of data, the e-mail address, and the use of this information for
the sending of the newsletter at any time, for instance by clicking on the
“Unsubscribe” link in the newsletter. This shall be without prejudice to the
lawfulness of any data processing transactions that have taken place to date.
The data deposited with us for the purpose
of subscribing to the newsletter will be stored by us until you unsubscribe
from the newsletter or the newsletter service provider and deleted from the
newsletter distribution list after you unsubscribe from the newsletter or after
the purpose has ceased to apply. We reserve the right to delete or block e-mail
addresses from our newsletter distribution list at our own discretion within
the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.
Data stored for other purposes with us
remain unaffected.
After you unsubscribe from the newsletter
distribution list, your e-mail address may be stored by us or the newsletter
service provider in a blacklist, if such action is necessary to prevent future
mailings. The data from the blacklist is used only for this purpose and not
merged with other data. This serves both your interest and our interest in
complying with the legal requirements when sending newsletters (legitimate
interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist
is indefinite. You may object to the storage if your interests outweigh
our legitimate interest.
8.
Plug-ins and Tools
YouTube
This website embeds videos of the website
YouTube. The website operator is Google Ireland Limited (“Google”), Gordon
House, Barrow Street, Dublin 4, Ireland.
If you visit a page on this website into
which a YouTube has been embedded, a connection with YouTube’s servers will be
established. As a result, the YouTube server will be notified, which of our
pages you have visited.
Furthermore, YouTube will be able to place
various cookies on your device or comparable technologies for recognition (e.g.
device fingerprinting). In this way YouTube will be able to obtain information
about this website’s visitors. Among other things, this information will be
used to generate video statistics with the aim of improving the user
friendliness of the site and to prevent attempts to commit fraud.
If you are logged into your YouTube
account while you visit our site, you enable YouTube to directly allocate your
browsing patterns to your personal profile. You have the option to prevent this
by logging out of your YouTube account.
The use of YouTube is based on our
interest in presenting our online content in an appealing manner. Pursuant to
Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has
been obtained, the processing is carried out exclusively on the basis of Art.
6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of
cookies or the access to information in the user’s end device (e.g., device
fingerprinting) within the meaning of the TTDSG. This consent can be revoked at
any time.
For more information on how YouTube
handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.
Google
Fonts (local embedding)
This website uses so-called Google Fonts
provided by Google to ensure the uniform use of fonts on this site. These
Google fonts are locally installed so that a connection to Google’s servers
will not be established in conjunction with this application.
For more information on Google Fonts,
please follow this link: https://developers.google.com/fonts/faq and
consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
Font
Awesome (local embedding)
This website uses Font Awesome to ensure
the uniform use of fonts on this site. Font Awesome is locally installed so
that a connection to Fonticons, Inc.’s servers will not be established in
conjunction with this application.
For more information on Font Awesome,
please and consult the Data Privacy Declaration for Font Awesome under: https://fontawesome.com/privacy.
Google
Maps
This website uses the mapping service
Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House,
Barrow Street, Dublin 4, Ireland.
To enable the use of the Google Maps
features, your IP address must be stored. As a rule, this information is
transferred to one of Google’s servers in the United States, where it is
archived. The operator of this website has no control over the data transfer.
In case Google Maps has been activated, Google has the option to use Google
Fonts for the purpose of the uniform depiction of fonts. When you access Google
Maps, your browser will load the required web fonts into your browser cache, to
correctly display text and fonts.
We use Google Maps to present our online
content in an appealing manner and to make the locations disclosed on our
website easy to find. This constitutes a legitimate interest as defined in Art.
6(1)(f) GDPR. If appropriate consent has been obtained, the processing is
carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG,
insofar the consent includes the storage of cookies or the access to
information in the user’s end device (e.g., device fingerprinting) within the
meaning of the TTDSG. This consent can be revoked at any time.
Data transmission to the US is based on
the Standard Contractual Clauses (SCC) of the European Commission. Details can
be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the handling of
user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
Google
reCAPTCHA
We use “Google reCAPTCHA” (hereinafter
referred to as “reCAPTCHA”) on this website. The provider is Google Ireland
Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to determine
whether data entered on this website (e.g., information entered into a contact
form) is being provided by a human user or by an automated program. To
determine this, reCAPTCHA analyzes the behavior of the website visitors based
on a variety of parameters. This analysis is triggered automatically as soon as
the website visitor enters the site. For this analysis, reCAPTCHA evaluates a
variety of data (e.g., IP address, time the website visitor spent on the site
or cursor movements initiated by the user). The data tracked during such
analyses are forwarded to Google.
reCAPTCHA analyses run entirely in the
background. Website visitors are not alerted that an analysis is underway.
Data are stored and analyzed on the basis
of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the
protection of the operator’s websites against abusive automated spying and
against SPAM. If appropriate consent has been obtained, the processing is carried
out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar
the consent includes the storage of cookies or the access to information in the
user’s end device (e.g., device fingerprinting) within the meaning of the
TTDSG. This consent can be revoked at any time.
For more information about Google
reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use
under the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.
9.
Custom Services
Handling
applicant data
We offer website visitors the opportunity
to submit job applications to us (e.g., via e-mail, via postal services on by
submitting the online job application form). Below, we will brief you on the
scope, purpose and use of the personal data collected from you in conjunction
with the application process. We assure you that the collection, processing,
and use of your data will occur in compliance with the applicable data privacy
rights and all other statutory provisions and that your data will always be
treated as strictly confidential.
Scope
and purpose of the collection of data
If you submit a job application to us, we
will process any affiliated personal data (e.g., contact and communications
data, application documents, notes taken during job interviews, etc.), if they
are required to make a decision concerning the establishment or an employment
relationship. The legal grounds for the aforementioned are § 26 BDSG according
to German Law (Negotiation of an Employment Relationship), Art. 6(1)(b) GDPR
(General Contract Negotiations) and – provided you have given us your consent –
Art. 6(1)(a) GDPR. You may revoke any consent given at any time. Within our
company, your personal data will only be shared with individuals who are
involved in the processing of your job application.
If your job application should result in
your recruitment, the data you have submitted will be archived on the grounds
of § 26 BDSG and Art. 6(1)(b) GDPR for the purpose of implementing the
employment relationship in our data processing system.
Data
Archiving Period
If we are unable to make you a job offer
or you reject a job offer or withdraw your application, we reserve the right to
retain the data you have submitted on the basis of our legitimate interests
(Art. 6(1)(f) GDPR) for up to 6 months from the end of the application
procedure (rejection or withdrawal of the application). Afterwards the data
will be deleted, and the physical application documents will be destroyed. The
storage serves in particular as evidence in the event of a legal dispute. If it
is evident that the data will be required after the expiry of the 6-month
period (e.g., due to an impending or pending legal dispute), deletion will only
take place when the purpose for further storage no longer applies.
Longer storage may also take place if you have given your agreement
(Article 6(1)(a) GDPR) or if statutory data retention requirements preclude the deletion
